QA (public) » openQA Project (public) » openQA Infrastructure (public)

Observation¶

CI jobs like https://gitlab.suse.de/okurz/salt-states-openqa/-/jobs/1147783 complain with

$ git clone --depth 3 https://osd_deployment_ci:${PILLARS_CLONE_TOKEN}@gitlab.suse.de/openqa/salt-pillars-openqa /srv/pillar || echo "Copy pillar access token to …"
Cloning into '/srv/pillar'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'https://gitlab.suse.de/openqa/salt-pillars-openqa/'

I thought I would have such credentials, maybe something got lost or expired. It turned out I need to But there is no mention in the README nor helpful error message pointing me to what to do.

Acceptance criteria¶

• AC1: CI jobs for salt-states-openqa work without users needing to set any salt pillar credentials or clear instructions exist

Suggestions¶

• Make sure tests run without cloning salt pillars in merge requests, e.g. with a mocked pillar directory that is symlinked to /srv/pillar
• Alternative: Add something to the README or at best within the CI script fix the echo "Copy pillar access token which should be telling the user with a hint what to do and consider how people who don't have access would be able to contribute
• Alternative: Encrypt the pillar sensitive data so that we can make the pillar repo public again because tests don't need to care about individual values