Add ci-k8sio-audit perodic job

It's not complete yet, but it may be eaiser to merge and iterate. Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
kubernetes · Feb 11, 2021 · bf51391 · bf51391
1 parent 2c107b0
commit bf51391
Showing 1 changed file with 75 additions and 0 deletions.
diff --git a/config/jobs/kubernetes/wg-k8s-infra/trusted/wg-k8s-infra-trusted.yaml b/config/jobs/kubernetes/wg-k8s-infra/trusted/wg-k8s-infra-trusted.yaml
@@ -22,6 +22,81 @@ periodics:
       args:
       - -c
       - "cd groups && make run -- --confirm"
+- name: ci-k8sio-audit
+  interval: 6h
+  cluster: k8s-infra-prow-build-trusted
+  decorate: true
+  max_concurrency: 1
+  annotations:
+    testgrid-dashboards: wg-k8s-infra-k8sio
+    testgrid-alert-email: hh@ii.coop
+    testgrid-num-failures-to-alert: '100'
+  extra_refs:
+  - org: kubernetes
+    repo: k8s.io
+    base_ref: master
+  - org: kubernetes
+    repo: test-infra
+    base_ref: master
+  rerun_auth_config:
+    github_users:
+      - hh
+  spec:
+    serviceAccountName: k8s-infra-gcp-auditor
+    containers:
+    - name: groups
+      image: gcr.io/k8s-testimages/gcb-docker-gcloud:v20201130-750d12f
+      command:
+      - bash
+      args:
+      - -c
+      - |
+        echo "Ensure gcloud creds are working" >&2
+        gcloud config list
+        echo -n "Calculate github user from token: " >&2
+        GH_TOKEN=$(cat /etc/github-token/oauth)
+        GH_USER=$(curl -H "Authorization: token $GH_TOKEN" "https://api.github.com/user" 2>/dev/null | sed -n "s/\s\+\"login\": \"\(.*\)\",/\1/p")
+        FORK_GH_BRANCH=autoaudit-${PROW_INSTANCE_NAME:-prow}
+        echo "$GH_USER" >&2
+        echo "Running Audit Script to dump GCP configuration to yaml" >&2
+        push ./audit
+        ./audit-gcp.sh
+        popd
+
+        echo "Generate pr-creator binary from k/test-infra/robots" >&2
+        pushd ../test-infra
+        go build -o ../k8s.io/pr-creator robots/pr-creator/main.go
+        popd
+
+        echo "Prepare commit for possible PR"
+        # Values pulled from config/prow/autobump-config.yaml
+        # and logic from prow/cmd/autobump.sh
+        git config user.name "CNCF CI Bot"
+        git config user.email "cncf-ci@ii.coop"
+        git add --all -u
+        git commit -m "audit: update as of $(date +%Y-%m-%d)"
+        echo -e "Pushing commit to github.com/${GH_USER}/${FORK_GH_REPO}:..." >&2
+        git push -f "https://${GH_USER}:${GH_TOKEN}@github.com/${GH_USER}/${FORK_GH_REPO}" "HEAD:${FORK_GH_BRANCH}}" 2>/dev/null
+
+        echo "Creating PR to merge ${GITHUB_USER}:${FORK_GH_BRANCH} into master..." >&2
+        title="audit: update as of $(date +%Y-%m-%d)"
+        body="Audit Updates\n/wg k8s-infra"
+        /pr-creator \
+          --github-token-path=/etc/github-token/oauth \
+          --org=kubernetes --repo=k8s.io --branch=main \
+          --source="${GH_USER}:${FORK_GH_BRANCH}" \
+          --head-branch="${FORK_GH_BRANCH}" \
+          --title="${title}" \
+          --body="${body}" \
+          --confirm
+      volumeMounts:
+      - name: github
+        mountPath: /etc/github-token
+        readOnly: true
+    volumes:
+    - name: github
+      secret:
+        secretName: oauth-token
 
 postsubmits:
   kubernetes/k8s.io: