├── .gitignore ├── LICENSE ├── NOTICE ├── README.md ├── Vagrantfile ├── ansible.cfg ├── automationPending.md ├── bin └── ask_vault_pw.sh ├── conf-ec2 ├── dynamodb.json ├── ebs-create-vol.json ├── ec2-role-trust-policy.json ├── jenkins-ec2-start-stop.json ├── keypair.rb └── userdata │ ├── linux-2-ephemeral-2-homes │ ├── linux-2-ephemeral-one-home │ └── win2012.txt ├── doc ├── client-setup.md ├── design.md ├── genesis.md ├── maintenance.md └── overview.md ├── externalScripts └── jobs │ └── integrate │ └── bootstrap ├── group_vars └── all ├── roles ├── .gitignore ├── artifactory │ ├── files │ │ └── artifactory.config.xml │ ├── handlers │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── common │ ├── files │ │ ├── ansible.pem │ │ └── jvm-select │ ├── handlers │ │ └── main.yml │ └── tasks │ │ ├── ec2.yml │ │ ├── main.yml │ │ └── windows.txt ├── jenkins │ ├── files │ │ ├── credentials.xml │ │ ├── hudson.plugins.emailext.ExtendedEmailPublisher.xml │ │ ├── hudson.plugins.throttleconcurrents.ThrottleJobProperty.xml │ │ ├── hudson.tasks.Mailer.xml │ │ ├── jenkins.model.DownloadSettings.xml │ │ ├── jenkins.model.JenkinsLocationConfiguration.xml │ │ ├── jobs │ │ │ ├── bootstrap-benchmark │ │ │ │ └── config.xml │ │ │ ├── compiler-benchmark │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-integrate-bootstrap │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-integrate-community-build │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-integrate-ide │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-integrate-main │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-integrate-windows │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-jdk8-integrate-community-build │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-release-main │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-release-package-unix │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-release-package-windows │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-release-smoketest │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-release-website-archives │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-release-website-update-api │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-release-website-update-current │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-validate-main │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-validate-publish-core │ │ │ │ └── config.xml │ │ │ ├── scala-2.11.x-validate-test │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.0-release-website-archives │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.x-integrate-bootstrap │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.x-integrate-community-build │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.x-integrate-ide │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.x-integrate-main │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.x-integrate-windows │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.x-release-main │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.x-release-package-unix │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.x-release-package-windows │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.x-release-smoketest │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.x-release-website-archives │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.x-release-website-update-api │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.x-validate-main │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.x-validate-publish-core │ │ │ │ └── config.xml │ │ │ ├── scala-2.12.x-validate-test │ │ │ │ └── config.xml │ │ │ ├── scala-2.13.x-integrate-bootstrap │ │ │ │ └── config.xml │ │ │ ├── scala-2.13.x-integrate-community-build │ │ │ │ └── config.xml │ │ │ ├── scala-2.13.x-integrate-ide │ │ │ │ └── config.xml │ │ │ ├── scala-2.13.x-integrate-main │ │ │ │ └── config.xml │ │ │ ├── scala-2.13.x-integrate-windows │ │ │ │ └── config.xml │ │ │ ├── scala-2.13.x-release-main │ │ │ │ └── config.xml │ │ │ ├── scala-2.13.x-release-package-unix │ │ │ │ └── config.xml │ │ │ ├── scala-2.13.x-release-package-windows │ │ │ │ └── config.xml │ │ │ ├── scala-2.13.x-release-smoketest │ │ │ │ └── config.xml │ │ │ ├── scala-2.13.x-release-website-archives │ │ │ │ └── config.xml │ │ │ ├── scala-2.13.x-release-website-update-api │ │ │ │ └── config.xml │ │ │ ├── scala-2.13.x-validate-main │ │ │ │ └── config.xml │ │ │ ├── scala-2.13.x-validate-publish-core │ │ │ │ └── config.xml │ │ │ └── scala-2.13.x-validate-test │ │ │ │ └── config.xml │ │ ├── nodeMonitors.xml │ │ ├── nodes │ │ │ ├── jenkins-worker-behemoth-1 │ │ │ │ └── config.xml │ │ │ ├── jenkins-worker-behemoth-2 │ │ │ │ └── config.xml │ │ │ ├── jenkins-worker-behemoth-3 │ │ │ │ └── config.xml │ │ │ ├── jenkins-worker-publish │ │ │ │ └── config.xml │ │ │ ├── jenkins-worker-windows-publish │ │ │ │ └── config.xml │ │ │ ├── kalles │ │ │ │ └── config.xml │ │ │ └── scalabench │ │ │ │ └── config.xml │ │ └── org.jenkinsci.main.modules.sshd.SSHD.xml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ ├── bootstrap-cli.yml │ │ ├── bootstrap.yml │ │ ├── config-bootstrap.xml │ │ ├── main.yml │ │ └── scala-jenkins-config.xml │ └── vars │ │ └── main.yml ├── nginx │ ├── files │ │ ├── dhparam.pem │ │ ├── nginx.conf │ │ ├── scala-ci.crt │ │ └── scala-ci.key.enc │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── nginx-jenkins.conf ├── scabot │ ├── files │ │ ├── post-receive │ │ └── scabot.service │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ ├── production.conf │ │ ├── run │ │ └── scabot.conf │ └── vars │ │ └── main.yml └── worker │ ├── files │ ├── gpg.sbt │ ├── jenkins_lightbend_chara │ ├── jenkins_lightbend_chara.pub │ └── jvm-select │ ├── handlers │ └── main.yml │ ├── tasks │ ├── main.yml │ └── publisher.yml │ ├── templates │ ├── credentials-private-repo │ ├── credentials-sonatype │ ├── m2-settings-pub.xml │ ├── m2-settings.xml │ └── sonatype-curl │ └── vars │ └── main.yml ├── site.yml └── ssl-certs ├── 00 - scala-ci.crt ├── 01 - COMODORSAOrganizationValidationSecureServerCA.crt ├── 02 - COMODORSAAddTrustCA.crt ├── 03 - AddTrustExternalCARoot.crt └── scalaci.openssl.cnf /.gitignore: -------------------------------------------------------------------------------- 1 | .gitignore 2 | .DS_Store 3 | .chef/ 4 | .vagrant/ 5 | ec2-credentials.yml -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Copyright 2015-2019 Lightbend, Inc. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # vagrant up 2 | # install python: 3 | # vagrant ssh ; sudo apt-get update && sudo apt-get install python-dev python-pip -q -y 4 | Vagrant.configure("2") do |config| 5 | 6 | # machine.vm.provision "shell", 7 | # inline: "sudo apt-get update && sudo apt-get install python-dev python-pip -q -y" 8 | 9 | config.vm.provision "ansible" do |ansible| 10 | ansible.verbose = "v" 11 | ansible.playbook = "site.yml" 12 | 13 | ansible.groups = { 14 | "worker" => ["jenkins-worker-publisher"], 15 | "publisher" => ["jenkins-worker-publisher"], 16 | "master" => ["jenkins-master"] 17 | } 18 | end 19 | 20 | config.vm.define "jenkins-master" do |machine| 21 | machine.vm.hostname = "jenkins-master" 22 | machine.vm.network "private_network", ip: "192.168.77.20" 23 | machine.vm.box = "debian/stretch64" 24 | machine.vm.synced_folder ".", "/vagrant", disabled: true 25 | 26 | machine.vm.provider "virtualbox" do |vb| 27 | vb.gui = false 28 | vb.memory = 4096 29 | vb.cpus = 2 30 | end 31 | end 32 | 33 | config.vm.define "jenkins-worker-publisher" do |machine| 34 | machine.vm.hostname = "jenkins-worker-publisher" 35 | machine.vm.network "private_network", ip: "192.168.77.30" 36 | machine.vm.box = "debian/stretch64" 37 | machine.vm.synced_folder ".", "/vagrant", disabled: true 38 | 39 | machine.vm.provider "virtualbox" do |vb| 40 | vb.gui = false 41 | vb.memory = 1024 42 | vb.cpus = 1 43 | end 44 | end 45 | 46 | end 47 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | # config file for ansible -- https://ansible.com/ 2 | # =============================================== 3 | 4 | # nearly all parameters can be overridden in ansible-playbook 5 | # or with command line flags. ansible will read ANSIBLE_CONFIG, 6 | # ansible.cfg in the current working directory, .ansible.cfg in 7 | # the home directory or /etc/ansible/ansible.cfg, whichever it 8 | # finds first 9 | 10 | [defaults] 11 | vault_password_file = bin/ask_vault_pw.sh 12 | 13 | pipelining = true 14 | 15 | # controls whether Ansible will raise an error or warning if a task has no 16 | # choice but to create world readable temporary files to execute a module on 17 | # the remote machine. This option is False by default for security. Users may 18 | # turn this on to have behaviour more like Ansible prior to 2.1.x. See 19 | # https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user 20 | # for more secure ways to fix this than enabling this option. 21 | allow_world_readable_tmpfiles = true -------------------------------------------------------------------------------- /automationPending.md: -------------------------------------------------------------------------------- 1 | # Manual steps pending automation 2 | Where we list manual interventions on our infra, and ideally how to automate them in the future. 3 | 4 | ## New pubring.gpg 5 | To try to resolve the tailure to gpg sign the deployment in https://scala-ci.typesafe.com/job/scala-2.11.x-integrate-bootstrap/1126/consoleText, 6 | I noticed that our key had expired on jenkins-worker-ubuntu-publish: 7 | 8 | ``` 9 | jenkins@ip-172-31-15-209:/home/ubuntu$ gpg --list-keys 10 | /home/jenkins/.gnupg/pubring.gpg 11 | -------------------------------- 12 | pub 2048R/B41F2BCE 2013-04-30 [expired: 2017-04-30] 13 | uid Scala Project 14 | ``` 15 | 16 | I had previously created a new signature on the public key with a new expiry date on my own machine: 17 | 18 | ``` 19 | ➜ ~ gpg --list-key 20 | /Users/adriaan/.gnupg/pubring.gpg 21 | --------------------------------- 22 | 23 | pub rsa2048 2013-04-30 [SCEA] [expires: 2019-05-16] 24 | 3D3A4396458FD629DEAE0F88E9DF618BB41F2BCE 25 | uid [ unknown] Scala Project 26 | sub rsa2048 2013-04-30 [SEA] [expires: 2019-05-16] 27 | ``` 28 | 29 | So, I did 30 | 31 | ``` 32 | gpg -a --export 3D3A4396458FD629DEAE0F88E9DF618BB41F2BCE > 3d3a.key 33 | scp 3d3a.key jenkins-worker-ubuntu-publish:~/ 34 | ``` 35 | 36 | and on the worker: 37 | ``` 38 | jenkins@ip-172-31-15-209:/home/ubuntu$ gpg --import 3d3a.key 39 | gpg: key B41F2BCE: "Scala Project " 3 new signatures 40 | gpg: Total number processed: 1 41 | gpg: new signatures: 3 42 | gpg: no ultimately trusted keys found 43 | jenkins@ip-172-31-15-209:/home/ubuntu$ gpg --list 44 | gpg: Option "--list" is ambiguous 45 | jenkins@ip-172-31-15-209:/home/ubuntu$ gpg --list-keys 46 | /home/jenkins/.gnupg/pubring.gpg 47 | -------------------------------- 48 | pub 2048R/B41F2BCE 2013-04-30 [expires: 2019-05-16] 49 | uid Scala Project 50 | sub 2048R/202D3646 2013-04-30 [expires: 2019-05-16] 51 | ``` 52 | 53 | 54 | ## Alternate JDK installation 55 | 56 | Jason installed, or plans to install, Graal, Java 9 and J9 JDKs on the behemoth-workers to support. I'll add a transcript here when I next update them. 57 | 58 | ## cloc 59 | 60 | Seth did `sudo apt-get install cloc` on behemoth 2 so we can count lines of code in the 61 | Scala community build. 62 | 63 | ## curl 64 | 65 | Adriaan installed curl to /usr/bin/curl.exe (how?) 66 | 67 | ## ant 68 | 69 | Adriaan installed ant to /cygdrive/c/apache-ant-1.9.6: "just unzip the archive and set ANT_HOME and PATH accordingly in windows node env vars", he writes 70 | 71 | ## Git 72 | 73 | Seth installed Git 2.5.3 to /cygdrive/c/Program Files (x86)/Git-2.5.3 by downloading a GUI-based installer from https://git-for-windows.github.io (I think it was from there and not http://www.git-scm.com, or does it even matter?) and running it through CoRD. 74 | 75 | the needed longpaths setting is done through Chef via recipes/_worker-config-windows-cygwin.rb 76 | 77 | ## JDK 8 78 | 79 | "we have also contemplated manually installing JDK 8 as a quick and 80 | dirty way to get the 2.12 tests running on Windows (#142)" -- did this happen? 81 | not sure 82 | -------------------------------------------------------------------------------- /bin/ask_vault_pw.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # from https://coderwall.com/p/cjiljw/use-macos-keychain-for-ansible-vault-passwords -- nice! 4 | security find-generic-password -s "ansible vault" -w 5 | -------------------------------------------------------------------------------- /conf-ec2/dynamodb.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Action": [ 6 | "dynamodb:*" 7 | ], 8 | "Effect": "Allow", 9 | "Resource": "*" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /conf-ec2/ebs-create-vol.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:AttachVolume", 8 | "ec2:CreateVolume", 9 | "ec2:ModifyVolumeAttribute", 10 | "ec2:DescribeVolumeAttribute", 11 | "ec2:DescribeVolumeStatus", 12 | "ec2:DescribeVolumes", 13 | "ec2:DetachVolume", 14 | "ec2:EnableVolumeIO" 15 | ], 16 | "Resource": [ "*" ] 17 | } 18 | ] 19 | } -------------------------------------------------------------------------------- /conf-ec2/ec2-role-trust-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "", 6 | "Effect": "Allow", 7 | "Principal": { 8 | "Service": "ec2.amazonaws.com" 9 | }, 10 | "Action": "sts:AssumeRole" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /conf-ec2/jenkins-ec2-start-stop.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstanceAttribute", 8 | "ec2:DescribeInstanceStatus", 9 | "ec2:DescribeInstances", 10 | "ec2:StartInstances", 11 | "ec2:StopInstances" 12 | ], 13 | "Resource": [ "*" ] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /conf-ec2/keypair.rb: -------------------------------------------------------------------------------- 1 | require 'json' 2 | require 'net/ssh' 3 | 4 | key = OpenSSL::PKey::RSA.new(4096) 5 | puts JSON.generate({"private_key" => key.to_pem, "public_key" => "#{key.ssh_type} #{[key.to_blob].pack('m0')}"}) 6 | -------------------------------------------------------------------------------- /conf-ec2/userdata/linux-2-ephemeral-2-homes: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | mounts: 4 | - [ ephemeral0, /home/jenkins-pub ] 5 | - [ ephemeral1, /home/jenkins-priv ] -------------------------------------------------------------------------------- /conf-ec2/userdata/linux-2-ephemeral-one-home: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | mounts: 4 | - [ ephemeral0, /home/jenkins ] 5 | - [ ephemeral1, /mnt/ephemeral1 ] -------------------------------------------------------------------------------- /conf-ec2/userdata/win2012.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /doc/client-setup.md: -------------------------------------------------------------------------------- 1 | # Setup 2 | 3 | This document has how-to information for new team members wishing to 4 | help maintain the CI infrastructure. 5 | 6 | It's assumed you're using Mac OS X. (We imagine most of the 7 | instructions would work on Linux as well, with minor changes.) 8 | 9 | One-time setup instructions for the CI infrastructure _as a whole_ 10 | are in a separate document, [genesis.md](genesis.md). 11 | 12 | 13 | ## Hosts and SSH config 14 | 15 | To make it easier to connect to the EC2 nodes, perform the following 16 | steps. They aren't strictly necessary, but the rest of this document 17 | assumes them. 18 | 19 | ### /etc/hosts 20 | 21 | Add the following to your /etc/hosts file: 22 | 23 | ``` 24 | 54.67.111.226 jenkins-master 25 | 54.67.33.167 jenkins-worker-publish 26 | 54.153.2.9 jenkins-worker-behemoth-1 27 | 54.153.1.99 jenkins-worker-behemoth-2 28 | 54.183.156.89 jenkins-worker-behemoth-3 29 | 30 | ``` 31 | 32 | Note that the IPs are stable, by allocating elastic IPs and associating them to nodes. 33 | 34 | (The list doesn't include jenkins-worker-windows-publish because 35 | it's only ssh-able from jenkins-master itself; see below.) 36 | 37 | ### SSH configuration 38 | 39 | Add the following to your `~/.ssh/config`: 40 | 41 | ``` 42 | Host jenkins-worker-publish 43 | IdentityFile /Users/adriaan/.ssh/ansible.pem 44 | User admin 45 | 46 | Host jenkins-worker-behemoth-1 47 | IdentityFile /Users/adriaan/.ssh/ansible.pem 48 | User admin 49 | 50 | Host jenkins-worker-behemoth-2 51 | IdentityFile /Users/adriaan/.ssh/ansible.pem 52 | User admin 53 | 54 | Host jenkins-worker-behemoth-3 55 | IdentityFile /Users/adriaan/.ssh/ansible.pem 56 | User admin 57 | 58 | Host jenkins-master 59 | IdentityFile /Users/adriaan/.ssh/ansible.pem 60 | User admin 61 | 62 | Host scabot 63 | HostName jenkins-master 64 | User scabot 65 | 66 | Host jenkins-worker-windows-publish 67 | HostName 172.31.0.178 68 | IdentityFile ~/.ssh/scala-jenkins.pem 69 | User jenkins 70 | ProxyCommand ssh -q -W %h:%p jenkins-master 71 | 72 | Host influxdb 73 | HostName 172.31.0.100 74 | User ubuntu 75 | ProxyCommand ssh -q -W %h:%p jenkins-master 76 | ``` 77 | 78 | Verify that you can actually ssh to the various machines. 79 | 80 | But note that only master is always up. You can bring any node up by 81 | launching the associated worker on Jenkins, which uses the 82 | https://github.com/lightbend/ec2-start-stop Jenkins plugin. 83 | 84 | ## AWS setup 85 | 86 | For many tasks, it's sufficient to have access to Jenkins and Chef 87 | and ssh access to the nodes. 88 | 89 | To do some kinds of administration, or to remotely control the 90 | desktop of a Windows node (see "Windows setup" below), you'll 91 | need an AWS account. 92 | 93 | ### Install AWS client 94 | 95 | To talk to AWS instances, you'll need to: 96 | 97 | ``` 98 | brew install awscli 99 | ``` 100 | 101 | [awscli](https://aws.amazon.com/cli/) is the command-line interface 102 | for AWS, consisting of a single command called `aws`. 103 | 104 | Next, you'll need a PGP public key. If you want, an easy way to get 105 | one is to use keybase.io to create it. (Have an existing member (such 106 | as Adriaan) send you a keybase invite, so you don't have to wait in 107 | the queue for an account.) 108 | 109 | Send Adriaan your public key (e.g. by sending him a URL such as 110 | https://keybase.io/sethtisue, or by sending him the actual key 111 | which normally begins: `-----BEGIN PGP PUBLIC KEY BLOCK-----`). 112 | He will use it to encrypt your credentials. 113 | 114 | ### Get an AWS account 115 | 116 | Ask Adriaan to make an account for you, under the typesafe-scala 117 | account. (Another person who can help with this is Ed Callahan.) 118 | Verify that you are able to 119 | [log in to the AWS Console](https://typesafe-scala.signin.aws.amazon.com/console). 