github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-25 07:37:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add java-matrix and java-fips-matrix Buildkite pipelines (#97253)

Browse source
This commit is contained in:
Brian Seeders 2023-07-28 14:49:46 -04:00 committed by GitHub
parent a2d47998f3
commit 81e1fd2f1b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 166 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

45
.buildkite/hooks/pre-command Normal file
View file

@ -0,0 +1,45 @@
#!/bin/bash
# On some distros, this directory ends up not readable by the `elasticsearch` user that gets created during tests
# This fixes that
chmod 755 ~
WORKSPACE="$(pwd)"
export WORKSPACE
BUILD_NUMBER="$BUILDKITE_BUILD_NUMBER"
export BUILD_NUMBER
COMPOSE_HTTP_TIMEOUT="120"
export COMPOSE_HTTP_TIMEOUT
JOB_BRANCH="$BUILDKITE_BRANCH"
export JOB_BRANCH
GRADLEW="./gradlew --parallel --scan --build-cache --no-watch-fs -Dorg.elasticsearch.build.cache.url=https://gradle-enterprise.elastic.co/cache/"
export GRADLEW
GRADLEW_BAT="./gradlew.bat --parallel --scan --build-cache --no-watch-fs -Dorg.elasticsearch.build.cache.url=https://gradle-enterprise.elastic.co/cache/"
export GRADLEW_BAT
export $(cat .ci/java-versions.properties | grep '=' | xargs)
JAVA_HOME="$HOME/.java/$ES_BUILD_JAVA"
export JAVA_HOME
JAVA11_HOME="$HOME/.java/java11"
export JAVA11_HOME
JAVA16_HOME="$HOME/.java/openjdk16"
export JAVA16_HOME
if [[ "${ES_RUNTIME_JAVA:-}" ]]; then
RUNTIME_JAVA_HOME=$HOME/.java/$ES_RUNTIME_JAVA
export RUNTIME_JAVA_HOME
fi
GRADLE_BUILD_CACHE_USERNAME=$(vault read -field=username secret/ci/elastic-elasticsearch/migrated/gradle-build-cache)
export GRADLE_BUILD_CACHE_USERNAME
GRADLE_BUILD_CACHE_PASSWORD=$(vault read -field=password secret/ci/elastic-elasticsearch/migrated/gradle-build-cache)
export GRADLE_BUILD_CACHE_PASSWORD

52
.buildkite/pipelines/periodic.yml Normal file
View file

@ -0,0 +1,52 @@
steps:
- group: java-fips-matrix
steps:
- label: "{{matrix.ES_RUNTIME_JAVA}} / {{matrix.GRADLE_TASK}} / java-fips-matrix"
command: .ci/scripts/run-gradle.sh -Dbwc.checkout.align=true -Dtests.fips.enabled=true $$GRADLE_TASK
timeout_in_minutes: 180
matrix:
setup:
ES_RUNTIME_JAVA:
- openjdk17
GRADLE_TASK:
- checkPart1
- checkPart2
- checkPart3
- bwcTestSnapshots
- checkRestCompat
agents:
provider: gcp
image: family/elasticsearch-ubuntu-2004
machineType: custom-32-98304
buildDirectory: /dev/shm/bk
env:
ES_RUNTIME_JAVA: "{{matrix.ES_RUNTIME_JAVA}}"
GRADLE_TASK: "{{matrix.GRADLE_TASK}}"
- group: java-matrix
steps:
- label: "{{matrix.ES_RUNTIME_JAVA}} / {{matrix.GRADLE_TASK}} / java-matrix"
command: .ci/scripts/run-gradle.sh -Dbwc.checkout.align=true $$GRADLE_TASK
timeout_in_minutes: 180
matrix:
setup:
ES_RUNTIME_JAVA:
- graalvm-ce17
- openjdk17
- openjdk18
- openjdk19
- openjdk20
- openjdk21
GRADLE_TASK:
- checkPart1
- checkPart2
- checkPart3
- bwcTestSnapshots
- checkRestCompat
agents:
provider: gcp
image: family/elasticsearch-ubuntu-2004
machineType: custom-32-98304
buildDirectory: /dev/shm/bk
env:
ES_RUNTIME_JAVA: "{{matrix.ES_RUNTIME_JAVA}}"
GRADLE_TASK: "{{matrix.GRADLE_TASK}}"

