On 2019-11-18 06:59, Clement Verna wrote: > Hey all, > > I have just disabled the openshift-apps playbooks from running in the > master playbook run (see > https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/master.yml?id=dccf42cd510703d6ddb5bb444aed7ce24ee1c334). I'm -1 on this. Production apps should make use of git branches and deploy from, say, a "production" branch. Then a deployment at any moment wouldn't unexpectedly break an app. Staging apps can do similar. Basically anything that isn't just being tested/experimented with (which should happen in communishift) can do similar. > > The reason behind is that the openshift-apps playbook are written to > trigger a new build and a new deployment of the application at each run, > this means that every time the master.yml playbook is run we build a > version of the application and deploy it. > Since a few of our applications are using source-to-image to build the > container directly from git it means that a master.yml run can deploy > new code into production without the maintainer of that application > being aware of it. > Again, these s2i images should pull from a distinguished branch, then this becomes a nonissue. -re > I wanted to raise awareness of this problem and ask the following > questions. > > Do we need to have the openshift-apps in the master.yml ? If yes how do > we prevent the run from deploying unwanted changes in production ? > > Thanks > Clément > > _______________________________________________ > infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx >
Attachment:
pEpkey.asc
Description: application/pgp-keys
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
