James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 1 | :title: Job Content |
| 2 | |
| 3 | Job Content |
| 4 | =========== |
| 5 | |
| 6 | Zuul jobs are implemneted as Ansible playbooks. Zuul prepares the |
| 7 | repositories used for a job, installs any required Ansible roles, and |
| 8 | then executes the job's playbooks. Any setup or artifact collection |
| 9 | required is the responsibility of the job itself. While this flexible |
| 10 | arrangement allows for almost any kind of job to be run by Zuul, |
| 11 | batteries are included. Zuul has a standard library of jobs upon |
| 12 | which to build. |
| 13 | |
| 14 | Working Directory |
| 15 | ----------------- |
| 16 | |
| 17 | Before starting each job, the Zuul executor creates a directory to |
| 18 | hold all of the content related to the job. This includes some |
| 19 | directories which are used by Zuul to configure and run Ansible and |
| 20 | may not be accessible, as well as a directory tree, under ``work/``, |
| 21 | that is readable and writable by the job. The hierarchy is: |
| 22 | |
| 23 | **work/** |
| 24 | The working directory of the job. |
| 25 | |
| 26 | **work/src/** |
| 27 | Contains the prepared git repositories for the job. |
| 28 | |
| 29 | **work/logs/** |
| 30 | Where the Ansible log for the job is written; your job |
| 31 | may place other logs here as well. |
| 32 | |
| 33 | Git Repositories |
| 34 | ---------------- |
| 35 | |
| 36 | The git repositories in ``work/src`` contain the repositories for all |
| 37 | of the projects specified in the ``required-projects`` section of the |
| 38 | job, plus the project associated with the queue item if it isn't |
| 39 | already in that list. In the case of a proposed change, that change |
| 40 | and all of the changes ahead of it in the pipeline queue will already |
| 41 | be merged into their respective repositories and target branches. The |
| 42 | change's project will have the change's branch checked out, as will |
| 43 | all of the other projects, if that branch exists (otherwise, a |
| 44 | fallback or default branch will be used). If your job needs to |
| 45 | operate on multiple branches, simply checkout the appropriate branches |
| 46 | of these git repos to ensure that the job results reflect the proposed |
| 47 | future state that Zuul is testing, and all dependencies are present. |
| 48 | Do not use any git remotes; the local repositories are guaranteed to |
| 49 | be up to date. |
| 50 | |
James E. Blair | 4d5dd25 | 2017-06-23 21:40:56 +0100 | [diff] [blame] | 51 | The repositories will be placed on the filesystem in directories |
| 52 | corresponding with the canonical hostname of their source connection. |
| 53 | For example:: |
| 54 | |
| 55 | work/src/git.example.com/project1 |
| 56 | work/src/github.com/project2 |
| 57 | |
| 58 | Is the layout that would be present for a job which included project1 |
| 59 | from the connection associated to git.example.com and project2 from |
| 60 | GitHub. This helps avoid collisions between projects with the same |
| 61 | name, and some language environments, such as Go, expect repositories |
| 62 | in this format. |
| 63 | |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 64 | Note that these git repositories are located on the executor; in order |
| 65 | to be useful to most kinds of jobs, they will need to be present on |
| 66 | the test nodes. The ``base`` job in the standard library contains a |
| 67 | pre-playbook which copies the repositories to all of the job's nodes. |
| 68 | It is recommended to always inherit from this base job to ensure that |
| 69 | behavior. |
| 70 | |
| 71 | .. TODO: link to base job documentation and/or document src (and logs?) directory |
| 72 | |
James E. Blair | 28c8e3b | 2017-07-17 16:27:50 -0700 | [diff] [blame] | 73 | Variables |
| 74 | --------- |
| 75 | |
| 76 | Any variables specified in the job definition are available as Ansible |
| 77 | host variables. They are added to the `vars` section of the inventory |
| 78 | file under the `all` hosts group, so they are available to all hosts. |
| 79 | Simply refer to them by the name specified in the job's `vars` |
| 80 | section. |
| 81 | |
| 82 | Secrets |
| 83 | ~~~~~~~ |
| 84 | |
| 85 | Secrets also appear as variables available to Ansible. Unlike job |
| 86 | variables, these are not added to the inventory file (so that the |
| 87 | inventory file may be kept for debugging purposes without revealing |
| 88 | secrets). But they are still available to Ansible as normal |
| 89 | variables. Because secrets are groups of variables, they will appear |
| 90 | as a dictionary structure in templates, with the dictionary itself |
| 91 | being the name of the secret, and its members the individual items in |
| 92 | the secret. For example, a secret defined as:: |
| 93 | |
| 94 | - secret: |
| 95 | name: credentials |
