Currently, releng runs the sig_policy.py script on an adhoc basis. It would be nice to run it e.g. once a week or on some other scheduled basis.
Currently, there are several packages that need to be added to their respective SIGs:
$ ./sig_policy.py --dry-run --api-token " " Processing group: go-sig - add 'go-sig' with 'commit' ACL to 'delve' - add 'go-sig' with 'commit' ACL to 'golang-github-need-being-tree' - add 'go-sig' with 'commit' ACL to 'golang-oras' - add 'go-sig' with 'commit' ACL to 'golang-oras-1' - add 'go-sig' with 'commit' ACL to 'golang-oras-2' Processing group: r-maint-sig - add 'r-maint-sig' with 'commit' ACL to 'R-Matrix' - add 'r-maint-sig' with 'commit' ACL to 'R-docopt' - add 'r-maint-sig' with 'commit' ACL to 'R-gpx' - add 'r-maint-sig' with 'commit' ACL to 'R-timechange' Processing group: rust-sig - add 'rust-sig' with 'commit' ACL to 'rust-anstream' - add 'rust-sig' with 'commit' ACL to 'rust-anstyle' - add 'rust-sig' with 'commit' ACL to 'rust-anstyle-parse' - add 'rust-sig' with 'commit' ACL to 'rust-assert-str' - add 'rust-sig' with 'commit' ACL to 'rust-blowfish' - add 'rust-sig' with 'commit' ACL to 'rust-concolor-override' - add 'rust-sig' with 'commit' ACL to 'rust-json_to_table' - add 'rust-sig' with 'commit' ACL to 'rust-nu-explore' - add 'rust-sig' with 'commit' ACL to 'rust-nu-table' - add 'rust-sig' with 'commit' ACL to 'rust-serde_spanned' - add 'rust-sig' with 'commit' ACL to 'rust-toml0.5' - add 'rust-sig' with 'commit' ACL to 'rust-toml_datetime' - add 'rust-sig' with 'commit' ACL to 'rust-tui0.17'
SIGs won't be able to access packages under their purview and the FESCO policy will be ineffective.
/cc @decathorpe
I was not aware releng is supposed to run such script. Where does it live? We can make it part of toddlers where most of our automation lives.
Metadata Update from @humaton: - Issue tagged with: low-trouble, medium-gain, ops
It's https://pagure.io/releng/blob/main/f/scripts/fesco/sig-policy/sig_policy.py. I should've linked it, but I was lazy :). IIRC, @kevin has run it the last few times.
Metadata Update from @humaton: - Issue tagged with: automation
Metadata Update from @humaton: - Issue assigned to patrikp
I just ran it again now in the mean time after landing the flatpak sig change (CC @kalev )
Excellent, thanks! I see that the flatpak sig commit ACL has appeared everywhere it was supposed to so it looks like that change worked nicely.
Addressed in https://pagure.io/fedora-infra/ansible/pull-request/1374.
Metadata Update from @patrikp: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Reopening as the needed API token has not yet been added to our ansible-private repo.
Metadata Update from @patrikp: - Issue status updated to: Open (was: Closed)
I created the fesco_sig_policy_src_token on @releng-bot with expiration date 2025-05-14.
fesco_sig_policy_src_token
The cron job has been deployed but it is not slated to run until next Monday. I'll keep the ticket open until then so we can check that it works.
Does this work? At least to me, it looks like the script hasn't run in months. It would be great if it could be ran manually from time to time until the scheduled job does ... its job :(
The cron job was broken.
I fixed it and ran it.
https://lists.fedoraproject.org/archives/list/releng-cron@lists.fedoraproject.org/message/MBO6BII2DVSNCBYNZFC4OXJ7CCXAAK4O/
It should now run weekly.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Thanks!
Log in to comment on this ticket.