Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move cert-manager to the github.com/cert-manager organization #624

Merged
merged 23 commits into from
Feb 2, 2022
Merged

Move cert-manager to the github.com/cert-manager organization #624

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
55f8a40
Use cert-manager organization for cert-manager global config
wallrj Feb 2, 2022
8f617d8
Update the labels config
wallrj Feb 2, 2022
5751905
Update triggers
wallrj Feb 2, 2022
b649397
Update milestone applier
wallrj Feb 2, 2022
85c2904
Update require-matching-label plugin
wallrj Feb 2, 2022
053b13c
Update the cert-manager plugins
wallrj Feb 2, 2022
923df41
The webhook-example repo has already been moved to the cert-manager org
wallrj Feb 2, 2022
eb586df
Update the label-sync cronjob
wallrj Feb 2, 2022
d25c803
Update triage-party
wallrj Feb 2, 2022
60c1e35
Update the PR retester and rotten and stale issues bot
wallrj Feb 2, 2022
85369f4
Update master periodics
wallrj Feb 2, 2022
7b07ecb
Update master presubmits
wallrj Feb 2, 2022
2a0542b
Update release-previous periodics
wallrj Feb 2, 2022
958bdd9
Update release-previous presubmits
wallrj Feb 2, 2022
49e8320
Update release-next periodics
wallrj Feb 2, 2022
0c6b483
Update references to jetstack/cert-manager in the documentation
wallrj Feb 2, 2022
3b13569
Forbid merging any PRs in cert-manager/cert-manager that have the rel…
wallrj Feb 2, 2022
6955381
Enforce DCO check org-wide
wallrj Feb 2, 2022
650d8a9
Duplicate the Tide required and forbidden labels for cert-manager/cer…
wallrj Feb 2, 2022
6658849
Move all the cert-manager related jobs into a cert-manager sub-directory
wallrj Feb 2, 2022
c01d55f
Fix indentation
wallrj Feb 2, 2022
5a347db
Not sure if needs-kind is appropriate for the whole cert-manager org
wallrj Feb 2, 2022
b295af4
Revert unintended re-ordering of missingLabels
wallrj Feb 2, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
63 changes: 28 additions & 35 deletions config/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,43 +28,31 @@ branch-protection:
allow_disabled_policies: true
orgs:
cert-manager:
protect: true
required_status_checks:
contexts:
- dco
repos:
cert-manager:
required_status_checks:
contexts:
- pull-cert-manager-bazel
- pull-cert-manager-deps
- pull-cert-manager-chart
- pull-cert-manager-e2e-v1-23
website:
protect: true
required_status_checks:
contexts:
- dco
- pull-cert-manager-website-verify
webhook-example:
protect: true
required_status_checks:
contexts:
- dco
- pull-cert-manager-webhook-example-verify
trust:
protect: true
required_status_checks:
contexts:
- dco
- pull-cert-manager-trust-verify
- pull-cert-manager-trust-smoke

jetstack:
# TODO: enforce dco check org-wide
# protect: true
# required_status_checks:
# contexts:
# - dco
repos:
cert-manager:
protect: true
required_status_checks:
contexts:
- dco
- pull-cert-manager-bazel
- pull-cert-manager-deps
- pull-cert-manager-chart
- pull-cert-manager-e2e-v1-23
sinker:
resync_period: 1h
max_prowjob_age: 48h
Expand Down Expand Up @@ -259,11 +247,14 @@ tide:
- do-not-merge/invalid-owners-file
- do-not-merge/work-in-progress
- needs-rebase
# Repositories that enable the release-notes plugin (except cert-manager)
# cert-manager/cert-manager is the only repo in the cert-manager org which
# currently uses the release-note plugin so we duplicate the organization
# query parameters here and add the do-not-merge/release-note-label-needed to
# the list of labels which block a PR from being merged.
# TODO: Find out whether the org-wide defaults are added to the repo specific
# query fields here, in which case the fields can be de-duplicated.
- repos:
- jetstack/tarmak
- jetstack/kube-oidc-proxy
- jetstack/version-checker
- cert-manager/cert-manager
labels:
- lgtm
- approved
Expand All @@ -274,27 +265,31 @@ tide:
- do-not-merge/cherry-pick-not-approved
- do-not-merge/hold
- do-not-merge/invalid-owners-file
- do-not-merge/release-note-label-needed
- do-not-merge/work-in-progress
- needs-rebase
# Maintain separate testing configuration as PRs in this repo don't need release note
- needs-kind
- do-not-merge/release-note-label-needed
wallrj marked this conversation as resolved.
Show resolved Hide resolved
# Repositories that enable the release-notes plugin (except cert-manager)
- repos:
- jetstack/testing
- jetstack/tarmak
- jetstack/kube-oidc-proxy
- jetstack/version-checker
labels:
- lgtm
- approved
- "dco-signoff: yes"
missingLabels:
- do-not-merge
- do-not-merge/blocked-paths
- do-not-merge/cherry-pick-not-approved
- do-not-merge/hold
- do-not-merge/invalid-owners-file
- do-not-merge/cherry-pick-not-approved
- do-not-merge/release-note-label-needed
- do-not-merge/work-in-progress
- needs-rebase
# Maintain separate cert-manager configuration to make it easy to enable code freeze
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have we not been freezing merges during a codefreeze near release? If so, +1 to this going. But this was here so that we could block merges unless they were explicitly in the milestone we are soon to be releasing.

(i.e. near 1.7 release, PRs must have the v1.7 milestone on them to be merged to master). The idea being to make it possible to lgtm/approve stuff despite it being targeted to land in the v1.8 release.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's not the documented process anyway. https://cert-manager.io/docs/contributing/release-process/#process-for-releasing-a-version

We fast-forward the release-x.y.z branch for alpha releases and for the first beta release
and then do cherry-picks after that.

What's the use-case for / advantage of the milestone check?
I guess if there's a feature which is definitely not to be in the next release and that is being merged in parts and partly merged even before the first beta, then that should be merged not into master, but into a feature-branch which can then be merged once the feature is complete.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea stems from the "code freeze" concept in Kubernetes where after a certain point in the release (I believe when the first beta is cut), "milestone maintainers" are the only ones that can use the /milestone command to add a milestone to PRs.

The master branch begins requiring that PRs into master must be explicitly approved for the upcoming release - so anything that isn't approved won't actually merge until the code freeze is lifted (which I believe in k8s is when the first RC of the next release is cut).

This means:

  • during the 'alpha' phase (i.e. immediately after release N-1), PRs targeting master must have lgtm and approved only (like we do today)
  • during the 'beta' phase (i.e. immediately after the first beta of release N), PRs targeting master must have lgtm, approved and target milestone N. We then continue to fast forward the release branch to the tip of HEAD. The idea is to encourage PRs that focus on stability of the upcoming release (or in some instances, feature PRs that have been excepted as they are almost ready and just need a few extra fixes/deemed to be critical and there's been a discussion to allow it).
  • during the 'rc' phase (i.e. immediately after the first RC release of N), PRs must be cherry picked into the appropriate release branch as 'master' is now tracking release N+1.

After the stable 'N' is cut, not much changes from the RC phase except things targeting the release branch are now going to land in vMAJOR.N.1 (i.e. the first patch release of release N after the initial stable).

We don't do release candidates (RCs) so that step hasn't really ever been done, but we've enforced this for a handful of releases in the past (though not recently!)

# Maintain separate testing configuration as PRs in this repo don't need release note
- repos:
- jetstack/cert-manager
- jetstack/testing
labels:
- lgtm
- approved
Expand All @@ -305,10 +300,8 @@ tide:
- do-not-merge/cherry-pick-not-approved
- do-not-merge/hold
- do-not-merge/invalid-owners-file
- do-not-merge/release-note-label-needed
- do-not-merge/work-in-progress
- needs-rebase
- needs-kind
wallrj marked this conversation as resolved.
Show resolved Hide resolved
merge_method:
jetstack/preflight: squash

Expand Down
24 changes: 12 additions & 12 deletions .../cert-manager/cert-manager-periodics.yaml → .../cert-manager/cert-manager-periodics.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: master
labels:
Expand Down Expand Up @@ -42,7 +42,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: master
annotations:
Expand Down Expand Up @@ -100,7 +100,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: master
annotations:
Expand Down Expand Up @@ -158,7 +158,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: master
annotations:
Expand Down Expand Up @@ -216,7 +216,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: master
annotations:
Expand Down Expand Up @@ -274,7 +274,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: master
annotations:
Expand Down Expand Up @@ -332,7 +332,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: master
annotations:
Expand Down Expand Up @@ -393,7 +393,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: master
annotations:
Expand Down Expand Up @@ -453,7 +453,7 @@ periodics:
decorate: true
# extra refs specify what repo should be cloned
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: master
annotations:
Expand Down Expand Up @@ -514,7 +514,7 @@ periodics:
# - org: cert-manager
# repo: test-infra
# base_ref: main
# - org: jetstack
# - org: cert-manager
# repo: cert-manager
# base_ref: master
# annotations:
Expand All @@ -533,7 +533,7 @@ periodics:
# containers:
# - image: eu.gcr.io/jetstack-build-infra-images/golang-aws@sha256:1f330e4c9552ca383d157067b73fb0e090b64b0777939fd59e58b60e06020d66
# args:
# - bash
# - bash
# - -c
# - |
# set -euo && \
Expand All @@ -547,7 +547,7 @@ periodics:
# pwd && \
# cd /home && \
# ls && \
# cd /home/prow/go/src/github.com/jetstack/cert-manager && \
# cd /home/prow/go/src/github.com/cert-manager/cert-manager && \
# ./devel/run-e2e.sh --acme-server-url=https://acme-staging-v02.api.letsencrypt.org/directory --ingress-controller-domain=aws.e2e-tests.cert-manager.io --testing-acme-email=cert-manager-dev-alerts@googlegroups.com --kubernetes-config=/home/prow/go/src/github.com/cert-manager/test-infra/aws/kubeconfig_cert-manager-cluster || true && \
# cd /home/prow/go/src/github.com/cert-manager/test-infra/aws && \
# terraform destroy -auto-approve;
Expand Down
6 changes: 3 additions & 3 deletions ...cert-manager/cert-manager-presubmits.yaml → ...cert-manager/cert-manager-presubmits.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
presubmits:
jetstack/cert-manager:
cert-manager/cert-manager:

- name: pull-cert-manager-bazel
always_run: true
Expand Down Expand Up @@ -613,7 +613,7 @@ presubmits:
cpu: 3500m
memory: 12Gi
env:
# Used by https://github.com/jetstack/cert-manager/blob/master/devel/cluster/create-kind.sh
# Used by https://github.com/cert-manager/cert-manager/blob/master/devel/cluster/create-kind.sh
- name: K8S_VERSION
value: "1.23"
securityContext:
Expand Down Expand Up @@ -645,7 +645,7 @@ presubmits:
#
# /test pull-cert-manager-issuers-venafi-tpp
#
# See https://github.com/jetstack/cert-manager/issues/3555
# See https://github.com/cert-manager/cert-manager/issues/3555
#
- name: pull-cert-manager-issuers-venafi-tpp
always_run: false
Expand Down
18 changes: 9 additions & 9 deletions .../cert-manager-release-next-periodics.yaml → .../cert-manager-release-next-periodics.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: release-1.8
labels:
Expand Down Expand Up @@ -43,7 +43,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: release-1.8
annotations:
Expand Down Expand Up @@ -101,7 +101,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: release-1.8
annotations:
Expand Down Expand Up @@ -159,7 +159,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: release-1.8
annotations:
Expand Down Expand Up @@ -217,7 +217,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: release-1.8
annotations:
Expand Down Expand Up @@ -275,7 +275,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: release-1.8
annotations:
Expand Down Expand Up @@ -333,7 +333,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: release-1.8
annotations:
Expand Down Expand Up @@ -393,7 +393,7 @@ periodics:
agent: kubernetes
decorate: true
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: release-1.8
annotations:
Expand Down Expand Up @@ -452,7 +452,7 @@ periodics:
decorate: true
# extra refs specify what repo should be cloned
extra_refs:
- org: jetstack
- org: cert-manager
repo: cert-manager
base_ref: release-1.8
annotations:
Expand Down
0 ...s/cert-manager/release-previous/README.md → ...r/cert-manager/release-previous/README.md
View file
Open in desktop
File renamed without changes.