Commands

Privileged commands

Some commands require the user to be authenticated (and authorized). Zuul-client supports two forms of authentication:

  • user/password - Zuul-client will exchange the credentials for an access token on behalf of the user. This requires the identity provider to enable OpenID Connect’s “password” grant type (also known as Direct Access Grant).

  • raw JWT - The access token can be passed directly to zuul-client as the --auth-token argument. Administrators can generate such a token for users as needed; an authenticated user on Zuul’s Web UI can also fetch their currently valid token on the UI’s user page.

Usage

The general options that apply to all subcommands are:

usage: zuul-client [-h] [-c CONFIG] [--version] [-v] [--auth-token AUTH_TOKEN]
                   [--username USERNAME] [--password PASSWORD]
                   [--zuul-url ZUUL_URL] [--use-config ZUUL_CONFIG]
                   [--insecure] [--format {JSON,json,text,dot}]
                   {autohold,autohold-delete,autohold-info,autohold-list,enqueue,enqueue-ref,dequeue,promote,encrypt,builds,build-info,job-graph,freeze-job}
                   ...

Zuul User CLI

options:
  -h, --help            show this help message and exit
  -c CONFIG             specify the config file
  --version             show zuul version
  -v                    verbose output
  --auth-token AUTH_TOKEN
                        Authentication Token, required by admin commands
  --username USERNAME   User name, can be used to fetch an authentication
                        token if the identity provider supports direct access
                        grants
  --password PASSWORD   Password matching the user name. If only --username is
                        provided, the user will be prompted for a password
  --zuul-url ZUUL_URL   Zuul base URL, needed if using the client without a
                        configuration file
  --use-config ZUUL_CONFIG
                        A predefined configuration in the zuul-client
                        configuration file
  --insecure            Do not verify SSL connection to Zuul (Defaults to
                        False)
  --format {JSON,json,text,dot}
                        The output format, when applicable

commands:
  valid commands

  {autohold,autohold-delete,autohold-info,autohold-list,enqueue,enqueue-ref,dequeue,promote,encrypt,builds,build-info,job-graph,freeze-job}
                        additional help
    autohold            hold nodes for failed job
    autohold-delete     delete autohold request
    autohold-info       retrieve autohold request detailed info
    autohold-list       list autohold requests
    enqueue             enqueue a change
    enqueue-ref         enqueue a ref
    dequeue             dequeue a buildset by its change or ref
    promote             promote one or more changes
    encrypt             Encrypt a secret to be used in a project's jobs
    builds              List builds matching search criteria
    build-info          Get info on a specific build
    job-graph           Freeze and display a job graph
    freeze-job          Freeze and display a job

The following subcommands are supported:

Autohold

Note

This command is only available with a valid authentication token.

usage: zuul-client autohold [-h] [--tenant TENANT] --project PROJECT --job JOB
                            [--change CHANGE] [--ref REF] --reason REASON
                            [--count COUNT]
                            [--node-hold-expiration NODE_HOLD_EXPIRATION]

options:
  -h, --help            show this help message and exit
  --tenant TENANT       tenant name
  --project PROJECT     project name
  --job JOB             job name
  --change CHANGE       specific change to hold nodes for
  --ref REF             git ref to hold nodes for
  --reason REASON       reason for the hold
  --count COUNT         number of job runs (default: 1)
  --node-hold-expiration NODE_HOLD_EXPIRATION
                        how long in seconds should the node set be in HOLD
                        status (default: scheduler's default_hold_expiration
                        value)

Example:

zuul-client autohold --tenant openstack --project example_project --job example_job --reason "reason text" --count 1

Autohold Delete

Note

This command is only available with a valid authentication token.

usage: zuul-client autohold-delete [-h] [--tenant TENANT] REQUEST_ID

positional arguments:
  REQUEST_ID       the hold request ID

options:
  -h, --help       show this help message and exit
  --tenant TENANT  tenant name

Example:

zuul-client autohold-delete --tenant openstack --id 0000000123

Autohold Info

usage: zuul-client autohold-info [-h] [--tenant TENANT] REQUEST_ID

positional arguments:
  REQUEST_ID       the hold request ID

options:
  -h, --help       show this help message and exit
  --tenant TENANT  tenant name

Example:

zuul-client autohold-info --tenant openstack --id 0000000123

Autohold List

usage: zuul-client autohold-list [-h] [--tenant TENANT]

options:
  -h, --help       show this help message and exit
  --tenant TENANT  tenant name

Example:

zuul-client autohold-list --tenant openstack

Builds

usage: zuul-client builds [-h] [--tenant TENANT] [--project PROJECT]
                          [--pipeline PIPELINE] [--change CHANGE]
                          [--branch BRANCH] [--patchset PATCHSET] [--ref REF]
                          [--newrev NEWREV] [--job JOB] [--voting]
                          [--non-voting] [--node NODE] [--result RESULT]
                          [--final] [--held] [--limit LIMIT] [--skip SKIP]

options:
  -h, --help           show this help message and exit
  --tenant TENANT      tenant name
  --project PROJECT    project name
  --pipeline PIPELINE  pipeline name
  --change CHANGE      change reference
  --branch BRANCH      branch name
  --patchset PATCHSET  patchset number
  --ref REF            ref name
  --newrev NEWREV      the applied revision
  --job JOB            job name
  --voting             show voting builds only
  --non-voting         show non-voting builds only
  --node NODE          node name
  --result RESULT      build result
  --final              show final builds only
  --held               show held builds only
  --limit LIMIT        maximum amount of results to return
  --skip SKIP          how many results to skip

Examples:

zuul-client --use-conf sfio builds --tenant mytenant --result NODE_FAILURE
zuul-client --use-conf opendev builds --tenant zuul --project zuul/zuul-client --limit 10

Build-info

usage: zuul-client build-info [-h] [--tenant TENANT] --uuid UUID
                              [--show-job-output] [--show-artifacts]
                              [--show-inventory]

options:
  -h, --help         show this help message and exit
  --tenant TENANT    tenant name
  --uuid UUID        build UUID
  --show-job-output  Only download the job's output to the console
  --show-artifacts   Display only artifacts information for the build
  --show-inventory   Display only ansible inventory information for the build

Examples:

zuul-client build-info --tenant mytenant --uuid aaaaa
zuul-client build-info --tenant mytenant --uuid aaaaa --show-job-output

Dequeue

Note

This command is only available with a valid authentication token.

usage: zuul-client dequeue [-h] [--tenant TENANT] --pipeline PIPELINE
                           --project PROJECT [--change CHANGE] [--ref REF]

options:
  -h, --help           show this help message and exit
  --tenant TENANT      tenant name
  --pipeline PIPELINE  pipeline name
  --project PROJECT    project name
  --change CHANGE      change id
  --ref REF            ref name

Examples:

zuul-client dequeue --tenant openstack --pipeline check --project example_project --change 5,1
zuul-client dequeue --tenant openstack --pipeline periodic --project example_project --ref refs/heads/master

Encrypt

usage: zuul-client encrypt [-h] [--public-key /path/to/pubkey]
                           [--tenant TENANT] [--project PROJECT] [--no-strip]
                           [--secret-name SECRET_NAME]
                           [--field-name FIELD_NAME] [--infile INFILE]
                           [--outfile OUTFILE]

options:
  -h, --help            show this help message and exit
  --public-key /path/to/pubkey
                        path to project public key (bypass API call)
  --tenant TENANT       tenant name
  --project PROJECT     project name
  --no-strip            Do not strip whitespace from beginning or end of
                        input. Ignored when --infile is used.
  --secret-name SECRET_NAME
                        How the secret should be named. If not supplied, a
                        placeholder will be used.
  --field-name FIELD_NAME
                        How the name of the secret variable. If not supplied,
                        a placeholder will be used.
  --infile INFILE       A filename whose contents will be encrypted. If not
                        supplied, the value will be read from standard input.
                        If entering the secret manually, press Ctrl+d when
                        finished to process the secret.
  --outfile OUTFILE     A filename to which the encrypted value will be
                        written. If not supplied, the value will be written to
                        standard output.

Examples:

zuul-client encrypt --tenant openstack --project config --infile .pypirc --outfile encrypted.yaml --secret-name pypi_creds --field-name pypirc
cat .pypirc | zuul-client encrypt --tenant openstack --project config

Enqueue

Note

This command is only available with a valid authentication token.

usage: zuul-client enqueue [-h] [--tenant TENANT] --pipeline PIPELINE
                           --project PROJECT --change CHANGE

options:
  -h, --help           show this help message and exit
  --tenant TENANT      tenant name
  --pipeline PIPELINE  pipeline name
  --project PROJECT    project name
  --change CHANGE      change id

Example:

zuul-client enqueue --tenant openstack --trigger gerrit --pipeline check --project example_project --change 12345,1

Note that the format of change id is <number>,<patchset>.

Enqueue-ref

Note

This command is only available with a valid authentication token.

usage: zuul-client enqueue-ref [-h] [--tenant TENANT] --pipeline PIPELINE
                               --project PROJECT --ref REF [--oldrev OLDREV]
                               [--newrev NEWREV]

Submit a trigger event

Directly enqueue a trigger event.  This is usually used
to manually "replay" a trigger received from an external
source such as gerrit.

options:
  -h, --help           show this help message and exit
  --tenant TENANT      tenant name
  --pipeline PIPELINE  pipeline name
  --project PROJECT    project name
  --ref REF            ref name
  --oldrev OLDREV      old revision
  --newrev NEWREV      new revision

This command is provided to manually simulate a trigger from an external source. It can be useful for testing or replaying a trigger that is difficult or impossible to recreate at the source. The arguments to enqueue-ref will vary depending on the source and type of trigger. Some familiarity with the arguments emitted by gerrit update hooks such as patchset-created and ref-updated is recommended. Some examples of common operations are provided below.