30
.ci/init.gradle
View file

@ -13,14 +13,26 @@ initscript {
boolean USE_ARTIFACTORY = false boolean USE_ARTIFACTORY = false
if (System.getenv('VAULT_ADDR') == null) { if (System.getenv('VAULT_ADDR') == null) {
// When trying to reproduce errors outside of CI, it can be useful to allow this to just return rather than blowing up
if (System.getenv('CI') == null) {
return
}
throw new GradleException("You must set the VAULT_ADDR environment variable to use this init script.") throw new GradleException("You must set the VAULT_ADDR environment variable to use this init script.")
} }
if (System.getenv('VAULT_ROLE_ID') == null && System.getenv('VAULT_SECRET_ID') == null && System.getenv('VAULT_TOKEN') == null) { if (System.getenv('VAULT_ROLE_ID') == null && System.getenv('VAULT_SECRET_ID') == null && System.getenv('VAULT_TOKEN') == null) {
// When trying to reproduce errors outside of CI, it can be useful to allow this to just return rather than blowing up
if (System.getenv('CI') == null) {
return
}
throw new GradleException("You must set either the VAULT_ROLE_ID and VAULT_SECRET_ID environment variables, " + throw new GradleException("You must set either the VAULT_ROLE_ID and VAULT_SECRET_ID environment variables, " +
"or the VAULT_TOKEN environment variable to use this init script.") "or the VAULT_TOKEN environment variable to use this init script.")
} }
final String vaultPathPrefix = System.getenv('VAULT_ADDR') ==~ /.+vault-ci.+\.dev.*/ ? "secret/ci/elastic-elasticsearch/migrated" : "secret/elasticsearch-ci"
final String vaultToken = System.getenv('VAULT_TOKEN') ?: new Vault( final String vaultToken = System.getenv('VAULT_TOKEN') ?: new Vault(
new VaultConfig() new VaultConfig()
.address(System.env.VAULT_ADDR) .address(System.env.VAULT_ADDR)
@ -44,7 +56,7 @@ final Vault vault = new Vault(
if (USE_ARTIFACTORY) { if (USE_ARTIFACTORY) {
final Map<String, String> artifactoryCredentials = vault.logical() final Map<String, String> artifactoryCredentials = vault.logical()
.read("secret/elasticsearch-ci/artifactory.elstc.co") .read("${vaultPathPrefix}/artifactory.elstc.co")
.getData() .getData()
logger.info("Using elastic artifactory repos") logger.info("Using elastic artifactory repos")
Closure configCache = { Closure configCache = {
@ -78,10 +90,10 @@ if (USE_ARTIFACTORY) {
} }
} }
projectsLoaded { gradle.settingsEvaluated { settings ->
rootProject { settings.pluginManager.withPlugin("com.gradle.enterprise") {
project.pluginManager.withPlugin('com.gradle.build-scan') { settings.gradleEnterprise {
buildScan.server = 'https://gradle-enterprise.elastic.co' server = 'https://gradle-enterprise.elastic.co'
} }
} }
} }
@ -91,8 +103,8 @@ final String buildCacheUrl = System.getProperty('org.elasticsearch.build.cache.u
final boolean buildCachePush = Boolean.valueOf(System.getProperty('org.elasticsearch.build.cache.push', 'false')) final boolean buildCachePush = Boolean.valueOf(System.getProperty('org.elasticsearch.build.cache.push', 'false'))
if (buildCacheUrl) { if (buildCacheUrl) {
final Map<String, String> buildCacheCredentials = vault.logical() final Map<String, String> buildCacheCredentials = System.getenv("GRADLE_BUILD_CACHE_USERNAME") ? [:] : vault.logical()
.read("secret/elasticsearch-ci/gradle-build-cache") .read("${vaultPathPrefix}/gradle-build-cache")
.getData() .getData()
gradle.settingsEvaluated { settings -> gradle.settingsEvaluated { settings ->
settings.buildCache { settings.buildCache {
@ -104,8 +116,8 @@ if (buildCacheUrl) {
url = buildCacheUrl url = buildCacheUrl
push = buildCachePush push = buildCachePush
credentials { credentials {
username = buildCacheCredentials.get("username") username = System.getenv("GRADLE_BUILD_CACHE_USERNAME") ?: buildCacheCredentials.get("username")
password = buildCacheCredentials.get("password") password = System.getenv("GRADLE_BUILD_CACHE_PASSWORD") ?: buildCacheCredentials.get("password")
} }
} }
} }

