Difference between revisions of "Jenkins"

From Mu2eWiki
Jump to navigation Jump to search
m (one more link at the beginning of the section)
 
(20 intermediate revisions by 2 users not shown)
Line 8: Line 8:
 
==Running Projects==
 
==Running Projects==
  
mu2e has these Jenkins projects:
+
Uses Jenkins for several purposes
 +
# for Continuous Integration builds.  These are triggered automatically
 +
## '''Github PR Tests''' for reacting to github commits with a build test and few short validation tests
 +
## '''mu2e_muse_ci_build''' for reacting to a github merge by building Offline and writing it to cvmfs in a special area which can be accessed by "muse setup HEAD".
 +
# validation.
 +
## '''mu2e-offline-geant-int''' builds every night to check that the future version of geant is still integrated
 +
## '''mu2e_muse_test''' checks many aspects of Muse functionality - run by hand when the head of the Muse repo needs testing
 +
# building code for [[UPS]] packages.  When a new tag is available these can be run by choosing "run with parameters," entering the tag and options in the project fields and building.  The result is a link to a tarball which can be fetched and installed on [[Cvmfs|cvmfs]].
 +
##'''mu2e-ADC-build''' artdaq_code
 +
##'''mu2e-ADCM-build''' artdaq_core_mu2e
 +
##'''mu2e-BTrk-build'''
 +
##'''mu2e-KinKal-build'''
 +
##'''mu2e-pcie-build'''
 +
##'''mu2e-scons-build'''
 +
##'''mu2e-TRACE-build'''
 +
# building [[Muse#Musings_.28published_muse_builds.29|Musings]] which are sets of code repos built to work together.
 +
## '''mu2e-musing-build'''  see [[MuseMaintenance]].
  
#'''mu2e-offline-nightly''' builds every night and checks several jobs, geant volume overlaps, and validation. It produces a report which is mailed to a few people and archived [http://mu2e.fnal.gov/atwork/computing/ops/nightlyBuild/nightly.shtml here].
+
Most are driven by a set of scripts kept in the codetools repository and UPS product. Below is more information on a few projects.
#'''mu2e-offline-build''' for building a tag of the offline code and producing tarballs suitable for moving the build to a code disk.
 
#'''mu2e-offline-ci''' runs every hour and if there was a recent git commit, then run a build which the developers can check for errors.
 
#'''mu2e-offline-geant-int''' builds every night to check that the future version of geant is still integrated
 
 
 
Most are driven by a set of scripts kept in the codetools repository and UPS product.  
 
 
 
===Nightly build===
 
The mu2e-offline-nightly project checks out and builds the head every night at about 3AM. It then runs a series of checks:
 
 
 
*10 standard fcl jobs and checks that they have a good return code
 
*a geometry overlap check
 
*generates 5,000 events in genReco and produces a set of validation histograms
 
*copies in a standard file and runs CutAndCount on it
 
 
 
The logs and histogram files are saved. The histograms for validation and CutAndCount are compared to the previous day's histograms and report is made. The results are posted on a [http://mu2e.fnal.gov/atwork/computing/ops/nightlyBuild/nightly.shtml web page] and mailed to a few people. This report step is run in the [[mu2epro]] account in $HOME/cron/val.
 
 
 
 
 
===Release build===
 
 
 
The release build is triggered by hand when a new tag is ready.
 
 
 
<ol>
 
<li>log onto Jenkins system. To do this procedure, you will need to be identified to Jenkins by a cert loaded in your browser before you visit the site. The Jenkins page should have your username at the top right. If it says "anonymous", you are not authenticated.
 
<li>browse to mu2e tab then mu2e-offline-build project
 
<li>click on "configure," go the bottom, in "execute shell" box.  Edit the tag name like:
 
<pre>export MU2E_RELEASE_TAG=v5_2_1</pre>
 
or branch name like
 
<pre>export MU2E_BRANCH=V5_2_1_test_branch</pre>
 
at the top of the script. Click "save" at the bottom of this page. You should be on the project top page.
 
<li>Click "build now". It will take up to 1.5 hours if there are lots of other builds running on the build machines. When the status balls stop pulsing, it is done.
 
<li>Check logs by clicking on one of the status balls, then "last build" then "console output".
 
<li>Pull the releases to the code disk using [[Cvmfs|CVMFS]] instructions
 
<li>If the tarball is needed for remote distribution, that can be added to the procedure, or it can be retrieved by hand from Jenkins.
 
</ol>
 
 
 
===Integration build===
 
 
 
Once an hour, jenkin will check if there has been a new commit to our main git repository and if there was, it will run the mu2e-offline-ci project. This project builds prof and debug from the head. If the build fails, mail will be sent to the person who made the commit. You can also check the results by browsing the Jenkins system. Go to the "mu2e" tab, the "mu2e-offline-ci" project. If the balls are pulsing, the build is still running. If green, the build was clean. If red, then the build failed. Click on one of the builds, then "last build", then "console output" to see the log file.
 
  
 
==Continuous Integration Project==
 
==Continuous Integration Project==
The computing division has written a set of scripts to run inside Jenkins and give additions features, such as timelines, to the build steps.  This is called the [https://cdcvs.fnal.gov/redmine/projects/ci/wiki Continuous Integration Project]
+
The computing division has written a set of scripts to run inside Jenkins and give additions features, such as timelines, to the build steps.  This is called the [https://cdcvs.fnal.gov/redmine/projects/ci/wiki Continuous Integration Project].  We do not use this service at this time.
  
 
==Trigger by URL==
 
==Trigger by URL==
 
Projects can be kicked off by POST'ing a url with curl.
 
Projects can be kicked off by POST'ing a url with curl.
  curl  -X POST "https://buildmaster.fnal.gov//view/mu2e/job/mu2e-BTrk-build/buildWithParameters?token=02345&PACKAGE_VERSION=v1_02_04&COMPILER=e14"
+
  curl  -X POST "https://buildmaster.fnal.gov/buildmaster/view/mu2e/job/mu2e-BTrk-build/buildWithParameters?token=02345&PACKAGE_VERSION=v1_02_04&COMPILER=e14"
 
You can get the token (a kind of password) from the configure page.  The parameters are also defined on the configure page.
 
You can get the token (a kind of password) from the configure page.  The parameters are also defined on the configure page.
+
 
 
==Pushing a cert==
 
==Pushing a cert==
  
 
To retrieve a file using a cert.
 
To retrieve a file using a cert.
Export your CILogin cert as a .p12 file and note the password. Then  
+
Export your CILogon cert as a .p12 file and note the password. Then  
  
  openssl pkcs12 -in cilogin.p12 -out file.key.pem -nocerts -nodes
+
  openssl pkcs12 -in cilogon.p12 -out file.key.pem -nocerts -nodes
  openssl pkcs12 -in cilogin.p12 -out file.crt.pem -clcerts -nokeys     
+
  openssl pkcs12 -in cilogon.p12 -out file.crt.pem -clcerts -nokeys     
 
  curl -O -E ./file.crt.pem --key ./file.key.pem \
 
  curl -O -E ./file.crt.pem --key ./file.key.pem \
  https://buildmaster.fnal.gov/view/Art/job/build-mu-dist/BUILDTYPE=debug,label1=swarm,label2=SLF6/lastSuccessfulBuild/artifact/copyBack/cetlib-3.01.03-slf6-x86_64-e15-debug.tar.bz2
+
  https://buildmaster.fnal.gov/buildmaster/view/Art/job/build-mu-dist/BUILDTYPE=debug,label1=swarm,label2=SLF6/lastSuccessfulBuild/artifact/copyBack/cetlib-3.01.03-slf6-x86_64-e15-debug.tar.bz2
  