| 96 | data: |
| 97 | username: foo |
| 98 | password: bar |
| 99 | |
| 100 | Might be used in a template as:: |
| 101 | |
| 102 | {{ credentials.username }} {{ credentials.password }} |
| 103 | |
| 104 | .. TODO: xref job vars |
| 105 | |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 106 | Zuul Variables |
James E. Blair | 28c8e3b | 2017-07-17 16:27:50 -0700 | [diff] [blame] | 107 | ~~~~~~~~~~~~~~ |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 108 | |
| 109 | Zuul supplies not only the variables specified by the job definition |
James E. Blair | 2103778 | 2017-07-19 11:56:55 -0700 | [diff] [blame] | 110 | to Ansible, but also some variables from the Zuul itself. |
| 111 | |
| 112 | When a pipeline is triggered an action, it enqueues items which may |
| 113 | vary based on the pipeline's configuration. For example, when a new |
| 114 | change is created, that change may be enqueued into the pipeline, |
| 115 | while a tag may be enqueued into the pipeline when it is pushed. |
| 116 | |
| 117 | Information about these items is available to jobs. All of the items |
| 118 | enqueued in a pipeline are git references, and therefore share some |
| 119 | attributes in common. But other attributes may vary based on the type |
| 120 | of item. |
| 121 | |
| 122 | All items provide the following information as Ansible variables: |
| 123 | |
James E. Blair | a9fbb6c | 2017-07-20 16:07:30 -0700 | [diff] [blame^] | 124 | **zuul.build** |
James E. Blair | 2103778 | 2017-07-19 11:56:55 -0700 | [diff] [blame] | 125 | The UUID of the build. A build is a single execution of a job. |
| 126 | When an item is enqueued into a pipeline, this usually results in |
| 127 | one build of each job configured for that item's project. However, |
| 128 | items may be re-enqueued in which case another build may run. In |
| 129 | dependent pipelines, the same job may run multiple times for the |
| 130 | same item as circumstances change ahead in the queue. Each time a |
| 131 | job is run, for whatever reason, it is acompanied with a new |
| 132 | unique id. |
| 133 | |
James E. Blair | 2103778 | 2017-07-19 11:56:55 -0700 | [diff] [blame] | 134 | **zuul.buildset** |
| 135 | The build set UUID. When Zuul runs jobs for an item, the collection |
| 136 | of those jobs is known as a buildset. If the configuration of items |
| 137 | ahead in a dependent pipeline changes, Zuul creates a new buildset |
| 138 | and restarts all of the jobs. |
| 139 | |
| 140 | **zuul.ref** |
| 141 | The git ref of the item. This will be the full path (e.g., |
| 142 | 'refs/heads/master' or 'refs/changes/...'). |
| 143 | |
| 144 | **zuul.pipeline** |
| 145 | The name of the pipeline in which the job is being run. |
| 146 | |
| 147 | **zuul.job** |
| 148 | The name of the job being run. |
| 149 | |
| 150 | **zuul.project** |
| 151 | The item's project. This is a data structure with the following |
| 152 | fields: |
| 153 | |
| 154 | **zuul.project.name** |
| 155 | The name of the project, excluding hostname. E.g., `org/project`. |
| 156 | |
| 157 | **zuul.project.canonical_hostname** |
| 158 | The canonical hostname where the project lives. E.g., |
| 159 | `git.example.com`. |
| 160 | |
| 161 | **zuul.project.canonical_name** |
| 162 | The full canonical name of the project including hostname. E.g., |
| 163 | `git.example.com/org/project`. |
| 164 | |
| 165 | **zuul.tenant** |
| 166 | The name of the current Zuul tenant. |
| 167 | |
James E. Blair | 9d46f09 | 2017-07-20 16:06:20 -0700 | [diff] [blame] | 168 | **zuul.jobtags** |
James E. Blair | 2103778 | 2017-07-19 11:56:55 -0700 | [diff] [blame] | 169 | A list of tags associated with the job. Not to be confused with git |
| 170 | tags, these are simply free-form text fields that can be used by the |
| 171 | job for reporting or classification purposes. |
| 172 | |
James E. Blair | 2103778 | 2017-07-19 11:56:55 -0700 | [diff] [blame] | 173 | **zuul.items** |
| 174 | A data structure representing the items being tested with this |
| 175 | change. |
| 176 | |
| 177 | .. TODO: implement and document items |
| 178 | |
| 179 | |
| 180 | Change Items |
| 181 | ++++++++++++ |
| 182 | |
| 183 | A change to the repository. Most often, this will be a git reference |
| 184 | which has not yet been merged into the repository (e.g., a gerrit |
| 185 | change or a GitHub pull request). The following additional variables |
| 186 | are available: |
| 187 | |
| 188 | **zuul.branch** |
| 189 | The target branch of the change (without the `refs/heads/` prefix). |
| 190 | |
| 191 | **zuul.change** |
| 192 | The identifier for the change. |
| 193 | |
| 194 | **zuul.patchset** |
| 195 | The patchset identifier for the change. If a change is revised, |
| 196 | this will have a different value. |
| 197 | |
| 198 | Branch Items |
| 199 | ++++++++++++ |
| 200 | |
| 201 | This represents a branch tip. This item may have been enqueued |
| 202 | because the branch was updated (via a change having merged, or a |
| 203 | direct push). Or it may have been enqueued by a timer for the purpose |
| 204 | of verifying the current condition of the branch. The following |
| 205 | additional variables are available: |
| 206 | |
| 207 | **zuul.branch** |
| 208 | The name of the item's branch (without the `refs/heads/` prefix). |
| 209 | |
| 210 | **zuul.oldrev** |
| 211 | If the item was enqueued as the result of a change merging or being |
| 212 | pushed to the branch, the git sha of the old revision will be |
| 213 | included here. Otherwise, this value will not be present. |
| 214 | |
| 215 | **zuul.newrev** |
| 216 | If the item was enqueued as the result of a change merging or being |
| 217 | pushed to the branch, the git sha of the new revision will be |
| 218 | included here. Otherwise, this value will not be present. |
| 219 | |
| 220 | Tag Items |
| 221 | +++++++++ |
| 222 | |
| 223 | This represents a git tag. The item may have been enqueued because a |
| 224 | tag was created or deleted. The following additional variables are |
| 225 | available: |
| 226 | |
| 227 | **zuul.tag** |
| 228 | The name of the item's tag (without the `refs/tags/` prefix). |
| 229 | |
| 230 | **zuul.oldrev** |
| 231 | If the item was enqueued as the result of a tag being created or |
| 232 | deleted the git sha of the old revision will be included here. |
| 233 | Otherwise, this value will not be present. |
| 234 | |
| 235 | **zuul.newrev** |
| 236 | If the item was enqueued as the result of a tag being created or |
| 237 | deleted the git sha of the new revision will be included here. |
| 238 | Otherwise, this value will not be present. |
| 239 | |
| 240 | Ref Items |
| 241 | +++++++++ |
| 242 | |
| 243 | This represents a git reference that is neither a change, branch, or |
| 244 | tag. Note that all items include a `ref` attribute which may be used |
| 245 | to identify the ref. The following additional variables are |
| 246 | available: |
| 247 | |
| 248 | **zuul.oldrev** |
| 249 | If the item was enqueued as the result of a ref being created, |
| 250 | deleted, or changed the git sha of the old revision will be included |
| 251 | here. Otherwise, this value will not be present. |
| 252 | |
| 253 | **zuul.newrev** |
| 254 | If the item was enqueued as the result of a ref being created, |
| 255 | deleted, or changed the git sha of the new revision will be included |
| 256 | here. Otherwise, this value will not be present. |
| 257 | |
| 258 | Working Directory |
| 259 | +++++++++++++++++ |
| 260 | |
| 261 | Additionally, some information about the working directory and the |
| 262 | executor running the job is available: |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 263 | |
| 264 | **zuul.executor.hostname** |
| 265 | The hostname of the executor. |
| 266 | |
| 267 | **zuul.executor.src_root** |
| 268 | The path to the source directory. |
| 269 | |
| 270 | **zuul.executor.log_root** |
| 271 | The path to the logs directory. |
| 272 | |
| 273 | SSH Keys |
| 274 | -------- |
| 275 | |
| 276 | Zuul starts each job with an SSH agent running and the key used to |
| 277 | access the job's nodes added to that agent. Generally you won't need |
| 278 | to be aware of this since Ansible will use this when performing any |
| 279 | tasks on remote nodes. However, under some circumstances you may want |
| 280 | to interact with the agent. For example, you may wish to add a key |
| 281 | provided as a secret to the job in order to access a specific host, or |
| 282 | you may want to, in a pre-playbook, replace the key used to log into |
| 283 | the assigned nodes in order to further protect it from being abused by |
| 284 | untrusted job content. |
| 285 | |
| 286 | .. TODO: describe standard lib and link to published docs for it. |
| 287 | |
James E. Blair | 88e79c0 | 2017-07-07 13:36:54 -0700 | [diff] [blame] | 288 | .. _return_values: |
| 289 | |
James E. Blair | 196f61a | 2017-06-30 15:42:29 -0700 | [diff] [blame] | 290 | Return Values |
| 291 | ------------- |
| 292 | |
| 293 | The job may return some values to Zuul to affect its behavior. To |
| 294 | return a value, use the *zuul_return* Ansible module in a job |
| 295 | playbook. For example:: |
| 296 | |
| 297 | tasks: |
| 298 | - zuul_return: |
| 299 | data: |
| 300 | foo: bar |
| 301 | |
| 302 | Will return the dictionary "{'foo': 'bar'}" to Zuul. |
| 303 | |
| 304 | .. TODO: xref to section describing formatting |
| 305 | |
| 306 | Several uses of these values are planned, but the only currently |
| 307 | implemented use is to set the log URL for a build. To do so, set the |
| 308 | **zuul.log_url** value. For example:: |
| 309 | |
| 310 | tasks: |
| 311 | - zuul_return: |
| 312 | data: |
| 313 | zuul: |
| 314 | log_url: http://logs.example.com/path/to/build/logs |