Bugzilla – Full Text Bug Listing
| Summary: | OSSRH configuration issues on releng jipp | ||
|---|---|---|---|
| Product: | Community | Reporter: | Sravan Kumar Lakkimsetti <sravankumarl> |
| Component: | CI-Jenkins | Assignee: | CI Admin Inbox <ci.admin-inbox> |
| Status: | CLOSED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | P3 | CC: | akurtakov, christian.dietrich.opensource, daniel_megert, frederic.gurr, mlippert, ned.twigg, stephan.herrmann, Vikas.Chandra, webmaster |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | Windows 10 | ||
| Whiteboard: | |||
| Bug Depends on: | |||
| Bug Blocks: | 561184 | ||
|
Description
Sravan Kumar Lakkimsetti
I will take a look at this after the 2020-03 release. We usually try to separate OSSRH deployments by project. So each project should deploy it's artifacts from it's own CI instance. In bug 484004 comment 17, you mentioned that you would like to do the deployment from the Releng JIPP. Please remind me (it's been a while): Is there a technical reason, why it could not be done from the individual JIPPs (PDE, JDT, etc)? The way I developed this family of builds, all starts from a central aggregation that conditions all of the SDK. *If* the result of that job can easily be made accessible for jobs on other JIPPs I don't see technical reasons against running the actual upload on the platform, jdt and pde JIPPs. OTOH, unlike other projects, we don't have three independent build engineers, but all three projects rely on the same few people doing releng work. I.e., if fixing s.t. in this process requires collaboration of more people due to permissions on different JIPPs then this would be a step backwards. My 2ct. Can this central aggregation be split up or duplicated? Handling permissions on different JIPPs should be no problem. (In reply to Frederic Gurr from comment #4) > Can this central aggregation be split up or duplicated? Split up would require fresh validation whether all relevant content is found. Duplicated would create significant overhead, space & time. Is it true establishing that shared access to a directory is harder these days than redesigning a complex build? (In reply to Stephan Herrmann from comment #5) > Is it true establishing that shared access to a directory is harder these > days than redesigning a complex build? Is it true that establishing shared access to a directory is harder these days than redesigning a complex build? (no offense intended, I'm really asking). (In reply to Stephan Herrmann from comment #6) > Is it true that establishing shared access to a directory is harder these > days than redesigning a complex build? (no offense intended, I'm really > asking). None taken. As always, it depends. :) If the shared directory is on download.eclipse.org and accessible by all JIPPs, than it should be easy (apart from challenges with direct file level access from JIPPs on the new infra... but that's another topic). Otherwise, accessing build artifacts across Jenkins instances can be messy and take some time (depending on the size of the files). So it might be cleaner and faster to duplicate a job like CBI_aggregator (that only takes 5 minutes) and run it on three(?) Jenkins instances. (In reply to Frederic Gurr from comment #2) > We usually try to separate OSSRH deployments by project. So each project > should deploy it's artifacts from it's own CI instance. > > In bug 484004 comment 17, you mentioned that you would like to do the > deployment from the Releng JIPP. Please remind me (it's been a while): > Is there a technical reason, why it could not be done from the individual > JIPPs (PDE, JDT, etc)? We have one release engineer for JDT, PDE, Platform and Equinox. But the engineer may not have committer rights in all of them(I have only Platform and Equinox). This blocks release engineer to run jobs on other JIPPs even when all permissions are provided in the acl of the job(the error message I get is pending—‘sravankumarl@xxxx.com’ lacks permission to run on ‘migration-agent-d1ql5) Since our release engineers are committers on Platform, I prefer having these on releng JIPP(this is special JIPP used for all release engineering activities of above mentioned 4 projects) Ok. Thanks for the insight. For now, we will stick to the old/existing solution of handling all OSSRH deployments from the Releng JIPP. @Sravan: the project specific Maven settings files will (by default) be accessible here: * /home/jenkins/.m2/settings-deploy-ossrh-jdt.xml * /home/jenkins/.m2/settings-deploy-ossrh-pde.xml If you use a custom pod template, a few extra volume mounts will