eks-distro-build-tooling icon indicating copy to clipboard operation
eks-distro-build-tooling copied to clipboard

Published 20 hours ago verified publisher icon aws

Run Checkums post-submit as follow-up to Builder Base post-submit

Open danbudris opened this issue 2 years ago • 2 comments

When the builder-base post-submit runs, we should follow up with an execution of the checksums execution (the attribution job) in a post-submit.

Right now we run the checkums in a nightly periodic, or we manually trigger them when material changes are made to the builder-base, such as updating the versions of dependencies. This step is required prior to updating the EKS-A and EKS-D prow jobs to use the builder-base as their base image, otherwise the checksums will be mismatched and the prow jobs will fail.

However, we want to ensure that when a new builder-base is published, new checksums are published automatically in response. We can do this by triggering the checksums job FROM the builder-base post-submit, updating the checkusm job to use the just-published builder-base image tag.

This will ensure that when a new builder-base image is published, the correct checksums are published ASAP, and we can move forward with the prow job updates sooner rather than later and elminate a manual step which we've been prone to miss.

AC:

  • the checksums job runs automatically in response to a new builder-base image being published
  • the description of the prow job PRs should include links to the newly trigger checksum jobs

danbudris avatar Jan 20 '23 16:01 danbudris

some thoughts: this could be done by executing a kubectl apply of the checksums prow-job yaml at the end of the builder-base post-submit. We'd just need to use a template that we could over-ride the image on so taht the applied job was running using the just-published builder-base image as the job image.

danbudris avatar Jan 20 '23 16:01 danbudris

To be able to do a kubectl apply well need to add perms to post submit service account to be able to create new ProwJobs. We do something similar in the builder-base postsubmit for creating buildctl pods on the fly:

https://github.com/aws/eks-distro-build-tooling/blob/main/scripts/setup_buildx.sh#L52

role: https://github.com/aws/eks-distro-build-tooling/blob/035927e4f1d0adfee45f44b82857afeff6f5f0bb/helm-charts/stable/prow-data-plane/templates/buildkit-orchestration-Role.yaml

rolebinding: https://github.com/aws/eks-distro-build-tooling/blob/91884f6504f9e4a9bd0f2a764ea72b9713aee272/helm-charts/stable/prow-data-plane/templates/buildkit-orchestration-RoleBinding.yaml

jaxesn avatar Jan 20 '23 16:01 jaxesn