#11371 Run the sig_policy script on a regular basis
Closed: Fixed a year ago by kevin. Opened a year ago by gotmax23.

  • Describe the issue

Currently, releng runs the sig_policy.py script on an adhoc basis. It would be nice to run it e.g. once a week or on some other scheduled basis.

Currently, there are several packages that need to be added to their respective SIGs:

$ ./sig_policy.py --dry-run --api-token " "
Processing group: go-sig
- add 'go-sig' with 'commit' ACL to 'delve'
- add 'go-sig' with 'commit' ACL to 'golang-github-need-being-tree'
- add 'go-sig' with 'commit' ACL to 'golang-oras'
- add 'go-sig' with 'commit' ACL to 'golang-oras-1'
- add 'go-sig' with 'commit' ACL to 'golang-oras-2'

Processing group: r-maint-sig
- add 'r-maint-sig' with 'commit' ACL to 'R-Matrix'
- add 'r-maint-sig' with 'commit' ACL to 'R-docopt'
- add 'r-maint-sig' with 'commit' ACL to 'R-gpx'
- add 'r-maint-sig' with 'commit' ACL to 'R-timechange'

Processing group: rust-sig
- add 'rust-sig' with 'commit' ACL to 'rust-anstream'
- add 'rust-sig' with 'commit' ACL to 'rust-anstyle'
- add 'rust-sig' with 'commit' ACL to 'rust-anstyle-parse'
- add 'rust-sig' with 'commit' ACL to 'rust-assert-str'
- add 'rust-sig' with 'commit' ACL to 'rust-blowfish'
- add 'rust-sig' with 'commit' ACL to 'rust-concolor-override'
- add 'rust-sig' with 'commit' ACL to 'rust-json_to_table'
- add 'rust-sig' with 'commit' ACL to 'rust-nu-explore'
- add 'rust-sig' with 'commit' ACL to 'rust-nu-table'
- add 'rust-sig' with 'commit' ACL to 'rust-serde_spanned'
- add 'rust-sig' with 'commit' ACL to 'rust-toml0.5'
- add 'rust-sig' with 'commit' ACL to 'rust-toml_datetime'
- add 'rust-sig' with 'commit' ACL to 'rust-tui0.17'
  • If we cannot complete your request, what is the impact?

SIGs won't be able to access packages under their purview and the FESCO policy will be ineffective.

/cc @decathorpe


I was not aware releng is supposed to run such script. Where does it live?
We can make it part of toddlers where most of our automation lives.

Metadata Update from @humaton:
- Issue tagged with: low-trouble, medium-gain, ops

a year ago

It's https://pagure.io/releng/blob/main/f/scripts/fesco/sig-policy/sig_policy.py. I should've linked it, but I was lazy :). IIRC, @kevin has run it the last few times.

Metadata Update from @humaton:
- Issue tagged with: automation

a year ago

Metadata Update from @humaton:
- Issue assigned to patrikp

a year ago

I just ran it again now in the mean time after landing the flatpak sig change (CC @kalev )

Excellent, thanks! I see that the flatpak sig commit ACL has appeared everywhere it was supposed to so it looks like that change worked nicely.

Metadata Update from @patrikp:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

Reopening as the needed API token has not yet been added to our ansible-private repo.

Metadata Update from @patrikp:
- Issue status updated to: Open (was: Closed)

a year ago

I created the fesco_sig_policy_src_token on @releng-bot with expiration date 2025-05-14.

The cron job has been deployed but it is not slated to run until next Monday. I'll keep the ticket open until then so we can check that it works.

Does this work? At least to me, it looks like the script hasn't run in months. It would be great if it could be ran manually from time to time until the scheduled job does ... its job :(

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

Log in to comment on this ticket.

Metadata
Boards 1
Ops Status: Backlog