k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/config/jobs/kubernetes/test-infra/test-infra-trusted.yaml (about) 1 postsubmits: 2 kubernetes/test-infra: 3 - name: post-test-infra-push-alpine 4 cluster: test-infra-trusted 5 run_if_changed: '^images/alpine/' 6 annotations: 7 testgrid-dashboards: sig-testing-images 8 testgrid-tab-name: alpine 9 decorate: true 10 branches: 11 - ^master$ 12 max_concurrency: 1 13 spec: 14 serviceAccountName: pusher 15 containers: 16 - image: gcr.io/k8s-staging-test-infra/image-builder:v20230711-e33377c2b4 17 command: 18 - /run.sh 19 args: 20 - --scratch-bucket=gs://k8s-testimages-scratch 21 - --project=k8s-prow 22 - images/alpine/ 23 - name: post-test-infra-push-gcloud-terraform 24 cluster: test-infra-trusted 25 run_if_changed: '^images/gcloud-terraform/' 26 annotations: 27 testgrid-dashboards: "sig-testing-images" 28 testgrid-tab-name: "gcloud-terraform" 29 decorate: true 30 branches: 31 - ^master$ 32 max_concurrency: 1 33 spec: 34 serviceAccountName: deployer # TODO(fejta): should be pusher 35 containers: 36 - image: gcr.io/k8s-staging-test-infra/image-builder:v20230711-e33377c2b4 37 command: 38 - /run.sh 39 args: 40 - --scratch-bucket=gs://k8s-testimages-scratch 41 - --project=k8s-testimages 42 - --build-dir=. 43 - images/gcloud-terraform/ 44 - name: post-test-infra-push-git 45 cluster: test-infra-trusted 46 run_if_changed: '^images/git/' 47 annotations: 48 testgrid-dashboards: sig-testing-images 49 testgrid-tab-name: git 50 decorate: true 51 branches: 52 - ^master$ 53 max_concurrency: 1 54 spec: 55 serviceAccountName: pusher 56 containers: 57 - image: gcr.io/k8s-staging-test-infra/image-builder:v20230711-e33377c2b4 58 command: 59 - /run.sh 60 args: 61 - --scratch-bucket=gs://k8s-testimages-scratch 62 - --project=k8s-prow 63 - images/git/ 64 - name: post-test-infra-push-git-custom-k8s-auth 65 cluster: test-infra-trusted 66 run_if_changed: '^images/git-custom-k8s-auth/' 67 annotations: 68 testgrid-dashboards: sig-testing-images 69 testgrid-tab-name: git-custom-k8s-auth 70 decorate: true 71 branches: 72 - ^master$ 73 max_concurrency: 1 74 spec: 75 serviceAccountName: pusher 76 containers: 77 - image: gcr.io/k8s-staging-test-infra/image-builder:v20230711-e33377c2b4 78 command: 79 - /run.sh 80 args: 81 - --scratch-bucket=gs://k8s-testimages-scratch 82 - --project=k8s-prow 83 - images/git-custom-k8s-auth/ 84 - name: post-test-infra-deploy-prow 85 cluster: test-infra-trusted 86 run_if_changed: '^(config/prow/cluster/|config/prow/Makefile$|Makefile.base.mk$)' 87 decorate: true 88 branches: 89 - ^master$ 90 max_concurrency: 1 91 reporter_config: 92 slack: 93 channel: "prow-alerts" 94 job_states_to_report: 95 - success 96 - failure 97 - aborted 98 - error 99 report_template: 'Deploying prow: {{.Status.State}}. Commit: <{{.Spec.Refs.BaseLink}}|{{printf "%.7s" .Spec.Refs.BaseSHA}}> | <{{.Status.URL}}|Spyglass> | <https://testgrid.k8s.io/sig-testing-prow#deploy-prow|Testgrid> | <https://prow.k8s.io/?job={{.Spec.Job}}|Deck>' 100 spec: 101 serviceAccountName: deployer 102 containers: 103 - image: gcr.io/k8s-staging-test-infra/gcloud-in-go:v20230111-cd1b3caf9c 104 command: 105 - make 106 args: 107 - -C 108 - config/prow 109 - deploy-all 110 annotations: 111 testgrid-dashboards: sig-testing-prow 112 testgrid-tab-name: deploy-prow 113 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 114 testgrid-num-failures-to-alert: '1' 115 description: deploys the configured version of prow by running prow/deploy.sh 116 - name: post-test-infra-reconcile-hmacs 117 cluster: test-infra-trusted 118 run_if_changed: 'config/prow/config.yaml' 119 decorate: true 120 branches: 121 - ^master$ 122 max_concurrency: 1 123 spec: 124 containers: 125 - image: gcr.io/k8s-prow/hmac:v20240517-ea10bd814 126 command: 127 - hmac 128 args: 129 - --config-path=config/prow/config.yaml 130 - --hook-url=https://prow.k8s.io/hook 131 - --hmac-token-secret-name=hmac-token 132 - --hmac-token-key=hmac 133 - --kubeconfig=/etc/kubeconfig/config 134 - --kubeconfig-context=prow-services 135 - --github-token-path=/etc/github/oauth 136 - --github-endpoint=http://ghproxy.default.svc.cluster.local 137 - --github-endpoint=https://api.github.com 138 - --dry-run=false 139 volumeMounts: 140 - name: kubeconfig 141 mountPath: /etc/kubeconfig 142 readOnly: true 143 - name: oauth 144 mountPath: /etc/github 145 readOnly: true 146 volumes: 147 - name: kubeconfig 148 secret: 149 defaultMode: 420 150 secretName: kubeconfig-prow-services 151 - name: oauth 152 secret: 153 defaultMode: 420 154 secretName: oauth-token 155 annotations: 156 testgrid-dashboards: sig-testing-prow 157 testgrid-tab-name: reconcile-hmacs 158 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 159 testgrid-num-failures-to-alert: '1' 160 description: reconcile the hmac tokens and webhooks based on the managed_webhooks configuration in prow core config file 161 - name: post-test-infra-push-misc-images 162 cluster: test-infra-trusted 163 run_if_changed: '^(\.ko\.yaml|hack/(make-rules|prowimagebuilder)|label_sync/.+\.go|robots/commenter|robots/pr-creator|robots/issue-creator|testgrid/cmd|gcsweb)' 164 decorate: true 165 labels: 166 # Building deck requires docker for typescript compilation. 167 preset-dind-enabled: "true" 168 branches: 169 - ^master$ 170 max_concurrency: 1 171 spec: 172 serviceAccountName: pusher 173 containers: 174 - image: gcr.io/k8s-staging-test-infra/kubekins-e2e:v20240515-17c6d50e24-test-infra 175 command: 176 - runner.sh 177 args: 178 - make 179 - push-misc-images 180 # docker-in-docker needs privileged mode 181 securityContext: 182 privileged: true 183 resources: 184 requests: 185 cpu: "15" 186 tolerations: 187 - key: "highcpu" 188 operator: "Equal" 189 value: "true" 190 effect: "NoSchedule" 191 nodeSelector: 192 highcpu: "true" 193 annotations: 194 testgrid-dashboards: sig-testing-prow 195 testgrid-tab-name: push-misc-images 196 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 197 testgrid-num-failures-to-alert: '1' 198 description: builds and pushes misc test-infra images on each commit by running make push-misc-images 199 rerun_auth_config: 200 github_users: 201 - alvaroaleman 202 - name: post-test-infra-push-kettle 203 cluster: test-infra-trusted 204 annotations: 205 testgrid-dashboards: "sig-testing-images" 206 testgrid-tab-name: "kettle" 207 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 208 testgrid-num-failures-to-alert: '1' 209 description: builds and pushes the kettle image 210 run_if_changed: '^kettle/' 211 decorate: true 212 decoration_config: 213 timeout: 50m 214 grace_period: 10m 215 branches: 216 - ^master$ 217 max_concurrency: 1 218 spec: 219 serviceAccountName: deployer # TODO(fejta): should be pusher 220 containers: 221 - image: gcr.io/k8s-staging-test-infra/image-builder:v20230711-e33377c2b4 222 command: 223 - /run.sh 224 args: 225 - --scratch-bucket=gs://k8s-testimages-scratch 226 - --project=k8s-testimages 227 - --build-dir=. 228 - kettle/ 229 - name: post-test-infra-push-bazel 230 cluster: test-infra-trusted 231 run_if_changed: '^images/bazel/' 232 annotations: 233 testgrid-dashboards: "sig-testing-images" 234 testgrid-tab-name: "bazel" 235 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 236 testgrid-num-failures-to-alert: '1' 237 description: builds and pushes launcher.gcr.io/google/bazel, adding support for a second version 238 decorate: true 239 branches: 240 - ^master$ 241 max_concurrency: 1 242 spec: 243 serviceAccountName: deployer # TODO(fejta): should be pusher 244 containers: 245 - image: gcr.io/k8s-staging-test-infra/image-builder:v20230711-e33377c2b4 246 command: 247 - /run.sh 248 args: 249 - --scratch-bucket=gs://k8s-testimages-scratch 250 - --project=k8s-testimages 251 - images/bazel/ 252 - name: post-test-infra-push-gcb-docker-gcloud 253 cluster: test-infra-trusted 254 run_if_changed: '^images/gcb-docker-gcloud/' 255 annotations: 256 testgrid-dashboards: "sig-testing-images" 257 testgrid-tab-name: "gcb-docker-gcloud" 258 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 259 testgrid-num-failures-to-alert: '1' 260 description: builds and pushes the gcb-docker-gcloud image 261 decorate: true 262 branches: 263 - ^master$ 264 max_concurrency: 1 265 spec: 266 serviceAccountName: deployer # TODO(fejta): should be pusher 267 containers: 268 - image: gcr.io/k8s-staging-test-infra/image-builder:v20230711-e33377c2b4 269 command: 270 - /run.sh 271 args: 272 - --scratch-bucket=gs://k8s-testimages-scratch 273 - --project=k8s-testimages 274 - --build-dir=. 275 - images/gcb-docker-gcloud/ 276 - name: post-test-infra-push-test-gubernator 277 cluster: test-infra-trusted 278 run_if_changed: '^images/pull-test-infra-gubernator/' 279 annotations: 280 testgrid-dashboards: "sig-testing-images" 281 testgrid-tab-name: "gubernator" 282 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 283 testgrid-num-failures-to-alert: '1' 284 description: builds and pushes the gubernator image 285 decorate: true 286 branches: 287 - ^master$ 288 max_concurrency: 1 289 spec: 290 serviceAccountName: deployer # TODO(fejta): should be pusher 291 containers: 292 - image: gcr.io/k8s-staging-test-infra/image-builder:v20230711-e33377c2b4 293 command: 294 - /run.sh 295 args: 296 - --scratch-bucket=gs://k8s-testimages-scratch 297 - --project=k8s-testimages 298 - --build-dir=. 299 - images/pull-test-infra-gubernator/ 300 - name: post-test-infra-push-gencred 301 cluster: test-infra-trusted 302 run_if_changed: '^gencred/' 303 annotations: 304 testgrid-dashboards: "sig-testing-images" 305 testgrid-tab-name: "gencred" 306 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 307 testgrid-num-failures-to-alert: '3' 308 description: builds and pushes the gencred image 309 decorate: true 310 branches: 311 - ^master$ 312 max_concurrency: 1 313 spec: 314 serviceAccountName: deployer # TODO(fejta): should be pusher 315 containers: 316 - image: gcr.io/k8s-staging-test-infra/image-builder:v20230711-e33377c2b4 317 command: 318 - /run.sh 319 args: 320 - --scratch-bucket=gs://k8s-testimages-scratch 321 - --project=k8s-testimages 322 - --build-dir=. 323 - gencred/ 324 - name: post-test-infra-gencred-refresh-kubeconfig 325 cluster: test-infra-trusted 326 run_if_changed: '^config/prow/gencred-config/' 327 decorate: true 328 branches: 329 - ^master$ 330 spec: 331 serviceAccountName: gencred-refresher 332 containers: 333 - name: gencred 334 image: gcr.io/k8s-prow/gencred:v20240513-a9bd71bf01 335 command: 336 - gencred 337 args: 338 - --config=./config/prow/gencred-config/gencred-config.yaml 339 annotations: 340 testgrid-num-failures-to-alert: '1' 341 testgrid-dashboards: sig-testing-misc 342 testgrid-tab-name: postsubmit-gencred-refresh-kubeconfig 343 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 344 description: Runs gencred to refresh generated kubeconfigs. 345 - name: post-test-infra-upload-oncall 346 cluster: test-infra-trusted 347 branches: 348 - ^master$ 349 run_if_changed: '^maintenance/oncall.html$' 350 decorate: true 351 spec: 352 serviceAccountName: pusher 353 containers: 354 - image: gcr.io/k8s-testimages/gcloud-in-go:v20210913-fc7c4e8 355 command: 356 - gsutil 357 args: 358 - cp 359 - -Z 360 - ./maintenance/oncall.html 361 - gs://test-infra-oncall/ 362 resources: 363 requests: 364 memory: "1Gi" 365 annotations: 366 testgrid-dashboards: sig-testing-maintenance 367 testgrid-tab-name: oncall-update 368 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 369 testgrid-num-failures-to-alert: '1' 370 description: Updates the html contents for go.k8s.io/oncall. 371 - name: post-test-infra-upload-testgrid-config 372 cluster: test-infra-trusted 373 branches: 374 - ^master$ 375 max_concurrency: 1 376 run_if_changed: '^config/(jobs|testgrids)/.*$' 377 decorate: true 378 spec: 379 serviceAccountName: testgrid-config-updater 380 containers: 381 - image: gcr.io/k8s-prow/configurator:v20240513-a9bd71bf01 382 command: 383 - configurator 384 args: 385 - --yaml=config/testgrids 386 - --default=config/testgrids/default.yaml 387 - --prow-config=config/prow/config.yaml 388 - --prow-job-config=config/jobs/ 389 - --output=gs://k8s-testgrid-canary/configs/k8s/config 390 - --output=gs://k8s-testgrid/configs/k8s/config 391 - --prowjob-url-prefix=https://git.k8s.io/test-infra/config/jobs/ 392 - --update-description 393 - --oneshot 394 - --world-readable 395 resources: 396 requests: 397 memory: "1Gi" 398 annotations: 399 testgrid-dashboards: sig-testing-maintenance 400 testgrid-tab-name: testgrid-config-upload 401 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 402 testgrid-num-failures-to-alert: '1' 403 description: Compiles and uploads testgrid config on test-infra pushes 404 - name: post-test-infra-upload-boskos-config 405 cluster: test-infra-trusted 406 branches: 407 - ^master$ 408 max_concurrency: 1 409 run_if_changed: '^config/prow/cluster/build/boskos-resources/boskos-resources.yaml$' 410 decorate: true 411 spec: 412 serviceAccountName: deployer # TODO(fejta): should be pusher 413 containers: 414 - image: gcr.io/k8s-staging-test-infra/gcloud-in-go:v20230111-cd1b3caf9c 415 command: 416 - make 417 args: 418 - -C 419 - config/prow 420 - update-boskos-resources 421 annotations: 422 testgrid-dashboards: sig-testing-maintenance 423 testgrid-tab-name: boskos-config-upload 424 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 425 testgrid-num-failures-to-alert: '1' 426 description: Update boskos configmap on test-infra pushes 427 - name: post-test-infra-cip-prow 428 cluster: test-infra-trusted 429 decorate: true 430 run_if_changed: "^prow/cip-manifest.yaml$" 431 # Never run more than 1 job at a time. This is because we don't want to run 432 # into a case where an older manifest PR merge gets run last (after a newer 433 # one). 434 max_concurrency: 1 435 branches: 436 - ^master$ 437 spec: 438 serviceAccountName: pusher 439 containers: 440 - image: registry.k8s.io/artifact-promoter/kpromo:v4.0.5-0 441 command: 442 - /kpromo 443 args: 444 - cip 445 - --manifest=prow/cip-manifest.yaml 446 - --confirm 447 annotations: 448 testgrid-dashboards: sig-testing-prow, sig-release-releng-blocking 449 testgrid-tab-name: cip-prow 450 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 451 testgrid-num-failures-to-alert: '2' 452 description: Uses the Container Image Promoter to promote images from gcr.io/k8s-prow-edge to gcr.io/k8s-prow. 453 454 kubernetes/community: 455 - name: post-community-tempelis-apply 456 cluster: test-infra-trusted 457 decorate: true 458 branches: 459 - ^master$ 