Hey all,
I have just disabled the openshift-apps playbooks from running in the master playbook run (see https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/master.yml?id=dccf42cd510703d6ddb5bb444aed7ce24ee1c334).
The reason behind is that the openshift-apps playbook are written to trigger a new build and a new deployment of the application at each run, this means that every time the master.yml playbook is run we build a version of the application and deploy it.
Since a few of our applications are using source-to-image to build the container directly from git it means that a master.yml run can deploy new code into production without the maintainer of that application being aware of it.
I wanted to raise awareness of this problem and ask the following questions.
Do we need to have the openshift-apps in the master.yml ? If yes how do we prevent the run from deploying unwanted changes in production ?
Thanks
Clément
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
