Page MenuHomePhabricator
Create Task
Maniphest T394595

[cicd] create cicd flow for non repo owners
Closed, ResolvedPublic
Actions

Description

See parent task for more details.

TL;DR:

  • Creating a new project in toolsbeta harbor, with strict policies (both amount of images, retention and size quota)
  • Creating a bot with access to it, for which the credentials will be public (or almost)
  • Run tests but don't attempt to publish helmchart and image to harbor if patch owner is not a repo owner (this will still fail btw because of no access to secret. This step is purely to avoid the ugly red cicd failure icon)
  • change toolforge_deploy_mr.py do the following:
    • if the cicd pipeline is still running wait until it completes (currently default behaviour)
    • if the cicd pipeline has completed successfully and image and chart exists in harbor, pull from harbor.
    • if the cicd pipeline has completed successfully but image and chart are not in harbor, push them to the public harbor project created above.
    • if cicd failed, do nothing.

Related Objects
Search...

Event Timeline

Raymond_Ndibe created this task.May 18 2025, 3:23 AM
CodeReviewBot added a project: Patch-For-Review.May 18 2025, 3:25 AM

raymond-ndibe opened https://gitlab.wikimedia.org/repos/cloud/cicd/gitlab-ci/-/merge_requests/61

[helm_publish, image_publish]: skip harbor helm and image publish if PR owner not repo owner

Aklapper added a comment.May 18 2025, 9:50 AM

Is this Epic?

Raymond_Ndibe added a comment.May 18 2025, 8:52 PM
In T394595#10832762, @Aklapper wrote:

Is this Epic?

nope, the parent is. That was an oversight. Removing that

Raymond_Ndibe removed a project: Epic.May 18 2025, 8:52 PM
Raymond_Ndibe changed the task status from Open to In Progress.May 18 2025, 8:56 PM
Raymond_Ndibe moved this task from Next Up to In Progress on the Toolforge (Toolforge iteration 20) board.
JJMC89 merged a task: T394594: [cicd] create cicd flow for non repo owners.May 18 2025, 8:56 PM
JJMC89 merged a task: T394594: [cicd] create cicd flow for non repo owners.May 19 2025, 2:34 PM
dcaro triaged this task as Medium priority.May 22 2025, 7:56 AM
dcaro merged a task: T374045: [lima-kilo] toolforge_deploy_mr.py tdoes not support merge requests from forks properly.May 22 2025, 7:07 PM
dcaro mentioned this in T374045: [lima-kilo] toolforge_deploy_mr.py tdoes not support merge requests from forks properly.
dcaro added a subscriber: LucasWerkmeister.
dcaro edited projects, added: Toolforge (Toolforge iteration 21); removed: Toolforge (Toolforge iteration 20).Jun 11 2025, 10:38 AM
dcaro moved this task from Next Up to In Progress on the Toolforge (Toolforge iteration 21) board.
dcaro edited projects, added: Toolforge (Toolforge iteration 22); removed: Toolforge (Toolforge iteration 21).Jul 14 2025, 9:49 AM
dcaro moved this task from Next Up to In Progress on the Toolforge (Toolforge iteration 22) board.
Raymond_Ndibe moved this task from In Progress to Next Up on the Toolforge (Toolforge iteration 22) board.Jul 14 2025, 10:41 AM
dcaro moved this task from Toolforge iteration 22 to Ready to be worked on on the Toolforge board.Jul 14 2025, 2:09 PM
dcaro edited projects, added: Toolforge; removed: Toolforge (Toolforge iteration 22).
Restricted Application added a project: cloud-services-team. · View Herald TranscriptJul 14 2025, 2:09 PM
CodeReviewBot added a comment.Sep 4 2025, 7:21 PM

raymond-ndibe opened https://gitlab.wikimedia.org/repos/cloud/toolforge/lima-kilo/-/merge_requests/273

[toolforge_deploy_mr.py] support deploy of MRs from external contributors

fnegri edited projects, added: cloud-services-team (FY2025/2026-Q1-Q2); removed: cloud-services-team.Sep 5 2025, 8:40 AM
fnegri moved this task from Backlog to In progress on the cloud-services-team (FY2025/2026-Q1-Q2) board.
CodeReviewBot added a comment.Sep 9 2025, 2:00 AM

raymond-ndibe opened https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/958

[registry-admission] add releng registry to local allowedRegistries

CodeReviewBot added a comment.Sep 9 2025, 1:14 PM

raymond-ndibe merged https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/958

[registry-admission] add releng registry to local allowedRegistries

CodeReviewBot added a comment.Oct 21 2025, 1:07 AM

raymond-ndibe merged https://gitlab.wikimedia.org/repos/cloud/cicd/gitlab-ci/-/merge_requests/61

[helm image publish]: publish to reggie repo if PR owner not repo owner

CodeReviewBot added a comment.Oct 21 2025, 1:09 AM

raymond-ndibe merged https://gitlab.wikimedia.org/repos/cloud/toolforge/lima-kilo/-/merge_requests/273

[toolforge_deploy_mr.py] support deploy of MRs from external contributors

Raymond_Ndibe closed this task as Resolved.Oct 21 2025, 1:10 AM
Raymond_Ndibe edited projects, added: Toolforge (Toolforge iteration 24); removed: Toolforge.
Raymond_Ndibe moved this task from Next Up to Done on the Toolforge (Toolforge iteration 24) board.
Maintenance_bot removed a project: Patch-For-Review.Oct 21 2025, 1:31 AM
CodeReviewBot added a project: Patch-For-Review.Oct 22 2025, 1:37 AM

raymond-ndibe opened https://gitlab.wikimedia.org/repos/cloud/cicd/gitlab-ci/-/merge_requests/76

[helm image publish]: compare harbor_auth to null, not ""

CodeReviewBot added a comment.Oct 22 2025, 1:41 AM

raymond-ndibe merged https://gitlab.wikimedia.org/repos/cloud/cicd/gitlab-ci/-/merge_requests/76

[helm image publish]: compare harbor_auth to null, not ""

Maintenance_bot removed a project: Patch-For-Review.Oct 22 2025, 2:30 AM
fnegri moved this task from In progress to Done on the cloud-services-team (FY2025/2026-Q1-Q2) board.Oct 23 2025, 2:56 PM
dcaro mentioned this in T408331: Policy for (external) contributions / code style.Oct 27 2025, 9:41 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits