Test-infra: Add a Prow command to create branches
What to add
Consider adding a Prow command to create new branches.
Why it matters
SIG Docs handles localizations for Kubernetes docs.
When SIG Docs adds a new localization, we add the team's leaders to a repo team with write permissions so that leaders can create long-running branches for team collaboration.
As the number of localizations increases, the number of people with write access to k/website also increases. This poses a security risk that worsens at scale. We've already seen two incidents in the past two months of contributors using write permissions to bypass Prow:
We need to minimize the number of people with write permissions to k/website while preserving the ability of localization teams to work on collaborative branches.
Thanks in advance for your consideration!
Additional context
cc @jimangel @kbarnard10 @cblecker
zacharysarah
All 11 comments
/sig docs
zacharysarah
on 6 Jan 2020
@zacharysarah -- This is timely! Releng is discussing possibilities here: https://github.com/kubernetes/release/issues/857
cc: @kubernetes/release-engineering
justaugustus
on 7 Jan 2020
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
fejta-bot
on 6 Apr 2020
This is still important.
/remove-lifecycle stale
/lifecycle frozen
/priority important-longterm
zacharysarah
on 6 Apr 2020
/remove-lifecycle frozen
We haven't decided if/how we would do this, so it doesn't really qualify for frozen.
I'm not sure what the workflow would even look like for this.. we don't really do repo-scoped commands. They are all issue or PR scoped.
cblecker
on 25 May 2020
If we implement branch creation as a plugin, we can just enable the plugin on a single repo.
stevekuznetsov
on 25 May 2020
@stevekuznetsov That's not what I mean. I mean where would you issue the command to create a branch?
cblecker
on 25 May 2020
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
fejta-bot
on 23 Aug 2020
/remove-lifecycle stale
jimangel
on 23 Aug 2020
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
fejta-bot
on 26 Nov 2020
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
fejta-bot
on 26 Dec 2020
Related issues
zacharysarah
路
3Comments
sjenning
路
4Comments
chaosaffe
路
3Comments
cjwagner
路
3Comments
benmoss
路
3Comments
Most helpful comment
@zacharysarah -- This is timely! Releng is discussing possibilities here: https://github.com/kubernetes/release/issues/857
cc: @kubernetes/release-engineering