-
Notifications
You must be signed in to change notification settings - Fork 30
/
config.yaml
268 lines (259 loc) · 10.1 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
plank:
job_url_template: 'https://prow.infra.cert-manager.io/view/cert-manager-prow-artifacts/{{if eq .Spec.Type "presubmit"}}pr-logs/pull{{else if eq .Spec.Type "batch"}}pr-logs/pull{{else}}logs{{end}}{{if .Spec.Refs}}{{if ne .Spec.Refs.Org ""}}/{{.Spec.Refs.Org}}_{{.Spec.Refs.Repo}}{{end}}{{end}}{{if eq .Spec.Type "presubmit"}}/{{with index .Spec.Refs.Pulls 0}}{{.Number}}{{end}}{{else if eq .Spec.Type "batch"}}/batch{{end}}/{{.Spec.Job}}/{{.Status.BuildID}}/'
report_templates: # These templates are used when creating a GH report comment for test failures.
'*': '[Full PR test history](https://prow.infra.cert-manager.io/pr-history?org={{.Spec.Refs.Org}}&repo={{.Spec.Refs.Repo}}&pr={{with index .Spec.Refs.Pulls 0}}{{.Number}}{{end}}). [Your PR dashboard](https://prow.infra.cert-manager.io/pr?query=is%3Apr%20state%3Aopen%20author%3A{{with index .Spec.Refs.Pulls 0}}{{.Author}}{{end}}). Please help us cut down on flakes by [linking to](https://git.k8s.io/community/contributors/devel/sig-testing/flaky-tests.md#github-issues-for-known-flakes) an [open issue](https://github.com/{{.Spec.Refs.Org}}/{{.Spec.Refs.Repo}}/issues?q=is:issue+is:open) when you hit one in your PR.'
job_url_prefix_config:
'*': https://prow.infra.cert-manager.io/view/
pod_pending_timeout: 120m
pod_unscheduled_timeout: 60m
pod_running_timeout: 48h0m0s
default_decoration_configs:
'*':
timeout: 7200000000000 # 2h
grace_period: 10000000000 # 10s
utility_images:
clonerefs: "gcr.io/k8s-prow/clonerefs:v20240805-37a08f946"
initupload: "gcr.io/k8s-prow/initupload:v20240805-37a08f946"
entrypoint: "gcr.io/k8s-prow/entrypoint:v20240805-37a08f946"
sidecar: "gcr.io/k8s-prow/sidecar:v20240805-37a08f946"
gcs_configuration:
bucket: cert-manager-prow-artifacts
path_strategy: explicit
gcs_credentials_secret: gcs-credentials
resources:
clonerefs:
requests:
cpu: 100m
initupload:
requests:
cpu: 100m
place_entrypoint:
requests:
cpu: 100m
sidecar:
requests:
cpu: 100m
# branch-protection is well documented in the source code for prow:
# https://github.com/kubernetes/test-infra/blob/bc7ab92094413c3ba659851b5ec19f4308cb3a70/prow/config/branch_protection.go
branch-protection:
allow_disabled_policies: true
orgs:
cert-manager:
protect: true
# Prevent administrators from accidentally pushing directly to protected branches.
# Causes the "Include Administrators" checkbox to be ticked in the GitHub branch protection UI.
# See https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#do-not-allow-bypassing-the-above-settings
enforce_admins: true
# Disallow force pushes to the protected branch.
allow_force_pushes: false
# Disallow deletion of the protected branch.
allow_deletions: false
# In the GH UI, the following 'required_pull_request_reviews' configuration
# results in checking the 'Require a pull request before merging' checkbox,
# without checking any of it's child checkboxes. We must set the
# 'required_approving_review_count' value to 0 to make this work (this
# is 100% based on the GH REST API, see
# https://docs.github.com/en/rest/branches/branch-protection?apiVersion=2022-11-28#update-branch-protection)
# Note that the 'required_approving_review_count=0' option is not
# selectable in the UI but just corresponds with unchecking the
# 'Require approvals' checkbox.
required_pull_request_reviews:
required_approving_review_count: 0
required_status_checks:
contexts:
- dco
include:
- ^main$
- ^master$
- ^release-.*$
repos:
api:
protect: false
cert-manager:
branches:
# cert-manager/cert-manager defines required_status_checks on a per
# branch basis, since context names differ. Post release, the
# release branches can be updated to allow for cherry picks to the
# latest release.
release-1.12:
required_status_checks:
contexts:
- pull-cert-manager-release-1.12-chart
- pull-cert-manager-release-1.12-make-test
- pull-cert-manager-release-1.12-e2e-v1-27
- pull-cert-manager-release-1.12-e2e-v1-27-upgrade
release-1.15:
required_status_checks:
contexts:
- pull-cert-manager-release-1.15-make-verify
- pull-cert-manager-release-1.15-make-test
- pull-cert-manager-release-1.15-e2e-v1-30
- pull-cert-manager-release-1.15-e2e-v1-30-upgrade
release-1.16:
required_status_checks:
contexts:
- pull-cert-manager-release-1.16-make-verify
- pull-cert-manager-release-1.16-make-test
- pull-cert-manager-release-1.16-e2e-v1-31
- pull-cert-manager-release-1.16-e2e-v1-31-upgrade
master:
required_status_checks:
contexts:
- pull-cert-manager-master-make-verify
- pull-cert-manager-master-make-test
- pull-cert-manager-master-e2e-v1-31
- pull-cert-manager-master-e2e-v1-31-upgrade
website:
required_status_checks:
contexts:
- netlify/cert-manager/deploy-preview # See https://github.com/cert-manager/infrastructure#netlify
