New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openshift-apps: add fedora-coreos-koji-tagger application #1
Conversation
This allows reaching crates.io, which is required at build-time in order to reach the dependency registry. Policy change has been acked by puiterwijk: https://matrix.to/#/!bcjmqdemgMWRaJJeva:matrix.org/$15611030891834087ceIcE:matrix.org?via=matrix.org&via=disroot.org&via=lisas.de Signed-off-by: Luca Bruno <luca.bruno@coreos.com>
crates.io registry is organized in (and redirects to) separate subdomains for cached static artifacts. This continues crates.io white-listing effort, covering static.crates.io too. Follow-Up: https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/roles/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml?id=48a9d409a4ad1e5637ef7453dbac767c28e08f04
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Signed-off-by: Clement Verna <cverna@tutanota.com>
We forgot to update this.
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
Signed-off-by: Clement Verna <cverna@tutanota.com>
https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/?id=db786b6 Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
* Rename to koji-prune-signed-copies to make it clear it's not removing signatures * Quote the script and args gor lock-wrapper so it runs and doesn't error out. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
It broke because python3 setup.py install installs binaries to /usr/local/bin , not /usr/bin, so fedora-openqa is no longer where the script expects it to be... Signed-off-by: Adam Williamson <awilliam@redhat.com>
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
I changed how check-compose upstream does email recipient config to try and fix the 'get Atomic-related emails to Atomic people' problem again after Fedora-Atomic composes went away. This is an attempt to adjust the play to populate the config file for that change. Let's see what blows up! Signed-off-by: Adam Williamson <awilliam@redhat.com>
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Signed-off-by: Adam Williamson <awilliam@redhat.com>
...sigh. Signed-off-by: Adam Williamson <awilliam@redhat.com>
…st rawhide gating Signed-off-by: Clement Verna <cverna@tutanota.com>
Signed-off-by: Clement Verna <cverna@tutanota.com>
Signed-off-by: Clement Verna <cverna@tutanota.com>
Signed-off-by: Clement Verna <cverna@tutanota.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe call the role and playbook coreos-koji-tagger
(without fedora-
prefix) instead?
Some parts related to keytab need changing, otherwise looks good.
app: fedora-coreos-koji-tagger | ||
key: koji-keytab | ||
secret_name: fedora-coreos-koji-tagger-coreos-bot-keytab | ||
service: bodhi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use service: coreos-koji-tagger
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 - done
key: koji-keytab | ||
secret_name: fedora-coreos-koji-tagger-coreos-bot-keytab | ||
service: bodhi | ||
host: 'idontknow' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use host: "coreos-koji-tagger{{ env_suffix }}.fedoraproject.org"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 - done
secret_name: fedora-coreos-koji-tagger-coreos-bot-keytab | ||
service: bodhi | ||
host: 'idontknow' | ||
- role: openshift/object |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can embed secret into deployment config, separate secret.yaml shouldn't be needed AFAIK
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 - done
renamed and updated the files |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One typo, otherwise looks good.
key: koji-keytab | ||
secret_name: coreos-koji-tagger-coreos-bot-keytab | ||
service: coreos-koji-tagger | ||
host: host: "coreos-koji-tagger{{ env_suffix }}.fedoraproject.org" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a typo - double "host"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good catch. fixed now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
rebased on top of latest master |
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
original RFR: https://pagure.io/fedora-infrastructure/issue/7870