Open jacobwolfaws opened 1 year ago
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
@caniszczyk Please advise if we can get a CLA exception for the github-actions bot to push to the gh-pages
branch. Here's more context on the issue we face:
gh-pages
branch.gh-pages
branchThe project has encountered similar scenarios in the past and has disabled branch protection to allow commits by the github-actions bot - https://github.com/kubernetes/test-infra/pull/23384. We agree that these changes should not have occured in the first place but this also means that we have precedent...
A similar issue was encountered in OpenTelemetry - https://github.com/open-telemetry/community/issues/809. OTel folks asked for the github-actions bot to be added to the EasyCLA allowlist but were told that this was not possible due to https://github.com/open-telemetry/community/issues/809#issuecomment-905869941.
The workaround suggested was to register a user in github, give that user permission, and generate a token to perform actions on behalf of that user. CNCF can then allowlist the user as a bot user - https://github.com/open-telemetry/community/issues/809#issuecomment-1016522419.
As mentioned above, our long term solution is to do something similar and leverage a prowjob. @MadhavJivrajani did an extensive investigation on how to achieve this but it will require additional work - https://gist.github.com/MadhavJivrajani/e80469715aaff79b362651dd8d1aca97.
We'd like to move to GitHub actions as much as possible. Not having an exception blocks us from achieving that goal.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
/remove-lifecycle rotten
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
We also face the same issue in cloud-provider-vsphere
repo, IMO, it is better we specifically allow github-actions bot to push to gh-pages
instead of removing gh-pages
from protect branches.
Originally brought up here: https://kubernetes.slack.com/archives/C01672LSZL0/p1677773943548989
The helm release github workflow can't push to the gh-pages branch of this repo: https://github.com/jacobwolfaws/aws-file-cache-csi-driver . The way most kubernetes repositories resolve this is by removing branch protections and the easycla check for this branch, but there are some legal concerns for using unprotected branches w/o CLA check. Ideally, an org-level mitigation would be taken that: