Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow github concourse contributor team to rerun builds #127

Merged
merged 2 commits into from
May 20, 2020
Merged

allow github concourse contributor team to rerun builds #127

merged 2 commits into from
May 20, 2020

Conversation

xtremerui
Copy link
Contributor

once we have the pr bot working by concourse/concourse#5564

then we need to config concourse production CI to allow members of concourse:contributor team to rerun failure PR pipeline builds(due to flaky test) and check PR resource(if desired version is not fetched)

jamieklassen
jamieklassen suggested changes May 11, 2020
View reviewed changes
Copy link
Member

@jamieklassen jamieklassen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like --config-rbac is pretty weird. I'd guess you have encountered the same confusion as @gowrisankar22 in concourse/concourse#5514.

deployments/with-creds/ci/values.yaml Outdated Show resolved Hide resolved
deployments/with-creds/ci/values.yaml Outdated Show resolved Hide resolved
@xtremerui
Copy link
Contributor Author

@pivotal-jamie-klassen we realize giving the permission of RerunJobBuild to contributor actually endanger some critical jobs we have in CI main team for example those ship-it jobs in all release pipelines.

So we are thinking moving PRs pipeline to a different concourse team like contributors-team and use fly set-team after concourse deployment to give contributors pipeline-operators role. In this way the RerunJobBuild permission wil be limited. The con is its a manual process and we need to consider this for green peace for automation.

WDYT?

@cirocosta
Copy link
Member

cirocosta commented May 11, 2020
edited
Loading

[...] use fly set-team after concourse deployment to give contributors pipeline-operators role.
[...] a manual process and we need to consider this for green peace for automation.

that just reminded me of RFC: Concourse k8s operator and the Pipeline CRD RFC - with a Team CRD, we could have the configuration as code "and voila

update: and without the use of concourse tokens, having client auth grant type being a thing, we could soon have our controller doing all of that stuff without being admin 👀

@aoldershaw
Copy link
Contributor

aoldershaw commented May 11, 2020
edited
Loading

@cirocosta I know CRDs are the hot thing, but what if we had a Concourse terraform provider instead? Where you could define teams/pipelines using HCL, and when you spin up Concourse, you could have your initial teams/pipelines created as well all through Terraform?

There may be other benefits in using CRD+operator would bring over a Terraform provider, though - what do you think? It's possible we'd be appealing to a wider demographic in K8s than Terraform, I suppose

@jamieklassen
Copy link
Member

jamieklassen commented May 11, 2020
edited
Loading

@cirocosta @aoldershaw rather than investing in a third-party plugin for team automation, I would vote for a core concourse feature, a la set_team step: https://github.com/concourse/rfcs/discussions/50. This could perhaps be wrapped in a k8s operator or terraform provider.

@xtremerui xtremerui force-pushed the contributor-automation branch from 0e7e6fa to d849ae0 Compare May 11, 2020 22:09
allow github concourse contributor team to rerun builds
13d8872 
and check resources so they could retrigger failure build on PR
pipeline and check pr resource in case wanted version is not
available.

Note: they could also rerun any builds and check any resources by
this change.

Signed-off-by: Rui Yang <[email protected]>
@xtremerui xtremerui force-pushed the contributor-automation branch from d849ae0 to 13d8872 Compare May 11, 2020 22:14
@xtremerui
Copy link
Contributor Author

Updated to config RBAC in CI deployment only. Added a team config file for manual set-team step for now. Also created contributor team in CI. Next step will be move PRs pipeline to this team.

jamieklassen
jamieklassen approved these changes May 11, 2020
View reviewed changes
Copy link
Member

@jamieklassen jamieklassen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@xtremerui xtremerui force-pushed the contributor-automation branch from 6a92026 to ff5d44e Compare May 12, 2020 02:00
@xtremerui
Copy link
Contributor Author

@pivotal-jamie-klassen I forgot to put concourse:pivotal as owner for team contributor. Seems we are doing this for all other teams on CI.

@jamieklassen
Copy link
Member

Should be ok since concourse:pivotal are super admins

@xtremerui xtremerui mentioned this pull request May 12, 2020
Merged
@xtremerui xtremerui merged commit c7ad853 into master May 20, 2020
@chenbh chenbh deleted the contributor-automation branch October 30, 2020 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jamieklassen jamieklassen jamieklassen approved these changes

Assignees

@jamieklassen jamieklassen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@xtremerui @cirocosta @aoldershaw @jamieklassen