120 | 121 | ## Windows setup 122 | 123 | For most infrastructure work, you'll be dealing primarily with our 124 | Linux instances, but Windows is also part of our infrastructure. For 125 | example, we build our Windows release bundles on a virtual Windows box 126 | (`jenkins-worker-windows-publish`). It can also be helpful to have 127 | access to a virtual Windows instance to test Windows-specific changes 128 | to Scala. 129 | 130 | The Windows node is accessible via ssh from jenkins-master. You can 131 | also use the graphical desktop if you need to (e.g. to run a GUI 132 | installer). Details on both of these options follow. 133 | 134 | ### Remote access (command line) 135 | 136 | Instead of using a key of your own to ssh in like on the Linux nodes, 137 | access is via a shared keypair. ("Windows sshd is harder to 138 | configure" than on Linux, comments Adriaan.) 139 | 140 | You can't ssh directly to the Windows node, but you can get there by 141 | ssh'ing to jenkins-master first. From jenkins-master, do: 142 | 143 | sudo su jenkins 144 | ssh -i ~/.ssh/id_worker_windows jenkins@172.31.0.178 145 | 146 | which should get you to a Cygwin prompt. (If it doesn't work, maybe 147 | you forgot to bring the Windows node online first?) 148 | 149 | Keys are stored using ansible vault. 150 | 151 | ### Remote access (graphical) 152 | 153 | If something is so broken you can't get in that way, 154 | or if you need to run some GUI thing like an installer, use 155 | WinRM (Windows Remote Management) to drop down to graphical access. 156 | [CoRD](http://cord.sourceforge.net) "is a Mac OS X remote desktop 157 | client for Microsoft Windows computers" that speaks WinRM. You can 158 | install it with [Homebrew Cask](http://caskroom.io): 159 | 160 | ``` 161 | brew cask install cord 162 | ``` 163 | 164 | There is some advice on setting up and troubleshooting Windows 165 | connections in the "Maintenance" section of this documentation. 166 | -------------------------------------------------------------------------------- /doc/design.md: -------------------------------------------------------------------------------- 1 | (Adriaan's original notes. some of this material is now covered 2 | in overview.md. some pieces may be only historical now) 3 | 4 | # Design for scala-ci.typesafe.com 5 | 6 | Jenkins on EC2, configured using ansible (not documented since it happened in a rush when moving away from chef...) 7 | 8 | * centered around GitHub & future move to Travis CI 9 | * no nightly builds (not supported on Travis) -- run integration on every merge 10 | * a job is tied to a main repo, which has the code it’s building/testing + scripts to do so (script is named after jenkins job) 11 | * minimize turnaround time, CPU/RAM usage (EC2 nodes have 7.5 GiB RAM / 4 vCPUs) 12 | * jobs have same set of params that define the tested commit (user/repo#gitref) 13 | * for testing, can be changed to different github user/gitref 14 | * job concisely captures all relevant data 15 | * jenkins gives us: changes since last build (since 1 job = 1 repo) 16 | * job-specific params incorporated into job title 17 | * use jenkins strictly as a job scheduler/dashboard 18 | * archive logs, builds elsewhere 19 | * configuration is handled by ansible 20 | * the jenkins server/workers are considered stateless & opaque 21 | * infrastructure is fully defined in ansible config 22 | * worker nodes have home directory mounted on device that is wiped on reboot (ephemeral storage on EC2) 23 | * as little information as possible in jenkins job config: standardize common stuff & extract logic to scripts 24 | * use maven to store and communicate compiled artifacts 25 | * every commit has artifacts on our artifactory, use them for running test suite downstream, git bisect,... 26 | * can we move to a cycle where modules are always built with a previous, binary compatible (possibly internal, e.g., 2.12.0-strap used to bootstrap 2.12.0) release, well before the public release, so that we can always run the release job in one go? 27 | * tag jobs 28 | * public --> for security, PR validation etc can only run on worker with this label (other workers have API keys etc for publishing) 29 | * publish --> has sensitive data to allow publishing -- only run after merge 30 | * linux/windows 31 | * move away from bash, towards sbt 32 | * use small repeatable, jobs 33 | * pr validation 34 | * validates every commit builds, passes test suite (don’t test integration -- that’s done after merge) 35 | * doesn’t test merged commit because it’s a lie (target branch may move before merge button is clicked --> merged commits are tested separately, replacing current nightly build) 36 | * github webhook: 37 | * ensures the scala-pr-validator flow is started on jenkins with the right params 38 | * sets milestone 39 | * adds reviewed label 40 | * jenkins: 41 | * the flow pings the webhook when it starts, so it can be removed from the pr-validator's queue 42 | * each job in the flow sets the commit status (github now supports multiple reporters per commit) 43 | * each job in the flow can be restarted on jenkins (and will adjust the commit’s status by the previous bullet) 44 | 45 | # TODO 46 | 47 | * test security setting/authentication 48 | * mergely builds instead of nightlies 49 | * We had about 1.8 merges per day on scala/scala in 2014 (merged 634 of 1100 received PRs), so it seems feasible to move from nightly to “mergely” builds 50 | * every commit should be built only once, published to artifactory 51 | * run test suite using published compiler instead of rebuilding it 52 | * release job (== nightly) runs for every merge commit 53 | 54 | 55 | # Jobs 56 | 57 | * build core (library/reflect/compiler) 58 | * run test suite 59 | * full integration testing 60 | * rangepos 61 | * IDE 62 | * community build 63 | * scala/scala-dist packaging 64 | 65 | # Timing 66 | 67 | * every commit must build and pass test suite, on the default part of the matrix 68 | * other jobs * full matrix: only on merge 69 | 70 | # Matrix 71 | 72 | * unix | windows 73 | * jdk 6|7|8|9 74 | 75 | ## Reduce builder load 76 | 77 | * windows builder only used for merge commits: 78 | * packaging for release (jdk 6) 79 | * test suite (jdk 6|8) 80 | 81 | # Dimensioning 82 | 83 | Starting cost, monthly cost between $170 - $300: (us-west-1 == oregon): 84 | 85 | ```text 86 | master: $40 for t2.medium (2 vCPU, 4 GiB RAM, EBS Only) (24 hr/day * 31 day/month * $0.052/hr) 87 | windows: $25 for m3.medium (1 vCPU, 3.75 GiB RAM, 1 x 4 SSD) ( 6 hr/day * 31 day/month * $0.133/hr) 88 | ubuntu: $105 for c3.xlarge (4 vCPU, 7.5 GiB RAM, 2 x 40 SSD) (16 hr/day * 31 day/month * $0.210/hr) 89 | builder-prime: < $130 for c3.xlarge (4 vCPU, 7.5 GiB RAM, 2 x 40 SSD) (20 hr/day * 31 day/month * $0.210/hr) 90 | ``` 91 | 92 | Once we gain some experience, use reserved instances (prefer amazon linux because the reserved instance type can be changed), tentatively: 93 | 94 | ```text 95 | master: $73 for m3.large (2 vCPU, 7.5 GiB RAM, 1 x 32 SSD) 96 | ubuntu: $106.58 for c3.xlarge (4 vCPU, 7.5 GiB RAM, 2 x 40 SSD) 97 | ``` 98 | 99 | # References 100 | 101 | http://soldering-iron.blogspot.com/2014/01/big-jenkins-servers-of-2013.html 102 | -------------------------------------------------------------------------------- /externalScripts/jobs/integrate/bootstrap: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | baseDir=${WORKSPACE-`pwd`} 4 | scriptsDir="$baseDir/scripts" 5 | . $scriptsDir/common 6 | 7 | # adapted from the boostrap script in scala/scala 8 | sbtArgs="-no-colors -ivy $baseDir/ivy2 -Dsbt.global.base=$HOME/.sbt/0.13 -sbt-dir $HOME/.sbt/0.13" 9 | 10 | cd $baseDir 11 | 12 | function containsCommit(){ 13 | local mb=$(git merge-base $1 HEAD 2> /dev/null) 14 | [[ $1 != "" && $mb == $1 ]] 15 | } 16 | 17 | # - changed version number format to 2.12.2-bin-sha7 18 | # - changed relese repo from "scala-release-temp" to "scala-integration" (for "quick" and modules) 19 | # - new $integrationRepoUrl variable to overwrite that repo url 20 | rNewVersionFormat212=8dc0dd4582314d99d5a4fc427933116339b497ed 21 | rNewVersionFormat211=42f813e18160b6ea8dfc9c2ae850a67dd0819773 22 | function fNewVersionFormat(){ 23 | # in this revision, $releaseTempRepoUrl is still used to published "starr" and "locker". but in 24 | # the end, we decided to use the same repo for "locker" and "quick", see https://github.com/scala/scala/pull/5780 25 | releaseTempRepoUrl=${integrationRepoUrl:-"https://scala-ci.typesafe.com/artifactory/scala-integration/"} 26 | source $scriptsDir/jobs/integrate/bootstrap 27 | } 28 | 29 | function setNewScalaVersionStyle(){ 30 | publishToSonatype="no" 31 | 32 | # change to use `generateBuildCharacterPropertiesFile` to get the scala version 33 | local useBuildCharacter=e2b6c7b608b82fca5343f6d09236c2b48b5d824d 34 | if containsCommit $useBuildCharacter; then 35 | $SBT_CMD $sbtArgs 'set baseVersionSuffix in Global := "UNUSED-SUFFIX"' generateBuildCharacterPropertiesFile 36 | parseScalaProperties "buildcharacter.properties" 37 | SCALA_VER_BASE=$maven_version_base 38 | else 39 | parseScalaProperties "build.number" 40 | SCALA_VER_BASE="$version_major.$version_minor.$version_patch" 41 | fi 42 | 43 | local shaSuffix=$(git rev-parse HEAD | cut -c1-7) 44 | local cross="bin" 45 | if [[ $SCALA_VER_BASE =~ ^.*\.0$ ]]; then 46 | cross="pre" 47 | fi 48 | SCALA_VER_SUFFIX="-$cross-$shaSuffix" 49 | } 50 | 51 | # - introducded the $releaseTempRepoUrl variable 52 | rReleaseTempVarName=706d68f863ebffb0f63811afe0835c5f975ba225 53 | function fReleaseTempVarName(){ 54 | setNewScalaVersionStyle 55 | releaseTempRepoUrl=${integrationRepoUrl:-"https://scala-ci.typesafe.com/artifactory/scala-integration/"} 56 | # note: `removeExistingBuilds` in the bootstrap script won't work correctly, as it has 57 | # `scala-release-temp` hard-coded. it will use a wrong query url, which (hopefully) doesn't 58 | # return anything to be removed.. 59 | source $scriptsDir/jobs/integrate/bootstrap 60 | } 61 | 62 | # TODO: support older revisions 63 | 64 | # main 65 | if [ "$publishToSonatype" == "yes" ]; then # don't interfere with release builds 66 | fNewVersionFormat 67 | 68 | elif containsCommit $rNewVersionFormat212 || containsCommit $rNewVersionFormat211; then 69 | fNewVersionFormat 70 | 71 | elif containsCommit $rReleaseTempVarName; then 72 | fReleaseTempVarName 73 | 74 | else 75 | echo "Cannot build revision $(git rev-parse HEAD)" 76 | exit 42 77 | 78 | fi 79 | -------------------------------------------------------------------------------- /group_vars/all: -------------------------------------------------------------------------------- 1 | admin_user: "admin" # "root" for vagrant, on ec2 images, "admin" 2 | server_name: "scala-ci.typesafe.com" 3 | 4 | sbt_launcher_path: "/usr/local/lib/share/" 5 | sbt_version: "0.13.13" 6 | sbt_extras_url: "https://raw.githubusercontent.com/paulp/sbt-extras/715a3a8ba9bf16796eee0b034143acb4594c1d2d/sbt" 7 | sbt_extras_path: '/usr/local/bin' 8 | 9 | artifactory_user: artifactory 10 | artifactory_home: "/var/opt/jfrog/artifactory" 11 | artifactory_etc: "/etc/opt/jfrog/artifactory" 12 | artifactory_port: 8081 13 | 14 | # used both for jenkins worker and master, on worker jenkins_home is overridden to /home/jenkins 15 | jenkins_user: jenkins 16 | jenkins_home: "/var/lib/jenkins" 17 | jenkins_master_port: 8080 18 | 19 | scabot_port: 8888 20 | 21 | ec2_vol_artifactory: { 22 | id : "vol-1fe1a902", 23 | device_name: "/dev/xvdk", 24 | volume_size: 500, 25 | volume_type: "gp2", 26 | delete_on_termination: "no" 27 | } 28 | 29 | ec2_vol_jenkins: { 30 | id: "vol-1ce1a901", 31 | device_name: "/dev/xvdj", 32 | volume_size: 100, 33 | volume_type: "gp2", 34 | delete_on_termination: "no" 35 | } 36 | 37 | ec2_vol_worker: { 38 | device_name: "/dev/xvdj", 39 | volume_size: 100, 40 | volume_type: "gp2", 41 | delete_on_termination: "yes" 42 | } 43 | 44 | ec2_vol_behemoth: { 45 | device_name: "/dev/xvdj", 46 | volume_size: 400, 47 | volume_type: "gp2", 48 | delete_on_termination: "yes" 49 | } 50 | 51 | ec2_vol_worker_swap: { 52 | device_name: "/dev/xvdp", 53 | volume_size: 16, 54 | volume_type: "gp2", 55 | delete_on_termination: "yes" 56 | } 57 | 58 | # ebs on windows, mounted as y: 59 | # volume_size: 50 60 | # device_name: "sdj" 61 | # disk: 'PCIROOT(0)#PCI(1F00)#PCI(1F00)#SCSI(P00T09L00)' # J is the 9th letter in base-0 --> T09(https://technet.microsoft.com/en-us/library/ee851589%28v=ws.10%29.aspx) 62 | # fstype: "ntfs" 63 | 64 | 65 | # ami-6d03030d --> https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch 66 | # the network interface specifies everything relevant (configured manually via the ec2 console, along with security groups and the IAM instance profile stuff) 67 | ec2_instances: [ 68 | {name: "jenkins-master", instance_type: "m4.large", image: "ami-6d03030d", network_interface: "eni-0ea0c09ec4a3df295", instance_profile_name: "JenkinsMaster", groupname: ["master"], volumes: ["{{ec2_vol_jenkins}}", "{{ec2_vol_artifactory}}"]}, 69 | {name: "jenkins-worker-behemoth-1", instance_type: "c4.2xlarge", image: "ami-6d03030d", network_interface: "eni-0e0ccc0b", instance_profile_name: "JenkinsWorker", groupname: ["worker"], volumes: ["{{ec2_vol_behemoth}}", "{{ec2_vol_worker_swap}}"]}, 70 | {name: "jenkins-worker-behemoth-2", instance_type: "c4.2xlarge", image: "ami-6d03030d", network_interface: "eni-8f0dcd8a", instance_profile_name: "JenkinsWorker", groupname: ["worker"], volumes: ["{{ec2_vol_behemoth}}", "{{ec2_vol_worker_swap}}"]}, 71 | {name: "jenkins-worker-behemoth-3", instance_type: "c4.2xlarge", image: "ami-6d03030d", network_interface: "eni-33478936", instance_profile_name: "JenkinsWorker", groupname: ["worker"], volumes: ["{{ec2_vol_behemoth}}", "{{ec2_vol_worker_swap}}"]}, 72 | # not managed by ansible: 73 | # {name: "jenkins-worker-windows-publish", instance_type: "c4.xlarge", network_interface: "eni-78a74a79", instance_profile_name: "JenkinsWorkerPublish"} 74 | ] 75 | 76 | # TODO: 77 | # - reduce duplication between this and (files/nodes/*/config.xml and credentials.xml) 78 | # - rotate keys on windows and kalles, and accept them 79 | # notes: 80 | # - the ip addresses are ultimately defined by the network interface argument for the ec2 instance 81 | jenkins_nodes: [ 82 | {host: "172.31.2.3", privateKeyFile: "/var/lib/jenkins/.ssh/id_worker"}, # 954dd564-ce8c-43d1-bcc5-97abffc81c57 public_ip: "54.153.2.9" 83 | {host: "172.31.2.4", privateKeyFile: "/var/lib/jenkins/.ssh/id_worker"}, # 954dd564-ce8c-43d1-bcc5-97abffc81c57 public_ip: "54.153.1.99" 84 | {host: "172.31.2.5", privateKeyFile: "/var/lib/jenkins/.ssh/id_worker"}, # 954dd564-ce8c-43d1-bcc5-97abffc81c57 public_ip: "54.183.156.89" 85 | # {host: "172.31.0.178", privateKeyFile: "/var/lib/jenkins/.ssh/id_worker_windows"} # 876bcf12-d295-4791-b5bb-98e1d12be978 86 | # {host: "kalles.typesafe.com", privateKeyFile: "/var/lib/jenkins/.ssh/id_worker_kalles"} 87 | # {host: "12.155.180.58", privateKeyFile: "/var/lib/jenkins/.ssh/id_worker"} 88 | ] 89 | -------------------------------------------------------------------------------- /roles/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/scala/scala-jenkins-infra/00878b442d97c52eaf0fc9a818c9bd4b64b7b819/roles/.gitignore -------------------------------------------------------------------------------- /roles/artifactory/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart artifactory 3 | become: true 4 | service: name=artifactory state=restarted enabled=yes 5 | 6 | # https://github.com/systemd/systemd/issues/3568 7 | - name: daemon reload 8 | become: true 9 | shell: systemctl daemon-reload 10 | -------------------------------------------------------------------------------- /roles/artifactory/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add the jfrog gpg key 3 | apt_key: 4 | url: "https://bintray.com/user/downloadSubjectPublicKey?username=jfrog" 5 | state: present 6 | 7 | - name: Add apt repo for artifactory 8 | apt_repository: 9 | repo: "deb https://jfrog.bintray.com/artifactory-debs stretch main" 10 | state: present 11 | update_cache: yes 12 | 13 | - name: Install artifactory 14 | apt: 15 | name: jfrog-artifactory-oss 16 | state: present 17 | update_cache: yes 18 | 19 | - name: Create user 20 | user: name={{artifactory_user}} home={{artifactory_home}} 21 | 22 | # TODO: in addition to the data, should store /var/opt/jfrog/artifactory/{etc,misc, logs} on separate volume as well 23 | - name: Mount artifactory filestore 24 | mount: 25 | src: "{{ec2_vol_artifactory.device_name}}" 26 | path: "{{artifactory_home}}/data" 27 | fstype: ext4 28 | opts: noatime 29 | state: mounted 30 | tags: 31 | - ec2 32 | notify: daemon reload 33 | 34 | - name: Copy artifactory config 35 | copy: src=artifactory.config.xml dest={{artifactory_etc}} owner={{artifactory_user}} 36 | notify: restart artifactory 37 | -------------------------------------------------------------------------------- /roles/common/files/jvm-select: -------------------------------------------------------------------------------- 1 | function jvmSelect(){ 2 | jvmFlavor="$1" 3 | jvmMajorVersion="$2" # currently supporting 6/7/8 on (YUM/debian)-y distros 4 | 5 | jvmRoot="/usr/lib/jvm/" 6 | 7 | # all javac binaries installed on this machine, pruned to be in directory with expected version/flavor 8 | eligibleCmds=$(find -L $jvmRoot -name "javac" -type f -path "*$jvmMajorVersion*$jvmFlavor*" 2> /dev/null) 9 | 10 | unset jdkHome 11 | 12 | # find first jdk home, where home is one dir up from where javac is 13 | for javacCmd in $eligibleCmds; do 14 | if [ ! -d "$jdkHome" ] && ($javacCmd -version 2>&1 | egrep "javac ($jvmMajorVersion|1\.$jvmMajorVersion)\b" &> /dev/null); then 15 | jdkHome=$(cd $(dirname $javacCmd)/.. && pwd) 16 | fi 17 | done 18 | 19 | if [ -d "$jdkHome" ]; then 20 | echo "Java home: $jdkHome" 21 | else 22 | echo "Failed to locate $jvmFlavor Java $jvmMajorVersion in $jvmRoot, containing:" 23 | find $jvmRoot -name "java" 24 | exit 1 25 | fi 26 | 27 | export JAVA_HOME="$jdkHome" 28 | export PATH="$JAVA_HOME/bin:$PATH" 29 | } 30 | -------------------------------------------------------------------------------- /roles/common/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /roles/common/tasks/ec2.yml: -------------------------------------------------------------------------------- 1 | - name: Include ec2 credentials 2 | include_vars: ec2-credentials.yml 3 | 4 | - name: Start instances (since exact_count does not consider stopped ones, see https://github.com/ansible/ansible/issues/20867) 5 | ec2: 6 | aws_access_key: "{{ec2_access_key}}" 7 | aws_secret_key: "{{ec2_secret_key}}" 8 | keypair: ansible 9 | wait: yes 10 | region: us-west-1 11 | instance_tags: 12 | Name: "{{item.name}}" 13 | state: running 14 | 15 | with_items: "{{ec2_instances}}" 16 | 17 | 18 | - name: Ensure there's 1 running instance per item in ec2_instances (by EC2 tag `Name`) 19 | ec2: 20 | aws_access_key: "{{ec2_access_key}}" 21 | aws_secret_key: "{{ec2_secret_key}}" 22 | keypair: ansible 23 | wait: yes 24 | region: us-west-1 25 | ebs_optimized: true 26 | instance_profile_name: "{{item.instance_profile_name}}" 27 | instance_type: "{{item.instance_type}}" 28 | image: "{{item.image}}" 29 | network_interface: "{{item.network_interface}}" 30 | instance_tags: 31 | Name: "{{item.name}}" 32 | count_tag: 33 | Name: "{{item.name}}" 34 | exact_count: 1 35 | 36 | with_items: "{{ec2_instances}}" 37 | register: ec2 38 | 39 | - name: Ensure (existing) EBS volumes are attached to instances 40 | ec2_vol: 41 | aws_access_key: "{{ec2_access_key}}" 42 | aws_secret_key: "{{ec2_secret_key}}" 43 | region: us-west-1 44 | 45 | instance: "{{item.0.tagged_instances.0.id}}" 46 | zone: "{{item.0.tagged_instances.0.placement}}" 47 | 48 | device_name: "{{ item.1.device_name }}" 49 | id: "{{ item.1.id }}" 50 | 51 | with_subelements: 52 | - "{{ ec2.results }}" 53 | - item.volumes 54 | 55 | when: item.1.id is defined 56 | 57 | - name: Ensure (new) EBS volumes are attached to instances 58 | ec2_vol: 59 | aws_access_key: "{{ec2_access_key}}" 60 | aws_secret_key: "{{ec2_secret_key}}" 61 | region: us-west-1 62 | 63 | instance: "{{item.0.tagged_instances.0.id}}" 64 | zone: "{{item.0.tagged_instances.0.placement}}" 65 | 66 | device_name: "{{ item.1.device_name }}" 67 | volume_size: "{{ item.1.volume_size}}" 68 | volume_type: "{{ item.1.volume_type}}" 69 | delete_on_termination: "{{ item.1.delete_on_termination}}" 70 | 71 | with_subelements: 72 | - "{{ ec2.results }}" 73 | - item.volumes 74 | 75 | when: item.1.id is undefined 76 | 77 | - name: Add new instance to host group 78 | add_host: 79 | hostname: "{{ item.0.tagged_instances.0.public_ip }}" 80 | groupname: "{{ item.1 }}" 81 | ansible_user: admin 82 | ansible_ssh_private_key_file: ansible.pem # locally decrypted version of roles/common/files/ansible.pem (I store it in my ~/.ssh/ and symlink to root of this repo) 83 | tags: [ec2] 84 | with_subelements: 85 | - "{{ ec2.results }}" 86 | - item.groupname 87 | 88 | 89 | # 90 | # # - name: Wait for SSH to come up 91 | # # wait_for: 92 | # # host: "{{ item.public_dns_name }}" 93 | # # port: 22 94 | # # delay: 60 95 | # # timeout: 320 96 | # # state: started 97 | # # with_items: "{{ ec2.instances }}" 98 | # 99 | # 100 | -------------------------------------------------------------------------------- /roles/common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Give core team admin access 3 | authorized_key: user="{{admin_user}}" state="present" key="https://github.com/{{item}}.keys" 4 | with_items: 5 | - adriaanm 6 | - lrytz 7 | - SethTisue 8 | - retronym 9 | - szeiger 10 | 11 | - name: Install basic packages 12 | apt: name={{item}} state=present 13 | with_items: 14 | - acl # so that become_user works (uses setfacl) 15 | - apt-transport-https 16 | - openjdk-8-jdk 17 | - git 18 | 19 | - name: Install sbt-extras 20 | get_url: 21 | url: "{{sbt_extras_url}}" 22 | dest: "{{sbt_extras_path}}" 23 | owner: root 24 | mode: "755" 25 | -------------------------------------------------------------------------------- /roles/common/tasks/windows.txt: -------------------------------------------------------------------------------- 1 | # TODO: this needs to be done manually, or somehow ported to ansible 2 | 3 | force="" # set to "NOERR" to force partitioning&formatting the disk 4 | diskpartScript=<<-EOX.gsub(/^ /, '') 5 | select disk #{ebsConfig['disk']} 6 | attributes disk clear readonly 7 | online disk #{force} 8 | create partition primary #{force} 9 | select partition 1 10 | format FS=#{ebsConfig['fstype']} quick 11 | assign LETTER=#{mountPoint} 12 | EOX 13 | script "setupdisk" do 14 | interpreter "diskpart" 15 | flags "/s" 16 | code diskpartScript 17 | not_if { ::File.directory?("#{mountPoint}:\\") } 18 | end 19 | 20 | include_recipe 'chocolatey' 21 | 22 | # using security groups instead 23 | execute "no-win-firewall" do 24 | command "NetSh Advfirewall set allprofiles state off" 25 | end 26 | 27 | 28 | directory 'C:\sbt' 29 | 30 | # include_recipe "sbt-extras" 31 | 32 | # The bit from chef-sbt that's missing in chef-sbt-extras... 33 | # (Easily find the launcher jar for those paranoid jobs that want to invoke sbt using the java command 34 | # could update those scripts to use sbt-extras more carefully, I suppose.) 35 | # TODO: remove and rework scripts 36 | remote_file "#{node['sbt']['launcher_path']}" do 37 | source "https://repo.lightbend.com/typesafe/ivy-releases/org.scala-sbt/sbt-launch/#{node['sbt']['version']}/sbt-launch.jar" 38 | action :create 39 | mode 0755 40 | end 41 | 42 | # the regular resource approach does not work for me 43 | execute 'create jenkins user' do 44 | command "net user /ADD #{workerConfig["jenkinsUser"]}" 45 | not_if "net user #{workerConfig["jenkinsUser"]}" 46 | end 47 | 48 | # also sets core.longpaths true 49 | # without longpaths enabled we have: 50 | # - known problems with `git clean -fdx` failing 51 | # - suspected problems with intermittent build failures due to 52 | # very long paths to some classfiles 53 | cookbook_file 'gitconfig-windows' do 54 | path "#{jenkinsHome}/.gitconfig" 55 | end 56 | 57 | user workerConfig["jenkinsUser"] do 58 | home jenkinsHome 59 | end 60 | 61 | 62 | node["jenkinsHomes"].each do |jenkinsHome, workerConfig| 63 | if workerConfig["publish"] 64 | 65 | # (only) needed for WIX ICE validation (http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Wix-3-5-amp-Cruise-Control-gives-errorLGHT0217-td6039205.html#a6039814) 66 | # wix was failing, added jenkins to this group, rebooted (required!), then it worked 67 | group "Administrators" do 68 | action :modify 69 | members workerConfig["jenkinsUser"] 70 | append true 71 | end 72 | end 73 | end 74 | 75 | # cygwin must be installed manually... C:\Users\Administrator\AppData\Local\Temp\Cygwin\2.7.0\setup-x86_64.exe" --site http://mirrors.kernel.org/sourceware/cygwin/ --packages default --root C:\tools\cygwin --local-package-dir C:\tools\cygwin 76 | #chocolatey_package 'openssh' do 77 | # options '--params="/SSHServerFeature"' 78 | #end 79 | 80 | chocolatey_package 'git' 81 | chocolatey_package 'jdk8' # manually installed jdk-6u45-windows-x64 (have to explicitly select all packages or it won't install the jdk) 82 | chocolatey_package 'ant' do 83 | version "1.9.8" # 1.10 needs jdk8, which is no go for 2.11 84 | end 85 | 86 | 87 | chocolatey_package 'wixtoolset' do 88 | options '--allow-empty-checksums' 89 | action [:install] 90 | end 91 | 92 | 93 | ### CYGWIN: manual install, need packages openssh, curl 94 | 95 | windows_path "#{node['cygwin']['home']}\\bin" do 96 | action :add 97 | end 98 | 99 | # map /home to a separate volume 100 | file "#{node['cygwin']['home']}/etc/fstab" do 101 | content <<-EOH.gsub(/^ /, '') 102 | none /cygdrive cygdrive binary,posix=0,user 0 0 103 | Y: /home ntfs binary 0 0 104 | EOH 105 | end 106 | 107 | cygbash="#{node['cygwin']['home']}/bin/bash.exe" 108 | 109 | # ssh-host-config takes care of setting up the user account for Tcb and other privileges needed for pubkey auth via LSA 110 | require 'securerandom' 111 | bash 'configure sshd' do 112 | interpreter cygbash 113 | environment ({'SHELLOPTS' => 'igncr'}) 114 | 115 | code "ssh-host-config -y -u cyg_server -w #{SecureRandom.base64}" 116 | not_if "cygrunsrv --query sshd | grep Running" 117 | end 118 | 119 | bash 'start sshd' do 120 | interpreter cygbash 121 | environment ({'SHELLOPTS' => 'igncr'}) 122 | 123 | code "cygrunsrv --start sshd" 124 | not_if "cygrunsrv --query sshd | grep Running" 125 | end 126 | 127 | # IMPORTANT NOTE: /etc/sshd_config should have: 128 | # ``` 129 | # StrictModes no 130 | # PubkeyAuthentication yes 131 | # ``` 132 | 133 | # needed to allow pubkey login on windows 134 | # this needs a reboot! 135 | bash 'config lsa' do 136 | interpreter cygbash 137 | environment ({'SHELLOPTS' => 'igncr'}) 138 | 139 | code 'auto_answer="yes" cyglsa-config' 140 | not_if "regtool get '/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Lsa/Authentication Packages' | grep cyglsa" 141 | end 142 | 143 | # IMPORTANT MANUAL STEP: REBOOT -- LSA install won't take effect until after a reboot 144 | 145 | 146 | -------------------------------------------------------------------------------- /roles/jenkins/files/credentials.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | SYSTEM 11 | 954dd564-ce8c-43d1-bcc5-97abffc81c57 12 | Credentials for jenkins - regular workers 13 | jenkins 14 | 15 | /var/lib/jenkins/.ssh/id_worker 16 | 17 | 18 | 19 | SYSTEM 20 | 876bcf12-d295-4791-b5bb-98e1d12be978 21 | Credentials for jenkins - publisher workers 22 | jenkins 23 | 24 | /var/lib/jenkins/.ssh/id_worker_publisher 25 | 26 | 27 | 28 | SYSTEM 29 | a7cd7b60-4e43-48e5-b4d9-cad515e94e5e 30 | Credentials for jenkins - windows workers 31 | jenkins 32 | 33 | /var/lib/jenkins/.ssh/id_worker_windows 34 | 35 | 36 | 37 | SYSTEM 38 | e3e28611-abd6-4d1d-b128-76eac1dd892d 39 | Credentials for kalles (user scala) 40 | scala 41 | 42 | /var/lib/jenkins/.ssh/id_worker_kalles 43 | 44 | 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /roles/jenkins/files/hudson.plugins.emailext.ExtendedEmailPublisher.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | false 4 | UTF-8 5 | text/plain 6 | $PROJECT_NAME - Build # $BUILD_NUMBER - $BUILD_STATUS! 7 | $PROJECT_NAME - Build # $BUILD_NUMBER - $BUILD_STATUS: 8 | 9 | Check console output at $BUILD_URL to view the results. 10 | 11 | 12 | 13 | 14 | hudson.plugins.emailext.plugins.trigger.FailureTrigger 15 | 16 | -1 17 | 18 | 19 | 20 | true 21 | false 22 | false 23 | false 24 | false 25 | false 26 | -------------------------------------------------------------------------------- /roles/jenkins/files/hudson.plugins.throttleconcurrents.ThrottleJobProperty.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 2 6 | 0 7 | cpu-heavy 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /roles/jenkins/files/hudson.tasks.Mailer.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | https://scala-ci.typesafe.com/ 4 | false 5 | UTF-8 6 | -------------------------------------------------------------------------------- /roles/jenkins/files/jenkins.model.DownloadSettings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | false 4 | -------------------------------------------------------------------------------- /roles/jenkins/files/jenkins.model.JenkinsLocationConfiguration.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | adriaan@lightbend.com 4 | https://scala-ci.typesafe.com/ 5 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/compiler-benchmark/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | HTTP 11 | JSON 12 | 13 | https://scala-ci.typesafe.com/benchq/webhooks/jenkins 14 | PUBLIC 15 | 16 | finalized 17 | 30000 18 | 0 19 | 0 20 | 21 | 22 | 23 | 24 | false 25 | false 26 | 27 | 28 | 29 | 30 | 31 | scalaVersion 32 | The Scala version to benchmark, e.g., "2.12.1" or "2.12.2-b9d4089-nightly" 33 | 34 | false 35 | 36 | 37 | sbtCommands 38 | The sbt commands to run, as a JSON array: ["compilation/jmh:run scala.tools.nsc.HotScalacBenchmark -p source=better-files", ...] 39 | 40 | false 41 | 42 | 43 | benchqTaskId 44 | The `id: Long` of the task in the benchmark queue. 45 | 46 | false 47 | 48 | 49 | 50 | 51 | 0 52 | 1 53 | 54 | true 55 | project 56 | false 57 | 58 | 59 | 60 | 61 | 2 62 | 63 | 64 | origin 65 | https://github.com/scala/compiler-benchmark.git 66 | 67 | 68 | 69 | 70 | master 71 | 72 | 73 | false 74 | 75 | 76 | 77 | 78 | 79 | scalabench 80 | false 81 | false 82 | false 83 | false 84 | 85 | false 86 | 87 | 88 | #!/usr/bin/env bash 89 | 90 | set -exo pipefail 91 | 92 | cd ~/code/scala 93 | git config --add remote.origin.fetch '+refs/pull/*/head:refs/remotes/origin/pr/*' 94 | git fetch origin -f --tags 95 | 96 | cd $WORKSPACE 97 | sudo ./scripts/benv reset 98 | sudo ./scripts/benv set -nl 99 | 100 | . ~/bench-tool-paths.sh 101 | 102 | addResolver='set resolvers in ThisBuild ++= List("scala-integration" at "https://scala-ci.typesafe.com/artifactory/scala-integration/", "scala-release-temp" at "https://scala-ci.typesafe.com/artifactory/scala-release-temp/")' 103 | setScalaVersion="set scalaVersion in ThisBuild := \"$scalaVersion\"" 104 | setJmhMain="set every mainClass in Jmh in run := Some(\"scala.bench.UploadingRunner\")" 105 | echo $sbtCommands | jq '.[]' -r | while read cmd; do 106 | sbt \ 107 | "$addResolver" \ 108 | "$setScalaVersion" \ 109 | "$setJmhMain" \ 110 | clean \ 111 | "$cmd" 112 | done 113 | 114 | sudo ./scripts/benv reset 115 | 116 | 117 | 118 | 119 | 120 | **/*.json, target/profile*/**/* 121 | true 122 | false 123 | false 124 | true 125 | true 126 | 127 | 128 | 129 | 130 | xterm 131 | 132 | 133 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.11.x-integrate-ide/config.xml: -------------------------------------------------------------------------------- 1 | 2 | PR integration testing: IDE 3 | 4 | 5 | 6 | 7 | 8 | HTTP 9 | JSON 10 | http://scala-ci.typesafe.com:8888/jenkins 11 | all 12 | 30000 13 | 14 | 15 | 16 | HTTP 17 | JSON 18 | https://scala-ci.typesafe.com/benchq/webhooks/jenkins 19 | all 20 | 30000 21 | 22 | 23 | 24 | 25 | 26 | 27 | repo_user 28 | The github username for the repo to clone. 29 | scala 30 | 31 | 32 | repo_name 33 | The name of the repo to clone. 34 | scala 35 | 36 | 37 | repo_ref 38 | The git ref at ${repo_user}/${repo_name} to build. 39 | 2.11.x 40 | 41 | 42 | 43 | 44 | scalaVersion 45 | Version of Scala to test. Set by main build flow. 46 | 47 | 48 | 49 | 50 | _scabot_pr 51 | For internal use by Scabot. 52 | 53 | 54 | 55 | 56 | _scabot_last 57 | For internal use by Scabot. 58 | 59 | 60 | 61 | 62 | 63 | 2 64 | 0 65 | true 66 | project 67 | 68 | 69 | 70 | 71 | 2 72 | 73 | 74 | ${repo_user} 75 | +refs/heads/*:refs/remotes/${repo_user}/* +refs/pull/*/head:refs/remotes/${repo_user}/pr/*/head 76 | https://github.com/${repo_user}/${repo_name}.git 77 | 78 | 79 | 80 | 81 | ${repo_ref} 82 | 83 | 84 | false 85 | 86 | 87 | 88 | 89 | 90 | 91 | public 92 | false 93 | true 94 | 95 | 96 | 97 | repo_user = build.buildVariableResolver.resolve("repo_user") 98 | repo_name = build.buildVariableResolver.resolve("repo_name") 99 | repo_ref = build.buildVariableResolver.resolve("repo_ref").take(12) 100 | build.setDisplayName("[${build.number}] $repo_user/$repo_name#$repo_ref") 101 | 102 | 103 | 104 | 105 | 106 | #!/bin/bash -ex 107 | 108 | source scripts/jobs/integrate/ide 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 150 117 | 118 | 119 | 120 | 121 | xterm 122 | 123 | 124 | false 125 | 0 126 | true 127 | 128 | 129 | 130 | 131 | 132 | logs/**,**/surefire-reports/* 133 | true 134 | false 135 | false 136 | true 137 | 138 | 139 | pr-scala-integrate-ide@lightbend.com 140 | false 141 | false 142 | 143 | 144 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.11.x-release-main/config.xml: -------------------------------------------------------------------------------- 1 | 2 | TODO: Better description. Build, package and stage a Scala release. 3 | Nightly downloads go to http://www.scala-lang.org/files/archive/nightly/2.11.x/ 4 | Regular ones to http://www.scala-lang.org/files/archive/. 5 | 6 | 7 | 8 | 9 | 10 | HTTP 11 | JSON 12 | http://scala-ci.typesafe.com:8888/jenkins 13 | all 14 | 30000 15 | 16 | 17 | 18 | HTTP 19 | JSON 20 | https://scala-ci.typesafe.com/benchq/webhooks/jenkins 21 | all 22 | 30000 23 | 24 | 25 | 26 | 27 | 28 | 29 | repo_user 30 | The github username for the repo to clone. 31 | scala 32 | 33 | 34 | repo_ref 35 | The git ref at ${repo_user}/${repo_name} to build. 36 | 2.11.x 37 | 38 | 39 | 40 | 41 | SCALA_VER_BASE 42 | When set, a release with version "$SCALA_VER_BASE$SCALA_VER_SUFFIX" will be built. Same effect as for tagging $repo_ref as "v$SCALA_VER_BASE$SCALA_VER_SUFFIX". 43 | 44 | 45 | 46 | 47 | SCALA_VER_SUFFIX 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | true 57 | true 58 | repo_user = build.buildVariableResolver.resolve("repo_user") 59 | repo_name = build.buildVariableResolver.resolve("repo_name") 60 | repo_ref = build.buildVariableResolver.resolve("repo_ref").take(12) 61 | ver = params["SCALA_VER_BASE"] + params["SCALA_VER_SUFFIX"] 62 | build.setDisplayName("[${build.number}] Scala dist ${ver} $repo_user/$repo_name#$repo_ref") 63 | 64 | 65 | if (params.repo_ref) buildParams = params 66 | else buildParams = params + [ "repo_ref" : "v$ver" ] 67 | 68 | buildRun = build(buildParams, "scala-2.11.x-integrate-bootstrap") 69 | 70 | upstreamBuild = buildRun.build 71 | // for testing, to avoid re-running the main build: upstreamBuild = jenkins.model.Jenkins.instance.items.find{it.name == "scala-2.11.x-integrate-bootstrap"}.builds[0] 72 | // defines repo_ref, version, sbtDistVersionOverride 73 | upstreamPropsArtifact = upstreamBuild.artifacts.find{it.name == "jenkins.properties"} 74 | 75 | if (upstreamPropsArtifact == null) { 76 | out.println('Error: bootstrap did not publish "jenkins.properties" artifact, unable to proceed.') 77 | build.state.setResult(Result.FAILURE) 78 | return 79 | } 80 | 81 | buildVersionProps = new java.util.Properties() 82 | buildVersionProps.load(new java.io.FileInputStream(upstreamPropsArtifact.file)) 83 | 84 | testParams = buildParams + buildVersionProps 85 | 86 | parallel ( 87 | { retry(2, { build(testParams, "scala-2.11.x-integrate-community-build") }) }, 88 | { build(testParams, "scala-2.11.x-release-package-unix") }, 89 | { build(testParams, "scala-2.11.x-release-package-windows") } 90 | ) 91 | 92 | build(testParams, "scala-2.11.x-release-smoketest") 93 | 94 | build(testParams, "scala-2.11.x-release-website-archives") 95 | 96 | build(testParams, "scala-2.11.x-release-website-update-api") 97 | 98 | 99 | 100 | 101 | @midnight 102 | 103 | 104 | 105 | 106 | adriaan@lightbend.com seth.tisue@lightbend.com 107 | false 108 | false 109 | 110 | 111 | true 112 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.11.x-release-package-unix/config.xml: -------------------------------------------------------------------------------- 1 | 2 | Run as part of the scala-2.11.x-release-main flow.<p>Builds and uploads the universal and unix-specific artifacts for a 3 | Scala release.<br> 4 | 5 | Specify a tag that exists on <a href="https://github.com/scala/scala-dist">scala/scala-dist</a>,<br> and that points to a 6 | version of scala-dist that&apos;s available in one of the repositories listed in repositories-scala-release (see 7 | scala/jenkins-scripts), and sit back.<p> 8 | 9 | NOTE: the sbt build derives the version to build from the tag, which must thus be of the shape vNN.NN.NN-suffix for 10 | version NN.NN.NN-suffix<p> 11 | 12 | NOTE2: multiple tags on the same commit will lead to havoc -- you&apos;ll have to create a new commit and tag it (or set 13 | sbtDistVersionOverride to -Dproject.version=$SCALA_VER) 14 | 15 | The downloads will be available at http://downloads.lightbend.com/scala/$ver/scala-$ver* 16 | 17 | 18 | 19 | 20 | 21 | 22 | HTTP 23 | JSON 24 | http://scala-ci.typesafe.com:8888/jenkins 25 | all 26 | 30000 27 | 28 | 29 | 30 | HTTP 31 | JSON 32 | https://scala-ci.typesafe.com/benchq/webhooks/jenkins 33 | all 34 | 30000 35 | 36 | 37 | 38 | 39 | 40 | 41 | repo_user 42 | The github username for the repo to clone. 43 | scala 44 | 45 | 46 | repo_name 47 | The name of the repo to clone. 48 | scala-dist 49 | 50 | 51 | repo_ref 52 | The git ref at ${repo_user}/${repo_name} to build. 53 | 2.11.x 54 | 55 | 56 | 57 | 58 | sbtDistTarget 59 | To upload to S3, use s3-upload. A dry run (everything but uploading to S3): s3Upload::mappings 60 | s3-upload 61 | 62 | 63 | 64 | sbtDistVersionOverride 65 | may be -Dproject.version=.... to override the version of the dist to build (only for testing, you should use tags for real releases!) 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 2 74 | 75 | 76 | ${repo_user} 77 | +refs/heads/*:refs/remotes/${repo_user}/* +refs/pull/*/head:refs/remotes/${repo_user}/pr/*/head 78 | https://github.com/${repo_user}/${repo_name}.git 79 | 80 | 81 | 82 | 83 | ${repo_ref} 84 | 85 | 86 | false 87 | 88 | 89 | 90 | 91 | 92 | 93 | linux && publish 94 | false 95 | true 96 | 97 | 98 | 99 | repo_user = build.buildVariableResolver.resolve("repo_user") 100 | repo_name = build.buildVariableResolver.resolve("repo_name") 101 | repo_ref = build.buildVariableResolver.resolve("repo_ref").take(12) 102 | build.setDisplayName("[${build.number}] $repo_user/$repo_name#$repo_ref") 103 | 104 | 105 | 106 | 107 | 108 | #!/bin/bash -ex 109 | 110 | source scripts/jobs/release/package/unix 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 1440 119 | 120 | 121 | 122 | 123 | xterm 124 | 125 | 126 | false 127 | 0 128 | true 129 | 130 | 131 | 132 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.11.x-release-package-windows/config.xml: -------------------------------------------------------------------------------- 1 | 2 | Run as part of the scala-2.11.x-release-main flow.<p>Builds and uploads the windows-specific artifacts for a Scala 3 | release.<br> 4 | 5 | Specify a tag that exists on <a href="https://github.com/scala/scala-dist">scala/scala-dist</a>,<br> and that points to a 6 | version of scala-dist that&apos;s available in one of the repositories listed in repositories-scala-release (see 7 | scala/jenkins-scripts), and sit back.<p> 8 | 9 | NOTE: the sbt build derives the version to build from the tag, which must thus be of the shape vNN.NN.NN-suffix for 10 | version NN.NN.NN-suffix<p> 11 | 12 | NOTE2: multiple tags on the same commit will lead to havoc -- you&apos;ll have to create a new commit and tag it (or set 13 | sbtDistVersionOverride to -Dproject.version=$SCALA_VER) 14 | 15 | The downloads will be available at http://downloads.lightbend.com/scala/$ver/scala-$ver* 16 | 17 | 18 | 19 | 20 | 21 | 22 | HTTP 23 | JSON 24 | http://scala-ci.typesafe.com:8888/jenkins 25 | all 26 | 30000 27 | 28 | 29 | 30 | HTTP 31 | JSON 32 | https://scala-ci.typesafe.com/benchq/webhooks/jenkins 33 | all 34 | 30000 35 | 36 | 37 | 38 | 39 | 40 | 41 | repo_user 42 | The github username for the repo to clone. 43 | scala 44 | 45 | 46 | repo_name 47 | The name of the repo to clone. 48 | scala-dist 49 | 50 | 51 | repo_ref 52 | The git ref at ${repo_user}/${repo_name} to build. 53 | 2.11.x 54 | 55 | 56 | 57 | 58 | sbtDistTarget 59 | To upload to S3, use s3-upload. A dry run (everything but uploading to S3): s3Upload::mappings 60 | s3-upload 61 | 62 | 63 | 64 | sbtDistVersionOverride 65 | may be -Dproject.version=.... to override the version of the dist to build (only for testing, you should use tags for real releases!) 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 2 74 | 75 | 76 | ${repo_user} 77 | +refs/heads/*:refs/remotes/${repo_user}/* +refs/pull/*/head:refs/remotes/${repo_user}/pr/*/head 78 | https://github.com/${repo_user}/${repo_name}.git 79 | 80 | 81 | 82 | 83 | ${repo_ref} 84 | 85 | 86 | false 87 | 88 | 89 | 90 | 91 | 92 | 93 | windows && publish 94 | false 95 | true 96 | 97 | 98 | 99 | repo_user = build.buildVariableResolver.resolve("repo_user") 100 | repo_name = build.buildVariableResolver.resolve("repo_name") 101 | repo_ref = build.buildVariableResolver.resolve("repo_ref").take(12) 102 | build.setDisplayName("[${build.number}] $repo_user/$repo_name#$repo_ref") 103 | 104 | 105 | 106 | 107 | 108 | #!/bin/bash -ex 109 | 110 | source scripts/jobs/release/package/windows 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 1440 119 | 120 | 121 | 122 | 123 | xterm 124 | 125 | 126 | false 127 | 0 128 | true 129 | 130 | 131 | 132 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.11.x-release-smoketest/config.xml: -------------------------------------------------------------------------------- 1 | 2 | Run as part of the scala-2.11.x-release-main flow. <br/> It runs the program in 3 | https://github.com/scala/scala-dist-smoketest/tree/${repo_ref} to make sure all JARs of the distribution 4 | contain classfiles. <br/> It downloads the archives for a Scala release from 5 | http://downloads.lightbend.com/scala/$version/index.html and makes sure the bundled scripts work. 6 | 7 | 8 | 9 | 10 | 11 | 12 | HTTP 13 | JSON 14 | http://scala-ci.typesafe.com:8888/jenkins 15 | all 16 | 30000 17 | 18 | 19 | 20 | HTTP 21 | JSON 22 | https://scala-ci.typesafe.com/benchq/webhooks/jenkins 23 | all 24 | 30000 25 | 26 | 27 | 28 | 29 | 30 | 31 | repo_user 32 | The github username for the repo to clone. 33 | scala 34 | 35 | 36 | repo_name 37 | The name of the repo to clone. 38 | scala-dist-smoketest 39 | 40 | 41 | repo_ref 42 | The git ref at ${repo_user}/${repo_name} to build. 43 | 2.11.x 44 | 45 | 46 | 47 | 48 | version 49 | The version of scala that we should download the archives for (from http://downloads.lightbend.com/scala/$version/index.html); e.g., 2.10.3-RC2 50 | 51 | 52 | 53 | 54 | sbtDistVersionOverride 55 | Passed to sbt, use instead of version (for experimentation only). 56 | 57 | 58 | 59 | 60 | jvmFlavor 61 | Java flavor to use (oracle/openjdk). 62 | oracle 63 | 64 | 65 | 66 | jvmVersion 67 | Java version to use (6/7/8). 68 | 6 69 | 70 | 71 | 72 | 73 | 74 | 75 | 2 76 | 77 | 78 | ${repo_user} 79 | +refs/heads/*:refs/remotes/${repo_user}/* +refs/pull/*/head:refs/remotes/${repo_user}/pr/*/head 80 | https://github.com/${repo_user}/${repo_name}.git 81 | 82 | 83 | 84 | 85 | ${repo_ref} 86 | 87 | 88 | false 89 | 90 | 91 | 92 | 93 | 94 | 95 | public 96 | false 97 | true 98 | 99 | 100 | 101 | repo_user = build.buildVariableResolver.resolve("repo_user") 102 | repo_name = build.buildVariableResolver.resolve("repo_name") 103 | repo_ref = build.buildVariableResolver.resolve("repo_ref").take(12) 104 | build.setDisplayName("[${build.number}] $repo_user/$repo_name#$repo_ref") 105 | 106 | 107 | 108 | 109 | 110 | #!/bin/bash -ex 111 | if [ -f /usr/local/share/jvm/jvm-select ]; then 112 | source /usr/local/share/jvm/jvm-select 113 | jvmSelect $jvmFlavor $jvmVersion 114 | else 115 | echo "WARNING: jvm-select not present. using system default Java" 116 | fi 117 | 118 | source scripts/jobs/release/smoketest 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 1440 127 | 128 | 129 | 130 | 131 | xterm 132 | 133 | 134 | false 135 | 0 136 | true 137 | 138 | 139 | 140 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.11.x-release-website-archives/config.xml: -------------------------------------------------------------------------------- 1 | 2 | <H1>Run as part of the scala-2.11.x-release-main flow.</H1><p>It downloads the archives for a Scala release 3 | from http://downloads.lightbend.com/scala/$version/index.html and 4 | re-organizes them into the right hierarchy for scala-lang.org/files/archive.</p> 5 | <p>Also expands api docs for library, reflect, compiler and other modules 6 | to http://www.scala-lang.org/api/2.11.x/$module (it expands under api/$version).</p> 7 | <p>When version ends in `(bin|pre)-sha`, the root for the expansion process 8 | is http://www.scala-lang.org/files/archive/nightly/2.11.x/ 9 | instead of http://www.scala-lang.org/files/archive/</p> 10 | 11 | 12 | 13 | 14 | 15 | 16 | HTTP 17 | JSON 18 | http://scala-ci.typesafe.com:8888/jenkins 19 | all 20 | 30000 21 | 22 | 23 | 24 | HTTP 25 | JSON 26 | https://scala-ci.typesafe.com/benchq/webhooks/jenkins 27 | all 28 | 30000 29 | 30 | 31 | 32 | 33 | 34 | 35 | repo_user 36 | The github username for the repo to clone. 37 | scala 38 | 39 | 40 | repo_name 41 | The name of the repo to clone. 42 | scala-dist 43 | 44 | 45 | repo_ref 46 | The git ref at ${repo_user}/${repo_name} to build. 47 | 2.11.x 48 | 49 | 50 | 51 | 52 | version 53 | The version of scala that we should download the archives for (from http://downloads.lightbend.com/scala/$version/index.html); e.g., 2.10.3-RC2 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 2 62 | 63 | 64 | ${repo_user} 65 | +refs/heads/*:refs/remotes/${repo_user}/* +refs/pull/*/head:refs/remotes/${repo_user}/pr/*/head 66 | https://github.com/${repo_user}/${repo_name}.git 67 | 68 | 69 | 70 | 71 | ${repo_ref} 72 | 73 | 74 | false 75 | 76 | 77 | 78 | 79 | 80 | 81 | linux && publish 82 | false 83 | false 84 | 85 | 86 | 87 | repo_user = build.buildVariableResolver.resolve("repo_user") 88 | repo_name = build.buildVariableResolver.resolve("repo_name") 89 | repo_ref = build.buildVariableResolver.resolve("repo_ref").take(12) 90 | build.setDisplayName("[${build.number}] $repo_user/$repo_name#$repo_ref") 91 | 92 | 93 | 94 | 95 | 96 | #!/bin/bash -ex 97 | 98 | source scripts/jobs/release/website/archives 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 1440 107 | 108 | 109 | 110 | 111 | xterm 112 | 113 | 114 | false 115 | 0 116 | true 117 | 118 | 119 | 120 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.11.x-release-website-update-api/config.xml: -------------------------------------------------------------------------------- 1 | 2 | Update scala-lang's api/2.11.x symlink to point to api/$version 3 | 4 | 5 | 6 | 7 | 8 | HTTP 9 | JSON 10 | http://scala-ci.typesafe.com:8888/jenkins 11 | all 12 | 30000 13 | 14 | 15 | 16 | HTTP 17 | JSON 18 | https://scala-ci.typesafe.com/benchq/webhooks/jenkins 19 | all 20 | 30000 21 | 22 | 23 | 24 | 25 | 26 | 27 | repo_user 28 | The github username for the repo to clone. 29 | scala 30 | 31 | 32 | repo_name 33 | The name of the repo to clone. 34 | scala-dist 35 | 36 | 37 | repo_ref 38 | The git ref at ${repo_user}/${repo_name} to build. 39 | 2.11.x 40 | 41 | 42 | 43 | 44 | version 45 | The version to be shown for the current API docs. 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 2 54 | 55 | 56 | ${repo_user} 57 | +refs/heads/*:refs/remotes/${repo_user}/* +refs/pull/*/head:refs/remotes/${repo_user}/pr/*/head 58 | https://github.com/${repo_user}/${repo_name}.git 59 | 60 | 61 | 62 | 63 | ${repo_ref} 64 | 65 | 66 | false 67 | 68 | 69 | 70 | 71 | 72 | 73 | linux && publish 74 | false 75 | false 76 | 77 | 78 | 79 | repo_user = build.buildVariableResolver.resolve("repo_user") 80 | repo_name = build.buildVariableResolver.resolve("repo_name") 81 | repo_ref = build.buildVariableResolver.resolve("repo_ref").take(12) 82 | build.setDisplayName("[${build.number}] $repo_user/$repo_name#$repo_ref") 83 | 84 | 85 | 86 | 87 | 88 | #!/bin/bash -ex 89 | 90 | source scripts/jobs/release/website/update-api 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 1440 99 | 100 | 101 | 102 | 103 | xterm 104 | 105 | 106 | false 107 | 0 108 | true 109 | 110 | 111 | 112 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.11.x-release-website-update-current/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Used when a new major scala release is out, to bump the api/current symlink. 5 | false 6 | 7 | 8 | false 9 | false 10 | 11 | 12 | 13 | 14 | version 15 | 16 | 17 | 18 | 2.12.x 19 | 2.11.x 20 | 2.10.x 21 | 22 | 23 | 24 | 25 | 26 | 27 | 0 28 | 0 29 | 30 | false 31 | project 32 | false 33 | 1 34 | 35 | 36 | 37 | publish 38 | false 39 | false 40 | false 41 | false 42 | 43 | false 44 | 45 | 46 | #!/bin/bash -x 47 | declare -a sshCharaArgs="$sshCharaArgs" 48 | 49 | ssh "${sshCharaArgs[@]}" "cd ~linuxsoft/archives/scala/api/ ; [[ -d $version ]] && ln -sfn $version current ; ls -lha ." 50 | 51 | 52 | 53 | 54 | 55 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.11.x-validate-publish-core/config.xml: -------------------------------------------------------------------------------- 1 | 2 | PR validation: publish core 3 | 4 | 5 | 6 | 7 | 8 | HTTP 9 | JSON 10 | http://scala-ci.typesafe.com:8888/jenkins 11 | all 12 | 30000 13 | 14 | 15 | 16 | HTTP 17 | JSON 18 | https://scala-ci.typesafe.com/benchq/webhooks/jenkins 19 | all 20 | 30000 21 | 22 | 23 | 24 | 25 | 26 | 27 | repo_user 28 | The github username for the repo to clone. 29 | scala 30 | 31 | 32 | repo_name 33 | The name of the repo to clone. 34 | scala 35 | 36 | 37 | repo_ref 38 | The git ref at ${repo_user}/${repo_name} to build. 39 | 2.11.x 40 | 41 | 42 | 43 | 44 | prDryRun 45 | Set to 'yep' to try out the jenkins flow. 46 | 47 | 48 | 49 | 50 | antBuildArgs 51 | Extra arguments for the ant build. For example, `-Dscalac.args="-Xcheckinit"`. 52 | 53 | 54 | 55 | 56 | _scabot_pr 57 | For internal use by Scabot. 58 | 59 | 60 | 61 | 62 | jvmFlavor 63 | Java flavor to use (oracle/openjdk). 64 | oracle 65 | 66 | 67 | 68 | jvmVersion 69 | Java version to use (6/7/8). 70 | 6 71 | 72 | 73 | 74 | 75 | 76 | 77 | 2 78 | 79 | 80 | ${repo_user} 81 | +refs/heads/*:refs/remotes/${repo_user}/* +refs/pull/*/head:refs/remotes/${repo_user}/pr/*/head 82 | https://github.com/${repo_user}/${repo_name}.git 83 | 84 | 85 | 86 | 87 | ${repo_ref} 88 | 89 | 90 | false 91 | 92 | 93 | 94 | 95 | 96 | 97 | public 98 | false 99 | true 100 | 101 | 102 | 103 | repo_user = build.buildVariableResolver.resolve("repo_user") 104 | repo_name = build.buildVariableResolver.resolve("repo_name") 105 | repo_ref = build.buildVariableResolver.resolve("repo_ref").take(6) 106 | _scabot_pr = build.buildVariableResolver.resolve("_scabot_pr") 107 | build.setDisplayName("[${build.number}] $repo_user/$repo_name#$_scabot_pr at $repo_ref") 108 | 109 | 110 | 111 | 112 | 113 | #!/bin/bash -ex 114 | if [ -f /usr/local/share/jvm/jvm-select ]; then 115 | source /usr/local/share/jvm/jvm-select 116 | jvmSelect $jvmFlavor $jvmVersion 117 | else 118 | echo "WARNING: jvm-select not present. using system default Java" 119 | fi 120 | 121 | source scripts/jobs/validate/publish-core 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 42 130 | 131 | 132 | 133 | 134 | xterm 135 | 136 | 137 | false 138 | 0 139 | true 140 | 141 | 142 | 143 | 144 | 145 | jenkins.properties,hs_err_*.log 146 | false 147 | false 148 | false 149 | true 150 | 151 | 152 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.12.0-release-website-archives/config.xml: -------------------------------------------------------------------------------- 1 | 2 | <H1>Run as part of the scala-2.12.0-release-main flow.</H1><p>It downloads the archives for a Scala release 3 | from http://downloads.lightbend.com/scala/$version/index.html and 4 | re-organizes them into the right hierarchy for scala-lang.org/files/archive.</p> 5 | <p>Also expands api docs for library, reflect, compiler and other modules 6 | to http://www.scala-lang.org/api/2.11.x/$module (it expands under api/$version).</p> 7 | <p>When version ends in -nightly, the root for the expansion process 8 | is http://www.scala-lang.org/files/archive/nightly/2.11.x/ 9 | instead of http://www.scala-lang.org/files/archive/</p> 10 | 11 | 12 | 13 | 14 | 15 | HTTP 16 | JSON 17 | http://scala-ci.typesafe.com:8888/jenkins 18 | all 19 | 30000 20 | 21 | 22 | 23 | 24 | 25 | 26 | repo_user 27 | The github username for the repo to clone. 28 | scala 29 | 30 | 31 | repo_name 32 | The name of the repo to clone. 33 | scala-dist 34 | 35 | 36 | repo_ref 37 | The git ref at ${repo_user}/${repo_name} to build. 38 | 2.12.0 39 | 40 | 41 | 42 | 43 | version 44 | The version of scala that we should download the archives for (from http://downloads.lightbend.com/scala/$version/index.html); e.g., 2.10.3-RC2 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 2 53 | 54 | 55 | ${repo_user} 56 | +refs/heads/*:refs/remotes/${repo_user}/* +refs/pull/*/head:refs/remotes/${repo_user}/pr/*/head 57 | https://github.com/${repo_user}/${repo_name}.git 58 | 59 | 60 | 61 | 62 | ${repo_ref} 63 | 64 | 65 | false 66 | 67 | 68 | 69 | 70 | 71 | 72 | linux && publish 73 | false 74 | false 75 | 76 | 77 | 78 | repo_user = build.buildVariableResolver.resolve("repo_user") 79 | repo_name = build.buildVariableResolver.resolve("repo_name") 80 | repo_ref = build.buildVariableResolver.resolve("repo_ref").take(12) 81 | build.setDisplayName("[${build.number}] $repo_user/$repo_name#$repo_ref") 82 | 83 | 84 | 85 | 86 | 87 | #!/bin/bash -ex 88 | 89 | source scripts/jobs/release/website/archives 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 1440 98 | 99 | 100 | 101 | 102 | xterm 103 | 104 | 105 | false 106 | 0 107 | true 108 | 109 | 110 | 111 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.12.x-integrate-ide/config.xml: -------------------------------------------------------------------------------- 1 | 2 | PR integration testing: IDE 3 | 4 | 5 | 6 | 7 | 8 | HTTP 9 | JSON 10 | http://scala-ci.typesafe.com:8888/jenkins 11 | all 12 | 30000 13 | 14 | 15 | 16 | HTTP 17 | JSON 18 | https://scala-ci.typesafe.com/benchq/webhooks/jenkins 19 | all 20 | 30000 21 | 22 | 23 | 24 | 25 | 26 | 27 | repo_user 28 | The github username for the repo to clone. 29 | scala 30 | 31 | 32 | repo_name 33 | The name of the repo to clone. 34 | scala 35 | 36 | 37 | repo_ref 38 | The git ref at ${repo_user}/${repo_name} to build. 39 | 2.12.x 40 | 41 | 42 | 43 | 44 | scalaVersion 45 | Version of Scala to test. Set by main build flow. 46 | 47 | 48 | 49 | 50 | _scabot_pr 51 | For internal use by Scabot. 52 | 53 | 54 | 55 | 56 | _scabot_last 57 | For internal use by Scabot. 58 | 59 | 60 | 61 | 62 | 63 | 2 64 | 0 65 | true 66 | project 67 | 68 | 69 | 70 | 71 | 2 72 | 73 | 74 | ${repo_user} 75 | +refs/heads/*:refs/remotes/${repo_user}/* +refs/pull/*/head:refs/remotes/${repo_user}/pr/*/head 76 | https://github.com/${repo_user}/${repo_name}.git 77 | 78 | 79 | 80 | 81 | ${repo_ref} 82 | 83 | 84 | false 85 | 86 | 87 | 88 | 89 | 90 | 91 | public 92 | false 93 | true 94 | 95 | 96 | 97 | repo_user = build.buildVariableResolver.resolve("repo_user") 98 | repo_name = build.buildVariableResolver.resolve("repo_name") 99 | repo_ref = build.buildVariableResolver.resolve("repo_ref").take(12) 100 | build.setDisplayName("[${build.number}] $repo_user/$repo_name#$repo_ref") 101 | 102 | 103 | 104 | 105 | 106 | #!/bin/bash -ex 107 | 108 | source scripts/jobs/integrate/ide 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 150 117 | 118 | 119 | 120 | 121 | xterm 122 | 123 | 124 | false 125 | 0 126 | true 127 | 128 | 129 | 130 | 131 | 132 | logs/**,**/surefire-reports/* 133 | true 134 | false 135 | false 136 | true 137 | 138 | 139 | pr-scala-integrate-ide@lightbend.com 140 | false 141 | false 142 | 143 | 144 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.12.x-release-website-update-api/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Update scala-lang's api/2.12.x symlink to point to api/$version 5 | false 6 | 7 | 8 | 9 | 10 | HTTP 11 | JSON 12 | 13 | http://scala-ci.typesafe.com:8888/jenkins 14 | PUBLIC 15 | 16 | all 17 | 30000 18 | 19 | 20 | HTTP 21 | JSON 22 | 23 | https://scala-ci.typesafe.com/benchq/webhooks/jenkins 24 | PUBLIC 25 | 26 | all 27 | 30000 28 | 29 | 30 | 31 | 32 | 33 | 34 | repo_user 35 | The github username for the repo to clone. 36 | scala 37 | false 38 | 39 | 40 | repo_name 41 | The name of the repo to clone. 42 | scala-dist 43 | false 44 | 45 | 46 | repo_ref 47 | The git ref at ${repo_user}/${repo_name} to build. 48 | 2.12.x 49 | false 50 | 51 | 52 | version 53 | The version to be shown for the current API docs. 54 | 55 | false 56 | 57 | 58 | 59 | 60 | 61 | 2 62 | 63 | 64 | ${repo_user} 65 | +refs/heads/*:refs/remotes/${repo_user}/* +refs/pull/*/head:refs/remotes/${repo_user}/pr/*/head 66 | https://github.com/${repo_user}/${repo_name}.git 67 | 68 | 69 | 70 | 71 | ${repo_ref} 72 | 73 | 74 | false 75 | 76 | 77 | 78 | 79 | 80 | linux && publish 81 | false 82 | true 83 | false 84 | false 85 | 86 | false 87 | 88 | 89 | 90 | 96 | false 97 | 98 | 99 | 100 | 101 | 102 | #!/bin/bash -ex 103 | 104 | source scripts/jobs/release/website/update-api 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 1440 113 | 114 | 115 | 116 | 117 | xterm 118 | 119 | 120 | false 121 | 0 122 | true 123 | 124 | 125 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.13.x-integrate-ide/config.xml: -------------------------------------------------------------------------------- 1 | 2 | PR integration testing: IDE 3 | 4 | 5 | 6 | 7 | 8 | HTTP 9 | JSON 10 | http://scala-ci.typesafe.com:8888/jenkins 11 | all 12 | 30000 13 | 14 | 15 | 16 | HTTP 17 | JSON 18 | https://scala-ci.typesafe.com/benchq/webhooks/jenkins 19 | all 20 | 30000 21 | 22 | 23 | 24 | 25 | 26 | 27 | repo_user 28 | The github username for the repo to clone. 29 | scala 30 | 31 | 32 | repo_name 33 | The name of the repo to clone. 34 | scala 35 | 36 | 37 | repo_ref 38 | The git ref at ${repo_user}/${repo_name} to build. 39 | 2.13.x 40 | 41 | 42 | 43 | 44 | scalaVersion 45 | Version of Scala to test. Set by main build flow. 46 | 47 | 48 | 49 | 50 | _scabot_pr 51 | For internal use by Scabot. 52 | 53 | 54 | 55 | 56 | _scabot_last 57 | For internal use by Scabot. 58 | 59 | 60 | 61 | 62 | 63 | 2 64 | 0 65 | true 66 | project 67 | 68 | 69 | 70 | 71 | 2 72 | 73 | 74 | ${repo_user} 75 | +refs/heads/*:refs/remotes/${repo_user}/* +refs/pull/*/head:refs/remotes/${repo_user}/pr/*/head 76 | https://github.com/${repo_user}/${repo_name}.git 77 | 78 | 79 | 80 | 81 | ${repo_ref} 82 | 83 | 84 | false 85 | 86 | 87 | 88 | 89 | 90 | 91 | public 92 | false 93 | true 94 | 95 | 96 | 97 | repo_user = build.buildVariableResolver.resolve("repo_user") 98 | repo_name = build.buildVariableResolver.resolve("repo_name") 99 | repo_ref = build.buildVariableResolver.resolve("repo_ref").take(12) 100 | build.setDisplayName("[${build.number}] $repo_user/$repo_name#$repo_ref") 101 | 102 | 103 | 104 | 105 | 106 | #!/bin/bash -ex 107 | 108 | source scripts/jobs/integrate/ide 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 150 117 | 118 | 119 | 120 | 121 | xterm 122 | 123 | 124 | false 125 | 0 126 | true 127 | 128 | 129 | 130 | 131 | 132 | logs/**,**/surefire-reports/* 133 | true 134 | false 135 | false 136 | true 137 | 138 | 139 | pr-scala-integrate-ide@lightbend.com 140 | false 141 | false 142 | 143 | 144 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.13.x-release-main/config.xml: -------------------------------------------------------------------------------- 1 | 2 | TODO: Better description. Build, package and stage a Scala release. 3 | Nightly downloads go to http://www.scala-lang.org/files/archive/nightly/2.13.x/ 4 | Regular ones to http://www.scala-lang.org/files/archive/. 5 | 6 | 7 | 8 | 9 | 10 | HTTP 11 | JSON 12 | http://scala-ci.typesafe.com:8888/jenkins 13 | all 14 | 30000 15 | 16 | 17 | 18 | HTTP 19 | JSON 20 | https://scala-ci.typesafe.com/benchq/webhooks/jenkins 21 | all 22 | 30000 23 | 24 | 25 | 26 | 27 | 28 | 29 | repo_user 30 | The github username for the repo to clone. 31 | scala 32 | 33 | 34 | repo_ref 35 | The git ref at ${repo_user}/${repo_name} to build. 36 | 2.13.x 37 | 38 | 39 | 40 | 41 | SCALA_VER_BASE 42 | When set, a release with version "$SCALA_VER_BASE$SCALA_VER_SUFFIX" will be built. Same effect as for tagging $repo_ref as "v$SCALA_VER_BASE$SCALA_VER_SUFFIX". 43 | 44 | 45 | 46 | 47 | SCALA_VER_SUFFIX 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | true 57 | true 58 | repo_user = build.buildVariableResolver.resolve("repo_user") 59 | repo_name = build.buildVariableResolver.resolve("repo_name") 60 | repo_ref = build.buildVariableResolver.resolve("repo_ref").take(12) 61 | ver = params["SCALA_VER_BASE"] + params["SCALA_VER_SUFFIX"] 62 | build.setDisplayName("[${build.number}] Scala dist ${ver} $repo_user/$repo_name#$repo_ref") 63 | 64 | 65 | if (params.repo_ref) buildParams = params 66 | else buildParams = params + [ "repo_ref" : "v$ver" ] 67 | 68 | buildRun = build(buildParams, "scala-2.13.x-integrate-bootstrap") 69 | 70 | upstreamBuild = buildRun.build 71 | // for testing, to avoid re-running the main build: upstreamBuild = jenkins.model.Jenkins.instance.items.find{it.name == "scala-2.13.x-integrate-bootstrap"}.builds[0] 72 | // defines repo_ref, version, sbtDistVersionOverride 73 | upstreamPropsArtifact = upstreamBuild.artifacts.find{it.name == "jenkins.properties"} 74 | 75 | if (upstreamPropsArtifact == null) { 76 | out.println('Error: bootstrap did not publish "jenkins.properties" artifact, unable to proceed.') 77 | build.state.setResult(Result.FAILURE) 78 | return 79 | } 80 | 81 | buildVersionProps = new java.util.Properties() 82 | buildVersionProps.load(new java.io.FileInputStream(upstreamPropsArtifact.file)) 83 | 84 | testParams = buildParams + buildVersionProps 85 | 86 | parallel ( 87 | { retry(2, { build(testParams, "scala-2.13.x-integrate-community-build") }) }, 88 | { build(testParams, "scala-2.13.x-release-package-unix") }, 89 | { build(testParams, "scala-2.13.x-release-package-windows") } 90 | ) 91 | 92 | build(testParams, "scala-2.13.x-release-smoketest") 93 | 94 | build(testParams, "scala-2.13.x-release-website-archives") 95 | 96 | build(testParams, "scala-2.13.x-release-website-update-api") 97 | 98 | 99 | 100 | 101 | @midnight 102 | 103 | 104 | 105 | 106 | adriaan@lightbend.com seth.tisue@lightbend.com 107 | false 108 | false 109 | 110 | 111 | true 112 | -------------------------------------------------------------------------------- /roles/jenkins/files/jobs/scala-2.13.x-release-website-update-api/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Update scala-lang's api/2.13.x symlink to point to api/$version 5 | false 6 | 7 | 8 | 9 | 10 | HTTP 11 | JSON 12 | 13 | http://scala-ci.typesafe.com:8888/jenkins 14 | PUBLIC 15 | 16 | all 17 | 30000 18 | 19 | 20 | HTTP 21 | JSON 22 | 23 | https://scala-ci.typesafe.com/benchq/webhooks/jenkins 24 | PUBLIC 25 | 26 | all 27 | 30000 28 | 29 | 30 | 31 | 32 | 33 | 34 | repo_user 35 | The github username for the repo to clone. 36 | scala 37 | false 38 | 39 | 40 | repo_name 41 | The name of the repo to clone. 42 | scala-dist 43 | false 44 | 45 | 46 | repo_ref 47 | The git ref at ${repo_user}/${repo_name} to build. 48 | 2.13.x 49 | false 50 | 51 | 52 | version 53 | The version to be shown for the current API docs. 54 | 55 | false 56 | 57 | 58 | 59 | 60 | 61 | 2 62 | 63 | 64 | ${repo_user} 65 | +refs/heads/*:refs/remotes/${repo_user}/* +refs/pull/*/head:refs/remotes/${repo_user}/pr/*/head 66 | https://github.com/${repo_user}/${repo_name}.git 67 | 68 | 69 | 70 | 71 | ${repo_ref} 72 | 73 | 74 | false 75 | 76 | 77 | 78 | 79 | 80 | linux && publish 81 | false 82 | true 83 | false 84 | false 85 | 86 | false 87 | 88 | 89 | 90 | 96 | false 97 | 98 | 99 | 100 | 101 | 102 | #!/bin/bash -ex 103 | 104 | source scripts/jobs/release/website/update-api 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 1440 113 | 114 | 115 | 116 | 117 | xterm 118 | 119 | 120 | false 121 | 0 122 | true 123 | 124 | 125 | -------------------------------------------------------------------------------- /roles/jenkins/files/nodeMonitors.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | false 5 | 6 | 7 | false 8 | 9 | 10 | false 11 | 1GB 12 | 13 | 14 | false 15 | 1GB 16 | 17 | 18 | false 19 | 20 | 21 | true 22 | 23 | -------------------------------------------------------------------------------- /roles/jenkins/files/nodes/jenkins-worker-behemoth-1/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | jenkins-worker-behemoth-1 4 | Worker behemoth-1 5 | /home/jenkins 6 | 3 7 | NORMAL 8 | 9 | 0 10 | 5 11 | 12 | 13 | 172.31.2.3 14 | 22 15 | 954dd564-ce8c-43d1-bcc5-97abffc81c57 16 | /usr/lib/jvm/java-8-openjdk-amd64/bin/java 17 | 10 18 | 60 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 8 31 | ANT_OPTS 32 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Djava.io.tmpdir=/home/jenkins/tmp 33 | integrationRepoUrl 34 | https://scala-ci.typesafe.com/artifactory/scala-integration/ 35 | JAVA_OPTS 36 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Djava.io.tmpdir=/home/jenkins/tmp 37 | MAVEN_OPTS 38 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Djava.io.tmpdir=/home/jenkins/tmp 39 | prRepoUrl 40 | https://scala-ci.typesafe.com/artifactory/scala-pr-validation-snapshots/ 41 | sbtCmd 42 | /usr/local/bin/sbt 43 | sbtLauncher 44 | /usr/local/lib/share/sbt-launch.jar 45 | sshCharaArgs 46 | ("scalatest@chara.epfl.ch" "-i" "/home/jenkins/.ssh/jenkins_lightbend_chara") 47 | 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /roles/jenkins/files/nodes/jenkins-worker-behemoth-2/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | jenkins-worker-behemoth-2 4 | Worker behemoth-2 5 | /home/jenkins 6 | 3 7 | NORMAL 8 | 9 | 0 10 | 5 11 | 12 | 13 | 172.31.2.4 14 | 22 15 | 954dd564-ce8c-43d1-bcc5-97abffc81c57 16 | /usr/lib/jvm/java-8-openjdk-amd64/bin/java 17 | 10 18 | 60 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 8 31 | ANT_OPTS 32 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Djava.io.tmpdir=/home/jenkins/tmp 33 | integrationRepoUrl 34 | https://scala-ci.typesafe.com/artifactory/scala-integration/ 35 | JAVA_OPTS 36 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Djava.io.tmpdir=/home/jenkins/tmp 37 | MAVEN_OPTS 38 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Djava.io.tmpdir=/home/jenkins/tmp 39 | prRepoUrl 40 | https://scala-ci.typesafe.com/artifactory/scala-pr-validation-snapshots/ 41 | sbtCmd 42 | /usr/local/bin/sbt 43 | sbtLauncher 44 | /usr/local/lib/share/sbt-launch.jar 45 | sshCharaArgs 46 | ("scalatest@chara.epfl.ch" "-i" "/home/jenkins/.ssh/jenkins_lightbend_chara") 47 | 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /roles/jenkins/files/nodes/jenkins-worker-behemoth-3/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | jenkins-worker-behemoth-3 4 | Worker behemoth-3 5 | /home/jenkins 6 | 3 7 | NORMAL 8 | 9 | 2 10 | 5 11 | 12 | 13 | 172.31.2.5 14 | 22 15 | 954dd564-ce8c-43d1-bcc5-97abffc81c57 16 | /usr/lib/jvm/java-8-openjdk-amd64/bin/java 17 | 10 18 | 60 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 8 31 | ANT_OPTS 32 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Djava.io.tmpdir=/home/jenkins/tmp 33 | integrationRepoUrl 34 | https://scala-ci.typesafe.com/artifactory/scala-integration/ 35 | JAVA_OPTS 36 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Djava.io.tmpdir=/home/jenkins/tmp 37 | MAVEN_OPTS 38 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Djava.io.tmpdir=/home/jenkins/tmp 39 | prRepoUrl 40 | https://scala-ci.typesafe.com/artifactory/scala-pr-validation-snapshots/ 41 | sbtCmd 42 | /usr/local/bin/sbt 43 | sbtLauncher 44 | /usr/local/lib/share/sbt-launch.jar 45 | sshCharaArgs 46 | ("scalatest@chara.epfl.ch" "-i" "/home/jenkins/.ssh/jenkins_lightbend_chara") 47 | 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /roles/jenkins/files/nodes/jenkins-worker-publish/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | jenkins-worker-publish 4 | Worker for publish jobs 5 | /home/jenkins 6 | 1 7 | EXCLUSIVE 8 | 9 | 0 10 | 5 11 | 12 | 13 | 172.31.2.2 14 | 22 15 | 876bcf12-d295-4791-b5bb-98e1d12be978 16 | /usr/lib/jvm/java-8-openjdk-amd64/bin/java 17 | 10 18 | 60 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 9 31 | ANT_OPTS 32 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Djava.io.tmpdir=/home/jenkins/tmp 33 | integrationRepoUrl 34 | https://scala-ci.typesafe.com/artifactory/scala-integration/ 35 | JAVA_OPTS 36 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Djava.io.tmpdir=/home/jenkins/tmp 37 | MAVEN_OPTS 38 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Djava.io.tmpdir=/home/jenkins/tmp 39 | prRepoUrl 40 | https://scala-ci.typesafe.com/artifactory/scala-pr-validation-snapshots/ 41 | sbtCmd 42 | /usr/local/bin/sbt 43 | sbtLauncher 44 | /usr/local/lib/share/sbt-launch.jar 45 | sshCharaArgs 46 | ("scalatest@chara.epfl.ch" "-i" "/home/jenkins/.ssh/jenkins_lightbend_chara") 47 | 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /roles/jenkins/files/nodes/jenkins-worker-windows-publish/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | jenkins-worker-windows-publish 4 | Worker for publish jobs (windows) 5 | y:\jenkins 6 | 2 7 | EXCLUSIVE 8 | 9 | 0 10 | 5 11 | 12 | 13 | 172.31.0.178 14 | 22 15 | a7cd7b60-4e43-48e5-b4d9-cad515e94e5e 16 | -Duser.home=y:/jenkins -Djava.io.tmpdir=y:/jenkins/tmp -Dhudson.remoting.RemoteClassLoader.force=com.sun.jna.Native 17 | "C:/Program Files/Java/jdk1.8.0_121/bin/java" 18 | 10 19 | 60 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 12 32 | _JAVA_OPTIONS 33 | -Duser.home=y:/jenkins -Djava.io.tmpdir=y:/jenkins/tmp -Dhudson.remoting.RemoteClassLoader.force=com.sun.jna.Native 34 | ANT_OPTS 35 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Duser.home=y:/jenkins -Djava.io.tmpdir=y:/jenkins/tmp -Dhudson.remoting.RemoteClassLoader.force=com.sun.jna.Native 36 | integrationRepoUrl 37 | https://scala-ci.typesafe.com/artifactory/scala-integration/ 38 | JAVA_HOME 39 | C:\Program Files\Java\jdk1.8.0_121 40 | JAVA_OPTS 41 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Duser.home=y:/jenkins -Djava.io.tmpdir=y:/jenkins/tmp -Dhudson.remoting.RemoteClassLoader.force=com.sun.jna.Native 42 | MAVEN_OPTS 43 | -Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4 -Duser.home=y:/jenkins -Djava.io.tmpdir=y:/jenkins/tmp -Dhudson.remoting.RemoteClassLoader.force=com.sun.jna.Native 44 | PATH 45 | /bin:/usr/bin:/cygdrive/c/Program Files/Java/jdk1.8.0_121/bin:/cygdrive/c/Program Files/Git/Cmd:/cygdrive/c/ProgramData/chocolatey/bin 46 | prRepoUrl 47 | https://scala-ci.typesafe.com/artifactory/scala-pr-validation-snapshots/ 48 | sbtLauncher 49 | C:\sbt\sbt-launch.jar 50 | SHELLOPTS 51 | igncr 52 | TMP 53 | y:/jenkins/tmp 54 | WIX 55 | C:\Program Files (x86)\WiX Toolset v3.10 56 | 57 | 58 | 59 | 60 | chef 61 | -------------------------------------------------------------------------------- /roles/jenkins/files/nodes/kalles/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | kalles 4 | Jenkins worker outside of ec2 5 | /home/scala/jenkins 6 | 1 7 | EXCLUSIVE 8 | 9 | 10 | kalles.typesafe.com 11 | 22 12 | e3e28611-abd6-4d1d-b128-76eac1dd892d 13 | 10 14 | 60 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 4 27 | prRepoUrl 28 | https://scala-ci.typesafe.com/artifactory/scala-pr-validation-snapshots/ 29 | releaseTempRepoUrl 30 | https://scala-ci.typesafe.com/artifactory/scala-release-temp/ 31 | sbtCmd 32 | /usr/local/bin/sbt 33 | sbtLauncher 34 | /usr/local/lib/share/sbt-launch.jar 35 | 36 | 37 | 38 | 39 | adriaanm 40 | -------------------------------------------------------------------------------- /roles/jenkins/files/nodes/scalabench/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | scalabench 4 | 5 | /home/jenkins 6 | 1 7 | EXCLUSIVE 8 | 9 | 10 | 12.155.180.58 11 | 22 12 | 954dd564-ce8c-43d1-bcc5-97abffc81c57 13 | 0 14 | 0 15 | 16 | 17 | 18 | 19 | lrytz 20 | -------------------------------------------------------------------------------- /roles/jenkins/files/org.jenkinsci.main.modules.sshd.SSHD.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 8022 4 | -------------------------------------------------------------------------------- /roles/jenkins/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart jenkins 3 | become: true 4 | service: name=jenkins state=restarted enabled=yes 5 | 6 | # https://github.com/systemd/systemd/issues/3568 7 | - name: daemon reload 8 | become: true 9 | shell: systemctl daemon-reload 10 | -------------------------------------------------------------------------------- /roles/jenkins/tasks/bootstrap-cli.yml: -------------------------------------------------------------------------------- 1 | # TODO this latest incarnation has not been tested 2 | 3 | # Included from site.yml when configuring jenkins for the first time using --tags boot_jenkins 4 | # 5 | # It's not run by default because it's time consuming. It could in principle be run all the time, since it is mostly idempotent (in a brutish way). 