Add cherrypicker to prow deployment bundle

prow/BUILD.bazel

@@ -26,6 +26,7 @@ docker_bundle(
         "tot",
     ) + prow_docker_tags(**{
         prow_prefix("needs-rebase"): "//prow/external-plugins/needs-rebase:image",
+        prow_prefix("cherrypicker"): "//prow/external-plugins/cherrypicker:image",
     }),
     stamp = True,
 )

prow/cluster/BUILD.bazel

@@ -24,6 +24,7 @@ release(
     component("tls-ing", "ingress"),
     component("tot", "service", "deployment"),
     component("needs-rebase", "deployment"),
+    component("cherrypicker", "deployment"),
 )
 
 component("starter", MULTI_KIND)

prow/cluster/cherrypicker_deployment.yaml

@@ -0,0 +1,51 @@
+# Copyright 2018 The Kubernetes Authors All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: cherrypicker
+  labels:
+    app: cherrypicker
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: cherrypicker
+    spec:
+      terminationGracePeriodSeconds: 180
+      containers:
+      - name: cherrypicker
+        image: gcr.io/k8s-prow/cherrypicker:latest
+        imagePullPolicy: Always
+        args:
+        - --dry-run=false
+        ports:
+          - name: http
+            containerPort: 8888
+        volumeMounts:
+        - name: hmac
+          mountPath: /etc/webhook
+          readOnly: true
+        - name: oauth
+          mountPath: /etc/github
+          readOnly: true
+      volumes:
+      - name: hmac
+        secret:
+          secretName: hmac-token
+      - name: oauth
+        secret:
+          secretName: oauth-token

prow/cluster/cherrypicker_service.yaml

@@ -0,0 +1,25 @@
+# Copyright 2018 The Kubernetes Authors All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: cherrypicker
+spec:
+  selector:
+    app: cherrypicker
+  ports:
+  - port: 80
+    targetPort: 8888
+  type: NodePort

prow/external-plugins/cherrypicker/BUILD.bazel

@@ -1,3 +1,28 @@
+load("@io_bazel_rules_docker//docker:docker.bzl", "docker_bundle")
+load("@io_bazel_rules_docker//contrib:push-all.bzl", "docker_push")
+load("@io_bazel_rules_docker//go:image.bzl", "go_image")
+
+docker_bundle(
+    name = "bundle",
+    images = {
+        "{STABLE_PROW_REPO}/cherrypicker:{DOCKER_TAG}": ":image",
+        "{STABLE_PROW_REPO}/cherrypicker:latest": ":image",
+        "{STABLE_PROW_REPO}/cherrypicker:latest-{BUILD_USER}": ":image",
+    },
+    stamp = True,
+)
+
+docker_push(
+    name = "push",
+    bundle = ":bundle",
+)
+
+go_image(
+    name = "image",
+    binary = ":cherrypicker",
+    visibility = ["//visibility:public"],
+)
+
 load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library", "go_test")
 
 go_library(

prow/plugins.yaml

@@ -372,6 +372,10 @@ external_plugins:
     events:
       - pull_request
   kubernetes/kubernetes:
+  - name: cherrypicker
+    events:
+      - issue_comment
+      - pull_request
   - name: needs-rebase
     events:
       - pull_request