-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
branchprotector continuously failing #33900
Comments
filed #33901 as a stopgap. it's not great. |
Aborted the current run and started a new re-run with the latest config and the 12h timeout, but we know it will be at least 5+ hours before we can tell if that worked as a stopgap ... https://prow.k8s.io/view/gs/kubernetes-ci-logs/logs/ci-test-infra-branchprotector/1864084620887199744 |
That run failed at 11h35m57s. The logs are enourmous and full of 404 errors:
|
I think it at least barely completed running without being killed by the timeout, but the error output is massive and it feels like it's not running correctly. NOTE: this has actually been ongoing for months AFAICT, there have been scattered threads in slack. It's just gotten enough attention now to make sure we have a tracking issue >.< |
some discussion but nothing conclusive in https://kubernetes.slack.com/archives/CDECRSC5U/p1733337720772809 |
This causes the "Waiting for status to be reported" for the removed The removal of that job has not been mirrored to GitHub yet, despite that completed run. |
A quick proposal can be dividing this CI to several CIs group by sig/project/org. Is this doable? |
That was discussed in the slack thread above. But currently the job is completing, so quota/throughput, while bad, is not the problem. It's clearly also bugged. Someone will have to spend more time investigating this. An immediate mitigation is reaching out to github management to manually update github settings, but these problems will continue to impact the organization if the tooling isn't fixed. |
Raised in #github-management: https://kubernetes.slack.com/archives/C01672LSZL0/p1733438889444729 |
@MadhavJivrajani manually removed |
We're still seeing issues with blocking merge requirements not being removed from repos: https://kubernetes.slack.com/archives/C01672LSZL0/p1734188195640379 /help |
@BenTheElder: GuidelinesPlease ensure that the issue body includes answers to the following questions:
For more details on the requirements of such an issue, please see here and ensure that they are met. If this request no longer meets these requirements, the label can be removed In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
filed kubernetes-sigs/prow#345 |
👀 |
After updating the PAT scopes thanks to debugging from @danilo-gemoli 🙏 https://kubernetes.slack.com/archives/CDECRSC5U/p1736268326525839?thread_ts=1736193846.842659&cid=CDECRSC5U https://prow.k8s.io/?job=ci-test-infra-branchprotector fails in only 13 minutes, but it has a new inscutiable error:
|
|
So they're all for |
I guess this time it's a different issue. The error states what follow:
the relevant config (here) for those repositories is: branch-protection:
orgs:
kubernetes:
protect: true
repos:
autoscaler:
branches:
gh-pages:
protect: false
cloud-provider-aws:
branches:
gh-pages:
protect: false
cloud-provider-openstack:
branches:
gh-pages:
protect: false
cloud-provider-vsphere:
branches:
gh-pages:
protect: false
ingress-nginx:
branches:
gh-pages:
protect: false
kube-state-metrics:
branches:
gh-pages:
protect: false it seems that branch protection is enabled at org level: branch-protection:
orgs:
kubernetes:
protect: true but each of those repository defines if policy.Protect != nil && !*policy.Protect {
...
if policy.defined() && !boolValFromPtr(c.BranchProtection.AllowDisabledPolicies) {
return nil, fmt.Errorf("%s/%s=%s defines a policy, which requires protect: true", org, repo, branch)
}
...
} if I'm reading this correctly it means that a child branch policy can't override its parent unless: branch-protection:
allow_disabled_policies: true which is not the case. |
the permission to get policy seems not to be granted. |
ok now we just have:
After #34125 |
Confirmed green: https://prow.k8s.io/?job=ci-test-infra-branchprotector Thank you very much @danilo-gemoli ! |
Finally! |
It's timing out after 5h20m: https://prow.k8s.io/?job=ci-test-infra-branchprotector
This is causing us to not sync branch protection rules, e.g. related to #33857 / #33880
We have a big problem with this tooling not scaling, it uses a ton of API quota and needs to run continuously and scales with the number of repos/branches which is only growing.
/area prow
/sig testing
/priority important-soon
The text was updated successfully, but these errors were encountered: