-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[#IP-103] add yarn-lock-upgrade resource to pushnotification terraform script #38
base: main
Are you sure you want to change the base?
Conversation
We will need to:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fabriziopapi thanks for your pr :)
Locking here it seems that u need also a GITHUB_TOKEN but I don't remember if u have to set:
- io-azure-devops-github-pr's service connection, or
- io-azure-devops-github-pr's GITHUB_TOKEN, or
- nothing
I think that we have to do some test
@gquadrati @balanza do u remember what's the correct way?
Another change requested is to add github pr service connection auth for this pipeline io-functions-pushnotifications-yarn-lock-upgrade-github-pr-auth
At the moment we can't define scheduled triggers with terraform. https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/build_definition We need to define schedule block as here https://github.com/pagopa/io-functions-pushnotifications/blob/master/.devops/yarn-lock-upgrade.yml#L9 third way is set it manual :( |
In the template doc at https://github.com/pagopa/azure-pipeline-templates/tree/master/templates/yarn-lock-upgrade, the GITHUB_TOKEN is stated as not required. |
This is wrong, I'm sorry. We need all the three values to successfully create a PR in github. |
We need a token that can push to a branch but without being admin (to prevent malicious push to master), otherwise we would introduce a possible vulnerability. Idk if we can set such property to a token, I'm afraid they're inherited from the user's role. |
@fabriziopapi why draft anyway? Is there a scenario in which codeowners approve the PR but you don't want it to be merged? |
yes, right, sorry! |
For security reason we need to set scheduled trigger in azure devops configuration.
PS: this open issue is not related to our scope microsoft/terraform-provider-azuredevops#362 |
We can reopen this PR :) azure devops 0.1.8 now support scheduled triggers @fabriziopapi @balanza @gquadrati |
The current devops pipelines never update the dependency versions locked in the yarn.lock file.
The PR add to the terragrunt script for pushnotification pipeline the yarn upgrade yob configured in the yarn-lock-upgrade.yml project file (based on the template yarn-lock-upgrade/template.yaml from the azure-pipeline-templates).
With this new pipeline, the locked dependecy versions will be re-generated every day.