460 run_if_changed: '^communication/slack-config' 461 annotations: 462 testgrid-num-failures-to-alert: "1" 463 testgrid-alert-email: ktbry@google.com, k8s-infra-oncall@google.com 464 testgrid-dashboards: sig-contribex-slack-infra 465 spec: 466 containers: 467 - image: gcr.io/k8s-staging-slack-infra/tempelis:v20200909-1eb97f5 468 command: 469 - /tempelis 470 args: 471 - --config=communication/slack-config/ 472 - --restrictions=communication/slack-config/restrictions.yaml 473 - --auth=/etc/slack-auth/auth.json 474 - --dry-run=false 475 volumeMounts: 476 - name: tempelis-creds 477 mountPath: /etc/slack-auth 478 readOnly: true 479 volumes: 480 - name: tempelis-creds 481 secret: 482 secretName: slack-tempelis-auth 483 484 485 periodics: 486 # Save for standard time: 487 # cron: "30 18-23/5 * * 1-5" # Bump with label `skip-review`. Run at 10:30 and 15:30 PST (18:05 UTC, fall) Mon-Fri 488 # Save for daylight savings time: 489 - cron: "30 17-22/5 * * 1-5" # Bump with label `skip-review`. Run at 10:30 and 15:30 PST (17:05 UTC, spring) Mon-Fri 490 name: ci-test-infra-autobump-prow-for-auto-deploy 491 cluster: test-infra-trusted 492 decorate: true 493 extra_refs: 494 - org: kubernetes 495 repo: test-infra 496 base_ref: master 497 spec: 498 containers: 499 - image: gcr.io/k8s-prow/generic-autobumper:v20240517-ea10bd814 500 command: 501 - generic-autobumper 502 args: 503 - --config=config/prow/autobump-config/prow-component-autobump-config.yaml 504 - --labels-override=skip-review # This label is used by tide for identifying trusted PR 505 - --skip-if-no-oncall # Only apply `skip-review` label when oncall is active 506 volumeMounts: 507 - name: github 508 mountPath: /etc/github-token 509 readOnly: true 510 - name: ssh 511 mountPath: /root/.ssh 512 volumes: 513 - name: github 514 secret: 515 secretName: oauth-token 516 - name: ssh 517 secret: 518 secretName: k8s-ci-robot-ssh-keys 519 defaultMode: 0400 520 annotations: 521 testgrid-dashboards: sig-testing-prow 522 testgrid-tab-name: autobump-prow-for-auto-deploy 523 testgrid-alert-email: k8s-infra-oncall@google.com 524 testgrid-num-failures-to-alert: '2' # This could fail when it runs right in the middle of prow push, tolerate it once 525 description: runs autobumper to create/update a PR that bumps prow to the latest RC with label 'skip-review' 526 - cron: "15 * * * 1-5" # Bump don't label `skip-review`. Run at :30 past every hour Mon-Fri 527 name: ci-test-infra-autobump-prow 528 cluster: test-infra-trusted 529 decorate: true 530 extra_refs: 531 - org: kubernetes 532 repo: test-infra 533 base_ref: master 534 spec: 535 containers: 536 - image: gcr.io/k8s-prow/generic-autobumper:v20240517-ea10bd814 537 command: 538 - generic-autobumper 539 args: 540 - --config=config/prow/autobump-config/prow-component-autobump-config.yaml 541 volumeMounts: 542 - name: github 543 mountPath: /etc/github-token 544 readOnly: true 545 - name: ssh 546 mountPath: /root/.ssh 547 volumes: 548 - name: github 549 secret: 550 secretName: oauth-token 551 - name: ssh 552 secret: 553 secretName: k8s-ci-robot-ssh-keys 554 defaultMode: 0400 555 annotations: 556 testgrid-dashboards: sig-testing-prow 557 testgrid-tab-name: autobump-prow 558 description: runs autobumper to create/update a PR that bumps prow to the latest RC without label 'skip-review' 559 testgrid-alert-email: k8s-infra-oncall@google.com 560 testgrid-num-failures-to-alert: '3' 561 - cron: "30 * * * *" # Run at half past the hour, every hour, every day 562 name: ci-test-infra-update-slack-oncall 563 cluster: test-infra-trusted 564 decorate: true 565 extra_refs: 566 - org: kubernetes 567 repo: test-infra 568 base_ref: master 569 spec: 570 containers: 571 - image: gcr.io/k8s-staging-test-infra/gcloud-in-go:v20230111-cd1b3caf9c 572 command: 573 - ./hack/make-rules/go-run/arbitrary.sh 574 args: 575 - run 576 - ./experiment/slack-oncall-updater 577 - --token-path=/etc/slack-token/token 578 volumeMounts: 579 - name: slack 580 mountPath: /etc/slack-token 581 readOnly: true 582 volumes: 583 - name: slack 584 secret: 585 secretName: slack-usergroup-token 586 annotations: 587 testgrid-dashboards: sig-testing-misc 588 testgrid-tab-name: slack-oncall-updater 589 testgrid-alert-email: ktbry@google.com, k8s-infra-oncall@google.com 590 description: runs experiment/slack-oncall-updater to update the membership of the test-infra-oncall slack usergroup 591 - cron: "54 * * * *" # Every hour at 54 minutes past the hour 592 name: ci-test-infra-branchprotector 593 cluster: test-infra-trusted 594 labels: 595 app: branchprotector 596 decorate: true 597 decoration_config: 598 timeout: 5h 599 extra_refs: 600 - org: kubernetes 601 repo: test-infra 602 base_ref: master 603 spec: 604 containers: 605 - name: branchprotector 606 image: gcr.io/k8s-prow/branchprotector:v20240517-ea10bd814 607 command: 608 - branchprotector 609 args: 610 - --config-path=config/prow/config.yaml 611 - --job-config-path=config/jobs 612 - --github-token-path=/etc/github/oauth 613 - --confirm 614 - --github-endpoint=http://ghproxy.default.svc.cluster.local 615 - --github-endpoint=https://api.github.com 616 volumeMounts: 617 - name: oauth 618 mountPath: /etc/github 619 readOnly: true 620 volumes: 621 - name: oauth 622 secret: 623 secretName: oauth-token 624 annotations: 625 testgrid-num-failures-to-alert: '6' 626 testgrid-alert-stale-results-hours: '12' 627 testgrid-dashboards: sig-testing-misc 628 testgrid-tab-name: branchprotector 629 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 630 description: Runs Prow's branchprotector to apply configured GitHub status context requirements and merge policies. 631 - cron: "17 * * * *" # Every hour at 17 minutes past the hour 632 name: ci-test-infra-label-sync 633 cluster: test-infra-trusted 634 labels: 635 app: label-sync 636 decorate: true 637 spec: 638 containers: 639 - name: label-sync 640 image: gcr.io/k8s-prow/label_sync:v20240513-a9bd71bf01 641 command: 642 - label_sync 643 args: 644 - --config=/etc/config/labels.yaml 645 - --confirm=true 646 - --orgs=kubernetes,kubernetes-client,kubernetes-csi,kubernetes-sigs 647 - --token=/etc/github/oauth 648 - --endpoint=http://ghproxy.default.svc.cluster.local 649 - --endpoint=https://api.github.com 650 - --debug 651 volumeMounts: 652 - name: oauth 653 mountPath: /etc/github 654 readOnly: true 655 - name: config 656 mountPath: /etc/config 657 readOnly: true 658 volumes: 659 - name: oauth 660 secret: 661 secretName: oauth-token 662 - name: config 663 configMap: 664 name: label-config 665 annotations: 666 testgrid-num-failures-to-alert: '6' 667 testgrid-alert-stale-results-hours: '12' 668 testgrid-dashboards: sig-testing-misc 669 testgrid-tab-name: label_sync 670 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 671 description: Runs label_sync to synchronize GitHub repo labels with the label config defined in label_sync/labels.yaml. 672 - cron: "17 */6 * * *" # Every 6 hours at 17 minutes past the hour 673 name: ci-test-infra-gencred-refresh-kubeconfig 674 cluster: test-infra-trusted 675 extra_refs: 676 - org: kubernetes 677 repo: test-infra 678 base_ref: master 679 decorate: true 680 spec: 681 serviceAccountName: gencred-refresher 682 containers: 683 - name: gencred 684 image: gcr.io/k8s-prow/gencred:v20240513-a9bd71bf01 685 command: 686 - gencred 687 args: 688 - --config=./config/prow/gencred-config/gencred-config.yaml 689 annotations: 690 testgrid-num-failures-to-alert: '6' 691 testgrid-alert-stale-results-hours: '12' 692 testgrid-dashboards: sig-testing-misc 693 testgrid-tab-name: gencred-refresh-kubeconfig 694 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 695 description: Runs gencred to refresh generated kubeconfigs. 