Actions
action #168541
openEnsure deployments of CC-critical tooling are under full SUSE control - Automatically deploy products with last approve/commit by SUSE employees, ask for approval otherwise size:M
Start date:
2024-10-18
Due date:
% Done:
0%
Estimated time:
Description
Motivation¶
I learned another idea (from discussion with egotthold, jdsn, eroca) how to deploy products in a trusted way from git but as quickly as possible: Listen to GitHub events as documented on https://docs.github.com/de/rest/activity/events?apiVersion=2022-11-28, x-poll long running rest request, sync automatically if SUSE employee merged on GitHub, maybe with approved signing key, then sync automatically to internal repo, otherwise ask for approval
Acceptance criteria¶
- AC1: We know how "last signed commit signed by trusted SUSE developers" would help us regarding CC-compliant deployments
- AC2: We know how to use such approach for our products
Suggestion¶
- Research how https://github.com/openSUSE/github-pr is solving that and use it or learn from it for our own approach
- Come up with proof-of-concept for "Listen to GitHub events as documented on https://docs.github.com/de/rest/activity/events?apiVersion=2022-11-28, x-poll long running rest request, sync automatically if SUSE employee merged on GitHub, maybe with approved signing key, then sync automatically to internal repo, otherwise ask for approval", maybe for https://github.com/openSUSE/qem-bot/, see https://gitlab.suse.de/qa-maintenance/bot-ng/ and #168427
Actions