richardlau
commented
3 years ago @mhdawson I can do this.
Closed mhdawson closed 2 years ago
richardlau
commented
3 years ago @mhdawson I can do this.
nschonni
commented
2 years ago I opened up https://github.com/nodejs/build/pull/2831 for the hook
mhdawson
commented
2 years ago @richardlau, @nschonni I think in addition to https://github.com/nodejs/build/pull/2831/ along with the default branch rename, we would need to log into the machine the webhook and scripts are deployed to and update the files there manually as well. Is there anything else you think we need to do?
Looking at the repo itself the only references to master seen to be in external repos: https://github.com/nodejs/unofficial-builds/search?q=master so I don't think those need to be updated.
richardlau
commented
2 years ago @rvagg When we tried to deploy https://github.com/nodejs/build/pull/2831 via Ansible to the unofficial-builds server we got stuck on the github_deploy_webhook_secret -- eventually we "cheated" by reading it off the machine from the unofficial-builds-deploy-webhook.json file. Is the secret in secrets? We couldn't find it.
richardlau
commented
2 years ago Branch has been renamed 🎉 .
rvagg
commented
2 years ago uh, I can't see it in secrets. I can see it in a local host_vars file I have but that's obviously not helpful and other than in an inventory.yml in secrets I'm not sure where else it could be. I haven't really got into the habit of using inventory.yml in secrets for anything other than jenkins tokens, using the secrets workflow for inventory stuff is all new fangled for me who's been used to just building up a host_vars directory with stuff that's not properly shared! What's the best way to get this in, can I just put it as a variable in inventory.yml (infra I suppose) and it'll work, or do I need to do something else to wire it up in the playbook to fetch it out of the secrets inventory?
richardlau
commented
2 years ago @rvagg yes, you can put the variable in the inventory in secrets and it'll work. I'm happy to update (I'll go and do so) -- we just weren't sure if we were missing something and it was already there -- neither @mhdawson nor myself have access to the github-bot part of secrets so we weren't sure if perhaps it was in there (sounds like it isn't there at all).
For completeness sake (FYI) I did add a role to our playbooks for decrypting stuff from secrets (https://github.com/nodejs/build/tree/master/ansible/roles/read-secrets) but that was for the cases where 1) the same secret applied to multiple hosts (e.g. the RHEL subscription id for the RHEL machines) and I wanted to avoid duplicating the same thing multiple times in the inventory and/or 2) the secret is longer than a short string (e.g. the ssh key all of the release machines need to upload to the staging server).
We are going through all of the node.js repositories to rename the primary branch to main. Please see nodejs/node#33864 for more context.
There are some references to the master branch in the files so I think I'll need some help in doing the update. @richardlau is that something you can help with?