audit: update audit job to only push changes when there are changes to push

[spiffxp]

I should have opened an issue for this earlier.

The audit job was (and may still be) force-pushing changes to its PR branch after each run. This results in lots of traffic on a PR that looks like this:

When in reality nothing has actually changed.

I tried to fix this via kubernetes/test-infra#22239 but I'm not sure it worked. It's difficult to tell right now because the job may be pushing spurious etag updates (issue to fix: #2062) (ref: #2074 (comment))

So ideally:

• the audit job only creates a PR when there are changes to PR (I believe it does this)
• the audit job only update the PR when there are new changes compared to the HEAD of its PR
• the audit job updates the PR in a way that makes it clear what new changes have occurred (append a commit to the branch vs. force-push overtop? provide a comment with a link that shows the delta? etc.)

/wg k8s-infra
/area infra/auditing
/sig-testing
/kind bug
/priority important-soon
/milestone v1.22

[spiffxp]

/close
Yeah this works now. From a recent run...

Identifying changes ...
 M audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.riaan_data_store.access.json
 M audit/projects/k8s-infra-prow-build-trusted/iam.json
 M audit/projects/k8s-infra-prow-build-trusted/services/container/clusters/prow-build-trusted.json
 M audit/projects/k8s-infra-prow-build-trusted/services/logging/logs.json
Adding changes ...
Committing changes ...
[main 1d8e30dc] audit: update as of 2021-08-03
 4 files changed, 12 insertions(+), 3 deletions(-)
Fetching fork remote 'fork' ...
From https://github.com/k8s-infra-ci-robot/k8s.io
 * branch              autoaudit-prow -> FETCH_HEAD
Verifying whether HEAD differs from https://github.com/k8s-infra-ci-robot/k8s.io/tree/autoaudit-prow ...
No new changes to push, exiting early...

[k8s-ci-robot]

@spiffxp: Closing this issue.

In response to this:

/close
Yeah this works now. From a recent run...

Identifying changes ...
M audit/projects/k8s-infra-ii-sandbox/services/bigquery/bigquery.datasets.riaan_data_store.access.json
M audit/projects/k8s-infra-prow-build-trusted/iam.json
M audit/projects/k8s-infra-prow-build-trusted/services/container/clusters/prow-build-trusted.json
M audit/projects/k8s-infra-prow-build-trusted/services/logging/logs.json
Adding changes ...
Committing changes ...
[main 1d8e30dc] audit: update as of 2021-08-03
4 files changed, 12 insertions(+), 3 deletions(-)
Fetching fork remote 'fork' ...
From https://github.com/k8s-infra-ci-robot/k8s.io
* branch              autoaudit-prow -> FETCH_HEAD
Verifying whether HEAD differs from https://github.com/k8s-infra-ci-robot/k8s.io/tree/autoaudit-prow ...
No new changes to push, exiting early...

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.