-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Manage the cert-manager GitHub organisation from this repo
Signed-off-by: Tim Ramlot <[email protected]>
- Loading branch information
Showing
19 changed files
with
2,591 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| .vscode/ | ||
| *.swp | ||
| *.pyc | ||
| *~ | ||
| /bazel-* | ||
| .DS_Store | ||
| .idea/ | ||
| _output/ | ||
| token |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,85 @@ | ||
| # Copyright 2023 The cert-manager Authors. | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| SHELL := /usr/bin/env bash | ||
|
|
||
| # available for override | ||
| GITHUB_TOKEN_PATH ?= | ||
|
|
||
| ORGS = $(shell find ./config -mindepth 1 -maxdepth 1 -type d | cut -d/ -f3) | ||
|
|
||
| # use absolute path to ./_output, which is .gitignored | ||
| OUTPUT_DIR := $(shell pwd)/_output | ||
| OUTPUT_BIN_DIR := $(OUTPUT_DIR)/bin | ||
|
|
||
| MERGE_CMD := $(OUTPUT_BIN_DIR)/merge | ||
| PERIBOLOS_CMD := $(OUTPUT_BIN_DIR)/peribolos | ||
|
|
||
| CONFIG_FILES = $(shell find config/ -type f -name '*.yaml') | ||
| MERGED_CONFIG := $(OUTPUT_DIR)/gen-config.yaml | ||
|
|
||
| # convenience targets for humans | ||
| .PHONY: clean | ||
| clean: | ||
| rm -rf $(OUTPUT_DIR) | ||
|
|
||
| .PHONY: build | ||
| build: | ||
| go build ./... | ||
|
|
||
| .PHONY: merge | ||
| merge: $(MERGE_CMD) | ||
|
|
||
| .PHONY: config | ||
| config: $(MERGED_CONFIG) | ||
|
|
||
| .PHONY: peribolos | ||
| peribolos: $(PERIBOLOS_CMD) | ||
|
|
||
| .PHONY: verify | ||
| verify: verify-boilerplate verify-config | ||
|
|
||
| .PHONY: verify-boilerplate | ||
| verify-boilerplate: | ||
| go run github.com/cert-manager/[email protected] . | ||
|
|
||
| .PHONY: verify-config | ||
| verify-config: config | ||
| MERGED_CONFIG=$(MERGED_CONFIG) go test ./... | ||
|
|
||
| .PHONY: update-prep | ||
| update-prep: config verify-config peribolos | ||
|
|
||
| .PHONY: deploy # --confirm | ||
| deploy: | ||
| ./admin/update.sh | ||
| $(-*-command-variables-*-) $(filter-out $@,$(MAKECMDGOALS)) | ||
|
|
||
| add-members: | ||
| ./hack/add-members.sh | ||
|
|
||
| # actual targets that only get built if they don't already exist | ||
| $(MERGE_CMD): | ||
| mkdir -p "$(OUTPUT_BIN_DIR)" | ||
| go build -o "$(OUTPUT_BIN_DIR)" ./cmd/merge | ||
|
|
||
| $(MERGED_CONFIG): clean $(MERGE_CMD) $(CONFIG_FILES) | ||
| mkdir -p "$(OUTPUT_DIR)" | ||
| $(MERGE_CMD) \ | ||
| --merge-teams \ | ||
| $(shell for o in $(ORGS); do echo "--org-part=$$o=config/$$o/org.yaml"; done) \ | ||
| > $(MERGED_CONFIG) | ||
|
|
||
| $(PERIBOLOS_CMD): | ||
| GOBIN=$(OUTPUT_BIN_DIR) go install sigs.k8s.io/prow/cmd/peribolos@main |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,15 @@ | ||
| # org | ||
| Configuration for the cert-manager GitHub org | ||
| # cert-manager GitHub Organization | ||
|
|
||
| This repository contains the metadata configuration for the cert-manager GitHub Organizations. | ||
| The data here is consumed by the [peribolos tool](https://github.com/kubernetes-sigs/prow/tree/ea10bd8144c3d988528011af024abe47ea8dabb2/cmd/peribolos) to manage GitHub organizations, teams and repos. | ||
|
|
||
| ## Contributing | ||
|
|
||
| This repository is mostly managed by the cert-manager admins. If you need to request access to a team, please open an issue in the community repository: https://github.com/cert-manager/community. | ||
|
|
||
| Instructions for cert-manager admins: | ||
| 1. create a PR with the proposed changes | ||
| 2. reviewers can dry-run the peribolos tool to see the changes that will be made | ||
| 3. once the PR is approved and merged, an admin has to run the peribolos tool again to apply the changes | ||
|
|
||
| See `./admin/README.md` for instructions on how to manually run the peribolos tool (only possible for cert-manager admins). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| # Apply kubernetes configuration | ||
|
|
||
| Merge a PR that changes some `config/foo/org.yaml` and then run the following: | ||
| ```shell | ||
| # Displays what it would do without making changes until you add the confirm flag | ||
| ./admin/update.sh --github-token-path ~/path-to-my-token # --confirm | ||
| ``` | ||
|
|
||
| This will default to a dry-run mode, displaying what changes it intends to make without actually updating anything on github. | ||
| It will apply the change if you send it the `--confirm` flag. | ||
|
|
||
| It also runs `make test` to validate the config. | ||
|
|
||
| Assuming everything works the tool should output something like the following: | ||
| ```console | ||
| {"client":"github","component":"peribolos","level":"info","msg":"Throttle(300, 100)","time":"2018-08-10T17:42:15-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"GetOrg(kubernetes-incubator)","time":"2018-08-10T17:42:15-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgInvitations(kubernetes-incubator)","time":"2018-08-10T17:42:17-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgMembers(kubernetes-incubator, admin)","time":"2018-08-10T17:42:17-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgMembers(kubernetes-incubator, member)","time":"2018-08-10T17:42:17-07:00"} | ||
| {"component":"peribolos","level":"info","msg":"Skipping team and team member configuration","time":"2018-08-10T17:42:17-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"GetOrg(kubernetes-retired)","time":"2018-08-10T17:42:17-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgInvitations(kubernetes-retired)","time":"2018-08-10T17:42:18-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgMembers(kubernetes-retired, admin)","time":"2018-08-10T17:42:18-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgMembers(kubernetes-retired, member)","time":"2018-08-10T17:42:18-07:00"} | ||
| {"component":"peribolos","level":"info","msg":"Waiting for calebamiles to accept invitation to kubernetes-retired","time":"2018-08-10T17:42:18-07:00"} | ||
| {"component":"peribolos","level":"info","msg":"Skipping team and team member configuration","time":"2018-08-10T17:42:18-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"GetOrg(kubernetes-sigs)","time":"2018-08-10T17:42:18-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"EditOrg(kubernetes-sigs, {[email protected] Kubernetes SIGs Org for Kubernetes SIG-related work true true read false})","time":"2018-08-10T17:42:18-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgInvitations(kubernetes-sigs)","time":"2018-08-10T17:42:18-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgMembers(kubernetes-sigs, admin)","time":"2018-08-10T17:42:18-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgMembers(kubernetes-sigs, member)","time":"2018-08-10T17:42:18-07:00"} | ||
| {"component":"peribolos","level":"info","msg":"Waiting for calebamiles to accept invitation to kubernetes-sigs","time":"2018-08-10T17:42:18-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"RemoveOrgMembership(kubernetes-sigs, carolynvs)","time":"2018-08-10T17:42:18-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"RemoveOrgMembership(kubernetes-sigs, jeremyrickard)","time":"2018-08-10T17:42:18-07:00"} | ||
| {"component":"peribolos","level":"info","msg":"Skipping team and team member configuration","time":"2018-08-10T17:42:18-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"GetOrg(kubernetes)","time":"2018-08-10T17:42:18-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgInvitations(kubernetes)","time":"2018-08-10T17:42:19-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgMembers(kubernetes, admin)","time":"2018-08-10T17:42:19-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgMembers(kubernetes, member)","time":"2018-08-10T17:42:19-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"RemoveOrgMembership(kubernetes, ianychoi)","time":"2018-08-10T17:42:21-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"RemoveOrgMembership(kubernetes, akutz)","time":"2018-08-10T17:42:21-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"RemoveOrgMembership(kubernetes, gochist)","time":"2018-08-10T17:42:21-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"RemoveOrgMembership(kubernetes, jeremyrickard)","time":"2018-08-10T17:42:21-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"RemoveOrgMembership(kubernetes, fanzhangio)","time":"2018-08-10T17:42:21-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"RemoveOrgMembership(kubernetes, dvonthenen)","time":"2018-08-10T17:42:21-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"RemoveOrgMembership(kubernetes, rosti)","time":"2018-08-10T17:42:21-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"RemoveOrgMembership(kubernetes, bart0sh)","time":"2018-08-10T17:42:21-07:00"} | ||
| {"component":"peribolos","level":"info","msg":"Skipping team and team member configuration","time":"2018-08-10T17:42:21-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"GetOrg(kubernetes-client)","time":"2018-08-10T17:42:21-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgInvitations(kubernetes-client)","time":"2018-08-10T17:42:22-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgMembers(kubernetes-client, admin)","time":"2018-08-10T17:42:22-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgMembers(kubernetes-client, member)","time":"2018-08-10T17:42:22-07:00"} | ||
| {"component":"peribolos","level":"info","msg":"Waiting for calebamiles to accept invitation to kubernetes-client","time":"2018-08-10T17:42:22-07:00"} | ||
| {"component":"peribolos","level":"info","msg":"Skipping team and team member configuration","time":"2018-08-10T17:42:22-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"GetOrg(kubernetes-csi)","time":"2018-08-10T17:42:22-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgInvitations(kubernetes-csi)","time":"2018-08-10T17:42:22-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgMembers(kubernetes-csi, admin)","time":"2018-08-10T17:42:22-07:00"} | ||
| {"client":"github","component":"peribolos","level":"info","msg":"ListOrgMembers(kubernetes-csi, member)","time":"2018-08-10T17:42:23-07:00"} | ||
| {"component":"peribolos","level":"info","msg":"Waiting for calebamiles to accept invitation to kubernetes-csi","time":"2018-08-10T17:42:23-07:00"} | ||
| {"component":"peribolos","level":"info","msg":"Skipping team and team member configuration","time":"2018-08-10T17:42:23-07:00"} | ||
| ``` | ||
|
|
||
| Happy administering! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| #!/usr/bin/env bash | ||
| # +skip_license_check | ||
|
|
||
| # Copyright 2018 The Kubernetes Authors. | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| set -o errexit | ||
| set -o nounset | ||
| set -o pipefail | ||
| set -x | ||
|
|
||
| REPO_ROOT=$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd -P) | ||
| readonly REPO_ROOT | ||
|
|
||
| readonly admins=( | ||
| caniszczyk | ||
| thelinuxfoundation | ||
| inteon | ||
| jakexks | ||
| JoshVanL | ||
| maelvls | ||
| munnerz | ||
| SgtCoDFish | ||
| ThatsMrTalbot | ||
| wallrj | ||
| ) | ||
|
|
||
| # this is the hourly token limit for the GitHub API | ||
| # if unset, the default is set in the peribolos code: https://github.com/kubernetes-sigs/prow/blob/0bca2f1416a9c15d75b9cee8704b56b38d5895c6/prow/cmd/peribolos/main.go#L41 | ||
| # if set to 0, rate limiting is disabled | ||
| readonly HOURLY_TOKENS=3000 | ||
|
|
||
| cd "${REPO_ROOT}" | ||
| make update-prep | ||
| cmd="${REPO_ROOT}/_output/bin/peribolos" | ||
| args=( | ||
| --config-path="${REPO_ROOT}/_output/gen-config.yaml" | ||
| --fix-org | ||
| --fix-org-members | ||
| --fix-repos | ||
| --fix-teams | ||
| --fix-team-members | ||
| --fix-team-repos | ||
| --github-hourly-tokens="${HOURLY_TOKENS}" | ||
| "${admins[@]/#/--required-admins=}" | ||
| ) | ||
|
|
||
| "${cmd}" "${args[@]}" "${@}" |
Oops, something went wrong.