From ef43779f5202d7e7ed5cc3d7fffe30fdd31ccd2f Mon Sep 17 00:00:00 2001 From: Aaron Crickenberger Date: Wed, 26 May 2021 22:28:34 -0400 Subject: [PATCH] audit: add create-or-update-audit-pr.sh This is mostly a straight copy-paste of the bash-script embedded in the ci-k8sio-audit job defined in: - repo: https://github.com/kubernetes/test-infra - sha: 624c7344bdb56bd25e119a8b1ccc284939861938 - file: config/jobs/kubernetes/wg-k8s-infra/trusted/wg-k8s-infra-trusted.yaml Added boilerplate header, comments up top, and put line breaks in between each block of code beginning with an echo statement --- audit/create-or-update-audit-pr.sh | 80 ++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100755 audit/create-or-update-audit-pr.sh diff --git a/audit/create-or-update-audit-pr.sh b/audit/create-or-update-audit-pr.sh new file mode 100755 index 00000000000..b36fe98cadd --- /dev/null +++ b/audit/create-or-update-audit-pr.sh @@ -0,0 +1,80 @@ +#!/usr/bin/env bash + +# Copyright 2021 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Run the audit script and create or update a PR containing any changes + +# NOTE: This is intended to run on k8s-infra-prow-build-trusted as +# k8s-infra-gcp-auditor@kubernetes-public.iam.gserviceaccount.com + +# TODO: Running locally is a work in progress, there are assumptions +# made about the environment in which this runs: +# - must have certain env vars present +# - must have kubernetes/test-infra in a certain location +# - must be able to build kubernetes/test-infra +# - must have gcloud already authenticated as someone who has the +# custom org role "audit.viewer" + +set -o errexit +set -o nounset +set -o pipefail + +GH_USER=cncf-ci +GH_NAME="CNCF CI Bot" +GH_EMAIL="cncf-ci@ii.coop" +FORK_GH_REPO=k8s.io +FORK_GH_BRANCH=autoaudit-${PROW_INSTANCE_NAME:-prow} + +echo "Ensure git configured" >&2 +git config user.name "${GH_NAME}" +git config user.email "${GH_EMAIL}" + +echo "Ensure gcloud creds are working" >&2 +gcloud config list + +echo "Running Audit Script to dump GCP configuration to yaml" >&2 +pushd ./audit +bash ./audit-gcp.sh +popd + +echo "Determining whether there are changes to push" >&2 +git add --all audit +git commit -m "audit: update as of $(date +%Y-%m-%d)" +git remote add fork "https://github.com/${GH_USER}/${FORK_GH_BRANCH}" +if git fetch fork "${FORK_GH_BRANCH}"; then + if git diff --quiet HEAD "fork/${FORK_GH_BRANCH}" -- audit; then + echo "No new changes to push, exiting early..." >&2 + exit + fi +fi + +echo "Generating pr-creator binary from k/test-infra/robots" >&2 +pushd ../../kubernetes/test-infra +go build -o /workspace/pr-creator robots/pr-creator/main.go +popd + +echo "Pushing commit to github.com/${GH_USER}/${FORK_GH_REPO}..." >&2 +GH_TOKEN=$(cat /etc/github-token/token) +git push -f "https://${GH_USER}:${GH_TOKEN}@github.com/${GH_USER}/${FORK_GH_REPO}" "HEAD:${FORK_GH_BRANCH}" 2>/dev/null + +echo "Creating or updating PR to merge ${GH_USER}:${FORK_GH_BRANCH} into kubernetes:main..." >&2 +/workspace/pr-creator \ + --github-token-path=/etc/github-token/token \ + --org=kubernetes --repo=k8s.io --branch=main \ + --source="${GH_USER}:${FORK_GH_BRANCH}" \ + --head-branch="${FORK_GH_BRANCH}" \ + --title="audit: update as of $(date +%Y-%m-%d)" \ + --body="Audit Updates wg-k8s-infra" \ + --confirm