From d321ce29aeaa75cd6eb5820930321a58e6b08608 Mon Sep 17 00:00:00 2001 From: Tomas Nozicka Date: Fri, 21 Jun 2024 09:17:03 +0200 Subject: [PATCH 1/2] Wire in GitHub App authentication for the commenter --- robots/commenter/main.go | 56 ++++++++++++++--------------------- robots/commenter/main_test.go | 4 +-- 2 files changed, 24 insertions(+), 36 deletions(-) diff --git a/robots/commenter/main.go b/robots/commenter/main.go index 096368d14542..b67da79bf139 100644 --- a/robots/commenter/main.go +++ b/robots/commenter/main.go @@ -29,14 +29,12 @@ import ( "fmt" "log" "math/rand" - "net/url" "regexp" "strconv" "strings" "text/template" "time" - "sigs.k8s.io/prow/pkg/config/secret" "sigs.k8s.io/prow/pkg/flagutil" "sigs.k8s.io/prow/pkg/github" ) @@ -58,9 +56,9 @@ const ( ) func flagOptions() options { - o := options{ - endpoint: flagutil.NewStrings(github.DefaultAPIEndpoint), - } + o := options{} + + flag.StringVar(&o.org, "org", "", "GitHub organization (required when using GitHub App credentials)") flag.StringVar(&o.query, "query", "", "See https://help.github.com/articles/searching-issues-and-pull-requests/") flag.DurationVar(&o.updated, "updated", 2*time.Hour, "Filter to issues unmodified for at least this long if set") flag.BoolVar(&o.includeArchived, "include-archived", false, "Match archived issues if set") @@ -70,10 +68,10 @@ func flagOptions() options { flag.StringVar(&o.comment, "comment", "", "Append the following comment to matching issues") flag.BoolVar(&o.useTemplate, "template", false, templateHelp) flag.IntVar(&o.ceiling, "ceiling", 3, "Maximum number of issues to modify, 0 for infinite") - flag.Var(&o.endpoint, "endpoint", "GitHub's API endpoint") - flag.StringVar(&o.graphqlEndpoint, "graphql-endpoint", github.DefaultGraphQLEndpoint, "GitHub's GraphQL API Endpoint") - flag.StringVar(&o.token, "token", "", "Path to github token") flag.BoolVar(&o.random, "random", false, "Choose random issues to comment on from the query") + + o.github.AddFlags(flag.CommandLine) + flag.Parse() return o } @@ -88,17 +86,16 @@ type meta struct { type options struct { ceiling int comment string + org string includeArchived bool includeClosed bool includeLocked bool useTemplate bool query string - endpoint flagutil.Strings - graphqlEndpoint string - token string updated time.Duration confirm bool random bool + github flagutil.GitHubOptions } func parseHTMLURL(url string) (string, string, int, error) { @@ -151,8 +148,8 @@ func makeQuery(query string, includeArchived, includeClosed, includeLocked bool, } type client interface { - CreateComment(owner, repo string, number int, comment string) error - FindIssues(query, sort string, asc bool) ([]github.Issue, error) + CreateComment(org, repo string, number int, comment string) error + FindIssuesWithOrg(org, query, sort string, asc bool) ([]github.Issue, error) } func main() { @@ -162,31 +159,22 @@ func main() { if o.query == "" { log.Fatal("empty --query") } - if o.token == "" { - log.Fatal("empty --token") + if o.github.TokenPath == "" && o.github.AppID == "" { + log.Fatal("no github authentication options specified") + } + if o.github.AppID != "" && o.org == "" { + log.Fatal("using github appid requires using --org flag") } if o.comment == "" { log.Fatal("empty --comment") } - if err := secret.Add(o.token); err != nil { - log.Fatalf("Error starting secrets agent: %v", err) + githubOptsErr := o.github.Validate(true) + if githubOptsErr != nil { + log.Fatalf("Error validating github options: %v", githubOptsErr) } - var err error - for _, ep := range o.endpoint.Strings() { - _, err = url.ParseRequestURI(ep) - if err != nil { - log.Fatalf("Invalid --endpoint URL %q: %v.", ep, err) - } - } - - var c client - if o.confirm { - c, err = github.NewClient(secret.GetTokenGenerator(o.token), secret.Censor, o.graphqlEndpoint, o.endpoint.Strings()...) - } else { - c, err = github.NewDryRunClient(secret.GetTokenGenerator(o.token), secret.Censor, o.graphqlEndpoint, o.endpoint.Strings()...) - } + c, err := o.github.GitHubClient(!o.confirm) if err != nil { log.Fatalf("Failed to construct GitHub client: %v", err) } @@ -202,7 +190,7 @@ func main() { asc = true } commenter := makeCommenter(o.comment, o.useTemplate) - if err := run(c, query, sort, asc, o.random, commenter, o.ceiling); err != nil { + if err := run(c, o.org, query, sort, asc, o.random, commenter, o.ceiling); err != nil { log.Fatalf("Failed run: %v", err) } } @@ -221,9 +209,9 @@ func makeCommenter(comment string, useTemplate bool) func(meta) (string, error) } } -func run(c client, query, sort string, asc, random bool, commenter func(meta) (string, error), ceiling int) error { +func run(c client, org, query, sort string, asc, random bool, commenter func(meta) (string, error), ceiling int) error { log.Printf("Searching: %s", query) - issues, err := c.FindIssues(query, sort, asc) + issues, err := c.FindIssuesWithOrg(org, query, sort, asc) if err != nil { return fmt.Errorf("search failed: %w", err) } diff --git a/robots/commenter/main_test.go b/robots/commenter/main_test.go index 346ef0817a7f..9d69205eda70 100644 --- a/robots/commenter/main_test.go +++ b/robots/commenter/main_test.go @@ -222,7 +222,7 @@ func (c *fakeClient) CreateComment(owner, repo string, number int, comment strin } // Fakes searching for issues, using the same signature as github.Client -func (c *fakeClient) FindIssues(query, sort string, asc bool) ([]github.Issue, error) { +func (c *fakeClient) FindIssuesWithOrg(org, query, sort string, asc bool) ([]github.Issue, error) { if strings.Contains(query, "error") { return nil, errors.New(query) } @@ -314,7 +314,7 @@ func TestRun(t *testing.T) { for _, tc := range cases { ignoreSorting := "" ignoreOrder := false - err := run(&tc.client, tc.query, ignoreSorting, ignoreOrder, false, makeCommenter(tc.comment, tc.template), tc.ceiling) + err := run(&tc.client, "", tc.query, ignoreSorting, ignoreOrder, false, makeCommenter(tc.comment, tc.template), tc.ceiling) if tc.err && err == nil { t.Errorf("%s: failed to received an error", tc.name) continue From 2099c79f89bc3ca950171e18ce6ccd36145e983a Mon Sep 17 00:00:00 2001 From: Tomas Nozicka Date: Fri, 21 Jun 2024 09:17:45 +0200 Subject: [PATCH 2/2] Update flag names in commenter based jobs --- .../sig-contribex-k8s-triage-robot.yaml | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/config/jobs/kubernetes/sig-k8s-infra/trusted/sig-contribex-k8s-triage-robot.yaml b/config/jobs/kubernetes/sig-k8s-infra/trusted/sig-contribex-k8s-triage-robot.yaml index 760811091bae..85c779d18bf0 100644 --- a/config/jobs/kubernetes/sig-k8s-infra/trusted/sig-contribex-k8s-triage-robot.yaml +++ b/config/jobs/kubernetes/sig-k8s-infra/trusted/sig-contribex-k8s-triage-robot.yaml @@ -30,8 +30,8 @@ periodics: -project:kubernetes/169 NOT "complete the pre-review checklist and request an API review" - --updated=5m - - --token=/etc/github-token/token - - --endpoint=http://ghproxy.default.svc.cluster.local + - --github-token=/etc/github-token/token + - --github-endpoint=http://ghproxy.default.svc.cluster.local - |- --comment=This PR [may require API review](https://git.k8s.io/community/sig-architecture/api-review-process.md#what-apis-need-to-be-reviewed). @@ -71,8 +71,8 @@ periodics: label:area/stable-metrics NOT "documentation for the requirements and lifecycle of stable metrics" - --updated=5m - - --token=/etc/github-token/token - - --endpoint=http://ghproxy.default.svc.cluster.local + - --github-token=/etc/github-token/token + - --github-endpoint=http://ghproxy.default.svc.cluster.local - |- --comment=This PR [may require stable metrics review](https://git.k8s.io/community/contributors/devel/sig-instrumentation/metric-stability.md). @@ -111,8 +111,8 @@ periodics: is:open -label:"cncf-cla: no" -label:"cncf-cla: yes" - - --token=/etc/github-token/token - - --endpoint=http://ghproxy.default.svc.cluster.local + - --github-token=/etc/github-token/token + - --github-endpoint=http://ghproxy.default.svc.cluster.local - |- --comment=Unknown CLA label state. Rechecking for CLA labels. @@ -161,8 +161,8 @@ periodics: -label:priority/critical-urgent,priority/important-soon,priority/important-longterm label:lifecycle/rotten - --updated=720h - - --token=/etc/github-token/token - - --endpoint=http://ghproxy.default.svc.cluster.local + - --github-token=/etc/github-token/token + - --github-endpoint=http://ghproxy.default.svc.cluster.local - |- --comment=The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. @@ -218,8 +218,8 @@ periodics: -label:lifecycle/frozen label:lifecycle/rotten - --updated=720h - - --token=/etc/github-token/token - - --endpoint=http://ghproxy.default.svc.cluster.local + - --github-token=/etc/github-token/token + - --github-endpoint=http://ghproxy.default.svc.cluster.local - |- --comment=The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. @@ -286,8 +286,8 @@ periodics: repo:kubernetes/kops repo:kubernetes/kubernetes repo:kubernetes/test-infra - - --token=/etc/github-token/token - - --endpoint=http://ghproxy.default.svc.cluster.local + - --github-token=/etc/github-token/token + - --github-endpoint=http://ghproxy.default.svc.cluster.local - |- --comment=The Kubernetes project has merge-blocking tests that are currently too flaky to consistently pass. @@ -347,8 +347,8 @@ periodics: -label:"triage/accepted" label:lifecycle/stale - --updated=720h - - --token=/etc/github-token/token - - --endpoint=http://ghproxy.default.svc.cluster.local + - --github-token=/etc/github-token/token + - --github-endpoint=http://ghproxy.default.svc.cluster.local - |- --comment=The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. @@ -405,8 +405,8 @@ periodics: -label:lifecycle/rotten label:lifecycle/stale - --updated=720h - - --token=/etc/github-token/token - - --endpoint=http://ghproxy.default.svc.cluster.local + - --github-token=/etc/github-token/token + - --github-endpoint=http://ghproxy.default.svc.cluster.local - |- --comment=The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs. @@ -466,8 +466,8 @@ periodics: -label:"good first issue" -label:"triage/accepted" - --updated=2160h - - --token=/etc/github-token/token - - --endpoint=http://ghproxy.default.svc.cluster.local + - --github-token=/etc/github-token/token + - --github-endpoint=http://ghproxy.default.svc.cluster.local - |- --comment=The Kubernetes project currently lacks enough contributors to adequately respond to all issues. @@ -524,8 +524,8 @@ periodics: -label:lifecycle/stale -label:lifecycle/rotten - --updated=2160h - - --token=/etc/github-token/token - - --endpoint=http://ghproxy.default.svc.cluster.local + - --github-token=/etc/github-token/token + - --github-endpoint=http://ghproxy.default.svc.cluster.local - |- --comment=The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. @@ -576,8 +576,8 @@ periodics: org:kubernetes-csi label:lifecycle/frozen is:pr - - --token=/etc/github-token/token - - --endpoint=http://ghproxy.default.svc.cluster.local + - --github-token=/etc/github-token/token + - --github-endpoint=http://ghproxy.default.svc.cluster.local - |- --comment=The `lifecycle/frozen` label can not be applied to PRs. @@ -629,8 +629,8 @@ periodics: -label:priority/critical-urgent is:issue - --updated=8760h - - --token=/etc/github-token/token - - --endpoint=http://ghproxy.default.svc.cluster.local + - --github-token=/etc/github-token/token + - --github-endpoint=http://ghproxy.default.svc.cluster.local - |- --comment=This issue has not been updated in over 1 year, and should be re-triaged. @@ -677,8 +677,8 @@ periodics: label:priority/important-soon is:issue - --updated=2160h - - --token=/etc/github-token/token - - --endpoint=http://ghproxy.default.svc.cluster.local + - --github-token=/etc/github-token/token + - --github-endpoint=http://ghproxy.default.svc.cluster.local - |- --comment=This issue is labeled with `priority/important-soon` but has not been updated in over 90 days, and should be re-triaged. Important-soon issues must be staffed and worked on either currently, or very soon, ideally in time for the next release. @@ -727,8 +727,8 @@ periodics: label:priority/critical-urgent is:issue - --updated=720h - - --token=/etc/github-token/token - - --endpoint=http://ghproxy.default.svc.cluster.local + - --github-token=/etc/github-token/token + - --github-endpoint=http://ghproxy.default.svc.cluster.local - |- --comment=This issue is labeled with `priority/critical-urgent` but has not been updated in over 30 days, and should be re-triaged. Critical-urgent issues must be actively worked on as someone's top priority right now.