On Mon, Nov 18, 2019 at 12:59:44PM +0100, Clement Verna wrote: > Hey all, > > I have just disabled the openshift-apps playbooks from running in the > master playbook run (see > https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/master.yml?id=dccf42cd510703d6ddb5bb444aed7ce24ee1c334 > ). > > The reason behind is that the openshift-apps playbook are written to > trigger a new build and a new deployment of the application at each run, > this means that every time the master.yml playbook is run we build a > version of the application and deploy it. > Since a few of our applications are using source-to-image to build the > container directly from git it means that a master.yml run can deploy new > code into production without the maintainer of that application being aware > of it. > > I wanted to raise awareness of this problem and ask the following > questions. > > Do we need to have the openshift-apps in the master.yml ? If yes how do we > prevent the run from deploying unwanted changes in production ? Perhaps we should make the deploy optional? Or just split out those that are doing source-to-image from the ones that aren't? kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