  
Line 110: Line 88:
 
~~~8<~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~8<~~~~~~~~~~~~~~~~~~~~~~~~~
 
</pre>
 
</pre>
 +
 +
 +
==Github PR Tests==
 +
When a pull request (PR) is made or updated in the Offline or Production respositories, or certain comments are entered into an existing PR (see [[GitHubWorkflow#GitHub_Pull_Request_Procedures_and_FNALbuild]]), this triggers a series of Jenkins jobs which run tests on the PR code before it can be merged. The process for doing this is described below.  Much of the code used by these jobs is described at [[Github_CI_Maintenance]].
 +
 +
[[File:OfflineBuildTestFlow.png|450px|thumb|left|Diagram of the interactions between GitHub and Jenkins jobs when a PR is opened in the Offline repository.]]
 +
 +
'''receive-gh-event''' and '''receive-gh-event-production'''
 +
 +
These are the jobs that receive the initial notification from GitHub.com, and launch the other jobs.
 +
 +
The jobs receive-gh-event and receive-gh-event-production represent the first step in the PR testing flow for the Offline and Production repositories, respectively. Their job configurations are kept in the GitHubPRTests directory on Jenkins. They are triggered by GitHub webhooks -- a POST request from GitHub to Jenkins. This is set up in the Github repository settings (more info about GitHub webhooks [https://docs.github.com/en/developers/webhooks-and-events/webhooks/about-webhooks here]). Each Jenkins job corresponds to a webhook from one repository: Offline pull requests trigger receive-gh-event, and Production pull requests trigger receive-gh-event-production.
 +
Once either of these jobs begins, it checks the values of a few environment variables. Some of these comes from the GitHub Pull Request Builder [https://plugins.jenkins.io/ghprb/ plugin]. After this step, it launches the next job in the sequence, mu2e-github-bot.
 +
 +
'''mu2e-github-bot'''
 +
 +
This is the job that makes all the decisions about what tests need to get run. All the pull request tests get launched from here.
 +
 +
This job configuration is kept in the GitHubPRTests directory on Jenkins. It is launched by either receive-gh-event or receive-gh-event-production. It clones the latest updates from the [https://github.com/Mu2e/CI Mu2e/CI] repository, then sets up a virtual environment and installs the CI code's dependencies (listed in the file requirements.txt). It then runs the CI script process-pull-request, which in turn calls another script called process_pr. This script is described in more detail [[Github_CI_Maintenance#Code_for_controlling_whether_build_tests_are_run|here]].
 +
 +
These scripts do all the checks to ensure that the tests can and should be run on this PR, including but not limited to: checking that the issue really is a PR and that it's still open, and that the author of the PR is in the Mu2e organization. If the PR is not new, they check to see that either the base branch's HEAD has changed, or that a comment has been posted that requests the tests be run.
 +
 +
They also select which tests, if any, to run on this PR. Currently, the requirements for running tests are:
 +
1) the build tests get run on new PR's
 +
2) the build tests get run when someone has posted a comment to run them ([https://mu2ewiki.fnal.gov/wiki/GitHubWorkflow#GitHub_Pull_Request_Procedures_and_FNALbuild see here]) and there are not already tests running
 +
After these steps are done, the script posts a comment on the PR indicating that the tests were triggered. The last step in this job is to trigger the downstream job mu2e-offline-build-test or mu2e-production-build-test.
 +
 +
'''mu2e-offline-build-test'''
 +
 +
This is the job that builds the code and runs the tests for Offline PRs.
 +
 +
This job configuration is kept in the GitHubPRTests directory on Jenkins. It is launched by the Jenkins job mu2e-github-bot. mu2e-offline-build-test clones the [https://github.com/Mu2e/codetools Mu2e/codetools] and [https://github.com/Mu2e/CI Mu2e/CI] repositories. The codetools repo contains the code to run the tests; the CI repo contains the code to communicate with GitHub (more info about the CI and codetools repos at [[Github_CI_Maintenance]]). It then launches the codetools script gh_pr_bootstrap.sh, which in turn runs the job.sh script in the appropriate test folder. This script does the appropriate cloning and merging of Offline and Production, and contains the list of test fcl files to run.
 +
 +