Manual enqueue examples

It is common to have a release pipeline that listens for new tags coming from gerrit and performs a range of code packaging jobs. If there is an unexpected issue in the release jobs, the same tag can not be recreated in gerrit and the user must either tag a new release or request a manual re-triggering of the jobs. To re-trigger the jobs, pass the failed tag as the ref argument and set newrev to the change associated with the tag in the project repository (i.e. what you see from git show X.Y.Z):

zuul-client enqueue-ref --tenant openstack --trigger gerrit --pipeline release --project openstack/example_project --ref refs/tags/X.Y.Z --newrev abc123...

The command can also be used asynchronosly trigger a job in a periodic pipeline that would usually be run at a specific time by the timer driver. For example, the following command would trigger the periodic jobs against the current master branch top-of-tree for a project:

zuul-client enqueue-ref --tenant openstack --trigger timer --pipeline periodic --project openstack/example_project --ref refs/heads/master

Another common pipeline is a post queue listening for gerrit merge results. Triggering here is slightly more complicated as you wish to recreate the full ref-updated event from gerrit. For a new commit on master, the gerrit ref-updated trigger expresses “reset refs/heads/master for the project from oldrev to newrev” (newrev being the committed change). Thus to replay the event, you could git log in the project and take the current HEAD and the prior change, then enqueue the event:

NEW_REF=$(git rev-parse HEAD)
OLD_REF=$(git rev-parse HEAD~1)

zuul-client enqueue-ref --tenant openstack --trigger gerrit --pipeline post --project openstack/example_project --ref refs/heads/master --newrev $NEW_REF --oldrev $OLD_REF

Note that zero values for oldrev and newrev can indicate branch creation and deletion; the source code of Zuul is the best reference for these more advanced operations.

Freeze-job

Display information about a job as it would be run in a particular project’s pipeline. This causes Zuul to combine all of the matching jobs and variants that would be used to form the final version of a job that would be executed for a change or ref as enqueued into the specified pipeline. This includes job attributes, playbook paths, nodesets, variables, etc. Secret names may be included but the values are redacted.

The default text output shows an abbreviated summary of only the most pertinent information. The JSON output reports all available information.

usage: zuul-client freeze-job [-h] [--tenant TENANT] --pipeline PIPELINE
                              --project PROJECT --branch BRANCH --job JOB

options:
  -h, --help           show this help message and exit
  --tenant TENANT      tenant name
  --pipeline PIPELINE  pipeline name
  --project PROJECT    project name
  --branch BRANCH      branch name
  --job JOB            job name

Example:

zuul-client freeze-job --tenant mytenant --pipeline check --project org/project --branch master --job tox

Job-graph

Display the set of jobs that would be triggered in a project’s pipeline. This will show the complete set of jobs that Zuul will consider running if an item for the given project and branch were enqueued into the specified pipeline. Information about job dependencies (soft and hard) is also included. The actual set of jobs run for a given change or ref may be less than what is output by this command if some jobs have non-matching file matchers.

This command supports the dot output format. When used, the output may be supplied to graphviz in order to render a graphical view of the job graph.

usage: zuul-client job-graph [-h] [--tenant TENANT] --pipeline PIPELINE
                             --project PROJECT --branch BRANCH

options:
  -h, --help           show this help message and exit
  --tenant TENANT      tenant name
  --pipeline PIPELINE  pipeline name
  --project PROJECT    project name
  --branch BRANCH      branch name

Example:

zuul-client job-graph --tenant mytenant --pipeline check --project org/project --branch master
zuul-client --format dot job-graph --tenant mytenant --pipeline check --project org/project --branch master | xdot

Promote

Note

This command is only available with a valid authentication token.

usage: zuul-client promote [-h] [--tenant TENANT] --pipeline PIPELINE
                           --changes CHANGES [CHANGES ...]

options:
  -h, --help            show this help message and exit
  --tenant TENANT       tenant name
  --pipeline PIPELINE   pipeline name
  --changes CHANGES [CHANGES ...]
                        change ids

This command will push the listed changes at the top of the chosen pipeline.

Example:

zuul-client promote --tenant openstack --pipeline check --changes 12345,1 13336,3

Note that the format of changes id is <number>,<patchset>.

The promote action is used to reorder the change queue in a pipeline, by putting the provided changes at the top of the queue; therefore this action makes the most sense when performed against a dependent pipeline.

The most common use case for the promote action is the need to merge an urgent fix when the gate pipeline has already several patches queued ahead. This is especially needed if there is concern that one or more changes ahead in the queue may fail, thus increasing the time to land for the fix; or concern that the fix may not pass validation if applied on top of the current patch queue in the gate.

If the queue of a dependent pipeline is targeted by the promote, all the ongoing jobs in that queue will be canceled and restarted on top of the promoted changes.