From 13d8872f5d9976a2c9803cb24d24e0f632a551ca Mon Sep 17 00:00:00 2001 From: Rui Yang Date: Wed, 6 May 2020 23:57:24 -0400 Subject: [PATCH] allow github concourse contributor team to rerun builds and check resources so they could retrigger failure build on PR pipeline and check pr resource in case wanted version is not available. Note: they could also rerun any builds and check any resources by this change. Signed-off-by: Rui Yang --- .../with-creds/ci/contributor-team-config.yml | 5 +++++ deployments/with-creds/ci/values.yaml | 21 +++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 deployments/with-creds/ci/contributor-team-config.yml diff --git a/deployments/with-creds/ci/contributor-team-config.yml b/deployments/with-creds/ci/contributor-team-config.yml new file mode 100644 index 0000000..6045b77 --- /dev/null +++ b/deployments/with-creds/ci/contributor-team-config.yml @@ -0,0 +1,5 @@ +# fly -t ci set-team -n contributor --config contributor-team-config.yml +roles: +- name: pipeline-operator + github: + teams: ["concourse:contributors"] diff --git a/deployments/with-creds/ci/values.yaml b/deployments/with-creds/ci/values.yaml index 6abe2f5..e4ba716 100644 --- a/deployments/with-creds/ci/values.yaml +++ b/deployments/with-creds/ci/values.yaml @@ -87,6 +87,27 @@ concourse: team: concourse:Pivotal github: enabled: true + # so pipeline-operator ended up with two permissions + # - RerunJobBuild + # - CheckResource + # which will be granted to concourse:contributors for + # operating PR pipeline + configRBAC: | + member: + - AbortBuild + - CreateJobBuild + - PauseJob + - UnpauseJob + - ClearTaskCache + - UnpinResource + - SetPinCommentOnResource + - CheckResourceWebHook + - CheckResourceType + - EnableResourceVersion + - DisableResourceVersion + - PinResourceVersion + - PausePipeline + - UnpausePipeline bindPort: 80 clusterName: ci containerPlacementStrategy: limit-active-tasks