# NB: "pull-cert-manager-website-verify" used to be a standard Prow presubmit, similar to other
# presubmits required in this file.
# It's now a GitHub Action with the same name, defined in the cert-manager/website repo; see e.g.
# https://github.com/cert-manager/website/blob/6ec7f87093a3e36828453ad15db89e7c7970ba3a/.github/workflows/check.yaml#L8
- pull-cert-manager-website-verify
webhook-example:
required_status_checks:
contexts:
- pull-cert-manager-webhook-example-verify
trust-manager:
required_status_checks:
contexts:
- pull-trust-manager-verify
- pull-trust-manager-smoke
csi-lib:
required_status_checks:
contexts:
- pull-cert-manager-csi-lib-verify
aws-privateca-issuer:
protect: false
boilersuite:
required_status_checks:
contexts:
- pull-cert-manager-boilersuite-verify
google-cas-issuer:
required_status_checks:
contexts:
- pull-google-cas-issuer-verify
- pull-google-cas-issuer-test
- pull-google-cas-issuer-e2e
sinker:
resync_period: 1h
max_prowjob_age: 48h
max_pod_age: 1h
deck:
spyglass:
size_limit: 100000000 # 100MB
gcs_browser_prefix: https://console.cloud.google.com/storage/browser/
testgrid_config: gs://cert-manager-prow-testgrid/config
testgrid_root: https://testgrid.k8s.io/
lenses:
- lens:
name: metadata
required_files:
- ^(?:started|finished)\.json$
optional_files:
- ^(?:podinfo|prowjob)\.json$
- lens:
name: buildlog
required_files:
- ^.*build-log\.txt$
- lens:
name: junit
required_files:
- ^artifacts(/.*/|/)junit.*\.xml$ # https://regex101.com/r/vCSegS/1
- lens:
name: coverage
required_files:
- ^artifacts/filtered\.cov$
optional_files:
- ^artifacts/filtered\.html$
- lens:
name: podinfo
required_files:
- ^podinfo\.json$
- lens:
name: links
required_files:
- artifacts/.*\.link\.txt
tide_update_period: 1s
rerun_auth_configs:
'*':
github_team_ids:
- 2805308 # cert-manager milestone-maintainers
prowjob_namespace: default
pod_namespace: test-pods
log_level: info
presets:
# docker-in-docker (with images/bootstrap) preset
# NOTE: using this also requires using that image,
# ensuring you run your test under either the ENTRYPOINT or:
# /usr/local/bin/runner my-test-command --foo --bar
# AND setting the following on your PodSpec:
# securityContext:
# privileged: true
- labels:
preset-dind-enabled: "true"
env:
- name: DOCKER_IN_DOCKER_ENABLED
value: "true"
- name: DOCKER_CLI_EXPERIMENTAL
value: "enabled"
volumes:
- name: docker-graph
emptyDir: {}
volumeMounts:
- name: docker-graph
mountPath: /docker-graph
tide:
pr_status_base_urls:
'*': https://prow.infra.cert-manager.io/pr
squash_label: tide/squash
queries:
# Default tide config for all repos in the cert-manager org
- orgs:
- cert-manager
excludedRepos:
- cert-manager/cert-manager # Handled with a separate Tide query below.
labels:
- lgtm
- approved
- "dco-signoff: yes"
missingLabels:
- do-not-merge
- do-not-merge/hold
- do-not-merge/invalid-owners-file
- do-not-merge/work-in-progress
- needs-rebase
# cert-manager/cert-manager is the only repo in the cert-manager org which
# currently uses the release-note plugin so we duplicate the organization
# query parameters here and add the do-not-merge/release-note-label-needed to
# the list of labels which block a PR from being merged.
# TODO: Find out whether the org-wide defaults are added to the repo specific
# query fields here, in which case the fields can be de-duplicated.
- repos:
- cert-manager/cert-manager
labels:
- lgtm
- approved
- "dco-signoff: yes"
missingLabels:
- do-not-merge
- do-not-merge/hold
- do-not-merge/invalid-owners-file
- do-not-merge/work-in-progress
- needs-rebase
- needs-kind
- do-not-merge/release-note-label-needed
- author: github-actions[bot]
orgs:
- cert-manager
labels:
- skip-review
- "dco-signoff: yes"
missingLabels:
- do-not-merge
- do-not-merge/hold
- do-not-merge/invalid-owners-file
- do-not-merge/work-in-progress
- needs-rebase