696 # Legacy job for rotating the default sa json key used for legacy prowjobs that 697 # can't migrate to use workload identity yet. This json key expires every 90 698 # days, so rotating every 15 days should be safe as it allows 5 failures. 699 # GCP only allows up to 9 keys for a sa, so deleting old ones on the fly as well. 700 - cron: "30 1 1,15 * *" # At 01:30 on day-of-month 1 and 15. 701 name: ci-test-infra-rotate-legacy-default-build-sa-json-key 702 cluster: test-infra-trusted 703 decorate: true 704 spec: 705 serviceAccountName: legacy-sa-json-key-rotator 706 containers: 707 - name: gcloud 708 image: gcr.io/k8s-staging-test-infra/gcloud-in-go:v20230111-cd1b3caf9c 709 command: 710 - /bin/bash 711 args: 712 - -c 713 - | 714 set -euo pipefail 715 716 temp_file="$(mktemp)" 717 gcloud iam service-accounts keys create "${temp_file}" --iam-account=pr-kubekins@kubernetes-jenkins-pull.iam.gserviceaccount.com --key-file-type=json 718 gcloud secrets versions add default-k8s-build-cluster-service-account-key --data-file="${temp_file}" --project=k8s-prow-builds 719 for key_id in $(gcloud iam service-accounts keys list --iam-account=pr-kubekins@kubernetes-jenkins-pull.iam.gserviceaccount.com --managed-by=user --created-before=$(date +%Y-%m-%d -d "90 days ago") --format="value(KEY_ID)"); do 720 gcloud iam service-accounts keys delete "${key_id}" -q --iam-account=pr-kubekins@kubernetes-jenkins-pull.iam.gserviceaccount.com 721 done 722 annotations: 723 testgrid-num-failures-to-alert: '3' 724 testgrid-dashboards: sig-testing-misc 725 testgrid-tab-name: rotate-legacy-default-build-sa-json-key 726 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-oncall@google.com 727 description: Rotate legacy build cluster service account json key. 728 729 # This job is used as a heartbeat health check of the Prow instance's ability to run jobs. 730 # Alerts expect it to run every 5 mins and will fire after 20 mins without a successful run. 731 # Please keep this in sync with the `pull-test-infra-prow-checkconfig` job 732 - name: ci-test-infra-prow-checkconfig 733 interval: 5m 734 cluster: eks-prow-build-cluster 735 decorate: true 736 extra_refs: 737 - org: kubernetes 738 repo: test-infra 739 base_ref: master 740 spec: 741 containers: 742 - image: gcr.io/k8s-prow/checkconfig:v20240517-ea10bd814 743 command: 744 - checkconfig 745 args: 746 - --config-path=config/prow/config.yaml 747 - --job-config-path=config/jobs 748 - --plugin-config=config/prow/plugins.yaml 749 - --strict 750 - --warnings=mismatched-tide-lenient 751 - --warnings=tide-strict-branch 752 - --warnings=needs-ok-to-test 753 - --warnings=validate-owners 754 - --warnings=missing-trigger 755 - --warnings=validate-urls 756 - --warnings=unknown-fields 757 - --warnings=duplicate-job-refs 758 - --warnings=unknown-fields-all 759 - --warnings=non-decorated-jobs 760 - --warnings=valid-decoration-config 761 resources: 762 requests: 763 cpu: "1" 764 memory: "2Gi" 765 limits: 766 cpu: "1" 767 memory: "2Gi" 768 annotations: 769 testgrid-dashboards: sig-testing-misc 770 testgrid-alert-email: kubernetes-sig-testing-alerts@googlegroups.com, k8s-infra-prow-oncall@kubernetes.io 771 testgrid-num-failures-to-alert: '10'