If the merge fails, it reports the failure in a comment on the PR and exits. If it succeeds, it runs build.sh (which builds the code with muse and runs the tests fcl). It reports test results to the PR as they finish, and then posts a comment with a summary of all the test results, and links to log files. To access these log files, you need to be on the Fermilab VPN or logged into one of the mu2egpvm machines.
 +
 +
'''mu2e-production-build-test'''
 +
 +
This job configuration is kept in the GitHubPRTests directory on Jenkins. It does essentially the same things as mu2e-offline-build-test, but is launched when the initial PR is in Production. The code run by this job is essentially identical to the Offline build tests, but is a separate set of files in another directory to allow it to be changed independently of the Offline tests if necessary.
  
 
[[Category:Computing]]
 
[[Category:Computing]]
 
[[Category:Code]]
 
[[Category:Code]]
 
[[Category:CodeManagement]]
 
[[Category:CodeManagement]]

Latest revision as of 00:53, 9 February 2023

Introduction

Jenkins is a freeware java code build system that the Scientific Computing Division is maintaining for the experiments. It runs on several powerful build machines where the code can be built using significant parallelism. It also has many useful management features. You can browse the Jenkins system. and docs for code managers. Jenkins manages and runs build scripts, triggers, archiving and reports, but the actual compilation with scons is black box to Jenkins.

Anyone can view the Jenkins pages, but to edit the pages you need to put in a ticket to get edit permissions in Jenkins, then authorize yourself to the site with a certificate. To edit, the Jenkins page should have your username at the top right. If it says "anonymous", try deleting your "buildmaster" cookies, restarting the browser, check that your cert is loaded in the browser, and try again.

Running Projects

Uses Jenkins for several purposes

  1. for Continuous Integration builds. These are triggered automatically
    1. Github PR Tests for reacting to github commits with a build test and few short validation tests
    2. mu2e_muse_ci_build for reacting to a github merge by building Offline and writing it to cvmfs in a special area which can be accessed by "muse setup HEAD".
  2. validation.
    1. mu2e-offline-geant-int builds every night to check that the future version of geant is still integrated
    2. mu2e_muse_test checks many aspects of Muse functionality - run by hand when the head of the Muse repo needs testing
  3. building code for UPS packages. When a new tag is available these can be run by choosing "run with parameters," entering the tag and options in the project fields and building. The result is a link to a tarball which can be fetched and installed on cvmfs.
    1. mu2e-ADC-build artdaq_code
    2. mu2e-ADCM-build artdaq_core_mu2e
    3. mu2e-BTrk-build
    4. mu2e-KinKal-build
    5. mu2e-pcie-build
    6. mu2e-scons-build
    7. mu2e-TRACE-build
  4. building Musings which are sets of code repos built to work together.
    1. mu2e-musing-build see MuseMaintenance.

Most are driven by a set of scripts kept in the codetools repository and UPS product. Below is more information on a few projects.

Continuous Integration Project

The computing division has written a set of scripts to run inside Jenkins and give additions features, such as timelines, to the build steps. This is called the Continuous Integration Project. We do not use this service at this time.

Trigger by URL

Projects can be kicked off by POST'ing a url with curl. 

curl  -X POST "https://buildmaster.fnal.gov/buildmaster/view/mu2e/job/mu2e-BTrk-build/buildWithParameters?token=02345&PACKAGE_VERSION=v1_02_04&COMPILER=e14"

You can get the token (a kind of password) from the configure page. The parameters are also defined on the configure page.

Pushing a cert

To retrieve a file using a cert. Export your CILogon cert as a .p12 file and note the password. Then 

openssl pkcs12 -in cilogon.p12 -out file.key.pem -nocerts -nodes
openssl pkcs12 -in cilogon.p12 -out file.crt.pem -clcerts -nokeys    
curl -O -E ./file.crt.pem --key ./file.key.pem \
https://buildmaster.fnal.gov/buildmaster/view/Art/job/build-mu-dist/BUILDTYPE=debug,label1=swarm,label2=SLF6/lastSuccessfulBuild/artifact/copyBack/cetlib-3.01.03-slf6-x86_64-e15-debug.tar.bz2


Push a cert with a url that triggers a project, so the jenkins project can use it. 

# I assume that X509_USER_PROXY points to an existing proxy path
# in the 'mu2e' Jenkins project used in the link below you need
# to define a "Password Parameter" variable named: MU2E_CREDENTIAL


# on your local node:

~~~8<~~~~~~~~~~~~~~~~~~~~~~~~~
credbits="MU2E_CREDENTIAL@$X509_USER_PROXY"

val2="value2"

curl -f \
--data-urlencode "token=1234" \
--data-urlencode "var1=value1" \
--data-urlencode "var2=$val2" \
--data-urlencode "$credbits" \
https://buildmaster.fnal.gov/job/mu2e/buildWithParameters
~~~8<~~~~~~~~~~~~~~~~~~~~~~~~~

# I assume your Jenkins project is named "mu2e", replace that bit for different Jenkins projects
# var1 and var2 need to be defined in the Jenkins configuration to be able to retrieve their value
within a Jenkins job

# In your Jenkins job script to retrieve the proxy you can do the following:
~~~8<~~~~~~~~~~~~~~~~~~~~~~~~~

export X509_USER_PROXY=/tmp/$$.proxy

rm -fv $X509_USER_PROXY
touch $X509_USER_PROXY
chmod 0600  $X509_USER_PROXY
echo "${MU2E_CREDENTIAL}" > $X509_USER_PROXY

voms-proxy-info -all

~~~8<~~~~~~~~~~~~~~~~~~~~~~~~~


Github PR Tests

When a pull request (PR) is made or updated in the Offline or Production respositories, or certain comments are entered into an existing PR (see GitHubWorkflow#GitHub_Pull_Request_Procedures_and_FNALbuild), this triggers a series of Jenkins jobs which run tests on the PR code before it can be merged. The process for doing this is described below. Much of the code used by these jobs is described at Github_CI_Maintenance.

Diagram of the interactions between GitHub and Jenkins jobs when a PR is opened in the Offline repository.

receive-gh-event and receive-gh-event-production

These are the jobs that receive the initial notification from GitHub.com, and launch the other jobs.

The jobs receive-gh-event and receive-gh-event-production represent the first step in the PR testing flow for the Offline and Production repositories, respectively. Their job configurations are kept in the GitHubPRTests directory on Jenkins. They are triggered by GitHub webhooks -- a POST request from GitHub to Jenkins. This is set up in the Github repository settings (more info about GitHub webhooks here). Each Jenkins job corresponds to a webhook from one repository: Offline pull requests trigger receive-gh-event, and Production pull requests trigger receive-gh-event-production. Once either of these jobs begins, it checks the values of a few environment variables. Some of these comes from the GitHub Pull Request Builder plugin. After this step, it launches the next job in the sequence, mu2e-github-bot.

mu2e-github-bot

This is the job that makes all the decisions about what tests need to get run. All the pull request tests get launched from here.

This job configuration is kept in the GitHubPRTests directory on Jenkins. It is launched by either receive-gh-event or receive-gh-event-production. It clones the latest updates from the Mu2e/CI repository, then sets up a virtual environment and installs the CI code's dependencies (listed in the file requirements.txt). It then runs the CI script process-pull-request, which in turn calls another script called process_pr. This script is described in more detail here.

These scripts do all the checks to ensure that the tests can and should be run on this PR, including but not limited to: checking that the issue really is a PR and that it's still open, and that the author of the PR is in the Mu2e organization. If the PR is not new, they check to see that either the base branch's HEAD has changed, or that a comment has been posted that requests the tests be run.

They also select which tests, if any, to run on this PR. Currently, the requirements for running tests are: 1) the build tests get run on new PR's 2) the build tests get run when someone has posted a comment to run them (see here) and there are not already tests running After these steps are done, the script posts a comment on the PR indicating that the tests were triggered. The last step in this job is to trigger the downstream job mu2e-offline-build-test or mu2e-production-build-test.

mu2e-offline-build-test

This is the job that builds the code and runs the tests for Offline PRs.

This job configuration is kept in the GitHubPRTests directory on Jenkins. It is launched by the Jenkins job mu2e-github-bot. mu2e-offline-build-test clones the Mu2e/codetools and Mu2e/CI repositories. The codetools repo contains the code to run the tests; the CI repo contains the code to communicate with GitHub (more info about the CI and codetools repos at Github_CI_Maintenance). It then launches the codetools script gh_pr_bootstrap.sh, which in turn runs the job.sh script in the appropriate test folder. This script does the appropriate cloning and merging of Offline and Production, and contains the list of test fcl files to run.

If the merge fails, it reports the failure in a comment on the PR and exits. If it succeeds, it runs build.sh (which builds the code with muse and runs the tests fcl). It reports test results to the PR as they finish, and then posts a comment with a summary of all the test results, and links to log files. To access these log files, you need to be on the Fermilab VPN or logged into one of the mu2egpvm machines.

mu2e-production-build-test

This job configuration is kept in the GitHubPRTests directory on Jenkins. It does essentially the same things as mu2e-offline-build-test, but is launched when the initial PR is in Production. The code run by this job is essentially identical to the Offline build tests, but is a separate set of files in another directory to allow it to be changed independently of the Offline tests if necessary.

Retrieved from "http://mu2ewiki.fnal.gov/w/index.php?title=Jenkins&oldid=21731"