Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add verify-conformance to apps/ #6357

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add verify-conformance to apps/ #6357

wants to merge 1 commit into from
+164 −0

Conversation

BobyMCbobs
Copy link
Member

@BobyMCbobs BobyMCbobs commented Feb 2, 2024
edited

apart of apisnoop donation to sig-architecture

depends on: kubernetes/test-infra#31804, kubernetes/test-infra#31777

ticket: kubernetes/org#4760 (might need moving to k8s.io?)

TODO

  • secrets for GitHub App or token for bot user

/assign
/hold

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. area/apps Application management, code in apps/ labels Feb 2, 2024
@k8s-ci-robot k8s-ci-robot added sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 2, 2024
ameukam
ameukam reviewed Feb 2, 2024
View reviewed changes
apps/verify-conformance-release/deployment.yaml Outdated
kind: Deployment
metadata:
name: verify-conformance-release
namespace: prow
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a new dedicated namespace:

k8s.io/infra/gcp/bash/namespaces/ensure-namespaces.sh

Lines 145 to 161 in fa4da59

ALL_APPS=(
codesearch
elekto
gcsweb
kettle
k8s-io-prod
k8s-io-canary
k8s-io-packages-prod
k8s-io-packages-canary
kubernetes-external-secrets
perfdash
prow
publishing-bot
slack-infra
triageparty-cli
triageparty-scalability
)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ameukam, thank you for taking a look!
As the bot interacts with PRs over at cncf/k8s-conformance, will the secrets be available to be authenticated as prow.k8s.io in a new namespace?

https://github.com/kubernetes/k8s.io/pull/6357/files/0b38794494a108fac67e0a8cf78cb969217eddd2#diff-03d8e004cec916a342fd5c6664a9ed4483a62b3ba1804a77854de00d3e94f9ebR56-R65

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't currently have a way to authenticate to prow.k8s.io in the aaa and we don't have access to the GKE cluster running prow.k8s.io.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ameukam, OK this is good to know.

Would think that coordinating with community github-management to create an OAuth app to then provide the credentials to the bot with is a suitable alternative solution?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The historical approach of this is to request a token for one of the bots managed by github management team. Not sure how they feel about an OAuth app. Feel free to ask them.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the historical approach would work just fine, I'll reach out. Thank you!

@k8s-ci-robot k8s-ci-robot added area/bash Bash scripts, testing them, writing less of them, code in infra/gcp/ area/infra Infrastructure management, infrastructure design, code in infra/ labels Feb 8, 2024
@BobyMCbobs BobyMCbobs mentioned this pull request Feb 13, 2024
Open
4 tasks
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 14, 2024
@hh hh mentioned this pull request May 16, 2024
Open
11 tasks
@BobyMCbobs BobyMCbobs changed the title Add verify-conformance-release to apps/ Add verify-conformance to apps/ May 22, 2024
@BobyMCbobs
Copy link
Member Author

Renamed app from verify-conformance-release to just verify-conformance, adjusted the deployment too.

@BobyMCbobs BobyMCbobs mentioned this pull request May 22, 2024
Open
@k8s-ci-robot k8s-ci-robot added area/access Define who has access to what via IAM bindings, role bindings, policy, etc. area/groups Google Groups management, code in groups/ sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. labels May 22, 2024
@BobyMCbobs
feat: add verify-conformance-release
e58bfa5 
apart of apisnoop donation to sig-architecture
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: BobyMCbobs
Once this PR has been reviewed and has the lgtm label, please assign ameukam for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@BobyMCbobs
Copy link
Member Author

Unsure how to handle the webhook and HMAC side of it. I'm aware of sigs.k8s.io/prow/cmd/hmac but unsure whether it can be used here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ameukam ameukam ameukam left review comments

@dims dims Awaiting requested review from dims

@thockin thockin Awaiting requested review from thockin

Assignees

@BobyMCbobs BobyMCbobs

Labels
area/access Define who has access to what via IAM bindings, role bindings, policy, etc. area/apps Application management, code in apps/ area/bash Bash scripts, testing them, writing less of them, code in infra/gcp/ area/groups Google Groups management, code in groups/ area/infra Infrastructure management, infrastructure design, code in infra/ cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@BobyMCbobs @k8s-triage-robot @k8s-ci-robot @ameukam