search

kubernetes-sigs / kustomize

Customization of kubernetes YAML configurations
Apache License 2.0
11k stars 2.25k forks source link

Some CI tasks should include verification that no diff was produced #4977

Closed KnVerey closed 12 months ago

KnVerey commented 1 year ago
k8s-ci-robot commented 1 year ago

@KnVerey: This issue is currently awaiting triage.

SIG CLI takes a lead on issue triage for this repo, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
antoooks commented 1 year ago

/assign

antoooks commented 1 year ago

Hi @KnVerey,

I am quite new to the codebase and would like to clarify on the requirements and familiarise myself with the repo.

make test-go-mod is run part of presubmit (though we're considering replacing it), but it is not very effective on its own as a CI check, because it passes even if the command makes uncommitted changes

  • The CI check should probably do go work sync as well, now that we're using workspace mode.

I don't think make generate-kustomize-builtin-plugins is currently run at all. It should be run, with an assertion that it doesn't generate a diff. This implies we're relying on manual reviews of the generated files + e2e tests (typically Krusty tests) having enough coverage to detect unintended drift.

natasha41575 commented 1 year ago

Does "CI check" you mentioned refers to Github action step-level or the Makefile-level check namely prow-presubmit-check ?

I believe that prow-presubmit-check is run by Github actions so it should be sufficient to add it there.

To answer the rest of your questions, I think generate-kustomize-builtin-plugins is supposed to generate the code under api/internal/builtins. (If that one doesn't, then there should be one that does.) The CI check should run that target, make test-go-mod and go work sync, and then verify that it didn't produce any diff from before running those and after running those. So not between current branch and master, but between current branch before running generate-kustomize-builtin-plugins, make test-go-mod and go work sync, and current branch after running those.

You can probably define a new make target like make no-diff or something like that, and call it from under prow-presubmit-check.

antoooks commented 1 year ago

Super! Thanks @natasha41575 for the insights

I think of having the same strategy for make no-diff, so we basically compares HEAD with current working tree, in this case we can approach this using 2 ways:

Opt 1: All done within Makefile, calling a simple git command, but the check will be very simple and it will not cover any intelligent logic, plus it will need the CI environment to have git Opt 2: Create a separate module like github.com/joelanford/go-apidiff@v0.6.0, it decouples better, and can be customised to be more intelligent, but it will introduce maintenance overhead compared to option 1, and requires the module to be stable all the time

Alternatively, if we aim to check the file integrity, we can use built-in commands like md5sum or cmp command instead, since it is simpler and serves the purpose

Wdyt?

antoooks commented 1 year ago

One more thing, what kind of handling is expected upon finding diff?

antoooks commented 1 year ago

As per last standup meeting, we go with option 2 (to have a different module to check diff, utilising gorepomod) and we throwing error is expected upon finding diff.

cc @natasha41575

antoooks commented 1 year ago

Resolved by https://github.com/kubernetes-sigs/kustomize/pull/5303

natasha41575 commented 12 months ago

Thanks so much @antoooks!