snappy-hwe-snaps

Merge ~kzapalowicz/snappy-hwe-snaps/+git/jenkins-jobs:fix/infrastructure-is-missing-file into ~snappy-hwe-team/snappy-hwe-snaps/+git/wifi-ap:master

Git
lp:~kzapalowicz/snappy-hwe-snaps/+git/jenkins-jobs
fix/infrastructure-is-missing-file
Merge into master

Proposed by Konrad Zapałowicz on 2017-07-26

Status:	Superseded
Proposed branch:	~kzapalowicz/snappy-hwe-snaps/+git/jenkins-jobs:fix/infrastructure-is-missing-file
Merge into:	~snappy-hwe-team/snappy-hwe-snaps/+git/wifi-ap:master
Diff against target:	4384 lines (+4018/-0) (has conflicts) 58 files modified .ci_tests_disabled (+0/-0) README.md (+56/-0) docker/Dockerfile (+59/-0) docker/initial-setup.groovy (+34/-0) docker/jenkins.sh (+24/-0) docker/plugins.sh (+28/-0) docker/plugins.txt (+29/-0) jobs/image/common-job-prepare.sh (+7/-0) jobs/image/image-build-worker.sh (+27/-0) jobs/image/image-build-worker.yaml (+15/-0) jobs/image/image-project-jobs.yaml (+4/-0) jobs/infrastructure/common-job-prepare.sh (+14/-0) jobs/infrastructure/credentials-0-ssh.sh (+58/-0) jobs/infrastructure/credentials-0-ssh.yaml (+29/-0) jobs/infrastructure/credentials-1-launchpad.py (+86/-0) jobs/infrastructure/credentials-1-launchpad.yaml (+21/-0) jobs/infrastructure/credentials-2-launchpad-plugin.sh (+108/-0) jobs/infrastructure/credentials-2-launchpad-plugin.yaml (+24/-0) jobs/infrastructure/deploy-jenkins-jobs.sh (+58/-0) jobs/infrastructure/deploy-jenkins-jobs.yaml (+24/-0) jobs/infrastructure/infrastructure-jobs.yaml (+8/-0) jobs/infrastructure/prepare-0-install.sh (+47/-0) jobs/infrastructure/prepare-0-install.yaml (+27/-0) jobs/snap/common-job-prepare.sh (+24/-0) jobs/snap/snap-automerger.sh (+27/-0) jobs/snap/snap-automerger.yaml (+22/-0) jobs/snap/snap-build-update-chroot.sh (+28/-0) jobs/snap/snap-build-update-chroot.yaml (+29/-0) jobs/snap/snap-build-worker.sh (+147/-0) jobs/snap/snap-build-worker.yaml (+72/-0) jobs/snap/snap-build.yaml (+91/-0) jobs/snap/snap-cleanup.sh (+38/-0) jobs/snap/snap-cleanup.yaml (+32/-0) jobs/snap/snap-nightly.yaml (+41/-0) jobs/snap/snap-project-jobs.yaml (+13/-0) jobs/snap/snap-release.sh (+170/-0) jobs/snap/snap-release.yaml (+58/-0) jobs/snap/snap-test.sh (+121/-0) jobs/snap/snap-test.yaml (+64/-0) jobs/snap/snap-trigger-ci.sh (+29/-0) jobs/snap/snap-trigger-ci.yaml (+22/-0) jobs/snap/snap-update-mp.sh (+30/-0) jobs/snap/snap-update-mp.yaml (+31/-0) local.conf (+11/-0) local.yaml (+60/-0) run-tests.sh (+4/-0) tools/automerge-mps.py (+152/-0) tools/build-rootfs-create (+26/-0) tools/common.sh (+93/-0) tools/delete-ci-repo.py (+45/-0) tools/hardware-test.sh (+112/-0) tools/se_utils/__init__.py (+122/-0) tools/shyaml (+454/-0) tools/snapbuild.sh (+192/-0) tools/test-snap.sh (+100/-0) tools/trigger-ci.py (+270/-0) tools/trigger-lp-build.py (+230/-0) tools/vote-on-merge-proposal.py (+271/-0) Conflict in README.md Conflict in run-tests.sh
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Snappy HWE Team		2017-07-26	Pending
Review via email: mp+328106@code.launchpad.net

This proposal has been superseded by a proposal from 2017-07-26.

Description of the change

jobs/infrastructure: add missing file

Unmerged commits

4fb056a... by =?utf-8?q?Konrad_Zapa=C5=82owicz?= <email address hidden> on 2017-07-26

jobs/infrastructure: add missing file

a7a4e17... by System Enablement CI Bot <email address hidden> on 2017-07-24

Merge remote tracking branch debug-perm

Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/jenkins-jobs/+merge/326212

Author: Alfonso Sanchez-Beato <email address hidden>

automerge: do not fail due to lack of e-mail

If the registrant of the MP had not defined an e-mail in the launchpad
account, we were failing to merge.

dd90414... by System Enablement CI Bot <email address hidden> on 2017-07-21

Merge remote tracking branch master

Merge-Proposal: https://code.launchpad.net/~jasonlo/snappy-hwe-snaps/+git/jenkins-jobs/+merge/325971

Author: lo <email address hidden>

Create a system-enablement-image-build-worker item on Jenkins to build the final image tarball.

9d2a88b... by lo on 2017-07-21

Rebase to top of master.

ff946e1... by lo on 2017-07-20

Remove output-dir from yaml and verify build worker script.

de2c800... by lo on 2017-07-10

Verify description to be more general.

54b8a81... by lo on 2017-07-04

Use quote on variables.

bede38b... by lo on 2017-07-03

Verify according to image build document.

7e81583... by lo on 2017-06-22

Add outdir parameter to indicate output file directory. To avoid frequently deploying after build.sh done some FIXME in the future, we keep one build.sh command in image-build-worker on Jenkins.

56b9a84... by lo on 2017-06-22

To expand build.sh from brando as an example of image build process.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Konrad Zapałowicz

Snappy HWE Team

 diff --git a/.ci_tests_disabled b/.ci_tests_disabled
 new file mode 100644
 index 0000000..e69de29
 --- /dev/null
 +++ b/.ci_tests_disabled
 diff --git a/README.md b/README.md
 index 1a49a98..c4af3d3 100644
 --- a/README.md
 +++ b/README.md
@@ -1,3 +1,4 @@
++<<<<<<< README.md
  # wifi-ap
  This snap provided WiFi AP functionality out of the box.
@@ -81,3 +82,58 @@ snap.
  If you want to see more verbose debugging output of spread run
   $ ./run-tests --debug
++=======
++# Jenkins Jobs
++
++This is a repository collecting a set of jenkins job definitions
++used to build a contineous integrate pipeline for snap based
++components.
++
++## Required Jenkins Plugins
++
++ * build-name-setter
++ * conditional-buildstep
++ * description-setter
++ * dynamic-axis
++ * matrix-combinations-parameter
++ * matrix-project
++ * nodelabelparameter
++ * parameterized-trigger
++ * rebuild
++ * timestamper
++ * ws-cleanup
++
++## Test locally
++
++Build the docker container which comes with this repository:
++
++```
++$ cd docker
++$ sudo docker build -t se-jenkins .
++```
++
++Spawn up a docker container with jenkins
++
++```
++$ sudo docker run -p 8080:8080 -p 50000:50000 --name jenkins se-jenkins
++```
++
++You can now login into jenkins on http://localhost:8080 with user 'system-enablement-ci-bot'
++and password 'jenkins'.
++
++Install jenkins-job-builder on your host via
++
++```
++$ sudo apt install python3-pip
++$ pip3 install jenkins-job-builder
++```
++
++Now you should have everything setup and ready for a first deployment:
++
++```
++$ jenkins-jobs --conf local.conf update local.yaml:jobs/infrastructure:jobs/snap:jobs/image
++```
++
++This will create all configured jobs on the jenkins instance or update
++them if already available.
++>>>>>>> README.md
 diff --git a/docker/Dockerfile b/docker/Dockerfile
 new file mode 100644
 index 0000000..a898d1e
 --- /dev/null
 +++ b/docker/Dockerfile
@@ -0,0 +1,59 @@
++FROM ubuntu:latest
++
++ENV DEBIAN_FRONTEND noninteractive
++ENV INITRD No
++ENV LANG en_US.UTF-8
++
++RUN apt-get update && \
++    apt-get upgrade -y && \
++    apt-get install -y --no-install-recommends \
++      vim.tiny wget curl sudo net-tools pwgen \
++      git-core logrotate software-properties-common locales openssh-client && \
++    locale-gen en_US en_US.UTF-8 && \
++    apt-get clean && \
++    rm -rf /var/lib/apt/lists/*
++
++RUN apt-get update && \
++    apt-get install --no-install-recommends -y openjdk-8-jre-headless && \
++    apt-get clean && \
++    rm -rf /var/lib/apt/lists/*
++
++RUN wget -qO - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add - && \
++    echo 'deb http://pkg.jenkins-ci.org/debian binary/' \
++      | tee /etc/apt/sources.list.d/jenkins.list && \
++    apt-get update && \
++    apt-get install --no-install-recommends -y jenkins && \
++    apt-get clean && \
++    rm -rf /var/lib/apt/lists/* && \
++    update-rc.d -f jenkins disable
++
++RUN usermod -d /var/jenkins jenkins
++
++# Passthrough all sudo requests without requiring a password for our jenkins user
++RUN echo "jenkins ALL = NOPASSWD: ALL" > /etc/sudoers.d/jenkins
++
++RUN apt-get update && apt-get install --yes unzip zip wget
++
++ENV JENKINS_UC https://updates.jenkins-ci.org
++ENV JENKINS_HOME /var/jenkins
++ENV COPY_REFERENCE_FILE_LOG $JENKINS_HOME/copy_reference_file.log
++ENV JENKINS_USER system-enablement-ci-bot
++ENV JENKINS_PASS jenkins
++
++COPY plugins.sh /usr/local/bin/plugins.sh
++RUN chmod +x /usr/local/bin/plugins.sh
++COPY plugins.txt /tmp/plugins.txt
++RUN /usr/local/bin/plugins.sh /tmp/plugins.txt
++
++COPY jenkins.sh /usr/local/bin/jenkins.sh
++RUN chmod +x /usr/local/bin/jenkins.sh
++
++COPY initial-setup.groovy /usr/share/jenkins/ref/init.groovy.d/
++
++ENV JAVA_OPTS -Djenkins.install.runSetupWizard=false
++
++EXPOSE 8080 50000
++
++USER jenkins
++
++CMD ["/usr/local/bin/jenkins.sh"]
 diff --git a/docker/initial-setup.groovy b/docker/initial-setup.groovy
 new file mode 100644
 index 0000000..5a9598d
 --- /dev/null
 +++ b/docker/initial-setup.groovy
@@ -0,0 +1,34 @@
++import jenkins.model.*
++import jenkins.security.*
++import hudson.security.*
++
++def env = System.getenv()
++
++def jenkins = Jenkins.getInstance()
++
++jenkins.setLabelString("snap build test release misc monitor")
++
++jenkins.setSecurityRealm(new HudsonPrivateSecurityRealm(false))
++jenkins.setAuthorizationStrategy(new GlobalMatrixAuthorizationStrategy())
++
++def user = jenkins.getSecurityRealm().createAccount(env.JENKINS_USER, env.JENKINS_PASS)
++ApiTokenProperty t = user.getProperty(ApiTokenProperty.class)
++def token = t.getApiTokenInsecure()
++
++println ""
++println "########################################################################"
++println "API token for user " + env.JENKINS_USER + " is " + token
++println "########################################################################"
++println ""
++
++user.save()
++
++jenkins.getAuthorizationStrategy().add(Jenkins.ADMINISTER, env.JENKINS_USER)
++jenkins.save()
++
++for (slave in jenkins.model.Jenkins.instance.slaves) {
++  println "Slave: " + slave.getNodeName() + "\n";
++  println "Label: " + slave.getLabelString() + "\n\n";
++  slave.setLabelString("snap build test monitor release misc")
++}
++jenkins.save()
 diff --git a/docker/jenkins.sh b/docker/jenkins.sh
 new file mode 100644
 index 0000000..5d095be
 --- /dev/null
 +++ b/docker/jenkins.sh
@@ -0,0 +1,24 @@
++#! /bin/bash
++
++set -e
++
++# Copy files from /usr/share/jenkins/ref into $JENKINS_HOME
++# So the initial JENKINS-HOME is set with expected content.
++# Don't override, as this is just a reference setup, and use from UI
++# can then change this, upgrade plugins, etc.
++copy_reference_file() {
++	f=${1%/}
++    rel=${f:23}
++    dir=$(dirname ${f})
++	if [[ ! -e $JENKINS_HOME/${rel} ]]
++	then
++		mkdir -p $JENKINS_HOME/${dir:23}
++		cp -r /usr/share/jenkins/ref/${rel} $JENKINS_HOME/${rel};
++		# pin plugins on initial copy
++		[[ ${rel} == plugins/*.jpi ]] && touch $JENKINS_HOME/${rel}.pinned
++	fi;
++}
++export -f copy_reference_file
++find /usr/share/jenkins/ref/ -type f -exec bash -c "copy_reference_file '{}'" \;
++
++exec /usr/bin/java $JAVA_OPTS -jar /usr/share/jenkins/jenkins.war
 diff --git a/docker/plugins.sh b/docker/plugins.sh
 new file mode 100755
 index 0000000..ec8e8e5
 --- /dev/null
 +++ b/docker/plugins.sh
@@ -0,0 +1,28 @@
++#! /bin/bash
++
++# Parse a support-core plugin -style txt file as specification for jenkins plugins to be installed
++# in the reference directory, so user can define a derived Docker image with just :
++#
++# FROM jenkins
++# COPY plugins.txt /plugins.txt
++# RUN /usr/local/bin/plugins.sh /plugins.txt
++#
++
++set -e
++
++REF=/usr/share/jenkins/ref/plugins
++mkdir -p $REF
++
++while read spec || [ -n "$spec" ]; do
++    plugin=(${spec//:/ });
++    [[ ${plugin[0]} =~ ^# ]] && continue
++    [[ ${plugin[0]} =~ ^\s*$ ]] && continue
++    [[ -z ${plugin[1]} ]] && plugin[1]="latest"
++    echo "Downloading ${plugin[0]}:${plugin[1]}"
++
++    if [ -z "$JENKINS_UC_DOWNLOAD" ]; then
++      JENKINS_UC_DOWNLOAD=$JENKINS_UC/download
++    fi
++    curl -sSL -f ${JENKINS_UC_DOWNLOAD}/plugins/${plugin[0]}/${plugin[1]}/${plugin[0]}.hpi -o $REF/${plugin[0]}.jpi
++    unzip -qqt $REF/${plugin[0]}.jpi
++done  < $1
 diff --git a/docker/plugins.txt b/docker/plugins.txt
 new file mode 100644
 index 0000000..5020d33
 --- /dev/null
 +++ b/docker/plugins.txt
@@ -0,0 +1,29 @@
++ build-name-setter
++ conditional-buildstep
++ description-setter
++ dynamic-axis
++ matrix-combinations-parameter
++ matrix-project
++ nodelabelparameter
++ parameterized-trigger
++ rebuild
++ timestamper
++ ws-cleanup
++ maven-plugin
++ token-macro
++ junit
++ script-security
++ jquery
++ workflow-basic-steps
++ structs
++ javadoc
++ workflow-api
++ workflow-step-api
++ mailer
++ matrix-auth
++ scm-api
++ display-url-api
++ scm-api
++ icon-shim
++ resource-disposer
++ run-condition
 diff --git a/jobs/image/common-job-prepare.sh b/jobs/image/common-job-prepare.sh
 new file mode 100644
 index 0000000..5feaa8d
 --- /dev/null
 +++ b/jobs/image/common-job-prepare.sh
@@ -0,0 +1,7 @@
++cat << EOF > $WORKSPACE/.build_env
++BOT_USERNAME={bot_username}
++LAUNCHPAD_PROJECT={launchpad_project}
++LAUNCHPAD_TEAM={launchpad_team}
++BUILD_SCRIPTS=$WORKSPACE/jenkins-jobs
++BUILD_ID=$BUILD_ID
++EOF
 diff --git a/jobs/image/image-build-worker.sh b/jobs/image/image-build-worker.sh
 new file mode 100644
 index 0000000..161c5e4
 --- /dev/null
 +++ b/jobs/image/image-build-worker.sh
@@ -0,0 +1,27 @@
++#!/bin/bash
++#
++# Copyright (C) 2017 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++set -ex
++
++. "$WORKSPACE/.build_env"
++
++rm -rf "$WORKSPACE"/image-builds
++
++git clone git+ssh://git.launchpad.net/~$LAUNCHPAD_TEAM/$LAUNCHPAD_PROJECT/+git/image-builds
++cd image-builds
++
++# Project specific image build process
++./build.sh
 diff --git a/jobs/image/image-build-worker.yaml b/jobs/image/image-build-worker.yaml
 new file mode 100644
 index 0000000..f34faf3
 --- /dev/null
 +++ b/jobs/image/image-build-worker.yaml
@@ -0,0 +1,15 @@
++- job-template:
++    name: '{name}-image-build-worker'
++    project-type: freestyle
++    defaults: global
++    description: "Build an image."
++    display-name: "{name}-image-build-worker"
++    concurrent: true
++    node: snap && build
++    builders:
++        - shell:
++            !include-raw:
++                - common-job-prepare.sh
++        - shell:
++            !include-raw-escape:
++                - image-build-worker.sh
 diff --git a/jobs/image/image-project-jobs.yaml b/jobs/image/image-project-jobs.yaml
 new file mode 100644
 index 0000000..0b517c7
 --- /dev/null
 +++ b/jobs/image/image-project-jobs.yaml
@@ -0,0 +1,4 @@
++- job-group:
++    name: image-project-jobs
++    jobs:
++      - '{name}-image-build-worker'
 diff --git a/jobs/infrastructure/common-job-prepare.sh b/jobs/infrastructure/common-job-prepare.sh
 new file mode 100644
 index 0000000..3dbc9fd
 --- /dev/null
 +++ b/jobs/infrastructure/common-job-prepare.sh
@@ -0,0 +1,14 @@
++JENKINS_JOBS_GIT_REPO="{jobs-git-repo}"
++JENKINS_JOBS_GIT_REPO_BRANCH="{jobs-git-repo-branch}"
++
++if [ -n "${{CLEANUP_WORKSPACE}}" ] && [ "${{CLEANUP_WORKSPACE}}" -eq 1 ]; then
++	rm -rf ${{WORKSPACE}}/*
++fi
++
++cat << EOF > $WORKSPACE/.build_env
++JENKINS_JOBS_REPO="{jobs-git-repo}"
++JENKINS_JOBS_BRANCH="{jobs-git-repo-branch}"
++JENKINS_CONFIG_REPO="{config-git-repo}"
++JENKINS_CONFIG_BRANCH="{config-git-repo-branch}"
++JENKINS_INSTANCE="{jenkins-instance}"
++EOF
 diff --git a/jobs/infrastructure/credentials-0-ssh.sh b/jobs/infrastructure/credentials-0-ssh.sh
 new file mode 100644
 index 0000000..d72fd49
 --- /dev/null
 +++ b/jobs/infrastructure/credentials-0-ssh.sh
@@ -0,0 +1,58 @@
++#!/bin/sh -ex
++#
++# Copyright (C) 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++# put it in $JENKINS_HOME so it doesn't get purged with the workspace
++SSH_PATH="${{JENKINS_HOME}}/.ssh/"
++
++# this is so that this key's only used with git
++SSH_KEY_PATH="${{SSH_PATH}}/git.launchpad.net/{bot_username}"
++
++if [ ! -d "${{SSH_KEY_PATH}}" ]; then
++    mkdir -p "${{SSH_KEY_PATH}}"
++fi
++
++# don't care about host keys, but use the one id key for launchpad
++# TODO: use http://pad.lv/p/canonical-sshebang instead
++cat > "${{SSH_PATH}}/config" << EOF
++Host *
++    StrictHostKeyChecking no
++
++Host git.launchpad.net
++    User {bot_username}
++    IdentityFile ~/.ssh/%h/%r/id_rsa
++EOF
++
++# only use keys if both were uploaded, otherwise fail
++if [ -f "keys/id_rsa" -o -f "keys/id_rsa.pub" ]; then
++    [ -f "keys/id_rsa" -a -f "keys/id_rsa.pub" ] || \
++        (echo "ERROR: You need to upload both keys, or none of them"; exit 1)
++    mv "keys/id_rsa" "keys/id_rsa.pub" "${{SSH_KEY_PATH}}/"
++    chmod 600 ${{SSH_KEY_PATH}}/*
++fi
++
++# generate the keypair if none was uploaded or pre-existing
++if [ ! -f "${{SSH_KEY_PATH}}/id_rsa" ]; then
++    ssh-keygen -f "${{SSH_KEY_PATH}}/id_rsa"
++fi
++
++# display the public key
++echo "The public key for this jenkins user is:"
++echo "----------"
++cat "${{SSH_KEY_PATH}}/id_rsa.pub"
++echo "----------"
++
++# Probe ssh public ssh key for relevant hosts and add it to our known_hosts file
++ssh-keyscan -t rsa,dsa git.launchpad.net >> ${{SSH_PATH}}/known_hosts
 diff --git a/jobs/infrastructure/credentials-0-ssh.yaml b/jobs/infrastructure/credentials-0-ssh.yaml
 new file mode 100644
 index 0000000..add42d4
 --- /dev/null
 +++ b/jobs/infrastructure/credentials-0-ssh.yaml
@@ -0,0 +1,29 @@
++- job-template:
++    name: '{name}-credentials-0-ssh'
++    project-type: matrix
++    description: |
++      This job will generate or store the supplied RSA keypair
++      and display the public key for use with Launchpad.
++    properties:
++    - build-discarder:
++        num-to-keep: 1
++    - rebuild
++    parameters:
++    - matrix-combinations:
++        name: nodes
++    - file:
++        name: 'keys/id_rsa'
++        description: Private RSA key
++    - file:
++        name: 'keys/id_rsa.pub'
++        description: Public RSA key
++    axes:
++    - axis:
++        type: slave
++        name: node
++        values: '{obj:build_slaves}'
++    wrappers:
++    - timestamps
++    builders:
++      - shell:
++          !include-raw: credentials-0-ssh.sh
 diff --git a/jobs/infrastructure/credentials-1-launchpad.py b/jobs/infrastructure/credentials-1-launchpad.py
 new file mode 100644
 index 0000000..59dd706
 --- /dev/null
 +++ b/jobs/infrastructure/credentials-1-launchpad.py
@@ -0,0 +1,86 @@
++#!/usr/bin/env python
++#
++# Copyright (C) 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++import sys
++import time
++
++from launchpadlib.credentials import RequestTokenAuthorizationEngine
++from launchpadlib.credentials import UnencryptedFileCredentialStore
++from launchpadlib.launchpad import Launchpad
++from lazr.restfulclient.errors import HTTPError
++
++
++ACCESS_TOKEN_POLL_TIME = 1
++WAITING_FOR_USER = """Open this link:
++{{}}
++to authorize this program to access Launchpad on your behalf.
++Waiting to hear from Launchpad about your decision. . . ."""
++
++
++class AuthorizeRequestTokenWithConsole(RequestTokenAuthorizationEngine):
++    """Authorize a token in a server environment (with no browser).
++
++    Print a link for the user to copy-and-paste into his/her browser
++    for authentication.
++    """
++
++    def __init__(self, *args, **kwargs):
++        # as implemented in AuthorizeRequestTokenWithBrowser
++        kwargs['consumer_name'] = None
++        kwargs.pop('allow_access_levels', None)
++        super(AuthorizeRequestTokenWithConsole, self).__init__(*args, **kwargs)
++
++    def make_end_user_authorize_token(self, credentials, request_token):
++        """Ask the end-user to authorize the token in their browser.
++
++        """
++        authorization_url = self.authorization_url(request_token)
++        print(WAITING_FOR_USER.format(authorization_url))
++        # if we don't flush we may not see the message
++        sys.stdout.flush()
++        while credentials.access_token is None:
++            time.sleep(ACCESS_TOKEN_POLL_TIME)
++            try:
++                credentials.exchange_request_token_for_access_token(
++                    self.web_root)
++                break
++            except HTTPError as e:
++                if e.response.status == 403:
++                    # The user decided not to authorize this
++                    # application.
++                    raise e
++                elif e.response.status == 401:
++                    # The user has not made a decision yet.
++                    pass
++                else:
++                    # There was an error accessing the server.
++                    raise e
++
++
++def get_launchpad(cred_path, launchpadlib_dir=None):
++    """ return a launchpad API class. In case launchpadlib_dir is
++    specified used that directory to store launchpadlib cache instead of
++    the default """
++    store = UnencryptedFileCredentialStore(cred_path)
++    authorization_engine = AuthorizeRequestTokenWithConsole(
++        'production', 'ci-jenkins-slave')
++    return Launchpad.login_with('ci-jenkins-slave', 'production',
++                                credential_store=store,
++                                authorization_engine=authorization_engine,
++                                launchpadlib_dir=launchpadlib_dir)
++
++if __name__ == '__main__':
++    get_launchpad("{credentials_path}")
 diff --git a/jobs/infrastructure/credentials-1-launchpad.yaml b/jobs/infrastructure/credentials-1-launchpad.yaml
 new file mode 100644
 index 0000000..d1c4968
 --- /dev/null
 +++ b/jobs/infrastructure/credentials-1-launchpad.yaml
@@ -0,0 +1,21 @@
++- job-template:
++    name: '{name}-credentials-1-launchpad'
++    project-type: matrix
++    description: This job creates or validates OAuth tokens to allow launchpadlib to work.
++    properties:
++    - build-discarder:
++        num-to-keep: 1
++    - rebuild
++    parameters:
++    - matrix-combinations:
++        name: nodes
++    axes:
++    - axis:
++        type: slave
++        name: node
++        values: '{obj:build_slaves}'
++    wrappers:
++    - timestamps
++    builders:
++      - shell:
++          !include-raw: credentials-1-launchpad.py
 diff --git a/jobs/infrastructure/credentials-2-launchpad-plugin.sh b/jobs/infrastructure/credentials-2-launchpad-plugin.sh
 new file mode 100644
 index 0000000..d47164f
 --- /dev/null
 +++ b/jobs/infrastructure/credentials-2-launchpad-plugin.sh
@@ -0,0 +1,108 @@
++#!/bin/bash -ex
++#
++# Copyright (C) 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++ # Apply the configuration file.
++CONFIG_DIR="${{JENKINS_HOME}}/.jlp"
++CONFIG_PATH="${{CONFIG_DIR}}/jlp.config"
++
++if [ ! -d "${{CONFIG_DIR}}" ]; then
++    mkdir -p "${{CONFIG_DIR}}"
++fi
++
++cat > "${{CONFIG_PATH}}" << EOF
++#You must explicitely allow users to trigger the jobs on your jenkins
++#Otherwise anybody can run arbitrary code on your jenkins servers.
++allowed_users: [{allowed_users}]
++
++#path to your credentials file. The first time you run one of these scripts,
++#launchpad will ask you to authenticate (via a provided URL). Once you do so
++#(in launchpad) you won't need to do this again.
++#If your jenkins "lives" in /var/lib/jenkins you probably don't need to change
++#this
++credential_store_path: {credentials_path}
++
++# When doing a dput into ppa (in autoland.py) a new changelog entry is
++# generated. DEBEMAIL and DEBFULLNAME are used to generate the entry correctly.
++# Please note that the gpg keys of the user specified here must be available
++# on the host where autoland.py is running
++DEBEMAIL:
++DEBFULLNAME:
++
++#user and password for accessing jenkins. This is needed as we need to find
++#out if a job is being published to public jenkins or not. The user needs to be
++#able to see the job configuration
++jenkins_user: "{bot_username}"
++jenkins_password: "${{jenkins_api_token}}"
++
++#Actual URL of your jenkins (e.g. the jenkins backend URL)
++jenkins_url: "{backend_url}"
++
++#Proxy URL of your jenkins (e.g. the URL accessed by users)
++jenkins_proxy_url: "${{JENKINS_URL}}"
++
++#Token to pass when triggering a jenkins build (leave blank for none)
++jenkins_build_token: "BUILD_ME"
++
++# console output from the following jobs will not be printed to the
++# affected merge proposal (in the "Executed test runs:" section)
++jobs_blacklisted_from_messages:
++{blacklisted_jobs}
++
++#message that is used for "testing in progress" comment
++launchpad_build_in_progress_message: "Jenkins: testing in progress"
++
++#login of the launchpad user you will be using for this plugin
++#ideally this user is part of your project group
++launchpad_login: {bot_username}
++
++#Review type that is used for voting on merge proposals.
++#Usually you don't need to change this
++launchpad_review_type: continuous-integration
++
++# directory containing lockfiles for Launchpad merge proposals
++launchpadlocks_dir: /tmp/jenkins-launchpad-plugin/locks
++
++#lock file that is being used to limit the number of parallel launchpad
++#connections
++lock_name: launchpad-trigger-lock
++
++#you don't need to change this
++lp_app: launchpad-trigger
++
++#which launchpad are you using (production/staging)
++#you don't need to change this
++lp_env: production
++
++#URL of your public jenkins in case you are publishing your jobs to some
++#other jenkins
++public_jenkins_url:
++
++#in case you are running jenkins in a private infrastructure you probably don't
++#want to expose your private IPs in public merge proposals
++#the following defines (IP, replacement) pairs. Your URLs in merge proposals
++#are then replaced by the replacement (and you can e.g. edit your /etc/hosts
++#so the links still work for you). The form to specify a replacement is:
++#urls_to_hide:
++# - ['http://1.2.3.4:8080','http://jenkins:8080']
++#
++#To specify no replacement:
++#urls_to_hide: []
++urls_to_hide: []
++
++# verbosity of the commands
++# one of: debug, info, warning, error, critical
++log_level: debug
++EOF
 diff --git a/jobs/infrastructure/credentials-2-launchpad-plugin.yaml b/jobs/infrastructure/credentials-2-launchpad-plugin.yaml
 new file mode 100644
 index 0000000..0d8ca61
 --- /dev/null
 +++ b/jobs/infrastructure/credentials-2-launchpad-plugin.yaml
@@ -0,0 +1,24 @@
++- job-template:
++    name: '{name}-credentials-2-launchpad-plugin'
++    project-type: matrix
++    description: This job configures Launchpad integration.
++    properties:
++    - build-discarder:
++        num-to-keep: 1
++    - rebuild
++    parameters:
++    - matrix-combinations:
++        name: nodes
++    - password:
++        name: jenkins_api_token
++        description: Jenkins API key of the "{bot_username}" account
++    axes:
++    - axis:
++        type: slave
++        name: node
++        values: '{obj:build_slaves}'
++    wrappers:
++    - timestamps
++    builders:
++      - shell:
++          !include-raw: credentials-2-launchpad-plugin.sh
 diff --git a/jobs/infrastructure/deploy-jenkins-jobs.sh b/jobs/infrastructure/deploy-jenkins-jobs.sh
 new file mode 100644
 index 0000000..7754fa9
 --- /dev/null
 +++ b/jobs/infrastructure/deploy-jenkins-jobs.sh
@@ -0,0 +1,58 @@
++#!/bin/sh
++#
++# Copyright (C) 2017 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPO.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++set -ex
++
++. "$WORKSPACE/.build_env"
++
++JENKINS_JOBS_FOLDER="jenkins-jobs"
++JENKINS_CONFIG_FOLDER="config"
++
++# Fetch Jenkaas configuration from config file
++CONFIG_DIR="$JENKINS_HOME/.jlp"
++CONFIG_PATH="$CONFIG_DIR/jlp.config"
++
++cat $CONFIG_PATH
++
++JENKINS_API_TOKEN=$(cat $CONFIG_PATH | grep 'jenkins_password' | sed 's/[a-z_]*:[ ]//g')
++JENKINS_DEPLOYMENT_SCOPE="jobs/infrastructure:jobs/snap"
++
++rm -rf $WORKSPACE/$JENKINS_JOBS_FOLDER
++
++# Clone the jenkins-jobs and jenkins-config repositories
++git clone -b $JENKINS_JOBS_BRANCH $JENKINS_JOBS_REPO $JENKINS_JOBS_FOLDER
++cd $JENKINS_JOBS_FOLDER
++git clone -b $JENKINS_CONFIG_BRANCH $JENKINS_CONFIG_REPO $JENKINS_CONFIG_FOLDER
++
++# Verify the configuration is present
++PROJECT_CONF="$JENKINS_CONFIG_FOLDER/$JENKINS_INSTANCE.conf"
++PROJECT_YAML="$JENKINS_CONFIG_FOLDER/$JENKINS_INSTANCE.yaml"
++if [ ! -f "$PROJECT_CONF" ] || [ ! -f "$PROJECT_YAML" ]; then
++	echo "Cannot find .conf and .yaml pair for $JENKINS_INSTANCE"
++	exit 1
++fi
++
++# Update the config file with the API key for the Bot.
++sed -i "/<API TOKEN>/c\password=$JENKINS_API_TOKEN" "$PROJECT_CONF"
++
++# Test requested configuration
++/usr/local/bin/jenkins-jobs --conf $PROJECT_CONF test $PROJECT_YAML":"$JENKINS_DEPLOYMENT_SCOPE &>/dev/null
++if [ "$?" -ne 0 ]; then
++	echo "Configuration failed verification"
++	exit 1
++fi
++# Deploy requested configuration
++/usr/local/bin/jenkins-jobs --conf $PROJECT_CONF update $PROJECT_YAML":"$JENKINS_DEPLOYMENT_SCOPE
 diff --git a/jobs/infrastructure/deploy-jenkins-jobs.yaml b/jobs/infrastructure/deploy-jenkins-jobs.yaml
 new file mode 100644
 index 0000000..24b24f0
 --- /dev/null
 +++ b/jobs/infrastructure/deploy-jenkins-jobs.yaml
@@ -0,0 +1,24 @@
++- job-template:
++    name: '{name}-deploy-jenkins-jobs'
++    project-type: matrix
++    description: |
++      This job will deploy jenkins jobs.
++    properties:
++    - build-discarder:
++        num-to-keep: 1
++    - rebuild
++    parameters:
++    - matrix-combinations:
++        name: nodes
++    axes:
++    - axis:
++        type: slave
++        name: node
++        values: '{obj:build_slaves}'
++    wrappers:
++    - timestamps
++    builders:
++        - shell:
++            !include-raw: common-job-prepare.sh
++        - shell:
++              !include-raw-escape: deploy-jenkins-jobs.sh
 diff --git a/jobs/infrastructure/infrastructure-jobs.yaml b/jobs/infrastructure/infrastructure-jobs.yaml
 new file mode 100644
 index 0000000..d440330
 --- /dev/null
 +++ b/jobs/infrastructure/infrastructure-jobs.yaml
@@ -0,0 +1,8 @@
++- job-group:
++    name: infrastructure-jobs
++    jobs:
++        - '{name}-prepare-0-install'
++        - '{name}-credentials-0-ssh'
++        - '{name}-credentials-1-launchpad'
++        - '{name}-credentials-2-launchpad-plugin'
++        - '{name}-deploy-jenkins-jobs'
 diff --git a/jobs/infrastructure/prepare-0-install.sh b/jobs/infrastructure/prepare-0-install.sh
 new file mode 100644
 index 0000000..9fae262
 --- /dev/null
 +++ b/jobs/infrastructure/prepare-0-install.sh
@@ -0,0 +1,47 @@
++#!/bin/sh -ex
++#
++# Copyright (C) 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++sudo apt-get install --yes software-properties-common
++
++# build tools as used in Launchpad
++sudo add-apt-repository --yes ppa:launchpad/buildd-staging
++sudo add-apt-repository --yes ppa:jenkaas-hackers/tools
++sudo add-apt-repository --yes ppa:snappy-hwe-team/ci-tools
++
++sudo apt-get update
++
++sudo apt-get install --yes \
++    git \
++    python \
++    python-launchpadlib \
++    python-bzrlib \
++    python-lockfile \
++    python-yaml \
++    python-jenkins \
++    python-git \
++    python-pip \
++    tarmac \
++    jenkins-launchpad-plugin \
++    openssh-client \
++    debootstrap \
++    qemu \
++    binfmt-support \
++    qemu-user-static \
++    {install_packages}
++
++# Install jenkins-jobs-builder
++sudo pip install --upgrade pip
++sudo pip install jenkins-job-builder
 diff --git a/jobs/infrastructure/prepare-0-install.yaml b/jobs/infrastructure/prepare-0-install.yaml
 new file mode 100644
 index 0000000..32e9612
 --- /dev/null
 +++ b/jobs/infrastructure/prepare-0-install.yaml
@@ -0,0 +1,27 @@
++- job-template:
++    name: '{name}-prepare-0-install'
++    install_packages: ''
++    project-type: matrix
++    description: |
++      This job adds all the needed repositories and installs dependencies needed
++      on build slaves.
++    properties:
++    - build-discarder:
++        num-to-keep: 10
++    - rebuild
++    parameters:
++    - matrix-combinations:
++        name: configurations
++        description: Which slaves to install packages on
++    - string:
++        name: CLEANUP_WORKSPACE
++        default: "0"
++    axes:
++    - axis:
++        type: slave
++        name: node
++        values: '{obj:build_slaves}'
++    builders:
++    - shell:
++        !include-raw:
++            - prepare-0-install.sh
 diff --git a/jobs/snap/common-job-prepare.sh b/jobs/snap/common-job-prepare.sh
 new file mode 100644
 index 0000000..4be0408
 --- /dev/null
 +++ b/jobs/snap/common-job-prepare.sh
@@ -0,0 +1,24 @@
++JENKINS_JOBS_GIT_REPO="{jobs-git-repo}"
++JENKINS_JOBS_GIT_REPO_BRANCH="{jobs-git-repo-branch}"
++
++if [ -n "${{CLEANUP_WORKSPACE}}" ] && [ "${{CLEANUP_WORKSPACE}}" -eq 1 ]; then
++	rm -rf ${{WORKSPACE}}/*
++fi
++if [ -e jenkins-jobs ] ; then
++	(cd jenkins-jobs ; git clean -fdx . ; git fetch origin ; git reset --hard origin/${{JENKINS_JOBS_GIT_REPO_BRANCH}})
++else
++    git clone -b ${{JENKINS_JOBS_GIT_REPO_BRANCH}} ${{JENKINS_JOBS_GIT_REPO}}
++fi
++
++cat << EOF > $WORKSPACE/.build_env
++BOT_USERNAME={bot_username}
++LAUNCHPAD_PROJECT={launchpad_project}
++LAUNCHPAD_TEAM={launchpad_team}
++SNAP_BUILD_JOB={name}-snap-build
++BUILD_SCRIPTS=$WORKSPACE/jenkins-jobs
++BUILD_ON_LAUNCHPAD={build_on_launchpad}
++AUTO_MERGE={auto_merge}
++TRIGGER_CI={trigger_ci}
++UPDATE_MPS={update_mps}
++RUN_TESTS={run_tests}
++EOF
 diff --git a/jobs/snap/snap-automerger.sh b/jobs/snap/snap-automerger.sh
 new file mode 100644
 index 0000000..d955e52
 --- /dev/null
 +++ b/jobs/snap/snap-automerger.sh
@@ -0,0 +1,27 @@
++#!/bin/bash
++#
++# Copyright (C) 2017 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++set -ex
++
++. "$WORKSPACE/.build_env"
++
++if [ "$AUTO_MERGE" = False ]; then
++    echo "WARNING: auto merge is disabled"
++    exit 0
++fi
++
++exec $BUILD_SCRIPTS/tools/automerge-mps.py \
++    -p $LAUNCHPAD_PROJECT
 \ No newline at end of file
 diff --git a/jobs/snap/snap-automerger.yaml b/jobs/snap/snap-automerger.yaml
 new file mode 100644
 index 0000000..f55f252
 --- /dev/null
 +++ b/jobs/snap/snap-automerger.yaml
@@ -0,0 +1,22 @@
++- job-template:
++    name: '{name}-snap-automerger'
++    project-type: freestyle
++    defaults: global
++    description: "Monitor Launchpad for new merge proposals"
++    display-name: "{name}-snap-automerger"
++    concurrent: true
++    node: snap && misc
++    triggers:
++        - timed: # every five minutes
++            H/5 * * * *
++    properties:
++        - build-discarder:
++            num-to-keep: 10
++        - rebuild
++    builders:
++        - shell:
++            !include-raw:
++                - common-job-prepare.sh
++        - shell:
++            !include-raw-escape:
++                - snap-automerger.sh
 diff --git a/jobs/snap/snap-build-update-chroot.sh b/jobs/snap/snap-build-update-chroot.sh
 new file mode 100644
 index 0000000..912f687
 --- /dev/null
 +++ b/jobs/snap/snap-build-update-chroot.sh
@@ -0,0 +1,28 @@
++#!/bin/sh
++#
++# Copyright (C) 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++set -ex
++
++. "$WORKSPACE/.build_env"
++
++if [ "$BUILD_ON_LAUNCHPAD" != False ]; then
++    exit 0
++fi
++
++sudo $BUILD_SCRIPTS/tools/snapbuild.sh \
++    --update-chroot \
++    --arch=$ARCHITECTURE \
++    --series=$SERIES
 \ No newline at end of file
 diff --git a/jobs/snap/snap-build-update-chroot.yaml b/jobs/snap/snap-build-update-chroot.yaml
 new file mode 100644
 index 0000000..e50b3c1
 --- /dev/null
 +++ b/jobs/snap/snap-build-update-chroot.yaml
@@ -0,0 +1,29 @@
++- job-template:
++    name: '{name}-snap-build-update-chroot'
++    project-type: matrix
++    defaults: global
++    description: "Build a snap on launchpad"
++    display-name: "{name}-snap-build-update-chroot"
++    concurrent: false
++    node: snap && build
++    axes:
++        - axis:
++            type: slave
++            name: node
++            values: '{obj:build_slaves}'
++    parameters:
++        - string:
++            name: ARCHITECTURE
++            default: amd64
++            description: Architecture to build the snap for
++        - string:
++            name: SERIES
++            default: xenial
++            description: "Ubuntu archive series to build for"
++    builders:
++        - shell:
++            !include-raw:
++                - common-job-prepare.sh
++        - shell:
++            !include-raw-escape:
++                - snap-build-update-chroot.sh
 diff --git a/jobs/snap/snap-build-worker.sh b/jobs/snap/snap-build-worker.sh
 new file mode 100644
 index 0000000..60775d7
 --- /dev/null
 +++ b/jobs/snap/snap-build-worker.sh
@@ -0,0 +1,147 @@
++#!/bin/sh
++#
++# Copyright (C) 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++set -ex
++
++. "$WORKSPACE/.build_env"
++
++rm -rf $WORKSPACE/src $WORKSPACE/results $WORKSPACE/build-props
++
++git clone --no-checkout $TARGET_GIT_REPO $WORKSPACE/src
++cd $WORKSPACE/src
++for remote in `git branch -r | grep -v origin/master`; do git checkout --track $remote ; done
++
++git checkout $TARGET_GIT_REPO_BRANCH
++
++git config user.name "System Enablement CI Bot"
++git config user.email "ce-system-enablement@lists.canonical.com"
++
++if [ -n "$SOURCE_GIT_REPO" ]; then
++	git remote add other $SOURCE_GIT_REPO
++	git fetch other
++	git merge \
++		--no-ff \
++		-m "Merge remote tracking branch other/$SOURCE_GIT_REPO_BRANCH" \
++		$REVISION
++fi
++
++# Try to find the correct branch we need to build from. In the case that
++# $TARGET_GIT_REPO_BRANCH points us to an upstream component branch we
++# will take master as the next suitable candidate.
++CI_BRANCH=
++SNAPCRAFT_YAML_PATH=
++for branch in $TARGET_GIT_REPO_BRANCH master ; do
++	git checkout $branch
++	if [ -e snapcraft.yaml ]; then
++		SNAPCRAFT_YAML_PATH=snapcraft.yaml
++	elif [ -e snap/snapcraft.yaml ]; then
++		SNAPCRAFT_YAML_PATH=snap/snapcraft.yaml
++	fi
++
++	if [ -n "$SNAPCRAFT_YAML_PATH" ]; then
++		CI_BRANCH=$branch
++		break
++	fi
++done
++
++if [ -z "$CI_BRANCH" ]; then
++	echo "WARNING: Can't build snap as no snapcraft.yaml exists!"
++	exit 0
++fi
++
++REPO_NAME=$(awk -v a="$TARGET_GIT_REPO" 'BEGIN{print substr(a, index(a, "+git/") + 5)}')
++# We rely on the snapcraft.yaml to have the snap name in the first five lines
++# which is the case for all our snaps. This is a bit lazy but the best way to
++# ensure we don't fetch any other name: fields which might be present in the file.
++SNAP_NAME=$(cat $SNAPCRAFT_YAML_PATH | grep -v ^\# | head -n 5 | grep "^name:" | awk '{print $2}')
++SNAP_REV=$(git rev-parse --short HEAD)
++CI_REPO=$REPO_NAME-$BUILD_ID-$SNAP_REV
++
++sed -i "s/~$LAUNCHPAD_TEAM\/$LAUNCHPAD_PROJECT\/+git\/$REPO_NAME/~$LAUNCHPAD_TEAM\/$LAUNCHPAD_PROJECT\/+git\/$CI_REPO/g" \
++	$SNAPCRAFT_YAML_PATH
++
++# The project as two different options of how snaps can be build:
++#
++# 1. Locally in a chroot but only for the host architecture
++# 2. On launchpad for any architecture
++#
++# Which of both options will be used is configured in the
++# $WORKSPACE/.build_env file.
++
++if [ "$BUILD_ON_LAUNCHPAD" = False ]; then
++	SNAPBUILD_EXTRA_ARGS=
++	SNAP_TYPE=$($BUILD_SCRIPTS/tools/shyaml get-value type < $SNAPCRAFT_YAML_PATH || echo app)
++	case "$SNAP_TYPE" in
++		kernel)
++			if [ "$ARCHITECTURE" != amd64 ]; then
++				# If we're building a kernel snap we have to cross-build it
++				# instead of building it in a native environment.
++				SNAPBUILD_EXTRA_ARGS="--cross-build"
++			fi
++			;;
++	esac
++
++	sudo $BUILD_SCRIPTS/tools/snapbuild.sh \
++		--source-dir=$WORKSPACE/src \
++		--results-dir=$WORKSPACE/results \
++		--arch=$ARCHITECTURE \
++		--series=$SERIES \
++		--proxy=squid.internal:3128 \
++		$SNAPBUILD_EXTRA_ARGS
++else
++	git remote add jenkins-ci git+ssh://$BOT_USERNAME@git.launchpad.net/~$LAUNCHPAD_TEAM/$LAUNCHPAD_PROJECT/+git/$CI_REPO
++	git push jenkins-ci --all
++	git push jenkins-ci --tags
++
++	# Save repo name as soon as it gets created so it can be deleted by the cleanup
++	# job even if this job fails.
++	echo "CI_REPO=$CI_REPO" >> $WORKSPACE/build-props
++	echo "CI_BRANCH=$CI_BRANCH" >> $WORKSPACE/build-props
++
++	EXTRA_ARGS=
++	if [ -n "$ARCHITECTURE" ]; then
++		EXTRA_ARGS="$EXTRA_ARGS --architectures=$ARCHITECTURE"
++	fi
++
++	$BUILD_SCRIPTS/tools/trigger-lp-build.py \
++		-s $SNAP_NAME -n \
++		--git-repo=https://git.launchpad.net/~$LAUNCHPAD_TEAM/$LAUNCHPAD_PROJECT/+git/$CI_REPO \
++		--git-repo-branch=$CI_BRANCH \
++		--results-dir=$WORKSPACE/results \
++		$EXTRA_ARGS
++fi
++
++if [ -z "$REMOTE_WORKER" ]; then
++	echo "INFO: No remote worker defined, not copying artifacts to it"
++	exit 0
++fi
++
++SSH_PATH="${JENKINS_HOME}/.ssh/"
++SSH_KEY_PATH="${SSH_PATH}/git.launchpad.net/$BOT_USERNAME"
++SSH="ssh -i $SSH_KEY_PATH/id_rsa $REMOTE_USER@$REMOTE_WORKER"
++SCP="scp -i $SSH_KEY_PATH/id_rsa"
++
++RESULTS_ID=$(md5sum $(find $WORKSPACE/results/*.snap | tail -n1) | cut -d' ' -f 1)
++REMOTE_RESULTS_BASE_DIR=/home/$REMOTE_USER/results
++
++$SSH mkdir -p $REMOTE_RESULTS_BASE_DIR/$RESULTS_ID
++$SCP $WORKSPACE/results/*.snap $REMOTE_USER@$REMOTE_WORKER:$REMOTE_RESULTS_BASE_DIR/$RESULTS_ID/
++
++# Save the id of our results so it can be used by a subsequent build
++# in a properties file which is then being read from jenkins and its
++# content passed as parameters to triggered builds.
++echo "RESULTS_ID=$RESULTS_ID" >> $WORKSPACE/build-props
++cat $WORKSPACE/build-props
 diff --git a/jobs/snap/snap-build-worker.yaml b/jobs/snap/snap-build-worker.yaml
 new file mode 100644
 index 0000000..6b45a89
 --- /dev/null
 +++ b/jobs/snap/snap-build-worker.yaml
@@ -0,0 +1,72 @@
++- job-template:
++    name: '{name}-snap-build-worker'
++    project-type: freestyle
++    defaults: global
++    description: "Build a snap on launchpad"
++    display-name: "{name}-snap-build-worker"
++    concurrent: true
++    node: snap && build
++    parameters:
++        - string:
++            name: ARCHITECTURE
++            default: amd64
++            description: Architecture to build the snap for
++        - string:
++            name: TARGET_GIT_REPO
++            default:
++            description: "Target git repository"
++        - string:
++            name: TARGET_GIT_REPO_BRANCH
++            default: master
++            description: "Branch of the target git repository to build from"
++        - string:
++            name: SERIES
++            default: xenial
++            description: "Ubuntu archive series to build for"
++        - string:
++            name: FORCE
++            default: "0"
++            description: "Set to 1 to force the build"
++        - string:
++            name: SOURCE_GIT_REPO
++            default:
++            description: "Source git repository"
++        - string:
++            name: SOURCE_GIT_REPO_BRANCH
++            default:
++            description: "Branch of the source git repository to use"
++        - string:
++            name: MERGE_PROPOSAL
++            default:
++            description: "Link to the merge proposal this build relates to"
++        - string:
++            name: REVISION
++            default:
++            description: "Cleanup the whole workspace"
++        - string:
++            name: CLEANUP_WORKSPACE
++            default: "0"
++            description: "Cleanup the whole workspace"
++        - string:
++            name: REMOTE_WORKER
++            default: "{obj:remote_worker}"
++            description: "The remote server to execute the spread jobs on. There's no need to change from the default value unless you know what you're doing."
++        - string:
++            name: REMOTE_USER
++            default: "{obj:remote_user}"
++            description: "The remote server username used to ssh to $REMOTE_WORKER."
++        - string:
++            name: CORE_CHANNEL
++            default: stable
++            description: "Channel of the core snap to use for testing the build snap"
++        - string:
++            name: RESULTS_ID
++            default: ''
++            description: "Alphanumeric identifier used to pass build artifacts through different jobs"
++    builders:
++        - shell:
++            !include-raw:
++                - common-job-prepare.sh
++        - shell:
++            !include-raw-escape:
++                - snap-build-worker.sh
 diff --git a/jobs/snap/snap-build.yaml b/jobs/snap/snap-build.yaml
 new file mode 100644
 index 0000000..dec3b19
 --- /dev/null
 +++ b/jobs/snap/snap-build.yaml
@@ -0,0 +1,91 @@
++- job-template:
++    name: '{name}-snap-build'
++    project-type: matrix
++    defaults: global
++    description: "Build a snap with subsequent test execution"
++    display-name: "{name}-snap-build"
++    concurrent: true
++    sequential: false
++    node: monitor
++    axes:
++        - axis:
++            type: user-defined
++            name: ARCHITECTURE
++            values: '{obj:build_architectures}'
++    parameters:
++        - string:
++            name: TARGET_GIT_REPO
++            default:
++            description: "Target git repository"
++        - string:
++            name: TARGET_GIT_REPO_BRANCH
++            default: master
++            description: "Branch of the target git repository to build from"
++        - string:
++            name: SERIES
++            default: xenial
++            description: "Ubuntu archive series to build for"
++        - string:
++            name: FORCE
++            default: "0"
++            description: "Set to 1 to force the build"
++        - string:
++            name: SOURCE_GIT_REPO
++            default:
++            description: "Source git repository"
++        - string:
++            name: SOURCE_GIT_REPO_BRANCH
++            default:
++            description: "Branch of the source git repository to use"
++        - string:
++            name: MERGE_PROPOSAL
++            default:
++            description: "Link to the merge proposal this build relates to"
++        - string:
++            name: REVISION
++            default:
++            description: "Cleanup the whole workspace"
++        - string:
++            name: CLEANUP_WORKSPACE
++            default: "0"
++            description: "Cleanup the whole workspace"
++    builders:
++        - trigger-builds:
++            - project: '{name}-snap-build-worker'
++              current-parameters: true
++              predefined-parameters: |
++                  RESULTS_ID=$BUILD_TAG
++                  ARCHITECTURE=$ARCHITECTURE
++              block: true
++            - project: '{name}-snap-test'
++              current-parameters: true
++              predefined-parameters: |
++                  RESULTS_ID=$BUILD_TAG
++              block: true
++            - project: '{name}-snap-cleanup'
++              current-parameters: true
++              predefined-parameters: |
++                  RESULTS_ID=$BUILD_TAG
++    publishers:
++        - archive:
++            artifacts: '**/*.snap'
++            latest-only: false
++            allow-empty: true
++            fingerprint: false
++        - trigger-parameterized-builds:
++            - project: '{name}-snap-update-mp'
++              condition: "SUCCESS"
++              predefined-parameters: |
++                  CI_RESULT=PASSED
++                  CI_BUILD=${{BUILD_URL}}
++                  CI_BRANCH="${{SOURCE_GIT_REPO_BRANCH}}@${{SOURCE_GIT_REPO}}"
++                  CI_MERGE_PROPOSAL=${{MERGE_PROPOSAL}}
++                  CI_REVISION=${{REVISION}}
++            - project: '{name}-snap-update-mp'
++              condition: "UNSTABLE_OR_WORSE"
++              predefined-parameters: |
++                  CI_RESULT=FAILED
++                  CI_BUILD=${{BUILD_URL}}
++                  CI_BRANCH="${{SOURCE_GIT_REPO_BRANCH}}@${{SOURCE_GIT_REPO}}"
++                  CI_MERGE_PROPOSAL=${{MERGE_PROPOSAL}}
++                  CI_REVISION=${{REVISION}}
 diff --git a/jobs/snap/snap-cleanup.sh b/jobs/snap/snap-cleanup.sh
 new file mode 100644
 index 0000000..bf0e03c
 --- /dev/null
 +++ b/jobs/snap/snap-cleanup.sh
@@ -0,0 +1,38 @@
++#!/bin/sh
++#
++# Copyright (C) 2017 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++set -x
++
++. "$WORKSPACE/.build_env"
++
++# Delete auxiliary repo used in the build
++$BUILD_SCRIPTS/tools/delete-ci-repo.py \
++    --git-repo=https://git.launchpad.net/~$LAUNCHPAD_TEAM/$LAUNCHPAD_PROJECT/+git/$CI_REPO
++
++if [ -z "$REMOTE_WORKER" ]; then
++    echo "INFO: No remote system defined"
++    exit 0
++fi
++
++SSH_PATH="${JENKINS_HOME}/.ssh/"
++SSH_KEY_PATH="${SSH_PATH}/git.launchpad.net/$BOT_USERNAME"
++SSH="ssh -i $SSH_KEY_PATH/id_rsa $REMOTE_USER@$REMOTE_WORKER"
++REMOTE_RESULTS_BASE_DIR=/home/$REMOTE_USER/results
++
++$SSH rm -rf $REMOTE_RESULTS_BASE_DIR/$RESULTS_ID
++
++# Now remove any container that might have been left behind...
++$SSH sudo docker rm \$\(sudo docker ps -q --filter=status=exited --filter=ancestor=snap-spread-tests\) || true
 diff --git a/jobs/snap/snap-cleanup.yaml b/jobs/snap/snap-cleanup.yaml
 new file mode 100644
 index 0000000..8aa4a03
 --- /dev/null
 +++ b/jobs/snap/snap-cleanup.yaml
@@ -0,0 +1,32 @@
++- job-template:
++    name: '{name}-snap-cleanup'
++    project-type: freestyle
++    defaults: global
++    description: "Cleanup artifacts left over from a snap build"
++    display-name: "{name}-snap-cleanup"
++    concurrent: true
++    node: snap && build
++    parameters:
++        - string:
++            name: CI_REPO
++            default: ""
++            description: "Auxiliary repo for the build, that we will remove"
++        - string:
++            name: "RESULTS_ID"
++            default: ""
++            description: "Alphanumeric Id of the results being staged on the remote worker"
++        - string:
++            name: REMOTE_WORKER
++            default: "{obj:remote_worker}"
++            description: "The remote server to execute the spread jobs on. There's no need to change from the default value unless you know what you're doing."
++        - string:
++            name: REMOTE_USER
++            default: "{obj:remote_user}"
++            description: "The remote server username used to ssh to $REMOTE_WORKER."
++    builders:
++        - shell:
++            !include-raw:
++                - common-job-prepare.sh
++        - shell:
++            !include-raw-escape:
++                - snap-cleanup.sh
 diff --git a/jobs/snap/snap-nightly.yaml b/jobs/snap/snap-nightly.yaml
 new file mode 100644
 index 0000000..ae5a71f
 --- /dev/null
 +++ b/jobs/snap/snap-nightly.yaml
@@ -0,0 +1,41 @@
++- job-template:
++    name: '{name}-snap-nightly'
++    project-type: matrix
++    concurrent: false
++    node: monitor
++    sequential: true
++    properties:
++        - build-discarder:
++            days-to-keep: 30
++        - rebuild:
++            rebuild-disabled: true
++    axes:
++        - axis:
++            type: user-defined
++            name: CORE_CHANNEL
++            values: '{obj:nightly_core_channels}'
++        - axis:
++            type: user-defined
++            name: SNAP
++            values: '{obj:nightly_snaps}'
++        - axis:
++            type: user-defined
++            name: ARCHITECTURE
++            values: '{obj:nightly_architectures}'
++    wrappers:
++        - timeout:
++            timeout: 30
++            abort: true
++        - timestamps
++    builders:
++        - trigger-builds:
++            - project: '{name}-snap-build-worker'
++              predefined-parameters: |
++                  TARGET_GIT_REPO={base_snap_repo_url}/$SNAP
++                  TARGET_GIT_REPO_BRANCH=master
++                  SOURCE_GIT_REPO=
++                  SOURCE_GIT_REPO_BRANCH=
++                  REVISION=
++                  ARCHITECTURES=$ARCHITECTURE
++                  CORE_CHANNEL=$CORE_CHANNEL
++              block: true
 diff --git a/jobs/snap/snap-project-jobs.yaml b/jobs/snap/snap-project-jobs.yaml
 new file mode 100644
 index 0000000..b693af3
 --- /dev/null
 +++ b/jobs/snap/snap-project-jobs.yaml
@@ -0,0 +1,13 @@
++- job-group:
++    name: snap-project-jobs
++    jobs:
++      - '{name}-snap-nightly'
++      - '{name}-snap-build-worker'
++      - '{name}-snap-build-update-chroot'
++      - '{name}-snap-build'
++      - '{name}-snap-cleanup'
++      - '{name}-snap-release'
++      - '{name}-snap-test'
++      - '{name}-snap-trigger-ci'
++      - '{name}-snap-update-mp'
++      - '{name}-snap-automerger'
 diff --git a/jobs/snap/snap-release.sh b/jobs/snap/snap-release.sh
 new file mode 100644
 index 0000000..06fc6c4
 --- /dev/null
 +++ b/jobs/snap/snap-release.sh
@@ -0,0 +1,170 @@
++#!/bin/bash
++#
++# Copyright (C) 2017 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++set -ex
++
++. "$WORKSPACE/.build_env"
++
++if [ -z "$VERSION" ]; then
++    echo "ERROR: No version specified"
++    exit 1
++fi
++
++echo "Snap to be released: $SNAP_NAME"
++echo "Version to be released: $VERSION"
++echo "New development version: $NEXT_VERSION"
++
++REPOSITORY_URL="git+ssh://$BOT_USERNAME@git.launchpad.net/~$LAUNCHPAD_TEAM/$LAUNCHPAD_PROJECT/+git/$SNAP_NAME"
++
++if [ -e "$SNAP_NAME" ]; then
++    rm -rf "$SNAP_NAME"
++fi
++
++set_git_identity() {
++    git config user.name "System Enablement CI Bot"
++    git config user.email "ce-system-enablement@lists.canonical.com"
++}
++
++# Arguments are:
++# $1 Snap name
++# $2 Version to release
++update_changelog() {
++    local latest_version commits i text range
++    local snap=$1
++    local ver=$2
++    local changelog_file=ChangeLog
++    local changes author full_text
++
++    # latest tag is latest version
++    latest_version="$(git describe --abbrev=0)" || true
++    if [ -n "$latest_version" ]; then
++        range=$latest_version..HEAD
++    else
++        range=HEAD
++    fi
++
++    commits=$(git rev-list --merges --reverse "$range")
++    declare -A changes
++
++    for i in $commits; do
++        local body merge_proposal description text
++
++        body=$(git log --format=%B -n1 "$i")
++        merge_proposal=$(echo "$body" | grep "^Merge-Proposal:") || true
++        author=$(echo "$body" | grep "^Author:") || true
++        author="${author#Author: *}"
++        if [ -z "$author" ]; then
++            if [ -z "$merge_proposal" ]; then
++                author="unknown"
++            else
++                author=${merge_proposal#*~}
++                author=${author%%/*}
++            fi
++        fi
++        # 'sed' removes leading blank lines first, then adds indentation
++        description=$(echo "$body" | grep -v "^Author:\|^Merge" | \
++                        sed '/./,$!d' | sed '2,$s/^/    /') || true
++        if [ -z "$description" ]; then
++            description="See more information in merge proposal"
++        fi
++        text=${changes[$author]}
++        printf -v text "%s\n  * %s\n    %s" \
++               "$text" "$description" "$merge_proposal"
++        changes[$author]=$text
++    done
++
++    printf -v full_text "%s\n" "$(date --rfc-3339=date --utc) $snap $ver"
++    for author in "${!changes[@]}"; do
++        printf -v full_text "%s\n  [ %s ]%s\n" \
++               "$full_text" "$author" "${changes[$author]}"
++    done
++
++    if [ ! -e "$changelog_file" ]; then
++        touch "$changelog_file"
++    fi
++    echo "$full_text" | cat - "$changelog_file" > "$changelog_file".tmp
++    mv "$changelog_file".tmp "$changelog_file"
++
++    git add "$changelog_file"
++    git commit -m "Update $changelog_file for $ver"
++}
++
++# Arguments are:
++# $1 Version to be set in the snapcraft.yaml file
++# $2 Path to the snapcraft.yaml file
++bump_version_and_tag() {
++    sed -i -e "s/^version:\ .*/version: $1/g" "$2"
++    git add "$2"
++    git commit -m "Bump version to $1"
++    git tag -a -m "$1" "$1" HEAD
++}
++
++RELEASE_BASE_BRANCH=master
++if [ "$RELEASE_FROM_STABLE" -eq 1 ]; then
++    RELEASE_BASE_BRANCH=stable
++fi
++
++git clone -b "$RELEASE_BASE_BRANCH" "$REPOSITORY_URL" "$SNAP_NAME"
++cd "$SNAP_NAME"
++
++SNAPCRAFT_YAML_PATH=
++if [ -e snapcraft.yaml ]; then
++    SNAPCRAFT_YAML_PATH=snapcraft.yaml
++elif [ -e snap/snapcraft.yaml ]; then
++    SNAPCRAFT_YAML_PATH=snap/snapcraft.yaml
++fi
++
++if [ -z "$SNAPCRAFT_YAML_PATH" ]; then
++    echo "ERROR: No snapcraft.yaml or snap/snapcraft.yaml file!"
++    exit 1
++fi
++
++set_git_identity
++update_changelog "$SNAP_NAME" "$VERSION"
++bump_version_and_tag "$VERSION" "$SNAPCRAFT_YAML_PATH"
++
++if [ "$RELEASE_FROM_STABLE" -eq 1 ]; then
++    git push origin "$RELEASE_BASE_BRANCH"
++    git push origin "$VERSION"
++
++    "$BUILD_SCRIPTS"/tools/trigger-lp-build.py -s "$SNAP_NAME" -p
++else
++    if ! git branch -r | grep origin/stable ; then
++        git checkout -b stable origin/master
++    else
++        git checkout -b stable origin/stable
++    fi
++
++    # We're using `-X theirs` here as master always takes priority over
++    # what is in the stable. If something was only submitted into stable
++    # the commiter needs to take care that the same change is submitted
++    # to master too or it is overriden the next time a release happens
++    # from master.
++    git merge --no-ff -X theirs "$RELEASE_BASE_BRANCH"
++
++    git push origin stable
++    git push origin "$RELEASE_BASE_BRANCH"
++    git push origin "$VERSION"
++
++    # Build before we change master branch
++    "$BUILD_SCRIPTS"/tools/trigger-lp-build.py -s "$SNAP_NAME" -p
++
++    git checkout "$RELEASE_BASE_BRANCH"
++    sed -i -e "s/^version:\ .*/version: ${NEXT_VERSION}-dev/g" "$SNAPCRAFT_YAML_PATH"
++    git add "$SNAPCRAFT_YAML_PATH"
++    git commit -m "Open development for ${NEXT_VERSION}-dev"
++    git push origin "$RELEASE_BASE_BRANCH"
++fi
 diff --git a/jobs/snap/snap-release.yaml b/jobs/snap/snap-release.yaml
 new file mode 100644
 index 0000000..75e3b3a
 --- /dev/null
 +++ b/jobs/snap/snap-release.yaml
@@ -0,0 +1,58 @@
++- job-template:
++    name: '{name}-snap-release'
++    project-type: freestyle
++    defaults: global
++    description: "A job implementing the release process used for snaps"
++    display-name: "{name}-snap-release"
++    concurrent: true
++    node: snap && release
++    parameters:
++        - string:
++            name: SNAP_NAME
++            default: ""
++            description: |
++                Name of the snap which should be released
++
++                Normally the repositories we have on https://code.launchpad.net/~snappy-hwe-team/snappy-hwe-snaps/+git/
++                match with the snap name. In some cases this is not true, in those you have to set the repository
++                name here. For example for 'canonical-se-engineering-tests' it is 'engineering-tests' as this is
++                the repository name.
++        - string:
++            name: VERSION
++            default: ""
++            description: "New version of the snap"
++        - string:
++            name: NEXT_VERSION
++            default: ""
++            description: |
++                Version which will follow the version specified in the VERSION field.
++                For example if you specify VERSION = "1.1" next version is most likely
++                "1.2". The NEXT_VERSION parameter is used to write it into the component
++                snapcraft.yaml as "$NEXT_VERSION-dev" to clearly indicate that snaps
++                build from master are development versions.
++
++                Please note that NEXT_VERSION is not set in stone and can be overriden
++                at any time by changes merged into master.
++        - string:
++            name: CLEANUP_WORKSPACE
++            default: "0"
++            description: "Cleanup the whole workspace"
++        - string:
++            name: SERIES
++            default: xenial
++            description: "Ubuntu archive series to build for"
++        - string:
++            name: RELEASE_FROM_STABLE
++            default: 0
++            description: |
++                Set to '1' to force a release from stable branch without merging with
++                master. This can be used when single changes are picked into stable
++                manually and need to be released without pulling anything else from
++                master. PLEASE ENSURE THAT THOSE CHANGE GO INTO MASTER TOO!!
++    builders:
++        - shell:
++            !include-raw:
++                - common-job-prepare.sh
++        - shell:
++            !include-raw-escape:
++                - snap-release.sh
 diff --git a/jobs/snap/snap-test.sh b/jobs/snap/snap-test.sh
 new file mode 100644
 index 0000000..bea5e3a
 --- /dev/null
 +++ b/jobs/snap/snap-test.sh
@@ -0,0 +1,121 @@
++#!/bin/sh
++#
++# Copyright (C) 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++set -ex
++
++. "$WORKSPACE/.build_env"
++
++if [ "$RUN_TESTS" = False ]; then
++    echo "WARNING: test execution is disabled"
++    exit 0
++fi
++
++SSH_PATH="${JENKINS_HOME}/.ssh/"
++SSH_KEY_PATH="${SSH_PATH}/git.launchpad.net/system-enablement-ci-bot"
++
++SSH="ssh -i $SSH_KEY_PATH/id_rsa $REMOTE_USER@$REMOTE_WORKER"
++SCP="scp -i $SSH_KEY_PATH/id_rsa"
++
++REMOTE_WORKSPACE=/home/$REMOTE_USER/$BUILD_TAG
++REMOTE_RESULTS_BASE_DIR=/home/$REMOTE_USER/results
++
++tmp_srcdir=`mktemp -d`
++git clone --depth 1 -b $SOURCE_GIT_REPO_BRANCH $SOURCE_GIT_REPO $tmp_srcdir/src
++cd $tmp_srcdir/src
++# This will fail as we have set set -e above when the revision isn't part of
++# of the repository we've cloned.
++git branch --contains $SOURCE_GIT_REPO_REVISION | grep "$SOURCE_GIT_REPO_BRANCH"
++git checkout -b ci-test $SOURCE_GIT_REPO_REVISION
++
++# Components have the ability to disable CI tests if they can't provide any.
++# This only accepted in a few cases and should be generally avoided.
++if [ -e $tmp_srcdir/src/.ci_tests_disabled ]; then
++    echo "WARNING: Component has no CI tests so not running anything here"
++    exit 0
++fi
++# We require either a run-tests.sh interface script for the spread tests
++# or the basic spread.yaml spread test definition file, otherwise we fail
++# the Jenkins job. Spread tests are required for all MRs.
++if [ ! -e "$tmp_srcdir/src/run-tests.sh" ] && [ ! -e "$tmp_srcdir/src/spread.yaml" ]; then
++    echo "ERROR: missing spread test: you must provide a spread test"
++    exit 1
++fi
++rm -rf $tmp_srcdir
++
++if [ -n "$RESULTS_ID" ]; then
++    $SSH mkdir -p $REMOTE_WORKSPACE/results
++    $SSH cp -v $REMOTE_RESULTS_BASE_DIR/$RESULTS_ID/*.snap $REMOTE_WORKSPACE/results
++fi
++
++$SSH sudo apt-get --yes --force-yes install docker.io
++
++cat << EOF > $WORKSPACE/run-tests.sh
++#!/bin/sh
++set -ex
++
++export TERM=linux
++export DEBIAN_FRONTEND=noninteractive
++export PATH=/build/bin:$PATH
++
++# At this time it's necessary to build spread manually because
++# the snapped version does not include the qemu/kvm backend.
++# Once the snapped version includes this backend, then we can
++# change the manual building of spread with making sure the snap
++# package is installed.
++export GOPATH=`mktemp -d`
++go get -d -v github.com/snapcore/spread/...
++go build github.com/snapcore/spread/cmd/spread
++mkdir /build/bin
++cp spread /build/bin
++
++git clone --depth 1 -b $SOURCE_GIT_REPO_BRANCH $SOURCE_GIT_REPO /build/src
++cd /build/src
++git checkout -b ci-tests $SOURCE_GIT_REPO_REVISION
++
++# Copy any stage results from previous generic-build-snap-worker builds
++cp -v /build/results/*.snap /build/src
++
++if [ -e "run-tests.sh" ] ; then
++    if [ ! -z "$CHANNEL" ] ; then
++        ./run-tests.sh --channel=$CHANNEL --test-from-channel --debug --force-new-image
++    else
++        ./run-tests.sh --debug --force-new-image
++    fi
++else
++    if [ ! -z "$CHANNEL" ] ; then
++        SNAP_CHANNEL=$CHANNEL spread -debug
++    else
++        spread -debug
++    fi
++fi
++EOF
++
++$SSH mkdir -p $REMOTE_WORKSPACE
++$SCP $WORKSPACE/run-tests.sh $REMOTE_USER@$REMOTE_WORKER:$REMOTE_WORKSPACE
++$SSH chmod u+x $REMOTE_WORKSPACE/run-tests.sh
++
++$SSH mkdir -p $REMOTE_WORKSPACE/docker
++$SCP $WORKSPACE/build-scripts/docker/spread-tests/Dockerfile \
++    $REMOTE_USER@$REMOTE_WORKER:$REMOTE_WORKSPACE/docker
++$SSH time sudo docker build -t snap-spread-tests $REMOTE_WORKSPACE/docker
++
++$SSH time sudo docker run \
++	-v /dev:/dev \
++	-v $REMOTE_WORKSPACE:/build \
++	--privileged \
++	snap-spread-tests /build/run-tests.sh
++
++$SSH sudo rm -rf $REMOTE_WORKSPACE
 diff --git a/jobs/snap/snap-test.yaml b/jobs/snap/snap-test.yaml
 new file mode 100644
 index 0000000..9c15699
 --- /dev/null
 +++ b/jobs/snap/snap-test.yaml
@@ -0,0 +1,64 @@
++- job-template:
++    name: '{name}-snap-test'
++    project-type: freestyle
++    defaults: global
++    description: "Run tests for a single snap on a remote agent which also allows spread execution inside KVM/QEMU"
++    display-name: "{name}-snap-test"
++    concurrent: true
++    node: snap && test
++    parameters:
++        - string:
++            name: SOURCE_GIT_REPO
++            default: ""
++            description: "Source git repository"
++        - string:
++            name: SOURCE_GIT_REPO_BRANCH
++            default: ""
++            description: "Branch of the source git repository to use"
++        - string:
++            name: CHANNEL
++            default: ""
++            description: "Run tests against an image build with a core snap from the specified channel"
++        - string:
++            name: REMOTE_WORKER
++            default: "{obj:remote_worker}"
++            description: "The remote server to execute the spread jobs on. There's no need to change from the default value unless you know what you're doing."
++        - string:
++            name: REMOTE_USER
++            default: "{obj:remote_user}"
++            description: "The remote server username used to ssh to $REMOTE_WORKER."
++        - string:
++            name: CLEANUP_WORKSPACE
++            default: "0"
++            description: "Cleanup the whole workspace"
++        - string:
++            name: SERIES
++            default: xenial
++            description: "Ubuntu archive series to build for"
++        - string:
++            name: REBUILD_ROOTFS
++            default: 0
++            description: "Rebuild the chroot rootfs or not. Default is to not rebuild and use a previous job's rootfs."
++        - string:
++            name: RESULTS_ID
++            default: ""
++            description: "Alphanumeric Id of the results being staged on the remote worker"
++        - string:
++            name: CORE_CHANNEL
++            default: "stable"
++            description: "Channel used for the core snap inside the test environment. Defaults to 'stable'."
++        - string:
++            name: CI_BRANCH
++            default: ""
++            description: "Branch on which the tests should be executed"
++        - string:
++            name: CI_REPO
++            default: ""
++            description: "Git repository to use for testing (MUST contain $CI_BRANCH)"
++    builders:
++        - shell:
++            !include-raw:
++                - common-job-prepare.sh
++        - shell:
++            !include-raw-escape:
++                - snap-test.sh
 diff --git a/jobs/snap/snap-trigger-ci.sh b/jobs/snap/snap-trigger-ci.sh
 new file mode 100644
 index 0000000..b86724d
 --- /dev/null
 +++ b/jobs/snap/snap-trigger-ci.sh
@@ -0,0 +1,29 @@
++#!/bin/bash
++#
++# Copyright (C) 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++set -ex
++
++. "$WORKSPACE/.build_env"
++
++if [ "$TRIGGER_CI" = False ]; then
++    echo "WARNING: CI is disabled"
++    exit 0
++fi
++
++exec "$BUILD_SCRIPTS"/tools/trigger-ci.py \
++    -p "$LAUNCHPAD_PROJECT" \
++    -j "$SNAP_BUILD_JOB" \
++    -t "$LAUNCHPAD_TEAM"
 diff --git a/jobs/snap/snap-trigger-ci.yaml b/jobs/snap/snap-trigger-ci.yaml
 new file mode 100644
 index 0000000..e412325
 --- /dev/null
 +++ b/jobs/snap/snap-trigger-ci.yaml
@@ -0,0 +1,22 @@
++- job-template:
++    name: '{name}-snap-trigger-ci'
++    project-type: freestyle
++    defaults: global
++    description: "Monitor Launchpad for new merge proposals"
++    display-name: "{name}-snap-trigger-ci"
++    concurrent: true
++    node: snap && misc
++    triggers:
++        - timed: # every five minutes
++            H/5 * * * *
++    properties:
++        - build-discarder:
++            num-to-keep: 10
++        - rebuild
++    builders:
++        - shell:
++            !include-raw:
++                - common-job-prepare.sh
++        - shell:
++            !include-raw-escape:
++                - snap-trigger-ci.sh
 diff --git a/jobs/snap/snap-update-mp.sh b/jobs/snap/snap-update-mp.sh
 new file mode 100644
 index 0000000..fd05d6e
 --- /dev/null
 +++ b/jobs/snap/snap-update-mp.sh
@@ -0,0 +1,30 @@
++#!/bin/sh
++#
++# Copyright (C) 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++set -ex
++
++. "$WORKSPACE/.build_env"
++
++if [ "$UPDATE_MPS" = False ]; then
++    echo "WARNING: MP updates are disabled"
++    exit 0
++fi
++
++exec $BUILD_SCRIPTS/tools/vote-on-merge-proposal.py \
++    -s $CI_RESULT \
++    -u $CI_BUILD \
++    -r $CI_REVISION \
++    -p $CI_MERGE_PROPOSAL
 diff --git a/jobs/snap/snap-update-mp.yaml b/jobs/snap/snap-update-mp.yaml
 new file mode 100644
 index 0000000..967b891
 --- /dev/null
 +++ b/jobs/snap/snap-update-mp.yaml
@@ -0,0 +1,31 @@
++- job-template:
++    name: '{name}-snap-update-mp'
++    project-type: freestyle
++    defaults: global
++    description: "Update given merge-proposal with the result of the build"
++    display-name: "{name}-snap-update-mp"
++    concurrent: true
++    node: snap && misc
++    parameters:
++        - string:
++            name: CI_RESULT
++            description: Result of the CI build
++        - string:
++            name: CI_BUILD
++            description: Jenkins URL of the build
++        - string:
++            name: CI_BRANCH
++            description: Launchpad branch that was processed
++        - string:
++            name: CI_MERGE_PROPOSAL
++            description: Launchpad merge proposal that was processed
++        - string:
++            name: CI_REVISION
++            description: Revision of the processed branch
++    builders:
++        - shell:
++            !include-raw:
++                - common-job-prepare.sh
++        - shell:
++            !include-raw-escape:
++                - snap-update-mp.sh
 diff --git a/local.conf b/local.conf
 new file mode 100644
 index 0000000..0170c70
 --- /dev/null
 +++ b/local.conf
@@ -0,0 +1,11 @@
++[job_builder]
++ignore_cache=True
++keep_descriptions=False
++recursive=False
++allow_duplicates=False
++
++[jenkins]
++user=system-enablement-ci-bot
++password=jenkins
++url=http://localhost:8080
++query_plugins_info=False
 diff --git a/local.yaml b/local.yaml
 new file mode 100644
 index 0000000..4de3a0c
 --- /dev/null
 +++ b/local.yaml
@@ -0,0 +1,60 @@
++- project:
++    name: infrastructure
++
++    jobs-git-repo: https://git.launchpad.net/~snappy-hwe-team/snappy-hwe-snaps/+git/jenkins-jobs
++    jobs-git-repo-branch: master
++    config-git-repo: https://git.launchpad.net/~snappy-hwe-team/snappy-hwe-snaps/+git/jenkins-config
++    config-git-repo-branch: master
++
++    jenkins-instance: localhost
++
++    bot_username: system-enablement-ci-bot
++    credentials_path: /var/lib/jenkins/.launchpad.credentials
++    allowed_users: "canonical-system-enablement"
++    backend_url: http://localhost:8080/
++    blacklisted_jobs: ""
++    install_packages: ""
++    build_slaves:
++        - master
++    jobs:
++        - infrastructure-jobs
++
++- project:
++    name: system-enablement
++
++    jobs-git-repo: https://git.launchpad.net/~snappy-hwe-team/snappy-hwe-snaps/+git/jenkins-jobs
++    jobs-git-repo-branch: master
++
++    bot_username: system-enablement-ci-bot
++
++    allowed_users: "canonical-system-enablement"
++    launchpad_project: "snappy-hwe-snaps"
++    launchpad_team: "snappy-hwe-team"
++
++    update_mps: false
++    run_tests: false
++    build_on_launchpad: false
++    trigger_ci: false
++    auto_merge: false
++
++    build_architectures: [amd64]
++
++    all_slaves:
++        - master
++    build_slaves:
++        - master
++
++    blacklisted_jobs: ""
++
++    remote_worker: ""
++    remote_user: ""
++
++    nightly_architectures: []
++    nightly_core_channels: []
++    nightly_snaps: []
++
++    base_snap_repo_url: 'https://git.launchpad.net/~snappy-hwe-team/snappy-hwe-snaps/+git'
++
++    jobs:
++        - snap-project-jobs
++        - image-project-jobs
 diff --git a/run-tests.sh b/run-tests.sh
 index 3e02fc5..83cf437 100755
 --- a/run-tests.sh
 +++ b/run-tests.sh
@@ -1,4 +1,5 @@
  #!/bin/sh
++<<<<<<< run-tests.sh
+ #
  # Copyright (C) 2016 Canonical Ltd
+ #
@@ -74,3 +75,6 @@ fi
  echo "INFO: Executing tests runner"
  cd $TESTS_EXTRAS_PATH && ./tests-runner.sh "$@" "$EXTRA_ARGS"
++=======
++echo "Nothing yet!"
++>>>>>>> run-tests.sh
 diff --git a/tools/automerge-mps.py b/tools/automerge-mps.py
 new file mode 100755
 index 0000000..8699dd8
 --- /dev/null
 +++ b/tools/automerge-mps.py
@@ -0,0 +1,152 @@
++#!/usr/bin/env python
++# -*- Mode:Python; indent-tabs-mode:nil; tab-width:4 -*-
++#
++# Copyright (C) 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++from launchpadlib.launchpad import Launchpad
++import os
++import sys
++import yaml
++import git
++import shutil
++import se_utils
++
++from argparse import ArgumentParser
++
++parser = ArgumentParser(description="Trigger snap builds for pending merge proposals")
++parser.add_argument('-p', '--project', required=True,
++                    help="Launchpad project to check for merge-proposals")
++
++args = vars(parser.parse_args())
++
++class LaunchpadVote():
++    APPROVE = 'Approve'
++    DISAPPROVE = 'Disapprove'
++    NEEDS_FIXING = 'Needs Fixing'
++
++def load_config():
++    files = [os.path.expanduser('~/.jlp/jlp.config'), 'jlp.config']
++    for config_file in files:
++        try:
++            config = yaml.safe_load(open(config_file, 'r'))
++            return config
++        except IOError:
++            pass
++    print("ERROR: No config file found")
++    sys.exit(1)
++
++def get_config_option(name):
++    config = load_config()
++    return config[name]
++
++def clean_branch_name(branch_name):
++    if branch_name.startswith("refs/heads/"):
++        return branch_name[11:]
++    return branch_name
++
++def correct_ssh_url(url):
++    if not url.startswith("git+ssh://"):
++        return url
++    new_url = "git+ssh://system-enablement-ci-bot@%s" % url[10:]
++    return new_url
++
++
++def try_merge(proposal, target_repo, target_branch, source_repo, source_branch):
++    source_git_url=source_repo.git_https_url
++    # If we're operating with a private git repository we have to use the
++    # SSH url. Otherwise we try to avoid that to not cause any damage on
++    # the source repository.
++    if source_git_url == None:
++        source_git_url = source_repo.git_ssh_url
++
++    print("Trying to merge %s:%s into %s:%s" % (source_git_url, source_branch, target_repo.git_ssh_url, target_branch))
++
++    repo_path = os.path.join(os.environ["WORKSPACE"], "repo")
++    if os.path.exists(repo_path):
++        shutil.rmtree(repo_path)
++
++    repo = git.Repo.clone_from(correct_ssh_url(target_repo.git_ssh_url), repo_path, branch=target_branch)
++    source_remote = repo.create_remote("source", source_git_url)
++    source_remote.fetch()
++
++    repo.git.config("user.name", "System Enablement CI Bot")
++    # FIXME: What is the real email address of the bot?
++    repo.git.config("user.email", "ce-system-enablement@lists.canonical.com")
++
++    registrant_name = proposal.registrant.display_name
++    try:
++        registrant_mail = proposal.registrant.preferred_email_address.email
++    except Exception as e:
++        print("WARNING: cannot get e-mail for %s (%s)" % (registrant_name, e))
++        registrant_mail="(unknown e-mail)"
++
++    repo.git.merge("--no-ff",
++                   "-m", "Merge remote tracking branch %s" % (source_branch),
++                   "-m", "Merge-Proposal: %s" % proposal.web_link,
++                   "-m", "Author: %s <%s>" % (registrant_name, registrant_mail),
++                   "-m", "%s" % proposal.description,
++                   "source/%s" % source_branch)
++
++    repo.git.push("origin", target_branch)
++
++def get_last_mp_vote(mp):
++    for vote in mp.votes:
++        if not vote.comment:
++            continue
++        if vote.review_type == "continuous-integration" and vote.comment:
++            return vote.comment.vote
++    return None
++
++def mp_is_disapproved(mp):
++    for vote in mp.votes:
++        if vote.comment and vote.comment.vote == LaunchpadVote.DISAPPROVE:
++            return True
++    return False
++
++lp_app = get_config_option("lp_app")
++lp_env = get_config_option("lp_env")
++credential_store_path = get_config_option('credential_store_path')
++launchpad = se_utils.get_launchpad(None, credential_store_path, lp_app, lp_env)
++
++project = launchpad.projects[args['project']]
++proposals = project.getMergeProposals(status=['Approved'])
++
++failed_merges = 0
++
++print("Found %d candidate merge proposals" % len(proposals))
++
++for proposal in proposals:
++    if get_last_mp_vote(proposal) != LaunchpadVote.APPROVE:
++        print("Not merging %s as not approved by CI" % proposal.web_link)
++        continue
++
++    if mp_is_disapproved(proposal):
++        print("Not merging %s as at least one reviewer has disapproved the change" % proposal.web_link)
++        continue
++
++    print("Found proposal which is ready for merging: %s" % proposal.web_link)
++
++    try:
++        try_merge(proposal,
++                  launchpad.load(proposal.target_git_repository_link),
++                  clean_branch_name(proposal.target_git_path),
++                  launchpad.load(proposal.source_git_repository_link),
++                  clean_branch_name(proposal.source_git_path))
++    except Exception as e:
++        print("ERROR: Failed to merge %s (%s)" % (proposal.web_link, e))
++        failed_merges += 1
++
++if failed_merges > 0:
++    sys.exit(1)
 diff --git a/tools/build-rootfs-create b/tools/build-rootfs-create
 new file mode 100755
 index 0000000..9a9f9ce
 --- /dev/null
 +++ b/tools/build-rootfs-create
@@ -0,0 +1,26 @@
++#!/bin/bash
++#
++# Copyright (C) 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++set -x
++set -e
++
++SERIES=$1
++TARBALL=$2
++
++mkdir -p rootfs
++debootstrap --components=main,universe $SERIES rootfs
++tar cf $TARBALL rootfs
++rm -rf rootfs
 diff --git a/tools/common.sh b/tools/common.sh
 new file mode 100755
 index 0000000..c30d2d7
 --- /dev/null
 +++ b/tools/common.sh
@@ -0,0 +1,93 @@
++#!/bin/sh -ex
++#
++# Copyright (C) 2017 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++# Set common variables used by the jenkins jobs
++set_jenkins_env ()
++{
++    SSH_PATH="${JENKINS_HOME}/.ssh/"
++    SSH_KEY_PATH="${SSH_PATH}/bazaar.launchpad.net/system-enablement-ci-bot"
++
++    SSH="ssh -i $SSH_KEY_PATH/id_rsa $REMOTE_USER@$REMOTE_WORKER"
++    SCP="scp -i $SSH_KEY_PATH/id_rsa"
++
++    REPO=https://git.launchpad.net/~snappy-hwe-team/snappy-hwe-snaps/+git/$CI_REPO
++    BRANCH=$CI_BRANCH
++
++    # If no CI repo/branch is set fallback to the source repo/branch set
++    # which will be the case for those repositories which don't contain
++    # a snap.
++    if [ -z "$CI_REPO" ]; then
++        REPO=$SOURCE_GIT_REPO
++        BRANCH=$SOURCE_GIT_REPO_BRANCH
++    fi
++
++    REMOTE_WORKSPACE=/home/$REMOTE_USER/$BUILD_TAG
++    REMOTE_RESULTS_BASE_DIR=/home/$REMOTE_USER/results
++}
++
++# Sets variables
++# TEST_TYPE={script, spread}
++# HW_TESTS_RESULT={0, !=0} -> {has hw tests, does not have hw tests}
++# FIXME Maybe depending on context the call to clone could be avoided
++set_test_type ()
++{
++    tmp_srcdir=$(mktemp -d)
++
++    # We use FAIL to make sure we do not exit until we free tmp_srcdir
++    FAIL=no
++    git clone --depth 1 -b "$BRANCH" "$REPO" "$tmp_srcdir"/src || FAIL=yes
++    cd "$tmp_srcdir"/src || FAIL=yes
++
++    TEST_TYPE=none
++    if [ -e "$tmp_srcdir/src/spread.yaml" ]; then
++        TEST_TYPE=spread
++    fi
++    # run-tests.sh gets priority over spread.yaml
++    if [ -e "$tmp_srcdir/src/run-tests.sh" ]; then
++        TEST_TYPE=script
++    fi
++
++    # TODO: Use https://github.com/0k/shyaml in the future for this
++    if grep -q "type: adhoc" spread.yaml; then
++        HW_TESTS_RESULT=0
++    else
++        HW_TESTS_RESULT=1
++    fi
++
++    # Components have the ability to disable CI tests if they can't provide any.
++    # This is only accepted in a few cases and should be generally avoided.
++    CI_TESTS_DISABLED=no
++    if [ -e "$tmp_srcdir"/src/.ci_tests_disabled ]; then
++        CI_TESTS_DISABLED=yes
++    fi
++
++    rm -rf "$tmp_srcdir"
++
++    if [ "$FAIL" = yes ]; then
++        echo "ERROR: critical in set_test_type()"
++        exit 1
++    fi
++
++    if [ "$CI_TESTS_DISABLED" = yes ]; then
++        echo "WARNING: Component has no CI tests so not running anything here"
++        exit 0
++    fi
++
++    if [ "$TEST_TYPE" = none ]; then
++        echo "ERROR: missing spread or script tests: you must provide one of them"
++        exit 1
++    fi
++}
 diff --git a/tools/delete-ci-repo.py b/tools/delete-ci-repo.py
 new file mode 100755
 index 0000000..35c762d
 --- /dev/null
 +++ b/tools/delete-ci-repo.py
@@ -0,0 +1,45 @@
++#!/usr/bin/env python
++#
++# Copyright (C) 2017 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++from launchpadlib.launchpad import Launchpad
++
++from argparse import ArgumentParser
++
++import se_utils
++
++print("Running delete-ci-repo")
++
++parser = ArgumentParser(description="Delete a git repository stored in launchpad")
++parser.add_argument('--git-repo', help="Git repository to be deleted")
++
++args = vars(parser.parse_args())
++
++git_repo = args['git_repo']
++ind = git_repo.find('~')
++if ind == -1:
++    print("Bad git repo {}".format(git_repo))
++    exit(1)
++
++lp_repo = git_repo[ind:]
++
++lp_app = se_utils.get_config_option("lp_app")
++lp_env = se_utils.get_config_option("lp_env")
++credential_store_path = se_utils.get_config_option('credential_store_path')
++launchpad = se_utils.get_launchpad(None, credential_store_path, lp_app, lp_env)
++
++repo = launchpad.git_repositories.getByPath(path=lp_repo)
++print("Removing {}".format(lp_repo))
++repo.lp_delete()
 diff --git a/tools/hardware-test.sh b/tools/hardware-test.sh
 new file mode 100755
 index 0000000..41eee60
 --- /dev/null
 +++ b/tools/hardware-test.sh
@@ -0,0 +1,112 @@
++#!/bin/sh -ex
++#
++# Copyright (C) 2017 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++# Runs tests on real HW. Requires set_jenkins_env and set_test_type to have
++# already run.
++run_hardware_tests ()
++{
++    TEST_RESULTS=test_results
++
++    # Just dragonboard for the moment
++    DRAGONBOARD_TEST=testflinger-dragonboard.yaml
++
++    # We use jq to process testflinger output
++    if ! which jq; then
++        sudo apt install --yes --allow-downgrades --allow-remove-essential \
++             --allow-change-held-packages jq
++    fi
++
++    # Initially the device has a password-less ubuntu user. But spread needs a
++    # user with a password, so we use the DEVICE_USER/DEVICE_PASSWORD pair to
++    # create it.  Note: {device_ip} gets substituted by testflinger.
++    DEVICE_USER=test
++    DEVICE_PASSWORD=test
++    DEVICE_SSH="ssh -q -o UserKnownHostsFile=/dev/null
++            -o StrictHostKeyChecking=no -p 22 ubuntu@{device_ip}"
++
++    if [ "$TEST_TYPE" = script ]; then
++        TEST_COMMAND="./run-tests.sh --spread-system=hw-ubuntu-core-16
++             --external-address={device_ip}:22 --external-user=$DEVICE_USER
++             --external-password=$DEVICE_PASSWORD --debug"
++    else
++        TEST_COMMAND="export SPREAD_EXTERNAL_ADDRESS={device_ip}:22 &&
++             export SPREAD_EXTERNAL_USER=$DEVICE_USER &&
++             export SPREAD_EXTERNAL_PASSWORD=$DEVICE_PASSWORD &&
++             ./spread -vv external:hw-ubuntu-core-16"
++    fi
++
++    cd "$WORKSPACE"
++
++    # Run testflinger from our bare metal server so we can install it
++
++    $SSH mkdir -p "$REMOTE_WORKSPACE"
++
++    # If the snap has been built, copy over
++    if [ -n "$RESULTS_ID" ]; then
++        set +x
++        # We need to flatten the key here to avoid issues with yaml parsing
++        SSH_KEY_DATA=$(tr '\n:' '?!' < "$SSH_KEY_PATH"/id_rsa)
++        set -x
++    fi
++
++    cat << EOF > "$WORKSPACE"/"$DRAGONBOARD_TEST"
++job_queue: dragonboard
++provision_data:
++  channel: stable
++test_data:
++  test_cmds:
++    - git clone --depth 1 -b $BRANCH $REPO src
++    - cd src && curl -s -O https://niemeyer.s3.amazonaws.com/spread-amd64.tar.gz && tar xzvf spread-amd64.tar.gz
++    - $DEVICE_SSH "sudo adduser --extrausers --quiet --disabled-password --gecos '' $DEVICE_USER"
++    - $DEVICE_SSH "echo $DEVICE_USER:$DEVICE_PASSWORD | sudo chpasswd"
++    - $DEVICE_SSH "echo '$DEVICE_USER ALL=(ALL) NOPASSWD:ALL' | sudo tee /etc/sudoers.d/create-user-test"
++    - if [ -n $RESULTS_ID ]; then set +x; echo "$SSH_KEY_DATA" | tr '?!' '\n:' > ssh_key; set -x; chmod 600 ssh_key; scp -i ssh_key $REMOTE_USER@$REMOTE_WORKER:$REMOTE_RESULTS_BASE_DIR/$RESULTS_ID/*.snap src/; fi
++    - cd src && export PATH=$PATH:\$(pwd) && $TEST_COMMAND
++EOF
++
++    $SCP "$WORKSPACE"/"$DRAGONBOARD_TEST" "$REMOTE_USER"@"$REMOTE_WORKER":"$REMOTE_WORKSPACE"/
++
++    $SSH << EOF
++#!/bin/sh
++set -ex
++
++cd $REMOTE_WORKSPACE
++if ! which virtualenv; then
++    sudo apt install --yes --allow-downgrades --allow-remove-essential --allow-change-held-packagesvirtualenv
++fi
++
++git clone https://git.launchpad.net/testflinger-cli
++cd testflinger-cli
++virtualenv -p python3 env
++. env/bin/activate
++./setup.py install
++
++JOB_ID=\$(testflinger-cli submit -q $REMOTE_WORKSPACE/$DRAGONBOARD_TEST)
++echo "JOB_ID: \${JOB_ID}"
++
++testflinger-cli poll \${JOB_ID}
++testflinger-cli results \${JOB_ID} > $REMOTE_WORKSPACE/$TEST_RESULTS
++EOF
++
++    $SCP "$REMOTE_USER"@"$REMOTE_WORKER":"$REMOTE_WORKSPACE"/"$TEST_RESULTS" "$WORKSPACE"/
++
++    $SSH sudo rm -rf "$REMOTE_WORKSPACE"
++
++    TEST_STATUS=$(jq -r .test_status "$WORKSPACE"/"$TEST_RESULTS")
++    echo "Test exit status: $TEST_STATUS"
++
++    return "$TEST_STATUS"
++}
 diff --git a/tools/se_utils/__init__.py b/tools/se_utils/__init__.py
 new file mode 100644
 index 0000000..280450c
 --- /dev/null
 +++ b/tools/se_utils/__init__.py
@@ -0,0 +1,122 @@
++#!/usr/bin/env python
++# -*- Mode:Python; indent-tabs-mode:nil; tab-width:4 -*-
++#
++# Copyright (C) 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++import atexit
++import sys
++import time
++import logging
++import os
++import yaml
++from shutil import rmtree
++from launchpadlib.credentials import RequestTokenAuthorizationEngine
++from lazr.restfulclient.errors import HTTPError
++from launchpadlib.launchpad import Launchpad
++from launchpadlib.credentials import UnencryptedFileCredentialStore
++
++ACCESS_TOKEN_POLL_TIME = 10
++WAITING_FOR_USER = """Open this link:
++{}
++to authorize this program to access Launchpad on your behalf.
++Waiting to hear from Launchpad about your decision. . . ."""
++
++
++class AuthorizeRequestTokenWithConsole(RequestTokenAuthorizationEngine):
++    """Authorize a token in a server environment (with no browser).
++
++    Print a link for the user to copy-and-paste into his/her browser
++    for authentication.
++    """
++
++    def __init__(self, *args, **kwargs):
++        # as implemented in AuthorizeRequestTokenWithBrowser
++        kwargs['consumer_name'] = None
++        kwargs.pop('allow_access_levels', None)
++        super(AuthorizeRequestTokenWithConsole, self).__init__(*args, **kwargs)
++
++    def make_end_user_authorize_token(self, credentials, request_token):
++        """Ask the end-user to authorize the token in their browser.
++
++        """
++        authorization_url = self.authorization_url(request_token)
++        print WAITING_FOR_USER.format(authorization_url)
++        # if we don't flush we may not see the message
++        sys.stdout.flush()
++        while credentials.access_token is None:
++            time.sleep(ACCESS_TOKEN_POLL_TIME)
++            try:
++                credentials.exchange_request_token_for_access_token(
++                    self.web_root)
++                break
++            except HTTPError, e:
++                if e.response.status == 403:
++                    # The user decided not to authorize this
++                    # application.
++                    raise e
++                elif e.response.status == 401:
++                    # The user has not made a decision yet.
++                    pass
++                else:
++                    # There was an error accessing the server.
++                    raise e
++
++# launchpadlib is not thread/process safe so we are creating launchpadlib
++# cache in /tmp per process which gets cleaned up at the end
++# see also lp:459418 and lp:1025153
++launchpad_cachedir = os.path.join('/tmp', str(os.getpid()), '.launchpadlib')
++
++# `launchpad_cachedir` is leaked upon unexpected exits
++# adding this cleanup to stop directories filling up `/tmp/`
++atexit.register(rmtree, os.path.join('/tmp',
++                str(os.getpid())),
++                ignore_errors=True)
++
++
++def get_launchpad(launchpadlib_dir=None, credential_store_path=None, lp_app=None, lp_env=None):
++    """ return a launchpad API class. In case launchpadlib_dir is
++    specified used that directory to store launchpadlib cache instead of
++    the default """
++    store = UnencryptedFileCredentialStore(credential_store_path)
++    authorization_engine = AuthorizeRequestTokenWithConsole(lp_env, lp_app)
++    lib_dir=launchpad_cachedir
++    if launchpadlib_dir != None:
++        lib_dir = launchpadlib_dir
++    return Launchpad.login_with(lp_app, lp_env,
++                                credential_store=store,
++                                authorization_engine=authorization_engine,
++                                launchpadlib_dir=lib_dir,
++                                version='devel')
++
++# Load configuration for the current agent we're running on. All agents were
++# provisioned when they were setup with a proper configuration. See
++# https://wiki.canonical.com/InformationInfrastructure/Jenkaas/UserDocs for
++# more details.
++def load_config():
++    files = [os.path.expanduser('~/.jlp/jlp.config'), 'jlp.config']
++    for config_file in files:
++        try:
++            config = yaml.safe_load(open(config_file, 'r'))
++            return config
++        except IOError:
++            pass
++    print("ERROR: No config file found")
++    sys.exit(1)
++
++# Return a configuration option from the agent configuration specified by the
++# name argument.
++def get_config_option(name):
++    config = load_config()
++    return config[name]
 diff --git a/tools/se_utils/__init__.pyc b/tools/se_utils/__init__.pyc
 new file mode 100644
 index 0000000..f1be9ca
 Binary files /dev/null and b/tools/se_utils/__init__.pyc differ
 diff --git a/tools/shyaml b/tools/shyaml
 new file mode 100755
 index 0000000..e4618ec
 --- /dev/null
 +++ b/tools/shyaml
@@ -0,0 +1,454 @@
++#!/usr/bin/env python
++
++# Taken from upstream git repository https://github.com/0k/shyaml
++# at revision d77e30599a0971c51896ef97d21883550e7e9979
++
++## Note: to launch test, you can use:
++##   python -m doctest -d shyaml.py
++## or
++##   nosetests
++
++from __future__ import print_function
++
++import sys
++import yaml
++import os.path
++import re
++
++PY3 = sys.version_info[0] >= 3
++
++EXNAME = os.path.basename(sys.argv[0])
++
++USAGE = """\
++Usage:
++
++    %(exname)s (-h|--help)
++    %(exname)s [-y|--yaml] ACTION KEY [DEFAULT]
++""" % {"exname": EXNAME}
++
++HELP = """
++Parses and output chosen subpart or values from YAML input.
++It reads YAML in stdin and will output on stdout it's return value.
++
++%(usage)s
++
++Options:
++
++    -y, --yaml
++              Output only YAML safe value, more precisely, even
++              literal values will be YAML quoted. This behavior
++              is required if you want to output YAML subparts and
++              further process it. If you know you have are dealing
++              with safe literal value, then you don't need this.
++              (Default: no safe YAML output)
++
++    ACTION    Depending on the type of data you've targetted
++              thanks to the KEY, ACTION can be:
++
++              These ACTIONs applies to any YAML type:
++
++                get-type          ## returns a short string
++                get-value         ## returns YAML
++
++              This ACTION applies to 'sequence' and 'struct' YAML type:
++
++                get-values{,-0}   ## return list of YAML
++
++              These ACTION applies to 'struct' YAML type:
++
++                keys{,-0}         ## return list of YAML
++                values{,-0}       ## return list of YAML
++                key-values,{,-0}  ## return list of YAML
++
++              Note that any value returned is returned on stdout, and
++              when returning ``list of YAML``, it'll be separated by
++              ``\\n`` or ``NUL`` char depending of you've used the
++              ``-0`` suffixed ACTION.
++
++    KEY       Identifier to browse and target subvalues into YAML
++              structure. Use ``.`` to parse a subvalue. If you need
++              to use a literal ``.`` or ``\``, use ``\`` to quote it.
++
++              Use struct keyword to browse ``struct`` YAML data and use
++              integers to browse ``sequence`` YAML data.
++
++    DEFAULT   if not provided and given KEY do not match any value in
++              the provided YAML, then DEFAULT will be returned. If no
++              default is provided and the KEY do not match any value
++              in the provided YAML, %(exname)s will fail with an error
++              message.
++
++Examples:
++
++     ## get last grocery
++     cat recipe.yaml       | %(exname)s get-value groceries.-1
++
++     ## get all words of my french dictionary
++     cat dictionaries.yaml | %(exname)s keys-0 french.dictionary
++
++     ## get YAML config part of 'myhost'
++     cat hosts_config.yaml | %(exname)s get-value cfgs.myhost
++
++""" % {"exname": EXNAME, "usage": USAGE}
++
++##
++## Keep previous order in YAML
++##
++
++try:
++    # included in standard lib from Python 2.7
++    from collections import OrderedDict
++except ImportError:
++    # try importing the backported drop-in replacement
++    # it's available on PyPI
++    from ordereddict import OrderedDict
++
++
++## Ensure that there are no collision with legacy OrderedDict
++## that could be used for omap for instance.
++class MyOrderedDict(OrderedDict):
++    pass
++
++yaml.add_representer(
++    MyOrderedDict,
++    lambda cls, data: cls.represent_dict(data.items()))
++
++
++def construct_omap(cls, node):
++    ## Force unfolding reference and merges
++    ## otherwise it would fail on 'merge'
++    cls.flatten_mapping(node)
++    return MyOrderedDict(cls.construct_pairs(node))
++
++
++yaml.add_constructor(
++    yaml.resolver.BaseResolver.DEFAULT_MAPPING_TAG,
++    construct_omap)
++
++
++##
++## Key specifier
++##
++
++def tokenize(s):
++    r"""Returns an iterable through all subparts of string splitted by '.'
++
++    So:
++
++        >>> list(tokenize('foo.bar.wiz'))
++        ['foo', 'bar', 'wiz']
++
++    Contrary to traditional ``.split()`` method, this function has to
++    deal with any type of data in the string. So it actually
++    interprets the string. Characters with meaning are '.' and '\'.
++    Both of these can be included in a token by quoting them with '\'.
++
++    So dot of slashes can be contained in token:
++
++        >>> print('\n'.join(tokenize(r'foo.dot<\.>.slash<\\>')))
++        foo
++        dot<.>
++        slash<\>
++
++    Notice that empty keys are also supported:
++
++        >>> list(tokenize(r'foo..bar'))
++        ['foo', '', 'bar']
++
++    Given an empty string:
++
++        >>> list(tokenize(r''))
++        ['']
++
++    And a None value:
++
++        >>> list(tokenize(None))
++        []
++
++    """
++    if s is None:
++        raise StopIteration
++    tokens = (re.sub(r'\\(\\|\.)', r'\1', m.group(0))
++              for m in re.finditer(r'((\\.|[^.\\])*)', s))
++    ## an empty string superfluous token is added after all non-empty token
++    for token in tokens:
++        if len(token) != 0:
++            next(tokens)
++        yield token
++
++
++def mget(dct, key):
++    r"""Allow to get values deep in recursive dict with doted keys
++
++    Accessing leaf values is quite straightforward:
++
++        >>> dct = {'a': {'x': 1, 'b': {'c': 2}}}
++        >>> mget(dct, 'a.x')
++        1
++        >>> mget(dct, 'a.b.c')
++        2
++
++    But you can also get subdict if your key is not targeting a
++    leaf value:
++
++        >>> mget(dct, 'a.b')
++        {'c': 2}
++
++    As a special feature, list access is also supported by providing a
++    (possibily signed) integer, it'll be interpreted as usual python
++    sequence access using bracket notation:
++
++        >>> mget({'a': {'x': [1, 5], 'b': {'c': 2}}}, 'a.x.-1')
++        5
++        >>> mget({'a': {'x': 1, 'b': [{'c': 2}]}}, 'a.b.0.c')
++        2
++
++    Keys that contains '.' can be accessed by escaping them:
++
++        >>> dct = {'a': {'x': 1}, 'a.x': 3, 'a.y': 4}
++        >>> mget(dct, 'a.x')
++        1
++        >>> mget(dct, r'a\.x')
++        3
++        >>> mget(dct, r'a.y')  ## doctest: +IGNORE_EXCEPTION_DETAIL
++        Traceback (most recent call last):
++        ...
++        MissingKeyError: missing key 'y' in dict.
++        >>> mget(dct, r'a\.y')
++        4
++
++    As a consequence, if your key contains a '\', you should also escape it:
++
++        >>> dct = {r'a\x': 3, r'a\.x': 4, 'a.x': 5, 'a\\': {'x': 6}}
++        >>> mget(dct, r'a\\x')
++        3
++        >>> mget(dct, r'a\\\.x')
++        4
++        >>> mget(dct, r'a\\.x')
++        6
++        >>> mget({'a\\': {'b': 1}}, r'a\\.b')
++        1
++        >>> mget({r'a.b\.c': 1}, r'a\.b\\\.c')
++        1
++
++    And even empty strings key are supported:
++
++        >>> dct = {r'a': {'': {'y': 3}, 'y': 4}, 'b': {'': {'': 1}}, '': 2}
++        >>> mget(dct, r'a..y')
++        3
++        >>> mget(dct, r'a.y')
++        4
++        >>> mget(dct, r'')
++        2
++        >>> mget(dct, r'b..')
++        1
++
++    It will complain if you are trying to get into a leaf:
++
++        >>> mget({'a': 1}, 'a.y')   ## doctest: +IGNORE_EXCEPTION_DETAIL
++        Traceback (most recent call last):
++        ...
++        NonDictLikeTypeError: can't query subvalue 'y' of a leaf...
++
++    if the key is None, the whole dct should be sent back:
++
++        >>> mget({'a': 1}, None)
++        {'a': 1}
++
++    """
++    return aget(dct, tokenize(key))
++
++
++class MissingKeyError(KeyError):
++    """Raised when querying a dict-like structure on non-existing keys"""
++
++    def __str__(self):
++        return self.message
++
++
++class NonDictLikeTypeError(TypeError):
++    """Raised when attempting to traverse non-dict like structure"""
++
++
++class IndexNotIntegerError(ValueError):
++    """Raised when attempting to traverse sequence without using an integer"""
++
++
++class IndexOutOfRange(IndexError):
++    """Raised when attempting to traverse sequence without using an integer"""
++
++
++def aget(dct, key):
++    r"""Allow to get values deep in a dict with iterable keys
++
++    Accessing leaf values is quite straightforward:
++
++        >>> dct = {'a': {'x': 1, 'b': {'c': 2}}}
++        >>> aget(dct, ('a', 'x'))
++        1
++        >>> aget(dct, ('a', 'b', 'c'))
++        2
++
++    If key is empty, it returns unchanged the ``dct`` value.
++
++        >>> aget({'x': 1}, ())
++        {'x': 1}
++
++    """
++    key = iter(key)
++    try:
++        head = next(key)
++    except StopIteration:
++        return dct
++
++    if isinstance(dct, list):
++        try:
++            idx = int(head)
++        except ValueError:
++            raise IndexNotIntegerError(
++                "non-integer index %r provided on a list."
++                % head)
++        try:
++            value = dct[idx]
++        except IndexError:
++            raise IndexOutOfRange(
++                "index %d is out of range (%d elements in list)."
++                % (idx, len(dct)))
++    else:
++        try:
++            value = dct[head]
++        except KeyError:
++            ## Replace with a more informative KeyError
++            raise MissingKeyError(
++                "missing key %r in dict."
++                % (head, ))
++        except:
++            raise NonDictLikeTypeError(
++                "can't query subvalue %r of a leaf%s."
++                % (head,
++                   (" (leaf value is %r)" % dct)
++                   if len(repr(dct)) < 15 else ""))
++    return aget(value, key)
++
++
++def stderr(msg):
++    """Convenience function to write short message to stderr."""
++    sys.stderr.write(msg)
++
++
++def stdout(value):
++    """Convenience function to write short message to stdout."""
++    sys.stdout.write(value)
++
++
++def die(msg, errlvl=1, prefix="Error: "):
++    """Convenience function to write short message to stderr and quit."""
++    stderr("%s%s\n" % (prefix, msg))
++    sys.exit(errlvl)
++
++SIMPLE_TYPES = (str if PY3 else basestring, int, float, type(None))
++COMPLEX_TYPES = (list, dict)
++
++
++def magic_dump(value):
++    """Returns a representation of values directly usable by bash.
++
++    Literal types are printed as-is (avoiding quotes around string for
++    instance). But complex type are written in a YAML useable format.
++
++    """
++    return value if isinstance(value, SIMPLE_TYPES) \
++        else yaml.dump(value, default_flow_style=False)
++
++def yaml_dump(value):
++    """Returns a representation of values directly usable by bash.
++
++    Literal types are quoted and safe to use as YAML.
++
++    """
++    return yaml.dump(value, default_flow_style=False)
++
++
++def type_name(value):
++    """Returns pseudo-YAML type name of given value."""
++    return "struct" if isinstance(value, dict) else \
++        "sequence" if isinstance(value, (tuple, list)) else \
++        type(value).__name__
++
++
++def main(args):  ## pylint: disable=too-many-branches
++    """Entrypoint of the whole application"""
++
++    if len(args) == 0:
++        stderr("Error: Bad number of arguments.\n")
++        die(USAGE, errlvl=1, prefix="")
++
++    if len(args) == 1 and args[0] in ("-h", "--help"):
++        stdout(HELP)
++        exit(0)
++
++    dump = magic_dump
++    for arg in ["-y", "--yaml"]:
++        if arg in args:
++            args.remove(arg)
++            dump = yaml_dump
++
++    action = args[0]
++    key_value = None if len(args) == 1 else args[1]
++    default = args[2] if len(args) > 2 else None
++    contents = yaml.load(sys.stdin)
++
++    try:
++        try:
++            value = mget(contents, key_value)
++        except (IndexOutOfRange, MissingKeyError):
++            if default is None:
++                raise
++            value = default
++    except (IndexOutOfRange, MissingKeyError,
++            NonDictLikeTypeError, IndexNotIntegerError) as exc:
++        msg = str(exc.message)
++        die("invalid path %r, %s"
++            % (key_value,
++               msg.replace('list', 'sequence').replace('dict', 'struct')))
++
++    tvalue = type_name(value)
++    termination = "\0" if action.endswith("-0") else "\n"
++
++    if action == "get-value":
++        print(dump(value), end='')
++    elif action in ("get-values", "get-values-0"):
++        if isinstance(value, dict):
++            for k, v in value.iteritems():
++                stdout("%s%s%s%s" % (dump(k), termination,
++                                     dump(v), termination))
++        elif isinstance(value, list):
++            for l in value:
++                stdout("%s%s" % (dump(l), termination))
++        else:
++            die("%s does not support %r type. "
++                "Please provide or select a sequence or struct."
++                % (action, tvalue))
++    elif action == "get-type":
++        print(tvalue)
++    elif action in ("keys", "keys-0",
++                    "values", "values-0",
++                    "key-values", "key-values-0"):
++        if isinstance(value, dict):
++            method = value.keys if action.startswith("keys") else \
++                     value.items if action.startswith("key-values") else \
++                     value.values
++            output = (lambda x: termination.join(str(dump(e)) for e in x)) \
++                     if action.startswith("key-values") else \
++                     dump
++            for k in method():
++                stdout("%s%s" % (output(k), termination))
++        else:
++            die("%s does not support %r type. "
++                "Please provide or select a struct." % (action, tvalue))
++    else:
++        die("Invalid argument.\n%s" % USAGE)
++
++
++if __name__ == "__main__":
++    sys.exit(main(sys.argv[1:]))
 diff --git a/tools/snapbuild.sh b/tools/snapbuild.sh
 new file mode 100755
 index 0000000..53b4518
 --- /dev/null
 +++ b/tools/snapbuild.sh
@@ -0,0 +1,192 @@
++#!/bin/sh
++#
++# Copyright (C) 2017 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++set -ex
++
++if [ "$(id -u)" -ne 0 ]; then
++	echo "ERROR: You have to run this script as root!"
++	exit 1
++fi
++
++SERIES=xenial
++SOURCE_DIR=
++RESULTS_DIR=
++# Whenever you change the chroot in a way which needs a regeneration
++# on the build server bump the version here. This will tell the
++# job which updates the chroots to generate a new one.
++CHROOT_VERSION=1
++BUILD_ARCH=amd64
++TARGET_ARCH=amd64
++UPDATE_CHROOT=false
++PROXY=
++CROSS_BUILD=false
++SNAPCRAFT_EXTRA_ARGS=
++
++while [ -n "$1" ]; do
++	case "$1" in
++		--series=*)
++			SERIES=${1#*=}
++			shift
++			;;
++		--source-dir=*)
++			SOURCE_DIR=${1#*=}
++			shift
++			;;
++		--results-dir=*)
++			RESULTS_DIR=${1#*=}
++			shift
++			;;
++		--arch=*)
++			TARGET_ARCH=${1#*=}
++			BUILD_ARCH=$TARGET_ARCH
++			shift
++			;;
++		--update-chroot)
++			UPDATE_CHROOT=true
++			shift
++			;;
++		--proxy=*)
++			PROXY=${1#*=}
++			shift
++			;;
++		--cross-build)
++			CROSS_BUILD=true
++			shift
++			;;
++		*)
++			echo "ERROR: Unknown options $1"
++			exit 1
++	esac
++done
++
++if [ -z "$SERIES" ]; then
++	echo "ERROR: No series specified"
++	exit 1
++fi
++
++# If we're cross-building we have to switch the architecture we're using
++# for our build environment to match our host arch.
++if [ "$CROSS_BUILD" = true ]; then
++	BUILD_ARCH=$(dpkg --print-architecture)
++fi
++
++CHROOT_STORE_PATH=/build/chroots
++CHROOT_TARBALL=$SERIES-$BUILD_ARCH-$CHROOT_VERSION-rootfs.tar
++
++if [ "$UPDATE_CHROOT" = true ]; then
++	if [ ! -e $CHROOT_STORE_PATH/$CHROOT_TARBALL ] ; then
++		mkdir -p /build/chroots
++		WORKDIR=$(mktemp -d)
++		mkdir -p $WORKDIR/rootfs
++
++		DEBOOTSTRAP=debootstrap
++		DEB_REPO_URL=
++		case "$BUILD_ARCH" in
++			amd64)
++				DEB_REPO_URL="http://archive.ubuntu.com/ubuntu/"
++				;;
++			armhf)
++				DEBOOTSTRAP=qemu-debootstrap
++				DEB_REPO_URL="http://ports.ubuntu.com/ubuntu-ports"
++				;;
++			*)
++				echo "ERROR: Unsupported architecture $BUILD_ARCH"
++				exit 1
++				;;
++		esac
++
++		cleanup() {
++			rm -rf $WORKDIR
++		}
++
++		trap cleanup INT EXIT
++
++		$DEBOOTSTRAP --components=main,universe --arch $BUILD_ARCH $SERIES $WORKDIR/rootfs
++		cat << EOF > $WORKDIR/rootfs/etc/apt/sources.list.d/updates.list
++deb $DEB_REPO_URL xenial universe
++deb $DEB_REPO_URL xenial-updates main universe
++EOF
++		cat << EOF > $WORKDIR/rootfs/setup.sh
++#!/bin/sh
++set -ex
++apt update
++apt upgrade -y
++apt install -y snapcraft
++EOF
++		chmod +x $WORKDIR/rootfs/setup.sh
++		sudo chroot $WORKDIR/rootfs /setup.sh
++		rm $WORKDIR/rootfs/setup.sh
++
++		(cd $WORKDIR/rootfs; tar cf $CHROOT_STORE_PATH/$CHROOT_TARBALL .)
++		rm -rf $WORKDIR
++	fi
++
++	exit 0
++fi
++
++if [ -z "$SOURCE_DIR" ]; then
++	echo "ERROR: No source dir specified"
++	exit 1
++fi
++
++if [ -z "$RESULTS_DIR" ]; then
++	echo "ERROR: No results dir specified"
++	exit 1
++fi
++
++BUILDDIR=$(mktemp -d)
++
++cleanup() {
++	rm -rf $BUILDDIR
++}
++
++trap cleanup INT EXIT
++
++if [ ! -e $CHROOT_STORE_PATH/$CHROOT_TARBALL ] ; then
++	echo "ERROR: Up to date chroot tarball doesn't exist. Please run the snap-build-update-chroot job!"
++	exit 1
++fi
++
++tar xf $CHROOT_STORE_PATH/$CHROOT_TARBALL -C $BUILDDIR
++
++cp -ra $SOURCE_DIR $BUILDDIR/src
++
++if [ "$CROSS_BUILD" = true ]; then
++	SNAPCRAFT_EXTRA_ARGS="$SNAPCRAFT_EXTRA_ARGS --target-arch=$TARGET_ARCH"
++fi
++
++cat << EOF > $BUILDDIR/do-build.sh
++#!/bin/sh
++set -ex
++apt update
++apt upgrade -y
++cd /src
++
++# snapcraft is pretty unhappy when LC_ALL and LANG aren't set
++export LC_ALL=C.UTF-8
++export LANG=C.UTF-8
++
++# To access certain things like the snap store we need a proxy in place
++# in some environments
++export http_proxy=$PROXY
++export https_proxy=$PROXY
++
++snapcraft clean
++snapcraft $SNAPCRAFT_EXTRA_ARGS
++EOF
++chmod +x $BUILDDIR/do-build.sh
++
++sudo chroot $BUILDDIR /do-build.sh
 diff --git a/tools/test-snap.sh b/tools/test-snap.sh
 new file mode 100755
 index 0000000..4851645
 --- /dev/null
 +++ b/tools/test-snap.sh
@@ -0,0 +1,100 @@
++#!/bin/sh -ex
++#
++# Copyright (C) 2017 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++# Import used functions
++. "$WORKSPACE"/build-scripts/scripts/hardware-test.sh
++
++# Runs snap tests
++run_snap_tests ()
++{
++    if [ -n "$RESULTS_ID" ]; then
++        $SSH mkdir -p "$REMOTE_WORKSPACE"/results
++        $SSH cp -v "$REMOTE_RESULTS_BASE_DIR"/"$RESULTS_ID"/*.snap "$REMOTE_WORKSPACE"/results
++    fi
++
++    $SSH sudo apt-get --yes --force-yes install docker.io
++
++    cat << EOF > "$WORKSPACE"/run-tests.sh
++#!/bin/sh
++set -ex
++
++export TERM=linux
++export DEBIAN_FRONTEND=noninteractive
++export PATH=/build/bin:$PATH
++
++# At this time it's necessary to build spread manually because
++# the snapped version does not include the qemu/kvm backend.
++# Once the snapped version includes this backend, then we can
++# change the manual building of spread with making sure the snap
++# package is installed.
++export GOPATH=$(mktemp -d)
++go get -d -v github.com/snapcore/spread/...
++go build github.com/snapcore/spread/cmd/spread
++mkdir /build/bin
++cp spread /build/bin
++
++git clone --depth 1 -b $BRANCH $REPO /build/src
++cd /build/src
++
++# Copy any stage results from previous generic-build-snap-worker builds
++if [ "\$(find /build/results -path ./misc -prune -o -name '*.snap' -print | wc -l)" -gt 0 ]; then
++    cp -v /build/results/*.snap /build/src
++fi
++
++if [ -e "run-tests.sh" ] ; then
++    EXTRA_ARGS=
++    if [ -n "$CHANNEL" ] ; then
++        # If CHANNEL is specified we use that channel for image construction and
++        # also load the snap from that channel for testing.
++        EXTRA_ARGS="--test-from-channel=$CHANNEL"
++    fi
++    if [ -n "$CORE_CHANNEL" ]; then
++        EXTRA_ARGS="--channel=$CORE_CHANNEL"
++    fi
++
++    ./run-tests.sh --force-new-image \$EXTRA_ARGS
++else
++    if [ ! -z "$CHANNEL" ] ; then
++        SNAP_CHANNEL=$CHANNEL spread -v
++    else
++        spread -v
++    fi
++fi
++EOF
++
++    $SSH mkdir -p "$REMOTE_WORKSPACE"
++    $SCP "$WORKSPACE"/run-tests.sh "$REMOTE_USER"@"$REMOTE_WORKER":"$REMOTE_WORKSPACE"
++    $SSH chmod u+x "$REMOTE_WORKSPACE"/run-tests.sh
++
++    $SSH mkdir -p "$REMOTE_WORKSPACE"/docker
++    $SCP "$WORKSPACE"/build-scripts/docker/spread-tests/Dockerfile \
++         "$REMOTE_USER"@"$REMOTE_WORKER":"$REMOTE_WORKSPACE"/docker
++    $SSH time sudo docker build -t snap-spread-tests "$REMOTE_WORKSPACE"/docker
++
++    $SSH time sudo docker run \
++         --rm \
++         -v /dev:/dev \
++         -v "$REMOTE_WORKSPACE":/build \
++         --privileged \
++         snap-spread-tests /build/run-tests.sh
++
++    $SSH sudo rm -rf "$REMOTE_WORKSPACE"
++
++    # Now run tests on real hardware if defined in the backend
++    if [ "$HW_TESTS_RESULT" -eq 0 ] ; then
++        run_hardware_tests
++    fi
++}
 diff --git a/tools/trigger-ci.py b/tools/trigger-ci.py
 new file mode 100755
 index 0000000..d50c021
 --- /dev/null
 +++ b/tools/trigger-ci.py
@@ -0,0 +1,270 @@
++#!/usr/bin/env python
++# -*- Mode:Python; indent-tabs-mode:nil; tab-width:4 -*-
++#
++# Copyright (C) 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++from launchpadlib.launchpad import Launchpad
++import jenkins
++import os
++import sys
++import yaml
++import re
++from jlp import launchpadutils
++from jlp import jenkinsutils
++
++from argparse import ArgumentParser
++
++import se_utils
++
++parser = ArgumentParser(description="Trigger snap builds for pending merge proposals")
++parser.add_argument('-p', '--project', required=True,
++                    help="Launchpad project to check for new merge-proposals")
++parser.add_argument('-j', '--job', required=True,
++                    help="Jenkins job to trigger")
++parser.add_argument('-t', '--team', required=True,
++                    help="Launchpad team for the project")
++
++args = vars(parser.parse_args())
++
++lp_app = se_utils.get_config_option("lp_app")
++lp_env = se_utils.get_config_option("lp_env")
++credential_store_path = se_utils.get_config_option('credential_store_path')
++launchpad = se_utils.get_launchpad(None, credential_store_path, lp_app, lp_env)
++
++project = launchpad.projects[args['project']]
++team = args['team']
++
++proposals = project.getMergeProposals()
++
++def load_config():
++    files = [os.path.expanduser('~/.jlp/jlp.config'), 'jlp.config']
++    for config_file in files:
++        try:
++            config = yaml.safe_load(open(config_file, 'r'))
++            return config
++        except IOError:
++            pass
++    print("ERROR: No config file found")
++    sys.exit(1)
++
++def get_config_option(name):
++    config = load_config()
++    return config[name]
++
++j = jenkins.Jenkins(get_config_option('jenkins_url'),
++                    get_config_option('jenkins_user'),
++                    get_config_option('jenkins_password'))
++
++jenkins_job = args['job']
++jenkins_build_token = get_config_option('jenkins_build_token')
++
++job_info = j.get_job_info(jenkins_job)
++if not job_info['buildable']:
++    print("ERROR: Job is not buildable (propably disabled)")
++    sys.exit(1)
++
++
++def get_latest_revision(mp):
++    """Return the latest revision of the given merge proposal.
++
++    :param mp: handle to merge proposal
++    """
++    if '+git' in mp.web_link:
++        for ref in mp.source_git_repository.refs_collection:
++            if ref.path == mp.source_git_path:
++                return ref.commit_sha1
++        return str(0)
++    else:
++        return mp.source_branch.revision_count
++
++def clean_branch_name(branch_name):
++    if branch_name.startswith("refs/heads/"):
++        return branch_name[11:]
++    return branch_name
++
++def series_from_branch_name(branch_name):
++    if branch_name.startswith("vivid/"):
++        return "vivid"
++    return "xenial"
++
++def get_latest_revision(mp):
++    """Return the latest revision of the given merge proposal.
++
++    :param mp: handle to merge proposal
++    """
++    if '+git' in mp.web_link:
++        for ref in mp.source_git_repository.refs_collection:
++            if ref.path == mp.source_git_path:
++                return ref.commit_sha1
++        return str(0)
++    else:
++        return mp.source_branch.revision_count
++
++def get_review_revision_regex(mp):
++    if '+git' in mp.web_link:
++        return '^(PASSED|FAILED): Continuous integration, rev:([0-9a-f]+)'
++    else:
++        return '^(PASSED|FAILED): Continuous integration, rev:(\d+)'
++
++def get_latest_review(launchpad_user, mp):
++    """Return the latest revision reviewed by the given launchpad_user.
++
++    This function expects a review comment in the following format:
++       '^(PASSED|FAILED): Continuous integration, rev:(\d+)'
++
++    :param launchpad_user: handle to launchpad user
++    :param mp: handle to merge proposal
++    """
++    revision = 0
++    launchpad_review_type = get_config_option('launchpad_review_type')
++    for comment in mp.all_comments:
++        if comment.author.name == launchpad_user.name:
++            if comment.vote_tag == launchpad_review_type:
++                m = re.search(
++                    get_review_revision_regex(mp),
++                    comment.message_body)
++                if m:
++                    revision = m.group(2)
++    return revision
++
++def latest_candidate_validated(launchpad_user, mp):
++    """Return if the latest candidate revision of the merge proposal is
++    validated.
++
++    :param launchpad_user: handle to launchpad user used to validate the
++                           merge proposals
++    :param mp: handle to merge proposal
++    """
++
++    latest_review = get_latest_review(launchpad_user, mp)
++    print 'Latest review is revision: ' + str(latest_review)
++    latest_revision = get_latest_revision(mp)
++    print 'Latest revision is: ' + str(latest_revision)
++    if latest_review == latest_revision:
++        print 'Skipping this MP. Current revision: ' + str(latest_revision)
++        return True
++    return False
++
++# NOTE: We can't use the testing_in_progress method from jlp as it checks for
++# the lower case parameter 'merge_proposal' of the build job and ours is using
++# the upper case variant 'MERGE_PROPOSAL'.
++def testing_in_progress(mp, jenkins_job):
++    try:
++        if jenkinsutils.is_job_or_downstream_building(
++            jenkins_job, job_params={'MERGE_PROPOSAL': mp.web_link}):
++            print('Skipping this MP. It is currently being tested by Jenkins.')
++            return True
++    except:
++        print('Failed to check if MP is already building')
++    return False
++
++# Copied over from lp:jenkins-launchpad-plugin
++def users_in_team(users, team):
++    """Determine whether any of these users are in the supplied team.
++
++    :param users: The users which may be members of the supplied team.
++    :param team: The team which users may be part of.
++    :return: True if any of the users are members of the team, otherwise
++        False.
++    """
++    for member in team.participants:
++        if member in users:
++            return True
++    else:
++        return False
++
++# Copied over from lp:jenkins-launchpad-plugin and slightly modified
++def users_allowed_to_trigger_jobs(lp_users, allowed_people):
++    """Returns if an of the given users is allowed to run jobs on jenkins.
++
++    This is to avoid random people to run jobs on our internal infrastructure.
++    A user is allowed if they are either directly in the ALLOWED_USERS list or
++    are member of a team in that list.
++
++    :param lp_users: launchpad user handles
++    """
++    if len(lp_users) == 0:
++        return False
++    for lp_user in lp_users:
++        if lp_user.name in allowed_people:
++            return True
++    lp = lp_users[0]._root
++    for allowed in allowed_people:
++        try:
++            allowed_person = lp.people[allowed]
++        except KeyError:
++            logger.warn('User {} from the allowed_users list is not in '
++                        'launchpad!'.format(allowed))
++            continue
++        if not allowed_person.is_team:
++            continue
++        if users_in_team(lp_users, allowed_person):
++            return True
++    logger.debug('Users "' + ', '.join(u.name for u in lp_users) +
++                 '" not allowed to trigger jobs')
++    return False
++
++project_blacklist = []
++
++for proposal in proposals:
++    launchpad_user = launchpad.people(get_config_option('launchpad_login'))
++
++    print("Checking proposal %s .." % proposal.web_link)
++
++    # Ignore certain projects which don't build here as they are
++    # fetching source from somewhere else.
++    ignore = False
++    for project in project_blacklist:
++        if project in proposal.web_link:
++            ignore = True
++            break
++
++    if ignore:
++        print "Ignoring %s" % proposal.web_link
++        continue
++
++    if not users_allowed_to_trigger_jobs([proposal.registrant], [team]):
++        continue
++
++    if latest_candidate_validated(launchpad_user, proposal):
++        continue
++
++    if testing_in_progress(proposal, jenkins_job):
++        continue
++
++    target_repo = launchpad.load(proposal.target_git_repository_link)
++    source_repo = launchpad.load(proposal.source_git_repository_link)
++
++    target_git_url = target_repo.git_https_url
++    if target_git_url == None:
++        target_git_url = target_repo.git_ssh_url
++
++    source_git_url = source_repo.git_https_url
++    if source_git_url == None:
++        source_git_url = source_repo.git_ssh_url
++
++    target_branch = clean_branch_name(proposal.target_git_path)
++    jenkins_params = {
++        'TARGET_GIT_REPO': target_git_url,
++        'TARGET_GIT_REPO_BRANCH': target_branch,
++        'SOURCE_GIT_REPO': source_git_url,
++        'SOURCE_GIT_REPO_BRANCH': clean_branch_name(proposal.source_git_path),
++        'MERGE_PROPOSAL': proposal.web_link,
++        'REVISION': get_latest_revision(proposal),
++        'SERIES': series_from_branch_name(target_branch),
++    }
++
++    print("Triggering build job for %s" % proposal.web_link)
++    j.build_job(jenkins_job, jenkins_params, jenkins_build_token)
 diff --git a/tools/trigger-lp-build.py b/tools/trigger-lp-build.py
 new file mode 100755
 index 0000000..5434281
 --- /dev/null
 +++ b/tools/trigger-lp-build.py
@@ -0,0 +1,230 @@
++#! /usr/bin/python
++
++import os
++import sys
++import time
++import random
++import smtplib
++import string
++import urllib2
++import zlib
++
++from datetime import datetime
++from os.path import basename
++from launchpadlib.launchpad import Launchpad
++
++from argparse import ArgumentParser
++
++import se_utils
++
++parser = ArgumentParser(description="Build a specific snap on launchpad")
++parser.add_argument('-s', '--snap', required=True,
++                    help="Name of the snap to build")
++parser.add_argument('-p', '--publish', action='store_true',
++                    help="Trigger a publish build instead of a daily (default)")
++parser.add_argument('-n', '--new', action='store_true', help="Create a new ephemeral snap build on launchpad")
++parser.add_argument('--git-repo', help="Git repository to be used for new ephemeral snap build")
++parser.add_argument('--git-repo-branch', help="Git repository branch to be used for new ephemeral snap build")
++parser.add_argument('-a', '--architectures', help="Specify architectures to build for. Separate multiple architectures by ','")
++parser.add_argument('-r', '--results-dir', help="Specify where results should be saved")
++
++args = vars(parser.parse_args())
++
++ephemeral_build=False
++results_dir=os.path.join(os.getcwd(), "results")
++
++if 'results_dir' in args:
++    results_dir=args['results_dir']
++
++if args['new']:
++    ephemeral_build=True
++    if args['git_repo'] == None or args['git_repo_branch'] == None:
++        print("ERROR: No git repository or a branch supplied")
++        sys.exit(1)
++
++series = 'xenial'
++
++lp_app = se_utils.get_config_option("lp_app")
++lp_env = se_utils.get_config_option("lp_env")
++credential_store_path = se_utils.get_config_option('credential_store_path')
++launchpad = se_utils.get_launchpad(None, credential_store_path, lp_app, lp_env)
++
++team = launchpad.people['snappy-hwe-team']
++ubuntu = launchpad.distributions['ubuntu']
++release = ubuntu.getSeries(name_or_version=series)
++primary_archive = ubuntu.getArchive(name='primary')
++
++snap=None
++if ephemeral_build:
++    snap_arches=[]
++    if 'architectures' in args and args['architectures'] != None:
++        snap_arches = args["architectures"].split(",")
++
++    if len(snap_arches) == 0:
++        print("WARNING: No architectures to build specified. Will only build for amd64.")
++        snap_arches=["amd64"]
++
++    processors=[]
++    for arch in snap_arches:
++        try:
++            p = launchpad.processors.getByName(name=arch)
++            processors.append(p.self_link)
++        except:
++            print("ERROR: Failed to find processor for '{}' architecture".format(arch))
++            sys.exit(1)
++
++    build_name = 'ci-%s-%s' % (args["snap"], ''.join(random.choice(string.ascii_lowercase + string.digits) for _ in range(16)))
++    snap = launchpad.snaps.new(name=build_name,
++                        processors=processors,
++                        auto_build=False, distro_series=release,
++                        git_repository_url=args['git_repo'],
++                        git_path='%s' % args["git_repo_branch"],
++                        owner=team)
++else:
++    build_name = "%s-daily" % args["snap"]
++    if args["publish"] == True:
++        build_name = "%s-publish" % args["snap"]
++    snap = launchpad.snaps.getByName(name=build_name, owner=team)
++
++if snap == None:
++    print("ERROR: Failed to create snap build on launchpad")
++
++# Not every snap is build agains all arches.
++arches = [processor.name for processor in snap.processors]
++if not ephemeral_build and args['architectures'] != None:
++    wanted_arches = args["architectures"].split(",")
++    possible_arches = []
++    for arch in wanted_arches:
++        if not arch in arches:
++            print("WARNING: Can't build snap for architecture {} as it is not enabled in the build job".format(args["snap"]))
++            continue
++        possible_arches.append(arch)
++    arches = possible_arches
++
++if len(arches) == 0:
++    print("ERROR: No architectures available to build for")
++    sys.exit(1)
++
++# Add a big fat warning that we don't really care about fixing things when
++# the job will be canceled after the following lines are printed out.
++print("!!!!!!! POINT OF NO RETURN !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
++print("DO NOT CANCEL THIS JOB AFTER THIS OR BAD THINGS WILL HAPPEN")
++print("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
++
++stamp = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
++print("Trying to trigger builds at: {}".format(stamp))
++
++# sometimes we see error such as "u'Unknown architecture lpia for ubuntu xenial'"
++# and in order to workaround let's validate the arches agains set of valid
++# architectures that the snap can choose from
++
++
++# We will now trigger a build for each whitelisted architecture, collect the
++# build job url and the wait for all builds to finish and collect their results
++# to vote for a successful or failed build.
++triggered_builds = []
++triggered_build_urls = {}
++valid_arches = ['armhf', 'i386', 'amd64', 'arm64', 's390x', 'powerpc', 'ppc64el']
++for build_arch in arches:
++    # sometimes we see error such as "u'Unknown architecture lpia for
++    # ubuntu xenial'" and in order to workaround let's validate the arches
++    # agains set of valid architectures that the snap can choose from
++    if build_arch not in valid_arches:
++        print("WARNING: Can't build snap for architecture {} as it is not enabled in the build job".format(args["snap"]))
++        continue
++
++    arch = release.getDistroArchSeries(archtag=build_arch)
++    request = snap.requestBuild(archive=primary_archive, distro_arch_series=arch, pocket='Proposed')
++    build_id = str(request).rsplit('/', 1)[-1]
++    triggered_builds.append(build_id)
++    triggered_build_urls[build_id] = request.self_link
++    print("Arch: {} is building under: {}".format(build_arch, request.self_link))
++
++failures = []
++successful = []
++while len(triggered_builds):
++    for build in triggered_builds:
++        try:
++            response = snap.getBuildSummariesForSnapBuildIds(snap_build_ids=[build])
++        except:
++            print("Could not get response for {} (was there an LP timeout?)".format(build))
++            continue
++        status = response[build]['status']
++        if status == "FULLYBUILT":
++            successful.append(build)
++            triggered_builds.remove(build)
++            continue
++        elif status == "FAILEDTOBUILD":
++            failures.append(build)
++            triggered_builds.remove(build)
++            continue
++        elif status == "CANCELLED":
++            print("INFO: {} snap build was canceled for id: {}".format(args["snap"], build))
++            triggered_builds.remove(build)
++            continue
++    if len(triggered_builds) > 0:
++        time.sleep(60)
++
++if len(failures):
++    for failure in failures:
++        try:
++            response = snap.getBuildSummariesForSnapBuildIds(snap_build_ids=[failure])
++        except:
++            print ("Could not get failure data for {} (was there an LP timeout?)".format(build))
++            continue
++
++        if not failure in response:
++            print("Launchpad didn't returned us the snap build summary we ask it for!?")
++            continue
++
++        build_summary = response[failure]
++        arch = 'unknown'
++        buildlog = None
++        if 'build_log_url' in build_summary:
++            buildlog = build_summary['build_log_url']
++
++        if buildlog != None and len(buildlog) > 0:
++            parts = arch = str(buildlog).split('_')
++            if len(parts) >= 4:
++                arch = parts[4]
++        elif buildlog == None:
++            buildlog = 'not available'
++
++        print("INFO: {} snap {} build at {} failed for id: {} log: {}".format(args["snap"], arch, stamp, failure, buildlog))
++
++        # For ephermal builds we need to print out the log file as it will be gone after
++        # the launchpad build is removed.
++        if ephemeral_build and buildlog != None:
++            response = urllib2.urlopen(buildlog)
++            log_data = zlib.decompress(response.read(), 16+zlib.MAX_WBITS)
++            print(log_data)
++
++# Fetch build results for successful builds and store those in the output
++# directory so that the caller can reuse them.
++if len(successful):
++    for success in successful:
++        try:
++            snap_build = launchpad.load(triggered_build_urls[success])
++            urls = snap_build.getFileUrls()
++            if len(urls):
++                for u in urls:
++                    print("Downloading snap from %s ..." % u)
++                    response = urllib2.urlopen(u)
++                    if not os.path.exists(results_dir):
++                        os.makedirs(results_dir)
++                    path = os.path.join(results_dir, os.path.basename(u))
++                    with open(path, "w") as out_file:
++                        out_file.write(response.read())
++        except:
++            print ("Could not retrieve snap build data for {} (was there an LP timeout?)".format(build))
++            continue
++
++
++if ephemeral_build:
++    snap.lp_delete()
++
++if len(failures):
++    # Let the build fail as at least a single snap has failed to build
++    sys.exit(1)
++
++print("Done!")
 diff --git a/tools/vote-on-merge-proposal.py b/tools/vote-on-merge-proposal.py
 new file mode 100755
 index 0000000..bec6da5
 --- /dev/null
 +++ b/tools/vote-on-merge-proposal.py
@@ -0,0 +1,271 @@
++#!/usr/bin/env python
++# -*- Mode:Python; indent-tabs-mode:nil; tab-width:4 -*-
++#
++# Copyright (C) 2016 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++import atexit
++import sys
++import time
++import logging
++import os
++import yaml
++import re
++from shutil import rmtree
++from argparse import ArgumentParser
++from launchpadlib.credentials import RequestTokenAuthorizationEngine
++from lazr.restfulclient.errors import HTTPError
++from launchpadlib.launchpad import Launchpad
++from launchpadlib.credentials import UnencryptedFileCredentialStore
++from jlp import get_config_option
++from jlp import launchpadutils, jenkinsutils, logger
++
++logger = logging.getLogger('jenkins-launchpad-plugin')
++stdout_handler = logging.StreamHandler(stream=sys.stdout)
++formatter = logging.Formatter('%(levelname)s: %(message)s')
++stdout_handler.setFormatter(formatter)
++logger.addHandler(stdout_handler)
++
++parser = ArgumentParser(description="Vote on a Launchpad merge proposal.")
++parser.add_argument('-s', '--status')
++parser.add_argument('-u', '--build-url', required=True,
++                    help="URL of the Jenkins job")
++parser.add_argument('-p', '--merge-proposal', required=True,
++                    help="URL of the merge proposal to update")
++parser.add_argument('-r', '--revision', required=True,
++                    help="merge proposal candidate revision")
++
++args = vars(parser.parse_args())
++
++ACCESS_TOKEN_POLL_TIME = 10
++WAITING_FOR_USER = """Open this link:
++{}
++to authorize this program to access Launchpad on your behalf.
++Waiting to hear from Launchpad about your decision. . . ."""
++
++
++class AuthorizeRequestTokenWithConsole(RequestTokenAuthorizationEngine):
++    """Authorize a token in a server environment (with no browser).
++
++    Print a link for the user to copy-and-paste into his/her browser
++    for authentication.
++    """
++
++    def __init__(self, *args, **kwargs):
++        # as implemented in AuthorizeRequestTokenWithBrowser
++        kwargs['consumer_name'] = None
++        kwargs.pop('allow_access_levels', None)
++        super(AuthorizeRequestTokenWithConsole, self).__init__(*args, **kwargs)
++
++    def make_end_user_authorize_token(self, credentials, request_token):
++        """Ask the end-user to authorize the token in their browser.
++
++        """
++        authorization_url = self.authorization_url(request_token)
++        print WAITING_FOR_USER.format(authorization_url)
++        # if we don't flush we may not see the message
++        sys.stdout.flush()
++        while credentials.access_token is None:
++            time.sleep(ACCESS_TOKEN_POLL_TIME)
++            try:
++                credentials.exchange_request_token_for_access_token(
++                    self.web_root)
++                break
++            except HTTPError, e:
++                if e.response.status == 403:
++                    # The user decided not to authorize this
++                    # application.
++                    raise e
++                elif e.response.status == 401:
++                    # The user has not made a decision yet.
++                    pass
++                else:
++                    # There was an error accessing the server.
++                    raise e
++
++
++def get_launchpad(launchpadlib_dir=None):
++    """ return a launchpad API class. In case launchpadlib_dir is
++    specified used that directory to store launchpadlib cache instead of
++    the default """
++    store = UnencryptedFileCredentialStore(
++        get_config_option('credential_store_path'))
++    lp_app = get_config_option('lp_app')
++    lp_env = get_config_option('lp_env')
++    authorization_engine = AuthorizeRequestTokenWithConsole(lp_env, lp_app)
++    return Launchpad.login_with(lp_app, lp_env,
++                                credential_store=store,
++                                authorization_engine=authorization_engine,
++                                launchpadlib_dir=launchpadlib_dir,
++                                version='devel')
++
++def get_branch_handle_from_url(lp_handle, url):
++    """ Return a branch/repo handle for the given url.
++    Returns a launchpad branch or git repository handle for the given url.
++    :param lp_handle: launchpad API handle/instance
++    :param url: url of the branch or git repository
++    """
++    if '+git' in url:
++        name = url.replace('https://code.launchpad.net/', '')
++        logger.debug('fetching repo: ' + name)
++        try:
++            return lp_handle.git_repositories.getByPath(path=name)
++        except AttributeError:
++            logger.debug('git_repositories.getByPath was not found. You may need to set lp_version=devel in the config')
++            return None
++    else:
++        name = url.replace('https://code.launchpad.net/', 'lp:')
++        name = name.replace('https://code.staging.launchpad.net/', 'lp://staging/')
++        logger.debug('fetching branch: ' + name)
++        return lp_handle.branches.getByUrl(url=name)
++
++def get_branch_from_mp(merge_proposal):
++    """Return a link to branch given a link to a merge proposal.
++
++    If merge_proposal is:
++      https://copde.launchpad.net/~user/project/name/+merge/12345
++    then the result will be:
++      https://copde.launchpad.net/~user/project/name/
++
++    :param merge_proposal: url of a launchpad merge proposal
++    """
++    m = re.search('(.*)\+merge/[0-9]+$', merge_proposal)
++    if m:
++        return m.group(1)
++    return None
++
++def get_mp_handle_from_url(lp_handle, merge_proposal_link):
++    """ Get launchpad handle for merge proposal given a merge proposal URL.
++
++    Returns None in case the merge proposal can't be found.
++    :param merge_proposal_link: URL of the merge proposal
++    """
++    branch_link = get_branch_from_mp(merge_proposal_link)
++    if not branch_link:
++        logger.error('Unable to get branch link from merge proposal link.')
++        return None
++
++    branch =  get_branch_handle_from_url(lp_handle, branch_link)
++    if not branch:
++        logger.debug('Branch {} does not exist'.format(branch_link))
++        return None
++
++    logger.debug('mp_link: {}.'.format(merge_proposal_link))
++
++    for mp in branch.landing_targets:
++        logger.debug('mp.web_link: {}'.format(mp.web_link))
++        if mp.web_link == merge_proposal_link:
++            return mp
++
++    return None
++
++class LaunchpadVote():
++    APPROVE = 'Approve'
++    DISAPPROVE = 'Disapprove'
++    NEEDS_FIXING = 'Needs Fixing'
++
++def get_vote_subject(mp):
++    """Given a mp handle return a subject for the vote message
++
++    Unfortunately there is no method in the API that gives you the "standard"
++    subject that launchapd is using and some email clients (gmail) are
++    grouping conversations into threads based on subject.
++
++    This returns what seems to be the launchpad way of doing subjects.
++    :param  mp: launchpad merge proposal handle
++    """
++
++    if '+git' in mp.web_link:
++        source = mp.source_git_repository.display_name.replace('lp:', '') + \
++                 ':' + \
++                 mp.source_git_path.replace('refs/heads/', '')
++        target = mp.target_git_repository.display_name.replace('lp:', '') + \
++                 ':' + \
++                 mp.target_git_path.replace('refs/heads/', '')
++        return 'Re: [Merge] {} into {}'.format(source, target)
++    else:
++        return 'Re: [Merge] {} into {}'.format(
++            mp.source_branch.display_name,
++            mp.target_branch.display_name)
++
++
++def approve_mp(mp, revision, build_url):
++    """Approve a given merge proposal a revision.
++
++    :params mp: launchapd handle to the respective merge proposal
++    :params revision: revision that should be approved
++    :params build_url: jenkins build url with the details. This job is used to
++                       generate the message with all the links to test runs as
++                       well as artifacts (coverity, deb files, etc)
++    """
++    state = 'PASSED: Continuous integration, rev:' + str(revision)
++    logger.debug(state)
++    content = jenkinsutils.format_message_for_mp_update(build_url,
++                                                        state + "\n")
++    mp.createComment(review_type=get_config_option('launchpad_review_type'),
++                     vote=LaunchpadVote.APPROVE, subject=get_vote_subject(mp),
++                     content=content)
++
++
++def disapprove_mp(mp, revision, build_url, reason=None):
++    """Disapprove a given merge proposal a revision (vote Needs Fixing).
++
++    :params mp: launchapd handle to the respective merge proposal
++    :params revision: revision that should be fixed
++    :params build_url: jenkins build url with the details. This job is used to
++                       generate the message with all the links to test runs as
++                       well as artifacts (coverity, deb files, etc)
++    :params reason: optional string that is attached to the comment
++    """
++    state = "FAILED: Continuous integration, rev:{revision}".format(
++        revision=revision)
++    if reason:
++        state = "{state}\n{reason}".format(state=state, reason=reason)
++
++    logger.debug(state)
++    content = jenkinsutils.format_message_for_mp_update(
++        build_url, state + "\n")
++    mp.createComment(review_type=get_config_option('launchpad_review_type'),
++                     vote=LaunchpadVote.NEEDS_FIXING,
++                     subject=get_vote_subject(mp),
++                     content=content)
++
++# launchpadlib is not thread/process safe so we are creating launchpadlib
++# cache in /tmp per process which gets cleaned up at the end
++# see also lp:459418 and lp:1025153
++launchpad_cachedir = os.path.join('/tmp', str(os.getpid()), '.launchpadlib')
++
++# `launchpad_cachedir` is leaked upon unexpected exits
++# adding this cleanup to stop directories filling up `/tmp/`
++atexit.register(rmtree, os.path.join('/tmp',
++                str(os.getpid())),
++                ignore_errors=True)
++
++lp_handle = get_launchpad(launchpadlib_dir=launchpad_cachedir)
++mp = get_mp_handle_from_url(lp_handle, args["merge_proposal"])
++if not mp:
++    parser.error('merge proposal related to this branch was not found')
++
++# this is the status from tests
++overal_status = args['status']
++# by default reason is empty as it is usually just a failed build
++reason = ''
++
++if overal_status == 'PASSED':
++    approve_mp(mp, args['revision'], args['build_url'])
++else:  # status == False corresponds to NOT 'PASSED'
++    disapprove_mp(mp,
++                                    args['revision'],
++                                    args['build_url'],
++                                    reason)