Mattermost > Mattermost Team Edition Pipeline V2 Rebuild Status
As a member of the CHT I need to rebuild this project to work in V2 of the Jenkins pipeline. This will continue through the end of the hardening lifecycle; until the AO has approved the justifications and the project is merged to master. Please move this ticket through it's 5 phases as described below. Once the final phase is finished, the PM will close the ticket
Labels are used to organize the ticket through our status Kanban board. The labels are as follows:
Phase 1: "CHT : V2: PH1"
Phase 2: "CHT : V2: PH2"
Phase 3: "CHT : V2: PH3"
Phase 4: "CHT : V2: PH4"
Phase 5: "CHT : V2: PH5"
AC By Phase
"CHT : V2: PH1" AC:
The fundamental structure of the project is now changed. Development will be used to aggregate changes in the repo and topic branches will be used to make updates. Remove the older versions of the application. Then move the most recent files structure to the root of the repo. Delete the version folder. Now add the assets needed for the new structure. Described by the Contributor Onboarding Guide
-
Old versions deleted from the project -
download.yaml added: reference guide -
Jenkinsfile added and using the new dccscrPipeline library: reference -
Single Dockerfile sits in the root of the project. -
The application greylist is added to the whitelist repo: repo and samples
Finish by commenting on this ticket with the following:
[STATUS: Finished Phase 1]
/label ~"CHT : V2 : PH2"
/unlabel ~"CHT : V2 : PH1""CHT : V2: PH2" AC:
You will now set up automation. This should be a quick stage. Add a webhook in gitlab for your project, and make sure Jenkins is building with a multibranch pipeline
-
Git hook added to Settings > Integrations. Make sure to include "Merge Events" -
Jenkins project running -
Tested and succeeded with a "Push Event"
Finish by commenting on this ticket with the following:
[STATUS: Finished Phase 2]
/label ~"CHT : V2 : PH3"
/unlabel ~"CHT : V2 : PH2""CHT : V2 : PH3" AC:
Now, the image must build in the pipeline. This will be a technical task. Only rpm packages may be installed from the Dockerfile. All others will need to be added to download.yaml and pulled beforehand. Copy those over or use a Multi-Stage Dockerfile to copy over filesystems. It may be necessary to request feedback from the vendor to do this. However, if you can quickly make the changes, that is encouraged. If you need help from another team member to accomplish this, please reach out.
-
All non-rpm packages are pulled through download.yaml -
Dockerfile is modified to copy over packages -
Image can now build faithfully in the pipeline
Finish by commenting on this ticket with the following:
[STATUS: Finished Phase 3]
/label ~"CHT : V2 : PH4"
/unlabel ~"CHT : V2 : PH3""CHT : V2 : PH4" AC:
The pipeline should now be able to scan the image. If it is failing, reach out to a facilitator of the pipeline to fix this issue. Otherwise, if the scans are completing, forward a message to the vendor (and cc the CHT PM) to let them know their scans are now available. It will be up to them to write justifications.
Notice, only scans from the "development" and "master" branches will end up in DCAR. If the vendor does not have access to scans, you'll need to forward them in the email.
-
The image is being scanned by the pipeline -
Vendor now has access to scans -
PM has been notified of the scans completion and vendor status
Finish by commenting on this ticket with the following:
[STATUS: Finished Phase 4]
/label ~"CHT : V2 : PH5"
/unlabel ~"CHT : V2 : PH4""CHT : V2 : PH5" AC:
Justifications are now sent to the AO (by the CHT PM). We are waiting for their approval or rejection
-
Justifications submitted and awaiting approval/rejection
If the justification is rejected, resubmit with the AO’s comments to the vendor.
After the justifications have been accepted (only accepted), finish by commenting on this ticket with the following:
[STATUS: Finished Phase 5]
/unlabel ~"CHT : V2 : PH5"