6 | # The approach is to reset the Jenkins authentication strategy to the built-in one, and make it recognize the admin user with an ssh keypair we control, 7 | # restart jenkins, then use the cli (over ssh with the admin keypair) to install plugins and configure github oauth, restart again 8 | # after which admin is locked out 9 | - name: Delay 20s and wait for Jenkins CLI to come up 10 | wait_for: 11 | port: 8022 12 | host: 'scala-ci.typesafe.com' 13 | search_regex: SSH-2.0-SSHD-CORE 14 | delay: 20 15 | 16 | - name: Accept jenkins cli host key 17 | command: "ssh -oStrictHostKeyChecking=no -p 8022 scala-jenkins@scala-ci.typesafe.com version" 18 | 19 | - name: Jenkins plugins 20 | shell: for plugin in "{{item}}"; do ssh -p 8022 scala-jenkins@scala-ci.typesafe.com install-plugin $plugin; done 21 | with_items: 22 | - https://github.com/lightbend/ec2-start-stop/releases/download/v0.1.1/ec2-start-stop.hpi 23 | - copyartifact 24 | - credentials 25 | - cygpath 26 | - dashboard-view 27 | - git 28 | - github 29 | - github-api 30 | - github-oauth 31 | - greenballs 32 | - job-dsl 33 | - logfilesizechecker 34 | - mailer 35 | - parameterized-trigger 36 | - ssh-slaves 37 | - ansicolor 38 | - build-timeout 39 | - email-ext 40 | - groovy 41 | - notification 42 | - rebuild 43 | - ssh-credentials 44 | - throttle-concurrents 45 | 46 | 47 | - name: Restart jenkins 48 | shell: ssh -p 8022 scala-jenkins@scala-ci.typesafe.com restart 49 | 50 | - name: Delay 20s and wait for Jenkins CLI to come up 51 | wait_for: 52 | port: 8022 53 | host: 'scala-ci.typesafe.com' 54 | search_regex: SSH-2.0-SSHD-CORE 55 | delay: 20 56 | 57 | # this is the last automated step -- after this, the admin user loses admin rights (github oauth takes over) 58 | - name: Configure github oauth 59 | no_log: true 60 | vars: 61 | - admins: 'adriaanm, retronym, lrytz, SethTisue, szeiger, dwijnand, scala-jenkins, scala-bench' # scabot needs access, it uses scala-jenkins 62 | - github_api_client_id: !vault | 63 | $ANSIBLE_VAULT;1.1;AES256 64 | 38303339653331626166366432616435313531373839666561386430363964613461643434646436 65 | 3062346461346630393534393363393966313638373031310a383265336163333565643561303434 66 | 33643432663830376162366630633762363061313761373034653766346533663735363565303961 67 | 6165303930343235650a393264613937393066353564323165666361396231343065646534613839 68 | 37643331383835663137373861633730646135313736376536356136396435303466 69 | 70 | - github_api_client_secret: !vault | 71 | $ANSIBLE_VAULT;1.1;AES256 72 | 66626363333563333336336433383964303762396362356234343531353565323435363036666435 73 | 3866306536646530303332626134353162393765336636620a633232626536316533613334613764 74 | 38366134353266643035373639326164363731366134386361376435626133353764613661393461 75 | 3236666264613132320a306164663638643161313364643632336134663038333664653034613138 76 | 66343062313961613463323766646262356639613138323862623064393532313936626638326632 77 | 3033353764356265633135393431623138313766306333656464 78 | 79 | - script: | 80 | import jenkins.model.Jenkins 81 | import org.jenkinsci.plugins.* 82 | Jenkins.instance.setSecurityRealm(new GithubSecurityRealm('https://github.com/', 'https://api.github.com', '{{github_api_client_id}}', '{{github_api_client_secret}}', 'read:org,user:email')) 83 | Jenkins.instance.setAuthorizationStrategy(new GithubAuthorizationStrategy('{{admins}}', true, true, false, 'scala', true, false, true, true)) 84 | Jenkins.instance.save() 85 | 86 | shell: echo "{{script}}" | ssh -p 8022 scala-jenkins@scala-ci.typesafe.com groovysh 87 | 88 | -------------------------------------------------------------------------------- /roles/jenkins/tasks/bootstrap.yml: -------------------------------------------------------------------------------- 1 | # TODO this latest incarnation has not been tested 2 | 3 | # only for the initial jenkins config 4 | - name: Create scala-jenkins homedir 5 | file: path="{{jenkins_home}}/users/scala-jenkins" state=directory owner="{{jenkins_user}}" mode="0755" recurse="yes" 6 | tags: 7 | - boot_jenkins 8 | 9 | - name: Create initial scala-jenkins user (with a pre-configured ssh key, used in bootstrap-cli.yml) 10 | vars: 11 | - scala_jenkins_passwordHash: !vault | 12 | $ANSIBLE_VAULT;1.1;AES256 13 | 34663166313665373033646131333466303733663132343564626666366266633939656439363331 14 | 3230633536353939663036613762646636306566333638610a663838643938373438383230613031 15 | 61646661373532646634366235343536393063386130646636616539656561616636633731396136 16 | 3861653139393465360a353364316561353339303962373963386330633931623139306165663438 17 | 63376434393064336534663164326633643737383437653263663865303862373633393062343466 18 | 35316233366261316232613966323062313032343036343364323338366136633330386534333037 19 | 363835316562346531303931646461393461 20 | - scala_jenkins_tokenHash: !vault | 21 | $ANSIBLE_VAULT;1.1;AES256 22 | 37393132666634306366616561623634393463343261376164383966386662323839376465323963 23 | 3261643765613438333435316230363864393231326631630a343634613766303339396566666439 24 | 38646133363265343563636566386637303338343063636239316331383266366261343933613164 25 | 6365393037353065340a323563333765646465356634666432396462653239306230643739386361 26 | 32316639633030303836303262346639386662646137326563333462666363613633653661663064 27 | 34343239663739366539306664366135613863666535343730366639646265666363373362356332 28 | 66663036653235323966643966636162383562646562303264366636653232396332316531636437 29 | 66656631366566623463623137663033313934316239313362363833616639616362353432333961 30 | 38373565643932356466643437633039613438393232633636363565376334613538 31 | - scala_jenkins_authorizedKeys: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwdG1o+zxa/aLyIbLBjmcapdVqcxFfi4kWR43c7Uhx+v1J1Il09jwLiD6ABJHwiEWitG1L1RIscUQr89tYzpWyYNgqNAuNoCnm67q95r5nStB6iAqbAdXGpVDk2NbChX4Lul48zK9jJppMFiTCZw8/mReVP1K0ptqPMoUcNzq51Js/zIvew/PdaRJ4LB/uo6x7UDiG88oLPDVXODOSTpwIIDOZHsFM4+0viq3nJ3UUXkvQ2KaL7N86f30ZDNblKzu4JxmS009XO6o5rDOylT9T5q0bgo8I6a1qXvobZtqGrlKC3h3WlP702ImsV7jAyZBkjV4rFPMLt6MprzepV4yn adriaan.moors@typesafe.com' 32 | template: 33 | src: scala-jenkins-config.xml 34 | dest: "{{jenkins_home}}/users/scala-jenkins/config.xml" 35 | tags: 36 | - boot_jenkins 37 | 38 | - name: Copy main jenkins config (it enables full admin access for all authenticated users) 39 | copy: 40 | src: config-bootstrap.xml 41 | dest: "{{jenkins_home}}/config.xml" 42 | tags: 43 | - boot_jenkins 44 | 45 | - name: Chown everything in jenkins homedir (existing volume has unknown uid, rsync seems to mess up user id too) 46 | file: path={{jenkins_home}} state=directory recurse=yes owner={{jenkins_user}} group={{jenkins_user}} 47 | tags: 48 | - boot_jenkins 49 | 50 | - name: Restart jenkins (so that we can log in as scala-jenkins via cli over ssh) 51 | service: 52 | name: jenkins 53 | state: restarted 54 | tags: 55 | - boot_jenkins 56 | -------------------------------------------------------------------------------- /roles/jenkins/tasks/config-bootstrap.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | OldData 5 | 6 | 2.105 7 | 8 | true 9 | RUNNING 10 | 11 | 2 12 | NORMAL 13 | true 14 | 15 | true 16 | 17 | 18 | true 19 | false 20 | 21 | false 22 | 23 | ${JENKINS_HOME}/workspace/${ITEM_FULL_NAME} 24 | ${ITEM_ROOTDIR}/builds 25 | 26 | 27 | 28 | 29 | 30 | 5 31 | 0 32 | 33 | 34 | 35 | all 36 | false 37 | false 38 | 39 | 40 | 41 | 42 | scala-2.11.x 43 | false 44 | false 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | scala-2.11.x-.* 60 | false 61 | 62 | 63 | 64 | scala-2.12.x 65 | false 66 | false 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | scala-2.12.x-.* 82 | false 83 | 84 | 85 | 86 | scala-2.13.x 87 | false 88 | false 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | scala-2.13.x-.* 104 | false 105 | 106 | 107 | 108 | scala-bench 109 | false 110 | false 111 | 112 | 113 | 114 | bootstrap-benchmark 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | .*-benchmark 127 | false 128 | 129 | 130 | scala-2.13.x 131 | -1 132 | 133 | JNLP-connect 134 | JNLP2-connect 135 | JNLP4-connect 136 | 137 | 138 | 139 | false 140 | 141 | 142 | 143 | -------------------------------------------------------------------------------- /roles/jenkins/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create jenkins homedir 3 | file: path={{jenkins_home}} state=directory mode="0755" 4 | 5 | - name: Mount jenkins home 6 | mount: 7 | src: "{{ec2_vol_jenkins.device_name}}" 8 | path: "{{jenkins_home}}" 9 | fstype: ext4 10 | opts: noatime 11 | state: mounted 12 | notify: daemon reload 13 | tags: 14 | - ec2 15 | 16 | - name: Create user 17 | user: name={{jenkins_user}} home={{jenkins_home}} 18 | 19 | - name: Chmod jenkins homedir 20 | file: path={{jenkins_home}} state=directory mode="0755" 21 | 22 | - name: Add the jenkins gpg key 23 | apt_key: 24 | url: "https://pkg.jenkins.io/debian/jenkins.io.key" 25 | state: present 26 | 27 | - name: Add apt repo for jenkins 28 | apt_repository: 29 | repo: "deb https://pkg.jenkins.io/debian binary/" 30 | state: present 31 | 32 | - name: Create jenkins dirs 33 | file: path={{item}} state=directory owner="{{jenkins_user}}" mode="0755" 34 | with_items: 35 | - "{{jenkins_home}}/.ssh" 36 | 37 | - name: Worker ssh key pairs 38 | become_user: "{{jenkins_user}}" 39 | become: yes 40 | shell: ssh-keygen -q -t rsa -b 4096 -f "{{jenkins_home}}/.ssh/{{item}}" -N '' -C "{{item}} adriaan+jenkins@lightbend.com" 41 | args: 42 | creates: "{{jenkins_home}}/.ssh/{{item}}" 43 | with_items: 44 | - id_worker 45 | - id_worker_publisher 46 | - id_worker_kalles # TODO: copy manually to host's authorized_keys 47 | - id_worker_windows # TODO: copy manually to host's authorized_keys 48 | 49 | - name: Install jenkins 50 | apt: 51 | name: jenkins 52 | state: present 53 | update_cache: yes 54 | 55 | # TODO: enable, but currently commented out to make sure we don't override jenkins config (it's not tracked automatically) 56 | # After making changes on jenkins, make sure to incorporate them back into this repo 57 | # using `rsync -av --existing jenkins@scala-ci.typesafe.com:~/ roles/jenkins/files`, 58 | # or they will be overwritten by this step from the files in roles/jenkins/files. 59 | # - name: Copy jenkins config 60 | # become_user: "{{jenkins_user}}" 61 | # become: yes 62 | # synchronize: 63 | # src: ../files/ 64 | # dest: "{{jenkins_home}}" 65 | # checksum: true 66 | # rsync_opts: 67 | # - "--chown={{jenkins_user}}:{{jenkins_user}}" # requires recent rsync! 68 | # notify: restart jenkins 69 | -------------------------------------------------------------------------------- /roles/jenkins/tasks/scala-jenkins-config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Bot 4 | Either scala/scabot or scala/compiler-benchq 5 | 6 | 7 | {{scala_jenkins_tokenHash}} 8 | 9 | 10 | #jbcrypt:$2a$10${{scala_jenkins_passwordHash}} 11 | 12 | 13 | {{scala_jenkins_authorizedKeys}} 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /roles/jenkins/vars/main.yml: -------------------------------------------------------------------------------- 1 | # FYI: the password for scala-jenkins (used for initial setup, and CI / benchmarking bots) 2 | scala_jenkins_password: !vault | 3 | $ANSIBLE_VAULT;1.1;AES256 4 | 63396361656364303435363531343735383132333464303936313665373033343236373239393866 5 | 6336313662333130336661643631663331656330613730390a343863303738663364313862313638 6 | 62373461386433336264386365333761386433373139613262333030653335303461623038656639 7 | 3561663862626265380a623864323934636537373536376134306539383132666139643934623336 8 | 65363261393739313432326435343038326464366566353739653334653764633064 9 | -------------------------------------------------------------------------------- /roles/nginx/files/dhparam.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBAIT9Rv1jZ+PJl8R4iAEFbcfa8xCANtpJIi3yQzTlPeDh09LdCi1nAzZq 3 | JYXDsYXubmlx3h2RBJax7x8ibXUgk8YOAuBKDgt7KWfgMHtTMXSTCMfzIISqV4K4 4 | yt8CdMKRNZWR0b43BsXzCl2e5fBCgn3gJW4LW410LrPw+NLjDyILAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /roles/nginx/files/nginx.conf: -------------------------------------------------------------------------------- 1 | # For more information on configuration, see: 2 | # * Official English Documentation: http://nginx.org/en/docs/ 3 | # * Official Russian Documentation: http://nginx.org/ru/docs/ 4 | 5 | user nginx; 6 | worker_processes 1; 7 | 8 | error_log /var/log/nginx/error.log; 9 | #error_log /var/log/nginx/error.log notice; 10 | #error_log /var/log/nginx/error.log info; 11 | 12 | pid /var/run/nginx.pid; 13 | 14 | 15 | events { 16 | worker_connections 1024; 17 | } 18 | 19 | 20 | http { 21 | include /etc/nginx/mime.types; 22 | default_type application/octet-stream; 23 | 24 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 25 | '$status $body_bytes_sent "$http_referer" ' 26 | '"$http_user_agent" "$http_x_forwarded_for"'; 27 | 28 | # TODO: keep access log for 90 days 29 | access_log /var/log/nginx/access.log main; 30 | 31 | sendfile on; 32 | #tcp_nopush on; 33 | 34 | #keepalive_timeout 0; 35 | keepalive_timeout 65; 36 | 37 | #gzip on; 38 | 39 | # Load modular configuration files from the /etc/nginx/conf.d directory. 40 | # See http://nginx.org/en/docs/ngx_core_module.html#include 41 | # for more information. 42 | include /etc/nginx/conf.d/*.conf; 43 | 44 | index index.html index.htm; 45 | 46 | # server { 47 | # listen 80; 48 | # server_name localhost; 49 | # root /usr/share/nginx/html; 50 | # 51 | # #charset koi8-r; 52 | # 53 | # #access_log /var/log/nginx/host.access.log main; 54 | # 55 | # location / { 56 | # } 57 | # 58 | # # redirect server error pages to the static page /40x.html 59 | # # 60 | # error_page 404 /404.html; 61 | # location = /40x.html { 62 | # } 63 | # 64 | # # redirect server error pages to the static page /50x.html 65 | # # 66 | # error_page 500 502 503 504 /50x.html; 67 | # location = /50x.html { 68 | # } 69 | # 70 | # # proxy the PHP scripts to Apache listening on 127.0.0.1:80 71 | # # 72 | # #location ~ \.php$ { 73 | # # proxy_pass http://127.0.0.1; 74 | # #} 75 | # 76 | # # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 77 | # # 78 | # #location ~ \.php$ { 79 | # # root html; 80 | # # fastcgi_pass 127.0.0.1:9000; 81 | # # fastcgi_index index.php; 82 | # # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 83 | # # include fastcgi_params; 84 | # #} 85 | # 86 | # # deny access to .htaccess files, if Apache's document root 87 | # # concurs with nginx's one 88 | # # 89 | # #location ~ /\.ht { 90 | # # deny all; 91 | # #} 92 | # } 93 | 94 | 95 | # another virtual host using mix of IP-, name-, and port-based configuration 96 | # 97 | #server { 98 | # listen 8000; 99 | # listen somename:8080; 100 | # server_name somename alias another.alias; 101 | # root html; 102 | 103 | # location / { 104 | # } 105 | #} 106 | 107 | 108 | # HTTPS server 109 | # 110 | #server { 111 | # listen 443; 112 | # server_name localhost; 113 | # root html; 114 | 115 | # ssl on; 116 | # ssl_certificate cert.pem; 117 | # ssl_certificate_key cert.key; 118 | 119 | # ssl_session_timeout 5m; 120 | 121 | # ssl_protocols SSLv2 SSLv3 TLSv1; 122 | # ssl_ciphers HIGH:!aNULL:!MD5; 123 | # ssl_prefer_server_ciphers on; 124 | 125 | # location / { 126 | # } 127 | #} 128 | } 129 | 130 | -------------------------------------------------------------------------------- /roles/nginx/files/scala-ci.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFYzCCBEugAwIBAgIQUoDxkF/Dbu8RElO+9L8iaTANBgkqhkiG9w0BAQsFADCB 3 | kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G 4 | A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV 5 | BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD 6 | QTAeFw0xNTEyMDEwMDAwMDBaFw0xOTAxMTIyMzU5NTlaMFkxITAfBgNVBAsTGERv 7 | bWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxHjAc 8 | BgNVBAMTFXNjYWxhLWNpLnR5cGVzYWZlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD 9 | ggEPADCCAQoCggEBANAVBP7XdQjYpXy1AzdPu/VnnDdwqiEWD/1Zcqyyw57C5RA6 10 | au5Leb0lHyDrC/NPWvYK3VemA64gca4mgpGfGFuxO3J5iHMfgayVoaq3VQ9XzBAe 11 | QA4zQ/63ojPM7cNOrS93yKRzyR3RpJz5W4ygjhJ9VIiVclmZLTb8m67NEffDewTI 12 | h2UDKlfQ6S2FaOiWE1pcNrnAPkPy6Mb1sfHvOTw7J/CV0rO2+sDihJAfw+WZh1am 13 | 7f7abLXDkNBnK2m+cMd7mvfmhugb02SBkwFbBevwW1y7w26e8mm0E0qj9lmi6Dsv 14 | LAfstNjKx0T4l+31FPAu5jHdjN561nsgHJTYIzMCAwEAAaOCAe0wggHpMB8GA1Ud 15 | IwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBTbvuh6REfV1Kkg 16 | zX7wJUSa7jqPrjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE 17 | FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQIC 18 | BzArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAI 19 | BgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5j 20 | b20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCB 21 | hQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2Nh 22 | LmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0 23 | MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wOwYDVR0RBDQw 24 | MoIVc2NhbGEtY2kudHlwZXNhZmUuY29tghl3d3cuc2NhbGEtY2kudHlwZXNhZmUu 25 | Y29tMA0GCSqGSIb3DQEBCwUAA4IBAQBaGjFq1o9chc7tBr+extNTcQZ2YX7zKciy 26 | Fcj7oRqQERtbhJjBW5fwMY9Bxu2qy9bdBxWYhkA8j5fdi2/N+CvI2vvyRZamDsu8 27 | 4xhnT6TvDzX98BM4g+g66ms+S0jNIpInR0mTI6NrynivF5qZC6XM27lMMjLJgJNv 28 | FttYgSocUWrOUJNPfD5cEM415+r9YKHaDiyZ7oEEgtI9gHOyBTs92iqor7UUpr4b 29 | GQYOV+3rx62QGguELcIsDDMZj+sIUn4pJ2zlulxsmVvFoLYrzHxK9rG+H0YX3ECt 30 | Nzm39aMnjieyvxo10GjyCfFt+nQK1z9sBYkuzim7iw/zoT+b+BY0 31 | -----END CERTIFICATE----- 32 | -----BEGIN CERTIFICATE----- 33 | MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB 34 | hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G 35 | A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV 36 | BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy 37 | MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT 38 | EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR 39 | Q09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZh 40 | bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP 41 | ADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28Sh 42 | bXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0 43 | Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6 44 | ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51 45 | UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0n 46 | c13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQY 47 | MBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz 48 | 30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV 49 | HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgG 50 | BmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv 51 | bS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB 52 | AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E 53 | T1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v 54 | ZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2p 55 | mj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/ 56 | e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBps 57 | P0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMY 58 | dVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc 59 | 2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxG 60 | V/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4 61 | HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQX 62 | j4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII 63 | 0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5Ap 64 | lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf 65 | +AZxAeKCINT+b72x 66 | -----END CERTIFICATE----- 67 | -----BEGIN CERTIFICATE----- 68 | MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv 69 | MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk 70 | ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF 71 | eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow 72 | gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO 73 | BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD 74 | VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq 75 | hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw 76 | AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6 77 | 2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr 78 | ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt 79 | 4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq 80 | m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/ 81 | vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT 82 | 8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE 83 | IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO 84 | KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO 85 | GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/ 86 | s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g 87 | JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD 88 | AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9 89 | MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy 90 | bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6 91 | Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ 92 | zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj 93 | Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY 94 | Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5 95 | B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx 96 | PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR 97 | pu/xO28QOG8= 98 | -----END CERTIFICATE----- 99 | -------------------------------------------------------------------------------- /roles/nginx/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart nginx 3 | become: true # address error "interactive authentication required" 4 | service: name=nginx state=restarted enabled=yes -------------------------------------------------------------------------------- /roles/nginx/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install nginx 3 | apt: name=nginx state=present 4 | 5 | - name: Create user 6 | user: name=nginx 7 | 8 | # paths are resolved using https://github.com/ansible/ansible/issues/14341#issuecomment-234559431 9 | - name: Copy ssl (public) 10 | copy: src=scala-ci.crt dest=/etc/nginx/ssl/ owner=root 11 | 12 | - name: Copy ssl (public) 13 | copy: src=dhparam.pem dest=/etc/nginx/ssl/ owner=root 14 | 15 | - name: Copy secret key 16 | no_log: true 17 | copy: src=scala-ci.key.enc dest=/etc/nginx/ssl/scala-ci.key owner=root mode=0600 18 | 19 | - name: Create jenkins nginx configuration 20 | template: src=nginx-jenkins.conf dest=/etc/nginx/conf.d/jenkins.conf 21 | notify: restart nginx 22 | 23 | - name: Copy core nginx configuration 24 | copy: src=nginx.conf dest=/etc/nginx/ 25 | notify: restart nginx # defined in ../handlers 26 | -------------------------------------------------------------------------------- /roles/scabot/files/post-receive: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | if [ "$GIT_DIR" = "." ]; then 5 | # The script has been called as a hook; chdir to the working copy 6 | cd .. 7 | unset GIT_DIR 8 | fi 9 | 10 | # try to obtain the usual system PATH 11 | if [ -f /etc/profile ]; then 12 | PATH=$(source /etc/profile; echo $PATH) 13 | export PATH 14 | fi 15 | 16 | # get the current branch 17 | head="$(git symbolic-ref HEAD)" 18 | 19 | # read the STDIN to detect if this push changed the current branch 20 | while read oldrev newrev refname 21 | do 22 | [ "$refname" = "$head" ] && break 23 | done 24 | 25 | # abort if there's no update, or in case the branch is deleted 26 | if [ -z "${newrev//0}" ]; then 27 | exit 28 | fi 29 | 30 | # check out the latest code into the working copy 31 | umask 002 32 | git reset --hard 33 | 34 | logfile=log/deploy.log 35 | restart=tmp/restart.txt 36 | 37 | if [ -z "${oldrev//0}" ]; then 38 | # this is the first push; this branch was just created 39 | mkdir -p log tmp 40 | chmod 0775 log tmp 41 | touch $logfile $restart 42 | chmod 0664 $logfile $restart 43 | 44 | # init submodules 45 | git submodule update --recursive --init 2>&1 | tee -a $logfile 46 | 47 | # execute the one-time setup hook 48 | [ -x deploy/setup ] && deploy/setup $oldrev $newrev 2>&1 | tee -a $logfile 49 | else 50 | # log timestamp 51 | echo ==== $(date) ==== >> $logfile 52 | 53 | # execute the main deploy hook 54 | [ -x deploy/after_push ] && deploy/after_push $oldrev $newrev 2>&1 | tee -a $logfile 55 | fi 56 | 57 | -------------------------------------------------------------------------------- /roles/scabot/files/scabot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Scabot 3 | 4 | [Service] 5 | User=scabot 6 | WorkingDirectory=/home/scabot 7 | ExecStart=/home/scabot/run 8 | SuccessExitStatus=143 9 | TimeoutStopSec=10 10 | Restart=on-failure 11 | RestartSec=5 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /roles/scabot/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /roles/scabot/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create scabot user 3 | user: name="{{scabot_user}}" 4 | 5 | - name: Create scabot dirs 6 | file: path={{item}} state=directory owner="{{scabot_user}}" mode="0755" 7 | with_items: 8 | - "{{scabot_home}}/scabot" 9 | - "{{scabot_home}}/logs" 10 | - "{{scabot_home}}/.ssh" 11 | 12 | # push to deploy with remote scabot@scabot:/home/scabot/scabot 13 | - name: Give core team access to push to scabot 14 | authorized_key: user="{{scabot_user}}" state="present" key="https://github.com/{{item}}.keys" 15 | with_items: 16 | - adriaanm 17 | - lrytz 18 | - SethTisue 19 | - retronym 20 | - szeiger 21 | - scala-jenkins # this is how we push from travis ci 22 | 23 | - name: Register scabot service with systemd 24 | copy: src=scabot.service dest=/etc/systemd/system 25 | 26 | - name: Configure scabot 27 | template: src=scabot.conf dest="{{scabot_home}}" owner="{{scabot_user}}" 28 | 29 | - name: Configure scabot (prod) 30 | template: src=production.conf dest="{{scabot_home}}" owner="{{scabot_user}}" 31 | 32 | - name: Create scabot runner 33 | template: src=run dest="{{scabot_home}}" owner="{{scabot_user}}" owner="{{scabot_user}}" mode="0755" 34 | 35 | - name: Install ruby (for post-receive hook) 36 | apt: 37 | name: ruby 38 | state: present 39 | 40 | - name: Checkout scabot repo 41 | become_user: "{{scabot_user}}" 42 | become: yes 43 | git: 44 | repo: 'https://github.com/scala/scabot.git' 45 | dest: "{{scabot_home}}/scabot" 46 | 47 | - name: Git config denyCurrentBranch 48 | become_user: "{{scabot_user}}" 49 | command: "git config receive.denyCurrentBranch ignore" 50 | args: 51 | chdir: "{{scabot_home}}/scabot/" 52 | 53 | - name: Setup post-receive hoook 54 | copy: src=post-receive dest="{{scabot_home}}/scabot/.git/hooks/" owner="{{scabot_user}}" mode="0755" 55 | 56 | - name: Build scabot 57 | become_user: "{{scabot_user}}" 58 | command: "scripts/stage" 59 | args: 60 | chdir: "{{scabot_home}}/scabot/" 61 | 62 | - name: Run scabot, run! 63 | systemd: state=started name=scabot -------------------------------------------------------------------------------- /roles/scabot/templates/production.conf: -------------------------------------------------------------------------------- 1 | play.crypto.secret="{{play_crypto_secret}}" 2 | 3 | play.http.parser.maxMemoryBuffer = 512k 4 | 5 | #pidfile.path="/home/scabot/scabot.pid" 6 | #akka.loglevel="DEBUG" -------------------------------------------------------------------------------- /roles/scabot/templates/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | java -Dplay.http.parser.maxMemoryBuffer=655360 -Dhttp.port={{scabot_port}} -Dlogger.resource=prod-logger.xml -Dconfig.file=/home/scabot/production.conf -Dscabot.config.file=/home/scabot/scabot.conf -Dpidfile.path=/dev/null -jar /home/scabot/scabot/gui/target/scala-2.11/scabot.jar 4 | 5 | # -Dplay.http.parser.maxMemoryBuffer=655360 6 | # -Dlogback.debug=true 7 | # -Dlogger.file=/home/scabot/scabot-debug-logger.xml -------------------------------------------------------------------------------- /roles/scabot/templates/scabot.conf: -------------------------------------------------------------------------------- 1 | scala: { 2 | jenkins: { 3 | jobSuffix: "validate-main" 4 | host: "{{server_name}}" 5 | user: "{{scabot_jenkins_user}}" 6 | token: "{{scala_jenkins_token}}" 7 | } 8 | github: { 9 | user: "scala" 10 | repo: "scala" 11 | branches: ["2.11.x", "2.12.x", "2.13.x"] 12 | lastCommitOnly: false 13 | checkCLA: true 14 | host: "api.github.com" 15 | token: "{{github_scala_token}}" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /roles/scabot/vars/main.yml: -------------------------------------------------------------------------------- 1 | scabot_jenkins_user: "scala-jenkins" 2 | 3 | scabot_home: "/home/scabot/" 4 | scabot_user: "scabot" 5 | 6 | 7 | # ansible-vault encrypt_string $(knife vault show -Fjson master scabot | jq -r -e .play.cryptoSecret) | pbcopy 8 | play_crypto_secret: !vault | 9 | $ANSIBLE_VAULT;1.1;AES256 10 | 62333633353535636661623034303139386430626334353534636136343335633066613464386430 11 | 3630303230343565616466393537383062363031366435660a623661393962396630396335363339 12 | 32653331646665373432316434653762626236646537313333646366363766653861613138656564 13 | 3561633462343839330a653433343134336633656336623834303738373037613066373963393139 14 | 62366361366438323239373033376339343864626334316539313666653232333833623930663863 15 | 34323832313261623631633763343266666366636133316331363163396466626234643637323930 16 | 34643761633965643437336564366536626261613331363637363662323639313232373064653733 17 | 66383639313965323861 18 | 19 | # ansible-vault encrypt_string $(knife vault show -Fjson master scabot | jq -r -e .github.scala.token) | pbcopy 20 | github_scala_token: !vault | 21 | $ANSIBLE_VAULT;1.1;AES256 22 | 33386563653638323962306535633965316463393331383939346138313039636564306430353438 23 | 3132656666626361366132356138373030613836316137300a343635386435333566326439396462 24 | 62383039306635366436393539326432323364613064303930336638343064616439386330343835 25 | 3331663262393636620a323662323938383166303665393462306661306165336333663137376561 26 | 30356466393636306165316538313033326363623564353737306133643464666234323832326439 27 | 3335363530666130353961376663363262386363356465306661 28 | 29 | # On first jenkins bootstrap, we create the scala-jenkins user and manually generate its jenkins api token. 30 | # (We own the eponymous github user, so when we enable github oauth all is well.) 31 | # (Jenkins requires you to log in as the user itself to see the token -- didn't automate this part.) 32 | # That results in a hashed token in the config file users/scala-jenkins/config.xml. 33 | # This var has the plaintext version of {{scala_jenkins_tokenHash}} 34 | scala_jenkins_token: !vault | 35 | $ANSIBLE_VAULT;1.1;AES256 36 | 39303037353132326335353536346535396337616362353836373465653364313934373231323063 37 | 3762653439343133316463303464633535303832623861650a636464306232393037626662363264 38 | 32643263316231356530623863363138643833303965613564303133633963303463303761386633 39 | 6638633365393965360a613537633763643332313034663832653638346439643261366438363337 40 | 32386564626638373933366530623565396539366332643438316565626363623836376464386133 41 | 6461303130626533303565653261343765396662663636613238 42 | -------------------------------------------------------------------------------- /roles/worker/files/gpg.sbt: -------------------------------------------------------------------------------- 1 | addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.1") 2 | 3 | -------------------------------------------------------------------------------- /roles/worker/files/jenkins_lightbend_chara.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCykXGAfsbuSAEi+Eu1+VILWOljFoLAKS55PP5cq5gAaZn9ew4mZHLyZ2g4kOS2n4CTul6vy70MMf9aD2KcQAI4RyipzjuYhIVcksswO7af8UD2eVwT+NDfE4MncEh+fRCxH3lLB7s+qJElEy14cOJfl73IjlEyWcpX3uMTDqfNDv0sqnaAT/ZOxIShDLF8DxXFJ3EARkPlcGumFVB61lyMeag0dB6B3ObsT8T4DpgF7H8c+uz3tTtl5heAkD24hHRrlCBdqAqkfeXWywENB+yL/jUlzLEkXbpt4N99jEffEDfhp1K2gY3gW6dH9OGQzXjqZLDNaBUTxcsh6CfnuC80uAOpe+NukPxE/newucrJKrSofpZx0qcFA8nQOfjnvkL6Ao9T42QkXmkY01ER2qEhAs/JbtrpovSAh8hwpZGX4eAogn97lm38ZpyR1ueDbOatXoV/cY9OBEFMKXJYOBpV242cznNnmm26m/cy7KAA3aQXxnQxfaY+3MsS9a8suAbfzlgdGLegF3rueqAKdo05r+Ft4AxGostym1vVeYDh/SdbUNf65938+32uSJ3kqHxmw6m4ROk5JLDfRz9a1cUmB3NyXI+59l5p4X07sEs0h6yK3I/YzBwjm6Dqo9H4nCf7j3JUZ6El0H9nDT/vsiWVPLhsLJHjz7kMkxnBp+7XBQ== adriaan+jenkins@lightbend.com 2 | -------------------------------------------------------------------------------- /roles/worker/files/jvm-select: -------------------------------------------------------------------------------- 1 | function jvmSelect(){ 2 | jvmFlavor="$1" 3 | jvmMajorVersion="$2" # currently supporting 6/7/8 on (YUM/debian)-y distros 4 | 5 | jvmRoot="/usr/lib/jvm/" 6 | 7 | # all javac binaries installed on this machine, pruned to be in directory with expected version/flavor 8 | eligibleCmds=$(find -L $jvmRoot -name "javac" -type f -path "*$jvmMajorVersion*$jvmFlavor*" 2> /dev/null) 9 | 10 | unset jdkHome 11 | 12 | # find first jdk home, where home is one dir up from where javac is 13 | for javacCmd in $eligibleCmds; do 14 | if [ ! -d "$jdkHome" ] && ($javacCmd -version 2>&1 | egrep "javac ($jvmMajorVersion|1\.$jvmMajorVersion)\b" &> /dev/null); then 15 | jdkHome=$(cd $(dirname $javacCmd)/.. && pwd) 16 | fi 17 | done 18 | 19 | if [ -d "$jdkHome" ]; then 20 | echo "Java home: $jdkHome" 21 | else 22 | echo "Failed to locate $jvmFlavor Java $jvmMajorVersion in $jvmRoot, containing:" 23 | find $jvmRoot -name "java" 24 | exit 1 25 | fi 26 | 27 | export JAVA_HOME="$jdkHome" 28 | export PATH="$JAVA_HOME/bin:$PATH" 29 | } 30 | -------------------------------------------------------------------------------- /roles/worker/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # https://github.com/systemd/systemd/issues/3568 3 | - name: daemon reload 4 | become: true 5 | shell: systemctl daemon-reload 6 | -------------------------------------------------------------------------------- /roles/worker/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create jenkins user 3 | user: name="{{jenkins_user}}" home="{{jenkins_home}}" 4 | 5 | - name: Ensure fs for jenkins home 6 | filesystem: 7 | fstype: ext4 8 | dev: "{{ec2_vol_worker.device_name}}" 9 | 10 | - name: Mount jenkins worker home 11 | mount: 12 | src: "{{ec2_vol_worker.device_name}}" 13 | path: "{{jenkins_home}}" 14 | fstype: ext4 15 | opts: noatime 16 | state: mounted 17 | notify: daemon reload 18 | tags: 19 | - ec2 20 | 21 | - name: Check if swap dev exists 22 | stat: 23 | path: "{{ec2_vol_worker_swap.device_name}}" 24 | tags: 25 | - ec2 26 | register: swap_dev 27 | 28 | - name: Check filesystem on swap dev 29 | shell: "blkid -s TYPE -o value {{ec2_vol_worker_swap.device_name}}" 30 | when: swap_dev.stat.exists 31 | ignore_errors: true 32 | tags: 33 | - ec2 34 | register: swapblk 35 | 36 | - name: Make swap (if no FS found) 37 | shell: "mkswap {{ec2_vol_worker_swap.device_name}}" 38 | tags: 39 | - ec2 40 | when: swap_dev.stat.exists and swapblk.rc == 2 41 | 42 | - name: Ensure swap is in fstab 43 | mount: 44 | src: "{{ec2_vol_worker_swap.device_name}}" 45 | name: swap 46 | fstype: swap 47 | state: present 48 | tags: 49 | - ec2 50 | when: swap_dev.stat.exists 51 | notify: daemon reload 52 | 53 | - name: Ensure swap is used 54 | shell: "swapon -a" 55 | tags: 56 | - ec2 57 | 58 | 59 | - name: Create jenkins dirs 60 | file: path={{item}} state=directory owner="{{jenkins_user}}" mode="0755" 61 | with_items: 62 | - "{{jenkins_home}}" 63 | - "{{jenkins_home}}/tmp" 64 | - "{{jenkins_home}}/.ssh" 65 | - "{{jenkins_home}}/.m2" 66 | 67 | - name: Give core team access to jenkins user 68 | authorized_key: user="{{jenkins_user}}" state="present" key="https://github.com/{{item}}.keys" 69 | with_items: 70 | - adriaanm 71 | - lrytz 72 | - SethTisue 73 | - retronym 74 | - szeiger 75 | 76 | - name: Fetch public key generated by master 77 | shell: cat "/var/lib/jenkins/.ssh/id_worker.pub" # TODO use hostvars['master'].jenkins_home or something like that 78 | delegate_to: "{{ item }}" 79 | with_items: 80 | - "{{ groups.master }}" 81 | register: pubkey 82 | when: not 'publisher' in group_names 83 | 84 | - name: Authorize public key generated by master 85 | authorized_key: user="{{jenkins_user}}" key="{{item.stdout}}" 86 | with_items: 87 | - "{{ pubkey.results }}" 88 | when: not 'publisher' in group_names 89 | 90 | - name: Lookup our hostname 91 | shell: hostname 92 | register: hostname 93 | 94 | # must connect to hostname (private ip) due to firewall 95 | - name: Have jenkins on master accept our host key 96 | become_user: "{{jenkins_user}}" 97 | delegate_to: "{{ item }}" 98 | command: "ssh -oStrictHostKeyChecking=no {{hostname.stdout}} -i /var/lib/jenkins/.ssh/id_worker true" 99 | with_items: 100 | - "{{ groups.master }}" 101 | when: not 'publisher' in group_names 102 | 103 | - name: Copy Maven settings (public jobs) 104 | no_log: true 105 | template: src="m2-settings-pub.xml" dest="{{jenkins_home}}/.m2/settings.xml" owner="{{jenkins_user}}" mode="0600" 106 | 107 | - name: Copy Private repo credentials (public jobs) 108 | no_log: true 109 | template: src="credentials-private-repo" dest="{{jenkins_home}}/.credentials" owner="{{jenkins_user}}" mode="0600" 110 | 111 | 112 | 113 | # full /etc/apt/sources.list: 114 | # deb http://cdn-aws.deb.debian.org/debian stretch main 115 | # deb http://security.debian.org/debian-security stretch/updates main 116 | # deb http://cdn-aws.deb.debian.org/debian stretch-updates main 117 | # deb http://cdn-aws.deb.debian.org/debian stretch-backports main 118 | - name: Add apt repo for Java 9 backports 119 | apt_repository: repo='deb http://cdn-aws.deb.debian.org/debian stretch-backports main' 120 | 121 | - name: Install openjdk 122 | apt: name={{item}} state=installed 123 | with_items: 124 | # - openjdk-6-jdk 125 | # - openjdk-7-jdk 126 | - openjdk-8-jdk 127 | - openjdk-9-jdk 128 | 129 | # TODO investigate https://github.com/sdkman/sdkman-cli 130 | 131 | - name: Copy jvm-select script 132 | copy: src=jvm-select dest=/usr/local/share/jvm/ owner=root mode=755 133 | 134 | 135 | - name: Install basic packages 136 | apt: name={{item}} state=installed 137 | with_items: 138 | - ant 139 | - ant-contrib 140 | - ant-optional 141 | - apt-transport-https 142 | - maven 143 | - tofrodos 144 | 145 | - name: Create sbt launcher path 146 | file: path="{{sbt_launcher_path}}" state=directory 147 | 148 | - name: Download sbt launcher 149 | get_url: 150 | url: "https://repo.lightbend.com/typesafe/ivy-releases/org.scala-sbt/sbt-launch/{{ sbt_version }}/sbt-launch.jar" 151 | dest: "{{sbt_launcher_path}}" 152 | owner: root 153 | mode: "755" 154 | 155 | - name: Install the gpg key for nodejs LTS 156 | apt_key: 157 | url: "https://deb.nodesource.com/gpgkey/nodesource.gpg.key" 158 | state: present 159 | 160 | - name: Add apt repo for nodejs LTS 161 | apt_repository: 162 | repo: "deb https://deb.nodesource.com/node_6.x stretch main" 163 | state: present 164 | update_cache: yes 165 | 166 | - name: Install nodejs 167 | apt: 168 | name: nodejs 169 | state: present 170 | 171 | - include_tasks: publisher.yml 172 | when: "'publisher' in group_names" -------------------------------------------------------------------------------- /roles/worker/tasks/publisher.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install packages needed to publish 4 | apt: name="{{item}}" state=installed 5 | with_items: 6 | - jq 7 | - curl 8 | - zip 9 | - xz-utils 10 | - rpm 11 | - dpkg 12 | - lintian 13 | - fakeroot 14 | - graphviz 15 | 16 | # - name: Install old graphviz 17 | # # NOTE: graphviz version 2.36.0 (20140111.2315) crashes during scaladoc: 18 | # # *** Error in `dot': corrupted double-linked list: 0x00000000019648c0 *** 19 | # # this caused some diagrams not to be rendered... 20 | # # Same for graphviz version 2.38.0 (20140413.2041): 21 | # # *** Error in `dot': corrupted double-linked list: 0x000000000196f5f0 *** 22 | # # The old build server was on 2.28.0.... thus: 23 | # # sudo apt-get install gcc checkinstall libexpat-dev 24 | # # curl -O http://graphviz.org/pub/graphviz/stable/SOURCES/graphviz-2.28.0.tar.gz 25 | # # tar xvzf graphviz-2.28.0.tar.gz && cd graphviz-2.28.0/ 26 | # # ./configure && make && sudo checkinstall 27 | # deb = remote_file "#{Chef::Config[:file_cache_path]}/graphviz-#{node['graphviz']['version']}.deb" do 28 | # source node['graphviz']['url'] 29 | # checksum node['graphviz']['checksum'] 30 | # notifies :install, "dpkg_package[graphviz]" 31 | # end 32 | # 33 | # dpkg_package "graphviz" do 34 | # source deb.path 35 | # version node['graphviz']['version'] 36 | # action :nothing # triggered by the corresponding remote_file above 37 | # end 38 | 39 | - name: Create core dirs before populating them 40 | file: path="{{jenkins_home}}/{{item}}" state=directory owner="{{jenkins_user}}" mode="0755" recurse="yes" 41 | with_items: 42 | - .ssh 43 | - .gnupg 44 | - .ivy2 45 | - .m2 46 | - .sbt/0.13/plugins 47 | 48 | - name: Fetch public key generated by master 49 | shell: cat "/var/lib/jenkins/.ssh/id_worker_publisher.pub" # TODO use hostvars['master'].jenkins_home or something like that 50 | delegate_to: "{{ item }}" 51 | with_items: 52 | - "{{ groups.master }}" 53 | register: pubkey 54 | 55 | - name: Authorize public key generated by master 56 | authorized_key: user="{{jenkins_user}}" key="{{item.stdout}}" 57 | with_items: 58 | - "{{ pubkey.results }}" 59 | 60 | - name: Lookup our hostname 61 | shell: hostname 62 | register: hostname 63 | 64 | # must connect to hostname (private ip) due to firewall 65 | - name: Have jenkins on master accept our host key 66 | become_user: "{{jenkins_user}}" 67 | delegate_to: "{{ item }}" 68 | command: "ssh -oStrictHostKeyChecking=no {{hostname.stdout}} -i /var/lib/jenkins/.ssh/id_worker_publisher true" 69 | with_items: 70 | - "{{ groups.master }}" 71 | 72 | - name: Add chara keypair 73 | no_log: true 74 | copy: src=jenkins_lightbend_chara dest="{{jenkins_home}}/.ssh/" owner="{{jenkins_user}}" mode=0600 75 | 76 | - name: Accept chara host key 77 | become_user: "{{jenkins_user}}" 78 | command: "ssh -oStrictHostKeyChecking=no scalatest@chara.epfl.ch -i \"{{jenkins_home}}/.ssh/jenkins_lightbend_chara\" true" 79 | 80 | - name: Add gpg sbt plugin 81 | copy: src=gpg.sbt dest="{{jenkins_home}}/.sbt/0.13/plugins/" owner="{{jenkins_user}}" 82 | 83 | - name: Import GPG signing key 84 | become_user: "{{jenkins_user}}" 85 | command: "gpg --import" 86 | args: 87 | stdin: "{{gpg_secret_signing_subkey}}" 88 | 89 | - name: Copy private credentials 90 | no_log: true 91 | template: src="{{item.src}}" dest="{{jenkins_home}}/{{item.dest}}" owner="{{jenkins_user}}" mode="0600" 92 | with_items: 93 | - { dest: ".credentials-private-repo", src: "credentials-private-repo" } 94 | - { dest: ".credentials-sonatype", src: "credentials-sonatype" } 95 | - { dest: ".sonatype-curl", src: "sonatype-curl" } 96 | - { dest: ".m2/settings.xml", src: "m2-settings.xml" } # TODO: remove pr-scala stuff, use different credentials for private-repo for PR validation and temp release artifacts 97 | -------------------------------------------------------------------------------- /roles/worker/templates/credentials-private-repo: -------------------------------------------------------------------------------- 1 | realm={{repos_private_realm}} 2 | host={{repos_private_host}} 3 | user={{repos_private_user}} 4 | password={{repos_private_pass}} -------------------------------------------------------------------------------- /roles/worker/templates/credentials-sonatype: -------------------------------------------------------------------------------- 1 | realm=Sonatype Nexus Repository Manager 2 | host=oss.sonatype.org 3 | user={{sonatype_user}} 4 | password{{sonatype_pass}} 5 | -------------------------------------------------------------------------------- /roles/worker/templates/m2-settings-pub.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 9 | ${WORKSPACE}/m2repo 10 | 11 | 12 | 13 | pr-scala 14 | {{repos_private_user}} 15 | {{repos_private_pass | escape}} 16 | 17 | 18 | 19 | 20 | 21 | pr-scala 22 | 23 | 24 | pr-scala 25 | Scala PR validation snapshots 26 | {{repos_private_pr_snap}} 27 | 28 | 29 | scala-integration 30 | Scala Release snapshots 31 | {{repos_private_integration}} 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | central-cache 40 | Central Cache for Scala CI 41 | {{repos_caching_proxy_central_url}} 42 | {{repos_caching_proxy_central_mirrorOf}} 43 | 44 | 45 | 46 | jcenter-cache 47 | JCenter Cache for Scala CI 48 | {{repos_caching_proxy_jcenter_url}} 49 | {{repos_caching_proxy_jcenter_mirrorOf}} 50 | 51 | 52 | 59 | 60 | codehaus-snapshots-mirror 61 | Maven Codehaus snapshot repository 62 | file:///codehaus-does-not-exist-anymore 63 | codehaus-snapshots 64 | 65 | 66 | 67 | 68 | -------------------------------------------------------------------------------- /roles/worker/templates/m2-settings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 9 | ${WORKSPACE}/m2repo 10 | 11 | 12 | 13 | sonatype-nexus 14 | {{sonatype_user}} 15 | {{sonatype_pass | escape}} 16 | 17 | 18 | private-repo 19 | {{repos_private_user}} 20 | {{repos_private_pass | escape}} 21 | 22 | 27 | 28 | 29 | 30 | 31 | central-cache 32 | Central Cache for Scala CI 33 | {{repos_caching_proxy_central_url}} 34 | {{repos_caching_proxy_central_mirrorOf}} 35 | 36 | 37 | 38 | jcenter-cache 39 | JCenter Cache for Scala CI 40 | {{repos_caching_proxy_jcenter_url}} 41 | {{repos_caching_proxy_jcenter_mirrorOf}} 42 | 43 | 44 | 51 | 52 | codehaus-snapshots-mirror 53 | Maven Codehaus snapshot repository 54 | file:///codehaus-does-not-exist-anymore 55 | codehaus-snapshots 56 | 57 | 58 | 59 | 60 | 61 | -------------------------------------------------------------------------------- /roles/worker/templates/sonatype-curl: -------------------------------------------------------------------------------- 1 | user = {{ sonatype_user }}:{{ sonatype_pass }} -------------------------------------------------------------------------------- /site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # run with `ansible-playbook site.yml` 3 | # NOTES: 4 | # - when starting over, delete known_host entries for instances (54.67.111.226 54.67.33.167 54.153.2.9 54.153.1.99), or ansible will refuse to connect 5 | - hosts: localhost 6 | connection: local 7 | gather_facts: False 8 | tasks: 9 | - include_tasks: roles/common/tasks/ec2.yml 10 | tags: 11 | - always 12 | - boot_jenkins 13 | 14 | - name: Common stuff 15 | hosts: all 16 | remote_user: "{{admin_user}}" 17 | become: true 18 | 19 | roles: 20 | - common 21 | 22 | - name: Install & configure nginx, artifactory, jenkins and scabot on the master 23 | hosts: master 24 | gather_facts: yes 25 | remote_user: "{{admin_user}}" 26 | become: true 27 | 28 | roles: 29 | - nginx 30 | - artifactory 31 | - jenkins 32 | - scabot 33 | 34 | - name: Configure workers 35 | hosts: worker 36 | gather_facts: yes 37 | remote_user: "{{admin_user}}" 38 | become: true 39 | vars: 40 | - jenkins_home: "/home/jenkins" 41 | roles: 42 | - worker 43 | 44 | # To create the inital jenkins config, use `ansible-playbook site.yml --tags boot_jenkins` (after first doing a normal run) 45 | - name: Bootstrap jenkins 46 | hosts: master 47 | gather_facts: yes 48 | remote_user: "{{admin_user}}" 49 | become: true 50 | tasks: 51 | - include_tasks: roles/jenkins/tasks/bootstrap.yml 52 | tags: 53 | - boot_jenkins 54 | 55 | - name: Finish jenkins bootstrap using jenkins cli 56 | hosts: localhost 57 | connection: local 58 | gather_facts: False 59 | become: false 60 | tasks: 61 | - include_tasks: roles/jenkins/tasks/bootstrap-cli.yml 62 | tags: 63 | - boot_jenkins 64 | -------------------------------------------------------------------------------- /ssl-certs/00 - scala-ci.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIF0jCCBLqgAwIBAgIQAYR+D5E+r/cX18Lb7VPmaDANBgkqhkiG9w0BAQsFADCB 3 | ljELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G 4 | A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPDA6BgNV 5 | BAMTM0NPTU9ETyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl 6 | cnZlciBDQTAeFw0xNTAxMTMwMDAwMDBaFw0xNjAxMTMyMzU5NTlaMIG0MQswCQYD 7 | VQQGEwJVUzEOMAwGA1UEERMFOTQxMDUxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1T 8 | YW4gRnJhbmNpc2NvMSIwIAYDVQQJExk2MjUgTWFya2V0IFN0LCBTdWl0ZSAxMDAw 9 | MRcwFQYDVQQKEw5UeXBlc2FmZSwgSW5jLjETMBEGA1UECxMKSW5zdGFudFNTTDEe 10 | MBwGA1UEAxMVc2NhbGEtY2kudHlwZXNhZmUuY29tMIIBIjANBgkqhkiG9w0BAQEF 11 | AAOCAQ8AMIIBCgKCAQEA0BUE/td1CNilfLUDN0+79WecN3CqIRYP/VlyrLLDnsLl 12 | EDpq7kt5vSUfIOsL809a9grdV6YDriBxriaCkZ8YW7E7cnmIcx+BrJWhqrdVD1fM 13 | EB5ADjND/reiM8ztw06tL3fIpHPJHdGknPlbjKCOEn1UiJVyWZktNvybrs0R98N7 14 | BMiHZQMqV9DpLYVo6JYTWlw2ucA+Q/LoxvWx8e85PDsn8JXSs7b6wOKEkB/D5ZmH 15 | Vqbt/tpstcOQ0Gcrab5wx3ua9+aG6BvTZIGTAVsF6/BbXLvDbp7yabQTSqP2WaLo 16 | Oy8sB+y02MrHRPiX7fUU8C7mMd2M3nrWeyAclNgjMwIDAQABo4IB+jCCAfYwHwYD 17 | VR0jBBgwFoAUmvMr2s+tT7YvuypISCoStxtCwSQwHQYDVR0OBBYEFNu+6HpER9XU 18 | qSDNfvAlRJruOo+uMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud 19 | JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBQBgNVHSAESTBHMDsGDCsGAQQBsjEB 20 | AgEDBDArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQ 21 | UzAIBgZngQwBAgIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5jb21vZG9j 22 | YS5jb20vQ09NT0RPUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZl 23 | ckNBLmNybDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8vY3J0 24 | LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2Vj 25 | dXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9j 26 | YS5jb20wOwYDVR0RBDQwMoIVc2NhbGEtY2kudHlwZXNhZmUuY29tghl3d3cuc2Nh 27 | bGEtY2kudHlwZXNhZmUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBuhx4IjdGf3DLM 28 | cpWBd92oaTBtqcW+1CE/anqbgyDmJNkXJVt3BxXDnHQZuy+oPA+f8/ws0FKqCV15 29 | TyScgFotEUCQxLijD2w6nWPn1Cops1s1aoPA6ssyT6QNiF0HdRXPMAtPs8XY9oGw 30 | gcNrNjeSqFYJIW8+f9VLqU8mafLycXxDhb0M1f0X70sWc78/YhrfMRiW9/aVYRrH 31 | poOw1WBMuNv+U+rPcDxXgy9oWUUIa1gQYCgI7nxuwgaEV/H7Cj+iZSAjSQruYeCt 32 | DLOaGw0dQipEPIYwysJSX+3Z+cmrG7HE36vNaSwZosDpAzpVEvmTlZnPQonFDdfy 33 | r59akcVg 34 | -----END CERTIFICATE----- 35 | -------------------------------------------------------------------------------- /ssl-certs/01 - COMODORSAOrganizationValidationSecureServerCA.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIGDjCCA/agAwIBAgIQNoJef7WkgZN+9tFza7k8pjANBgkqhkiG9w0BAQwFADCB 3 | hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G 4 | A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV 5 | BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy 6 | MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBljELMAkGA1UEBhMCR0IxGzAZBgNVBAgT 7 | EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR 8 | Q09NT0RPIENBIExpbWl0ZWQxPDA6BgNVBAMTM0NPTU9ETyBSU0EgT3JnYW5pemF0 9 | aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEB 10 | BQADggEPADCCAQoCggEBALkU2YXyQURX/zBEHtw8RKMXuG4B+KNfwqkhHc5Z9Ozz 11 | iKkJMjyxi2OkPic284/5OGYuB5dBj0um3cNfnnM858ogDU98MgXPwS5IZUqF0B9W 12 | MW2O5cYy1Bu8n32W/JjXT/j0WFb440W+kRiC5Iq+r81SN1GHTx6Xweg6rvn/RuRl 13 | Pz/DR4MvzLhCXi1+91porl1LwKY1IfWGo8hJi5hjYA3JIUjCkjBlRrKGNQRCJX6t 14 | p05LEkAAeohoXG+fo6R4ESGuPQsOvkUUI8/rddf2oPG8RWxevKEy7PNYeEIoCzoB 15 | dvDFoJ7BaXDej0umed/ydrbjDxN8GDuxUWxqIDnOnmkCAwEAAaOCAWUwggFhMB8G 16 | A1UdIwQYMBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSa8yvaz61P 17 | ti+7KkhIKhK3G0LBJDAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIB 18 | ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRV 19 | HSAAMAgGBmeBDAECAjBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9k 20 | b2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggr 21 | BgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29t 22 | L0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz 23 | cC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAGmKNmiaHjtlC+B8z6ar 24 | cTuvYaQ/5GQBSRDTHY/i1e1n055bl71CHgf50Ltt9zKVWiIpYvgMnFlWJzagIhIR 25 | +kf0UclZeylKpUg1fMWXZuAnJTsVejJ1SpH7pmue4lP6DYwT+yO4CxIsru3bHUeQ 26 | 1dCTaXaROBU01xjqfrxrWN4qOZADRARKVtho5fV8aX6efVRL0NiGq2dmE1deiSoX 27 | rS2uvUAOZu2K/1S0wQHLqeBHuhFhj62uI0gqxiV5iRxBBJXAEepXK9a0l/qx6RVi 28 | 7Epxd/3zoZza9msAKcUy5/pO6rMqpxiXHFinQjZf7BTP+HsO993MiBWamlzI8SDH 29 | 0YZyoRebrrr+bKgy0QB2SXP3PyeHPLbJLfqqkJDJCgmfyWkfBxmpv966+AuIgkQW 30 | EH8HwIAiX3+8MN66zQd5ZFbY//NPnDC7bh5RS+bNvRfExb/IP46xH4pGtwZDb2It 31 | z1GdRcqK6ROLwMeRvlu2+jdKif7wndoTJiIsBpA+ixOYoBnW3dpKSH89D4mdJHJL 32 | DntE/9Q2toN2I1iLFGy4XfdhbTl27d0SPWuHiJeRvsBGAh52HN22r1xP9QDWnE2p 33 | 4J6ijvyxFnlcIdNFgZoMOWxtKNcl0rcRkND23m9e9Pqki2Z3ci+bkEAsUhJg+f+1 34 | cC6JmnkJiYEt7Fx4b4GH8fxV 35 | -----END CERTIFICATE----- 36 | -------------------------------------------------------------------------------- /ssl-certs/02 - COMODORSAAddTrustCA.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv 3 | MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk 4 | ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF 5 | eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow 6 | gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO 7 | BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD 8 | VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq 9 | hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw 10 | AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6 11 | 2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr 12 | ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt 13 | 4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq 14 | m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/ 15 | vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT 16 | 8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE 17 | IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO 18 | KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO 19 | GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/ 20 | s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g 21 | JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD 22 | AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9 23 | MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy 24 | bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6 25 | Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ 26 | zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj 27 | Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY 28 | Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5 29 | B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx 30 | PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR 31 | pu/xO28QOG8= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /ssl-certs/03 - AddTrustExternalCARoot.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU 3 | MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs 4 | IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 5 | MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux 6 | FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h 7 | bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v 8 | dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt 9 | H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 10 | uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX 11 | mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX 12 | a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN 13 | E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 14 | WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD 15 | VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 16 | Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU 17 | cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx 18 | IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN 19 | AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH 20 | YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 21 | 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC 22 | Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX 23 | c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a 24 | mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= 25 | -----END CERTIFICATE----- 26 | -------------------------------------------------------------------------------- /ssl-certs/scalaci.openssl.cnf: -------------------------------------------------------------------------------- 1 | [req] 2 | default_bits = 2048 3 | distinguished_name = req_distinguished_name 4 | req_extensions = v3_req 5 | 6 | [req_distinguished_name] 7 | countryName = Country Name (2 letter code) 8 | countryName_default = US 9 | 10 | stateOrProvinceName = State or Province Name (full name) 11 | stateOrProvinceName_default = CA 12 | 13 | localityName = Locality Name (eg, city) 14 | localityName_default = San Francisco 15 | 16 | 0.organizationName = Organization Name (eg, company) 17 | 0.organizationName_default = Typesafe, Inc. 18 | 19 | commonName = Common Name (eg, your name or your server\'s hostname) 20 | commonName_default = scala-ci.typesafe.com 21 | commonName_max = 64 22 | 23 | emailAddress = ssl-admin@lightbend.com 24 | 25 | [ v3_req ] 26 | # Extensions to add to a certificate request 27 | basicConstraints = CA:FALSE 28 | keyUsage = digitalSignature, keyEncipherment 29 | 30 | --------------------------------------------------------------------------------