action #168541
Updated by okurz 4 days ago
## Motivation
We already automatically I learned another idea (from discussion with egotthold, jdsn, eroca) how to deploy e.g. qem-bot based on the last signed+trusted commit. We should extend that process to cover cases where there are not (yet) products in a trusted commits, e.g. by external contributors or dependabot. How to make sure we deploy such states of way from git repositories when we actually want but as quickly as possible: Listen to trust such commits?
GitHub events as documented on https://docs.github.com/de/rest/activity/events?apiVersion=2022-11-28, x-poll long running rest request, sync automatically if SUSE employee merged on GitHub, maybe with approved signing key, then sync automatically to internal repo, otherwise ask for approval
## Goals Acceptance criteria
* **G1:** **AC1:** We have an approach extending what we use in https://gitlab.suse.de/qe/git-sha-verify/ but for optional, manually approved later know how "last signed commit signed by trusted SUSE developers" would help us regarding CC-compliant deployments
* **G2:** **AC2:** We know how to use such approach for our products
## Suggestion
* Extend https://gitlab.suse.de/qe/git-sha-verify/ Research how https://github.com/openSUSE/github-pr is solving that and use it or learn from it for our own approach
* Come up with proof-of-concept for "Listen to have a "manual" CI pipeline step to update a git repo to a later state explicitly based GitHub events as documented on manual review but we would need https://docs.github.com/de/rest/activity/events?apiVersion=2022-11-28, x-poll long running rest request, sync automatically if SUSE employee merged on GitHub, maybe with approved signing key, then sync automatically to remember the state. Maybe the best would actually be just empty signed commits in the original repository … or package submissions. internal repo, otherwise ask for approval", maybe for https://github.com/openSUSE/qem-bot/, see https://gitlab.suse.de/qa-maintenance/bot-ng/ and #168427
Back