have to be added to the pod configuration. So far we've only set this up for JDT and PDE, since there are no OSSRH credentials for Platform and Equinox. OSSRH deployment on the new infra requires the steps outlined here: https://wiki.eclipse.org/Jenkins#How_can_artifacts_be_deployed_to_OSSRH_.2F_Maven_Central.3F Make sure to select the right secret-subkeys.asc secret file (there is one for each project). (In reply to Frederic Gurr from comment #9) > Ok. Thanks for the insight. > > For now, we will stick to the old/existing solution of handling all OSSRH > deployments from the Releng JIPP. > > @Sravan: the project specific Maven settings files will (by default) be > accessible here: > * /home/jenkins/.m2/settings-deploy-ossrh-jdt.xml > * /home/jenkins/.m2/settings-deploy-ossrh-pde.xml > > If you use a custom pod template, a few extra volume mounts will have to be > added to the pod configuration. > > So far we've only set this up for JDT and PDE, since there are no OSSRH > credentials for Platform and Equinox. > > OSSRH deployment on the new infra requires the steps outlined here: > https://wiki.eclipse.org/Jenkins#How_can_artifacts_be_deployed_to_OSSRH_. > 2F_Maven_Central.3F > > Make sure to select the right secret-subkeys.asc secret file (there is one > for each project). Thanks Fred I am working on it now. I am able to publish pde artifacts to maven central regarding platform and equinox then both are published to platform project org.eclipse.platform. We don't have a separate equinox project in OSSRH. the earlier config file used to be available at /opt/public/hipp/homes/genie.releng/.m2/settings-deploy-ossrh-platform.xml how do we proceed for platform and equinox? (In reply to Sravan Kumar Lakkimsetti from comment #11) > I am able to publish pde artifacts to maven central Does it work for JDT? > regarding platform and equinox then both are published to platform project > org.eclipse.platform. We don't have a separate equinox project in OSSRH. > > the earlier config file used to be available at > /opt/public/hipp/homes/genie.releng/.m2/settings-deploy-ossrh-platform.xml > > how do we proceed for platform and equinox? There are no OSSRH/GPG credentials set up for platform itself, but for eclipse.platform.releng. I have added the required credentials (secret-subkeys-releng.asc) and the Maven settings file (/home/jenkins/.m2/settings-deploy-ossrh-releng.xml). Please test it. (In reply to Frederic Gurr from comment #12) > (In reply to Sravan Kumar Lakkimsetti from comment #11) > > I am able to publish pde artifacts to maven central > Does it work for JDT? > Yes It worked with JDT. I published JDT artifacts yesterday > > regarding platform and equinox then both are published to platform project > > org.eclipse.platform. We don't have a separate equinox project in OSSRH. > > > > the earlier config file used to be available at > > /opt/public/hipp/homes/genie.releng/.m2/settings-deploy-ossrh-platform.xml > > > > how do we proceed for platform and equinox? > There are no OSSRH/GPG credentials set up for platform itself, but for > eclipse.platform.releng. > > I have added the required credentials (secret-subkeys-releng.asc) and the > Maven settings file (/home/jenkins/.m2/settings-deploy-ossrh-releng.xml). > Please test it. I am testing it now (In reply to Sravan Kumar Lakkimsetti from comment #13) > (In reply to Frederic Gurr from comment #12) > > (In reply to Sravan Kumar Lakkimsetti from comment #11) > > > I am able to publish pde artifacts to maven central > > Does it work for JDT? > > > Yes It worked with JDT. I published JDT artifacts yesterday > > > > regarding platform and equinox then both are published to platform project > > > org.eclipse.platform. We don't have a separate equinox project in OSSRH. > > > > > > the earlier config file used to be available at > > > /opt/public/hipp/homes/genie.releng/.m2/settings-deploy-ossrh-platform.xml > > > > > > how do we proceed for platform and equinox? > > There are no OSSRH/GPG credentials set up for platform itself, but for > > eclipse.platform.releng. > > > > I have added the required credentials (secret-subkeys-releng.asc) and the > > Maven settings file (/home/jenkins/.m2/settings-deploy-ossrh-releng.xml). > > Please test it. > > I am testing it now I am able to publish platform and equinox artifacts also. During this work we migrated publishing jobs to JIRO. This bug can be closed now. (In reply to Sravan Kumar Lakkimsetti from comment #14) > During this work we migrated publishing jobs to JIRO. > > This bug can be closed now. Thanks Sravan & Fred! Thanks for the feedback. |