openstack/openstack-zuul-jobs
Code Issues Proposed changes
2c2f0e11cc
openstack-zuul-jobs/playbooks/legacy/training-guides-tox-doc-publishdocs/run.yaml
Jeremy Stanley d3ff588013 Correctly revoke /etc/sudoers.d/zuul 
According to our zuul-worker DIB element the path we want to remove
to revoke zuul sudo access is /etc/sudoers.d/zuul:

http://git.openstack.org/cgit/openstack-infra/project-config/tree/nodepool/elements/zuul-worker/install.d/60-zuul-worker

Generated via:

    sed -i 's/zuul-sudo/zuul/' \
        `git grep --files-with-match '/etc/sudoers.d/zuul-sudo'`

Change-Id: Iea8cf915d815dbf876ca0cee74933f04152395b8
2017-09-28 19:19:04 +00:00

65 lines
2.1 KiB
YAML
Raw Blame History

- hosts: all
name: Autoconverted job legacy-training-guides-tox-doc-publishdocs from old job
training-guides-tox-doc-publishdocs
tasks:
- name: Ensure legacy workspace directory
file:
path: '{{ ansible_user_dir }}/workspace'
state: directory
- shell:
cmd: |
set -e
set -x
CLONEMAP=`mktemp`
REQS_DIR=`mktemp -d`
function cleanup {
mkdir -p $WORKSPACE
rm -rf $CLONEMAP $REQS_DIR
}
trap cleanup EXIT
cat > $CLONEMAP << EOF
clonemap:
- name: $ZUUL_PROJECT
dest: .
EOF
# zuul cloner works poorly if there are 2 names that are the
# same in here.
if [[ "$ZUUL_PROJECT" != "openstack/requirements" ]]; then
cat >> $CLONEMAP << EOF
- name: openstack/requirements
dest: $REQS_DIR
EOF
fi
/usr/zuul-env/bin/zuul-cloner -m $CLONEMAP --cache-dir /opt/git \
git://git.openstack.org $ZUUL_PROJECT openstack/requirements
# REQS_DIR is not set for openstack/requirements and there is also
# no need to copy in this case.
if [[ "$ZUUL_PROJECT" != "openstack/requirements" ]]; then
cp $REQS_DIR/upper-constraints.txt ./
fi
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: /usr/local/jenkins/slave_scripts/install-distro-packages.sh
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
set -x
sudo rm -f /etc/sudoers.d/zuul
# Prove that general sudo access is actually revoked
! sudo -n true
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: /usr/local/jenkins/slave_scripts/run-tox.sh publishdocs
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
View Git Blame Copy Permalink