1
.ci/scripts/packaging-test.sh
View file

@ -39,6 +39,7 @@ if [ -f "/etc/os-release" ] ; then
# Work around incorrect lintian version # Work around incorrect lintian version
# https://github.com/elastic/elasticsearch/issues/48573 # https://github.com/elastic/elasticsearch/issues/48573
if [ $VERSION_ID == 10 ] ; then if [ $VERSION_ID == 10 ] ; then
sudo apt-get update -y
sudo apt-get install -y --allow-downgrades lintian=2.15.0 sudo apt-get install -y --allow-downgrades lintian=2.15.0
fi fi
fi fi

1
.ci/scripts/run-gradle.sh
View file

@ -1,6 +1,7 @@
#!/bin/bash #!/bin/bash
# drop page cache and kernel slab objects on linux # drop page cache and kernel slab objects on linux
[[ -x /usr/local/sbin/drop-caches ]] && sudo /usr/local/sbin/drop-caches [[ -x /usr/local/sbin/drop-caches ]] && sudo /usr/local/sbin/drop-caches
rm -Rfv ~/.gradle/init.d rm -Rfv ~/.gradle/init.d
mkdir -p ~/.gradle/init.d && cp -v $WORKSPACE/.ci/init.gradle ~/.gradle/init.d mkdir -p ~/.gradle/init.d && cp -v $WORKSPACE/.ci/init.gradle ~/.gradle/init.d
if [ "$(uname -m)" = "arm64" ] || [ "$(uname -m)" = "aarch64" ]; then if [ "$(uname -m)" = "arm64" ] || [ "$(uname -m)" = "aarch64" ]; then

2
build-tools-internal/src/main/groovy/elasticsearch.build-scan.gradle
View file

@ -16,7 +16,7 @@ buildScan {
String buildKiteUrl = System.getenv('BUILDKITE_BUILD_URL') ? System.getenv('BUILDKITE_BUILD_URL') : null String buildKiteUrl = System.getenv('BUILDKITE_BUILD_URL') ? System.getenv('BUILDKITE_BUILD_URL') : null
// Automatically publish scans from Elasticsearch CI // Automatically publish scans from Elasticsearch CI
if (jenkinsUrl?.host?.endsWith('elastic.co') || jenkinsUrl?.host?.endsWith('elastic.dev')) { if (jenkinsUrl?.host?.endsWith('elastic.co') || jenkinsUrl?.host?.endsWith('elastic.dev') || System.getenv('BUILDKITE') == 'true') {
publishAlways() publishAlways()
buildScan.server = 'https://gradle-enterprise.elastic.co' buildScan.server = 'https://gradle-enterprise.elastic.co'
} }

47
catalog-info.yaml
View file

@ -16,13 +16,14 @@ spec:
apiVersion: buildkite.elastic.dev/v1 apiVersion: buildkite.elastic.dev/v1
kind: Pipeline kind: Pipeline
metadata: metadata:
description: ':elasticsearch: Update elasticsearch submodule in elasticsearch-serverless' description: ":elasticsearch: Update elasticsearch submodule in elasticsearch-serverless"
name: elasticsearch / update serverless submodule name: elasticsearch / update serverless submodule
spec: spec:
repository: elastic/elasticsearch repository: elastic/elasticsearch
pipeline_file: .buildkite/update-es-serverless.yml pipeline_file: .buildkite/update-es-serverless.yml
teams: teams:
elasticsearch-team: {} elasticsearch-team: {}
ml-core: {}
everyone: everyone:
access_level: READ_ONLY access_level: READ_ONLY
provider_settings: provider_settings:
@ -30,7 +31,7 @@ spec:
schedules: schedules:
daily promotion: daily promotion:
branch: main branch: main
cronline: '@daily' cronline: "@daily"
--- ---
# yaml-language-server: $schema=https://gist.githubusercontent.com/elasticmachine/988b80dae436cafea07d9a4a460a011d/raw/e57ee3bed7a6f73077a3f55a38e76e40ec87a7cf/rre.schema.json # yaml-language-server: $schema=https://gist.githubusercontent.com/elasticmachine/988b80dae436cafea07d9a4a460a011d/raw/e57ee3bed7a6f73077a3f55a38e76e40ec87a7cf/rre.schema.json
apiVersion: backstage.io/v1alpha1 apiVersion: backstage.io/v1alpha1
@ -49,7 +50,7 @@ spec:
apiVersion: buildkite.elastic.dev/v1 apiVersion: buildkite.elastic.dev/v1
kind: Pipeline kind: Pipeline
metadata: metadata:
description: ':elasticsearch: Validate elasticsearch changes against serverless' description: ":elasticsearch: Validate elasticsearch changes against serverless"
name: elasticsearch / check serverless submodule name: elasticsearch / check serverless submodule
spec: spec:
repository: elastic/elasticsearch repository: elastic/elasticsearch
@ -57,8 +58,48 @@ spec:
branch_configuration: main branch_configuration: main
teams: teams:
elasticsearch-team: {} elasticsearch-team: {}
ml-core: {}
everyone: everyone:
access_level: READ_ONLY access_level: READ_ONLY
provider_settings: provider_settings:
build_pull_requests: false build_pull_requests: false
publish_commit_status: false publish_commit_status: false
---
# yaml-language-server: $schema=https://gist.githubusercontent.com/elasticmachine/988b80dae436cafea07d9a4a460a011d/raw/e57ee3bed7a6f73077a3f55a38e76e40ec87a7cf/rre.schema.json
apiVersion: backstage.io/v1alpha1
kind: Resource
metadata:
name: buildkite-pipeline-elasticsearch-periodic
description: Elasticsearch tests and checks that are run a few times daily
links:
- title: Pipeline
url: https://buildkite.com/elastic/elasticsearch-periodic
spec:
type: buildkite-pipeline
system: buildkite
owner: group:elasticsearch-team
implementation:
apiVersion: buildkite.elastic.dev/v1
kind: Pipeline
metadata:
description: ":elasticsearch: Tests and checks that are run a few times daily"
name: elasticsearch / periodic
spec:
repository: elastic/elasticsearch
pipeline_file: .buildkite/pipelines/periodic.yml
branch_configuration: main
teams:
elasticsearch-team: {}
ml-core: {}
everyone:
access_level: READ_ONLY
provider_settings:
build_branches: false
build_pull_requests: false
publish_commit_status: false
trigger_mode: none
schedules:
Periodically on main:
branch: main
cronline: "0 0,8,16 * * America/New_York"
message: "Tests and checks that are run 3x daily"

1
distribution/packages/build.gradle
View file

@ -308,6 +308,7 @@ Closure commonDebConfig(String architecture) {
into('/usr/share/lintian/overrides') { into('/usr/share/lintian/overrides') {
from('src/deb/lintian/elasticsearch') from('src/deb/lintian/elasticsearch')
fileMode 0644
} }
} }
} }