fedora-infrastructure

Clone
Source Code
GIT

#10560 review and permissions for building bodhi in the infra target on koji
Closed: Fixed 3 years ago by kevin. Opened 3 years ago by ryanlerch.

Closed: Fixed
Reopen Issue

WE have been working automating the bodhi release process somewhat, and have settled on a GitHub Actions based solution for building staging versions of the bodhi packages in Koji. It is currently working (scratch builds, using a new user "bodhibuilder")

so, for this ticket, there are a few questions / requests:

  1. have a sysadmin review how i am authenticating with bodhi using github actions: see the following file: https://github.com/fedora-infra/bodhi/pull/4386/files#diff-7bb7a67ed05f3845ed1f1b92dc4b87dfb0dd9aba208cca5489055ccef315117b
    and the results of this action run in my fork here: https://github.com/ryanlerch/bodhi/actions/runs/1846478276
  2. the second request is to give the bodhibuilder user the ability to build in the infra targer on koji so it can build for the staging repo.

Metadata Update from @mohanboddu:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: medium-gain, medium-trouble, ops
3 years ago

I'll note too that packit did not suit our needs for two reasons:

  1. packit currently does not have the ability to allow building of multiple packages from a single git repo.
  2. More importantly, the packit user has to be granted privs to build in the fedora-infra tag on koji, and this means that any other packit repo would be able to build there too, which is not desirable.

ok, a few things.

  1. Could you follow https://docs.fedoraproject.org/en-US/fesco/Package_maintainer_responsibilities/#_bot_accounts for the bot account? ie, ends in -bot and has a wiki page listing what it does, who it's for, who controls it, etc?

  2. This is just staging right? So, it will update staging but still needs a human to 'koji move-build' into the prod tag? Or is that planned to be automated too?

Otherwise seems ok to me. I can grant it infra perms in koji when it's ready...

ok, a few things.

  1. Could you follow https://docs.fedoraproject.org/en-US/fesco/Package_maintainer_responsibilities/#_bot_accounts for the bot account? ie, ends in -bot and has a wiki page listing what it does, who it's for, who controls it, etc?

Ok, have created a new user bodhidev-bot that we will use here. Furthermore., Is it possible to remove the old bodhibuilder user?

  1. This is just staging right? So, it will update staging but still needs a human to 'koji move-build' into the prod tag? Or is that planned to be automated too?

I think for now, would like to keep the automation process to just be on staging. We will probably want to keep the tagging into stable as a manual process for now.

Otherwise seems ok to me. I can grant it infra perms in koji when it's ready...

It might be possible, but I'd say lets just deactivate it and leave it at that?

Sounds good. I have added 'infra' perm to bodhidev-bot now. :)

Let me know if you need anything else!

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
3 years ago

Log in to comment on this ticket.

Metadata
None

medium-gain medium-trouble ops

None
None
Waiting on Assignee
Boards 1
ops Status: Backlog
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.