Test-infra: Publishing bot cannot push

that context is required, which means that it requires a PR to be generated. One way around this would be to give the bot admin on the repo, as opposed to just write. this would allow it to push anyways, even without the right status contexts.

Has the bot signed the CLA?

Is it stuck on every commit, or a special commit that didn't sign the CLA?

Potential solutions are:

• give the bot admin access
• figuring out how to make these commits pass the CLA check
  
  
  
  • send PRs rather than write directly to the repo
  
  
  • write the commits somewhere unprotected and then merge it into master? (will this get them signed?)
  
  
• disable branch protection for automatically published repos.
• disable just the CLA check for automatically published repos.

I don't think it's that they don't pass the CLA, it's that they don't have the CLA context set.. which will never get set if isn't pushed and the CLA bot isn't delivered a webhook. chicken and egg.

yeah, this is tricky cross-repo, IIRC contexts are reported to a (repo,
commit sha) so even though the commits have been checked that status
doesn't exist in the synced repo...

one way to actually get the CLA check would be for the bot to push to a
fork first and then open a PR with the commits, instead of directly pushing
(which Erick mentioned), the other mentioned options are all probably
reasonable as well.

On Tue, May 29, 2018 at 12:35 PM Christoph Blecker notifications@github.com
wrote:

I don't think it's that they don't pass the CLA, it's that they don't have
the CLA context set.. which will never get set if isn't pushed and the CLA
bot isn't delivered a webhook. chicken and egg.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/kubernetes/test-infra/issues/8141#issuecomment-392914643,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AA4Bq--iIzEPZLnacfP_GrG2FLU1Ym4aks5t3aL0gaJpZM4UPuNs
.

Have to check whether it happens on every commit.

I started to do the CLA process for the bot, but stopped when faking name and signature :-)

fork first and then open a PR with the commits, instead of directly pushing
(which Erick mentioned), the other mentioned options are all probably
reasonable as well.

Unfortuantely not possible as it does not preserve the exact commit structure via a PR.

Unfortuantely not possible as it does not preserve the exact commit structure via a PR.

well if you just open the PR then we can get the cla status(es) IIRC, without necessarily merging it, since the statuses are not PR specific.
probably not worth it though /shrug

Yeah.. I think the best solution would be giving the publishing bot admin over the repos that it publishes.. then it can just push the branch as normal

@sttts can you confirm this is the right list of repos for the publishing bot: https://github.com/orgs/kubernetes/teams/stage-bots/repositories ?

@cblecker looks like it. it matches the list of directories under staging

dims@bigbox:~/go/src/k8s.io/kubernetes/staging/src/k8s.io$ ls -1
api
apiextensions-apiserver
apimachinery
apiserver
client-go
code-generator
kube-aggregator
metrics
sample-apiserver
sample-controller

It's right ^^

I've updated the permissions to admin, as well as filed https://github.com/kubernetes/test-infra/pull/8204 to ensure that the bots are the only ones pushing to those repos.

Looks like this is fixed now. Can you confirm, @sttts ?

Can you confirm

Yes, looks good again: https://stats.uptimerobot.com/wm4Dyt8kY

Fantastic! Closing.