Github Workflow can't push to protected gh-pages branch #4114
Comments
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
@caniszczyk Please advise if we can get a CLA exception for the github-actions bot to push to the
Additional contextPrecedenceThe project has encountered similar scenarios in the past and has disabled branch protection to allow commits by the github-actions bot - kubernetes/test-infra#23384. We agree that these changes should not have occured in the first place but this also means that we have precedent... Similar issues in other projectsA similar issue was encountered in OpenTelemetry - open-telemetry/community#809. OTel folks asked for the github-actions bot to be added to the EasyCLA allowlist but were told that this was not possible due to open-telemetry/community#809 (comment). The workaround suggested was to register a user in github, give that user permission, and generate a token to perform actions on behalf of that user. CNCF can then allowlist the user as a bot user - open-telemetry/community#809 (comment). Long term solutionAs mentioned above, our long term solution is to do something similar and leverage a prowjob. @MadhavJivrajani did an extensive investigation on how to achieve this but it will require additional work - https://gist.github.com/MadhavJivrajani/e80469715aaff79b362651dd8d1aca97. We'd like to move to GitHub actions as much as possible. Not having an exception blocks us from achieving that goal. |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
/remove-lifecycle rotten |
k8s-ci-robot
removed
the
lifecycle/rotten
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale We also face the same issue in |
k8s-ci-robot
removed
the
lifecycle/stale
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
Originally brought up here: https://kubernetes.slack.com/archives/C01672LSZL0/p1677773943548989
The helm release github workflow can't push to the gh-pages branch of this repo: https://github.com/jacobwolfaws/aws-file-cache-csi-driver . The way most kubernetes repositories resolve this is by removing branch protections and the easycla check for this branch, but there are some legal concerns for using unprotected branches w/o CLA check. Ideally, an org-level mitigation would be taken that:
The text was updated successfully, but these errors were encountered: