Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reduce handling of Github during stage and release #2127

Merged
merged 3 commits into from
Jun 17, 2021
Merged

Reduce handling of Github during stage and release #2127

merged 3 commits into from
Jun 17, 2021

Conversation

puerco
Copy link
Member

@puerco puerco commented Jun 17, 2021
edited
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

This PR introduces the following changes:

  • krel now resets the origin remote on the staged clone of kubernetes/kubernetes. If for some reason we need to change the Github token between staging and release, krel will now reset it in the staged sources.

  • Since all git operations in kubernetes/kubernetes during stage only involve the local clone of the repository, we do not set the authenticated git remote to avoid the risk of the token ending in the stage bucket.

  • During the release stage, to avoid having the github token archived in the release bucket, we now destroy the git remote configuration before archiving the release.

Signed-off-by: Adolfo García Veytia (Puerco) adolfo.garcia@uservers.net

Which issue(s) this PR fixes:

Fixes #1645

Special notes for your reviewer:

/priority critical-urgent
/assign @justaugustus @jeremyrickard @saschagrunert
/milestone v1.22

Does this PR introduce a user-facing change?

* stage now runs completely without setting the github token in the k/k clone remote configuration
* krel now resets the git origin remote in the staged clone of kubernetes/kubernetes to pickup a new `GITHUB_TOKEN` if we change it.
* before archiving the release, we now delete the git remote config

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. labels Jun 17, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone Jun 17, 2021
@k8s-ci-robot k8s-ci-robot requested review from cpanato and xmudrii June 17, 2021 03:27
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. area/release-eng Issues or PRs related to the Release Engineering subproject sig/release Categorizes an issue or PR as relevant to SIG Release. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 17, 2021
@justaugustus
Copy link
Member

/hold for discussion in https://kubernetes.slack.com/archives/G0162T1RYHG/p1623901053068200

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 17, 2021
@puerco puerco changed the title Reseed the git remote in staged clone of k/k before release Reduce handling of Github during stage and release Jun 17, 2021
justaugustus
justaugustus requested changes Jun 17, 2021
View reviewed changes
Copy link
Member

@justaugustus justaugustus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@puerco -- Looking good; just a few message nits.

/hold until you're happy with the test stages/releases

pkg/release/workspace.go Outdated

repo, err := git.OpenRepo(directory)
if err != nil {
return errors.Wrap(err, "opening sytaged clone of k/k")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return errors.Wrap(err, "opening sytaged clone of k/k")
return errors.Wrap(err, "opening staged clone of k/k")

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both nits are done, sorry batteries are out 🔋

puerco added 3 commits June 17, 2021 00:42
@puerco
Reseed the staged clone of k/k
b34103b 
krel now resets the origin remote on the stages clone of
kubernetes/kubernetes.  If for some reasone we need to change
the github token between staging and release, krel will now
reset it in the staged sources.

Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
@puerco
Dont set the github token during stage
7304717 
Since all git operations in kubernetes/kubernetes during stage only
involve the local clone of the repository, we do not set the authenticated
git remote to avoid the risk of the token ending in the stage bucket.

Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
@puerco
Destroy git remote config before archiving release
ce90c9f 
To avoid having the github token archived in the release bucket, we now
destroy the git remote configuration before archiving the release.

Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
@justaugustus
Copy link
Member

/lgtm
/approve

Rate limit:
/retest

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 17, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: justaugustus, puerco

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@puerco
Copy link
Member Author

puerco commented Jun 17, 2021

Tested and verified.

Mock stage: https://console.cloud.google.com/cloud-build/builds;region=global/13edc493-5cf5-4c07-bf69-9f55187f2b8a?project=kubernetes-release-test

Moc release: https://console.cloud.google.com/cloud-build/builds;region=global/73625b07-cfb6-40df-a989-6af7aecda8d0?project=kubernetes-release-test

@puerco
Copy link
Member Author

puerco commented Jun 17, 2021

OK, this one is ready.
/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 17, 2021
@k8s-ci-robot k8s-ci-robot merged commit 6f0f817 into kubernetes:master Jun 17, 2021
@puerco puerco deleted the reseed branch June 17, 2021 06:13
This was referenced Jun 22, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justaugustus justaugustus justaugustus requested changes

@cpanato cpanato Awaiting requested review from cpanato

@xmudrii xmudrii Awaiting requested review from xmudrii

Assignees

@justaugustus justaugustus

@saschagrunert saschagrunert

@jeremyrickard jeremyrickard

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/release-eng Issues or PRs related to the Release Engineering subproject cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/release Categorizes an issue or PR as relevant to SIG Release. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.22
Development

Successfully merging this pull request may close these issues.

Reseed the git remote before starting the "release" phase of anago
5 participants
@puerco @justaugustus @k8s-ci-robot @saschagrunert @jeremyrickard