Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a worklow to potentially deal with stale PR's and Issues #9788

Closed
wants to merge 31 commits into from

Conversation

mviswanathsai
Copy link
Contributor

@mviswanathsai mviswanathsai commented Feb 25, 2024

Explanation

This PR is to discuss, finalize and implement a strategy to manage stale issues and PRs lifecycle in the kyverno repo.

Related issue

Milestone of this PR

Documentation (required for features)

My PR contains new or altered behavior to Kyverno.

What type of PR is this

Proposed Changes

To add a github worklow to automate /semi-automate the process.

Proof Manifests

Checklist

  • I have read the contributing guidelines.
  • I have read the PR documentation guide and followed the process including adding proof manifests to this PR.
  • This is a bug fix and I have added unit tests that prove my fix is effective.
  • This is a feature and I have added CLI tests that are applicable.
  • My PR needs to be cherry picked to a specific release branch which is .
  • My PR contains new or altered behavior to Kyverno and
    • CLI support should be added and my PR doesn't contain that functionality.

Further Comments

moved to #9857

Copy link

codecov bot commented Feb 25, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 33.15%. Comparing base (d737138) to head (d9ea5ec).
Report is 29 commits behind head on main.

❗ Current head d9ea5ec differs from pull request most recent head ebee6f7. Consider uploading reports for the commit ebee6f7 to get more accurate results

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #9788   +/-   ##
=======================================
  Coverage   33.15%   33.15%           
=======================================
  Files         345      345           
  Lines       23634    23634           
=======================================
  Hits         7836     7836           
  Misses      14952    14952           
  Partials      846      846           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

uses: actions/stale@v5
with:
stale-issue-message: 'This pull request has been automatically closed because it has been inactive for more than 14 days. Please reopen if you still intend to submit this pull request.'
# We can have different values for issues and PRs, which we might prefer
Copy link
Member

@realshuting realshuting Feb 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @mviswanathsai ! It is worth checking how Kubernetes does this.

Copy link
Contributor Author

@mviswanathsai mviswanathsai Feb 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, Shuting! @JimBugwadia also advised me to look into Kubernetes. I just made this PR as a placeholder for further discussions.
Kubernetes follows the method outlined here. They run a docker image for the robot, the metrics etc.
We could try and use the same I think, I could not find much info about it though.
Here is the config file they use.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the slack discussion, I have also linked some discussions on the Kubernetes github about the behavior of the bot itself. It might be worth checking out!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Triaging issues:

        This bot triages issues according to the following rules:
        - After 90d of inactivity, `lifecycle/stale` is applied
        - After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied
        - After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed

Similar for the PRs:

        This bot triages PRs according to the following rules:
        - After 90d of inactivity, `lifecycle/stale` is applied
        - After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied
        - After 30d of inactivity since `lifecycle/rotten` was applied, the PR is closed

Can we use https://github.com/actions/stale to achieve this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if we can add add lifecycle/rotten after lifecycle/stale. I will have to look into the docs again to make sure.
Even then, this kind of behavior should be possible with adjusting the limits on the days for stale PRs and issues.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In addition to that, we can specify labels on issues and PRs that we may not want to be automatically closed by the github action. Something which we might want to consider.

Copy link
Contributor Author

@mviswanathsai mviswanathsai Feb 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am working on a fork of the github stale action which will allow us to add a rotten label also. Though this might not be necessary, and I might be unsuccessful in doing so but I decided to give it a shot. I hope that is not a problem! Please let me know in case we cannot afford that time.

@mviswanathsai
Copy link
Contributor Author

Update: I've been working on the fork for the past couple of days, I think it works as expected.
I will add a bunch of end-to-end tests and make sure it works as expected in the next few days.

I will also make a pr to the original GitHub stale repo to add the changes as a feature.

@mviswanathsai
Copy link
Contributor Author

Update: I have created a PR on the github stale action repo.
I will also quickly add a workflow that uses my fork of the repo to let us use the Rotten feature.

MariamFahmy98 and others added 25 commits March 6, 2024 01:00
Bumps [go.opentelemetry.io/otel/sdk/metric](https://github.com/open-telemetry/opentelemetry-go) from 1.23.1 to 1.24.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.23.1...v1.24.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk/metric
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…otlpmetricgrpc (kyverno#9797)

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go) from 1.23.1 to 1.24.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.23.1...v1.24.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#9794)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@e0b68c6...0cfda1d)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…rno#9796)

Bumps [go.opentelemetry.io/otel/exporters/prometheus](https://github.com/open-telemetry/opentelemetry-go) from 0.45.2 to 0.46.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@example/prometheus/v0.45.2...example/prometheus/v0.46.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/prometheus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…yverno#9795)

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) from 1.23.1 to 1.24.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.23.1...v1.24.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…tlptracegrpc (kyverno#9798)

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) from 1.23.1 to 1.24.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.23.1...v1.24.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#9811)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.0.2 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@0cfda1d...54bcd87)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…p/otelhttp (kyverno#9809)

Bumps [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.48.0 to 0.49.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.48.0...zpages/v0.49.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…9810)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.19.0 to 0.20.0.
- [Commits](golang/crypto@v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix(globalcontext): old waitgroup not stopping

Signed-off-by: Khaled Emara <[email protected]>

* chore(globalcontext): add AGE

Signed-off-by: Khaled Emara <[email protected]>

* feat(globalcontext): add lastRefreshTime

Signed-off-by: Khaled Emara <[email protected]>

* fix(globalcontext): unhandled intormer run exception

Signed-off-by: Khaled Emara <[email protected]>

* chore(globalcontext): comment wording

Signed-off-by: Khaled Emara <[email protected]>

* chore(globalcontext): codegen

Signed-off-by: Khaled Emara <[email protected]>

* fix(globalcontext): linter

Signed-off-by: Khaled Emara <[email protected]>

---------

Signed-off-by: Khaled Emara <[email protected]>
…yverno#9825)

Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ivault (kyverno#9821)

Bumps [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
kyverno#9823)

Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…kyverno#9832)

Bumps [kyverno/action-install-chainsaw](https://github.com/kyverno/action-install-chainsaw) from 0.1.6 to 0.1.7.
- [Release notes](https://github.com/kyverno/action-install-chainsaw/releases)
- [Commits](kyverno/action-install-chainsaw@204730d...3bf0752)

---
updated-dependencies:
- dependency-name: kyverno/action-install-chainsaw
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…verno#9831)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.17.0 to 0.18.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@84384bd...062f259)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…yverno#9830)

Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…yverno#9828)

* Restore warn-exite-code functionality for apply command

Signed-off-by: Matt Veitas <[email protected]>

* Nove error handling

Signed-off-by: Matt Veitas <[email protected]>

* Uncomment println statement

Signed-off-by: Matt Veitas <[email protected]>

* Fixing linting

Signed-off-by: Matt Veitas <[email protected]>

* Adding conformance tets for cli apply command with warn-exit-code

Signed-off-by: Matt Veitas <[email protected]>

* Update path to kubectl-kyverno binary

Signed-off-by: Matt Veitas <[email protected]>

* Add prepare-cli as needed dependency

Signed-off-by: Matt Veitas <[email protected]>

* feat: install kubectl-kyverno in standard conformance tests

Signed-off-by: ShutingZhao <[email protected]>

* fix: update chainsaw config

Signed-off-by: ShutingZhao <[email protected]>

* fix: move CLI chainsaw tests to a separate action

Signed-off-by: ShutingZhao <[email protected]>

* fix: CLI path

Signed-off-by: ShutingZhao <[email protected]>

* fix: name

Signed-off-by: ShutingZhao <[email protected]>

* fix: add chainsaw flag '--no-cluster'

Signed-off-by: ShutingZhao <[email protected]>

* fix: CLI name

Signed-off-by: ShutingZhao <[email protected]>

---------

Signed-off-by: Matt Veitas <[email protected]>
Signed-off-by: ShutingZhao <[email protected]>
Signed-off-by: shuting <[email protected]>
Co-authored-by: ShutingZhao <[email protected]>
…yverno#9822)

Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
vishal-chdhry and others added 5 commits March 6, 2024 01:01
…erno#9845)

* fix: add missing unit tests

Signed-off-by: ShutingZhao <[email protected]>

* fix: update pinned lib

Signed-off-by: ShutingZhao <[email protected]>

* fix: uncomment code

Signed-off-by: ShutingZhao <[email protected]>

---------

Signed-off-by: ShutingZhao <[email protected]>
Signed-off-by: Charles-Edouard Brétéché <[email protected]>
…verno#9842)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@mviswanathsai mviswanathsai deleted the stale-action branch March 5, 2024 19:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants