-
Notifications
You must be signed in to change notification settings - Fork 695
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Github Workflow can't push to protected gh-pages branch #4114
Comments
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
@caniszczyk Please advise if we can get a CLA exception for the github-actions bot to push to the
Additional contextPrecedenceThe project has encountered similar scenarios in the past and has disabled branch protection to allow commits by the github-actions bot - kubernetes/test-infra#23384. We agree that these changes should not have occured in the first place but this also means that we have precedent... Similar issues in other projectsA similar issue was encountered in OpenTelemetry - open-telemetry/community#809. OTel folks asked for the github-actions bot to be added to the EasyCLA allowlist but were told that this was not possible due to open-telemetry/community#809 (comment). The workaround suggested was to register a user in github, give that user permission, and generate a token to perform actions on behalf of that user. CNCF can then allowlist the user as a bot user - open-telemetry/community#809 (comment). Long term solutionAs mentioned above, our long term solution is to do something similar and leverage a prowjob. @MadhavJivrajani did an extensive investigation on how to achieve this but it will require additional work - https://gist.github.com/MadhavJivrajani/e80469715aaff79b362651dd8d1aca97. We'd like to move to GitHub actions as much as possible. Not having an exception blocks us from achieving that goal. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
/remove-lifecycle rotten |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale We also face the same issue in |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
Originally brought up here: https://kubernetes.slack.com/archives/C01672LSZL0/p1677773943548989
The helm release github workflow can't push to the gh-pages branch of this repo: https://github.com/jacobwolfaws/aws-file-cache-csi-driver . The way most kubernetes repositories resolve this is by removing branch protections and the easycla check for this branch, but there are some legal concerns for using unprotected branches w/o CLA check. Ideally, an org-level mitigation would be taken that:
The text was updated successfully, but these errors were encountered: