From d8c43bc0e70a61d932f0e151586cb62ccd8e96e2 Mon Sep 17 00:00:00 2001
From: Major Hayden <major@redhat.com>
Date: Thu, 21 May 2020 17:50:02 -0500
Subject: [PATCH] Build in a mock chroot first

Build the RPMs in a mock using a simple script so that ansible-osbuild
can focus fully on deployment rather than compiling RPMs.

Signed-off-by: Major Hayden <major@redhat.com>
---
 schutzbot/Jenkinsfile  | 48 ++++++++++++++++++++++++++++++++-
 schutzbot/mockbuild.sh | 60 ++++++++++++++++++++++++++++++++++++++++++
 schutzbot/run_tests.sh | 42 +++++++++++++++--------------
 3 files changed, 129 insertions(+), 21 deletions(-)
 create mode 100755 schutzbot/mockbuild.sh

diff --git a/schutzbot/Jenkinsfile b/schutzbot/Jenkinsfile
index b8a78029..a99b2375 100644
--- a/schutzbot/Jenkinsfile
+++ b/schutzbot/Jenkinsfile
@@ -1,13 +1,59 @@
 pipeline {
     agent none
 
+    environment {
+        // We upload build RPMs and repository files here.
+        OPENSHIFT_CONTAINER = "osbuildci-artifacts"
+        // The files we upload are available under this URL.
+        // This is auto-generated from OpenStack.
+        MOCK_REPO_BASE_URL = "https://rhos-d.infra.prod.upshift.rdu2.redhat.com:13808/v1/AUTH_95e858620fb34bcc9162d9f52367a560/osbuildci-artifacts"
+    }
+
     options {
-        timestamps()
         ansiColor('xterm')
+        timestamps()
     }
 
     stages {
+        stage("Mock") {
+            // Halt the entire pipeline if a single RPM build fails. That
+            // could indicate a code problem that needs to be investigated.
+            failFast true
+
+            parallel {
+                stage('Fedora 31') {
+                    agent { label "fedora31" }
+                    environment {
+                        OPENSTACK_CREDS = credentials('psi-openstack-clouds-yaml')
+                    }
+                    steps {
+                        sh "schutzbot/mockbuild.sh"
+                    }
+                }
+                stage('Fedora 32') {
+                    agent { label "fedora32" }
+                    environment {
+                        OPENSTACK_CREDS = credentials('psi-openstack-clouds-yaml')
+                    }
+                    steps {
+                        sh "schutzbot/mockbuild.sh"
+                    }
+                }
+                stage('RHEL 8.2') {
+                    agent { label "rhel82" }
+                    environment {
+                        OPENSTACK_CREDS = credentials('psi-openstack-clouds-yaml')
+                    }
+                    steps {
+                        sh "schutzbot/mockbuild.sh"
+                    }
+                }
+            }
+        }
         stage("Functional Testing") {
+            // Allow the other stages to finish if a single stage fails.
+            failFast false
+
             parallel {
                 stage('Fedora 31 image') {
                     agent { label "fedora31" }
diff --git a/schutzbot/mockbuild.sh b/schutzbot/mockbuild.sh
new file mode 100755
index 00000000..0ffed670
--- /dev/null
+++ b/schutzbot/mockbuild.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+set -euxo pipefail
+
+# Get OS details.
+source /etc/os-release
+
+# Install packages.
+sudo dnf -qy install createrepo_c mock
+if [[ $ID == 'fedora' ]]; then
+    sudo dnf -qy install python3-openstackclient
+else
+    sudo pip3 -qq install python-openstackclient
+fi
+
+# Set variables.
+CONTAINER=osbuildci-artifacts
+WORKSPACE=${WORKSPACE:-$(pwd)}
+MOCK_CONFIG="${ID}-${VERSION_ID%.*}-$(uname -m)"
+REPO_DIR=repo/${BUILD_TAG}/${ID}${VERSION_ID//./}
+
+# Clone osbuild-composer.
+# TODO(mhayden): After the next osbuild-composer release, use the latest tag
+# in the osbuild-composer repository. We can't do that right now because
+# osbuild-composer v12 is missing c0ad652db58059e0e99eb7253b6ba85f25bead3f
+# which maks RHEL 8's qemu happy with the image tests.
+git clone https://github.com/osbuild/osbuild-composer
+
+# Build source RPMs.
+make srpm
+make -C osbuild-composer srpm
+
+# Fix RHEL 8 mock template.
+sudo curl --retry 5 -Lsko /etc/mock/templates/rhel-8.tpl \
+    https://gitlab.cee.redhat.com/snippets/2208/raw
+
+# Add fastestmirror to the Fedora template.
+sudo sed -i '/^install_weak_deps.*/a fastestmirror=1' \
+    /etc/mock/templates/fedora-branched.tpl
+
+# Compile RPMs in a mock chroot
+sudo mock -r $MOCK_CONFIG --no-bootstrap-chroot \
+    --resultdir $REPO_DIR --with=tests \
+    rpmbuild/SRPMS/*.src.rpm osbuild-composer/rpmbuild/SRPMS/*.src.rpm
+sudo chown -R $USER ${REPO_DIR}
+
+# Move the logs out of the way.
+mv ${REPO_DIR}/*.log $WORKSPACE
+
+# Create a repo of the built RPMs.
+createrepo_c ${REPO_DIR}
+
+# Prepare to upload to swift.
+mkdir -p ~/.config/openstack
+cp $OPENSTACK_CREDS ~/.config/openstack/clouds.yml
+export OS_CLOUD=psi
+
+# Upload repository to swift.
+pushd repo
+    find * -type f -print | xargs openstack object create -f value $CONTAINER
+popd
\ No newline at end of file
diff --git a/schutzbot/run_tests.sh b/schutzbot/run_tests.sh
index b958c3bc..81dcb0a2 100755
--- a/schutzbot/run_tests.sh
+++ b/schutzbot/run_tests.sh
@@ -1,20 +1,27 @@
 #!/bin/bash
 set -euxo pipefail
 
-# Read variables about the OS.
+# Get OS details.
 source /etc/os-release
 
+# Set up a dnf repository for the RPMs we built via mock.
+sudo tee /etc/yum.repos.d/osbuild-mock.repo > /dev/null << EOF
+[osbuild-mock]
+name=osbuild mock ${BUILD_TAG} ${ID}${VERSION_ID//./}
+baseurl=${MOCK_REPO_BASE_URL}/${BUILD_TAG}/${ID}${VERSION_ID//./}
+enabled=1
+gpgcheck=0
+# Default dnf repo priority is 99. Lower number means higher priority.
+priority=5
+EOF
+
+# Verify that the repository we added is working properly.
+dnf list all | grep osbuild-mock
+
 # Create temporary directories for Ansible.
 sudo mkdir -vp /opt/ansible_{local,remote}
 sudo chmod -R 777 /opt/ansible_{local,remote}
 
-# Remove Fedora modular repositories to speed up dnf-json.
-sudo rm -rfv /etc/yum.repos.d/fedora*modular*
-
-# Ensure /tmp is mounted on tmpfs.
-sudo systemctl enable tmp.mount || \
-  sudo systemctl unmask tmp.mount && sudo systemctl start tmp.mount
-
 # Restart systemd to work around some Fedora issues in cloud images.
 sudo systemctl restart systemd-journald
 
@@ -28,17 +35,9 @@ preserve_journal() {
 }
 trap "preserve_journal" ERR
 
-# Ensure Ansible is installed.
-if ! rpm -q ansible; then
-  sudo dnf -y install ansible
-fi
-
 # Write a simple hosts file for Ansible.
 echo -e "[test_instances]\nlocalhost ansible_connection=local" > hosts.ini
 
-# Set Ansible's config file location.
-export ANSIBLE_CONFIG=ansible-osbuild/ansible.cfg
-
 # Get the SHA of osbuild which Jenkins checked out for us.
 OSBUILD_VERSION=$(git rev-parse HEAD)
 
@@ -47,21 +46,24 @@ OSBUILD_VERSION=$(git rev-parse HEAD)
 # the pull request into the repo. This creates a new SHA that exists only in
 # Jenkins. We use ${WORKSPACE} below to tell ansible-osbuild to use the clone
 # that Jenkins made for testing osbuild.
+export ANSIBLE_CONFIG=ansible-osbuild/ansible.cfg
 git clone https://github.com/osbuild/ansible-osbuild.git ansible-osbuild
 ansible-playbook \
   -i hosts.ini \
-  -e osbuild_repo_url=${WORKSPACE} \
-  -e osbuild_version=$(git rev-parse HEAD) \
-  -e install_source=mock \
+  -e install_source=os \
   ansible-osbuild/playbook.yml
 
+# Ensure the testing package is installed.
+sudo dnf -y install osbuild-composer-tests
+
 # Run the image tests from osbuild-composer to stress-test osbuild.
+git clone https://github.com/osbuild/osbuild-composer
 ansible-playbook \
   -e workspace=${WORKSPACE} \
   -e journald_cursor="${JOURNALD_CURSOR}" \
   -e test_type=${TEST_TYPE:-image} \
   -i hosts.ini \
-  /tmp/git_repos/osbuild-composer/schutzbot/test.yml
+  osbuild-composer/schutzbot/test.yml
 
 # Collect the systemd journal anyway if we made it all the way to the end.
 sudo journalctl --after-cursor=${JOURNALD_CURSOR} > systemd-journald.log