Rotate Service Account Secrets - RotateServiceAccount creates a new key for a Google Cloud service account and updates the required secret data. It's triggered by a Pub/Sub message sent by a secret stored in Secret Manager. It runs as a cloud run container.
Cleanup of Service Account Secrets - The Cloud Run service deletes old keys for a Google Cloud service account and updates the required secret data for all service account secrets stored in the Secret Manager. The service is triggered by a Cloud Scheduler job.
Automated Approver - With the Automated Approver tool, you can automatically approve a pull request (PR) based on the rules you define. The tool enables automation of the approval process for PRs in repositories that need reviews before merge. The tool automates the PR review process without limiting user write
permission on the repository. It can provide an automated review process for all PR authors.
Image Autobumper - Image Autobumper is a tool for automatically updating the version of a Docker image in a GitHub repository.
Image Builder - Image Builder is a tool for building OCI-compliant images in an SLC-29-compliant system from a GitHub workflow.
Image Builder GitHub Workflow Integration - The Image Builder solution integrates with GitHub workflows and uses an Azure DevOps pipeline to run the process of building OCI
Image Builder - Image Builder is a tool for building OCI-compliant images.
Image Detector - Image Detector is a tool for updating the security scanner config with the list of images in the Prow cluster. To achieve that, it receives paths to files used to deploy Prow or its components.
image-syncer - Contents:
Image URL Helper - Image URL Helper is a tool that provides the following subcommands:
JobGuard - JobGuard is a simple tool that fetches all statuses for GitHub pull requests (PRs) and waits for some of them to finish.
OIDC Token Verifier - The OIDC Token Verifier is a command-line tool designed to validate the OIDC token and its claim values. It is primarily used in the
External Secrets Checker - This command checks external Secrets synchronization status, and if every Secret has a corresponding external Secret.
Job Guard - Job Guard was moved to the cmd
directory.
Artifact Registry Creator Tool (GCP, Terraform) - This is the GCP image registry creator tool. Use the registry to publish modules that should be accessible to internal SAP teams.
Documentation Guidelines - Follow the rules listed in this document to provide high-quality documentation.
Add a Custom Secret to Prow - This tutorial shows how to add and use a custom secret in the Prow pipeline.
Standard Terraform Configuration - This document describes the standard Terraform configuration that is used in the test-infra
repository.
Name a Secret - This tutorial describes how to name a secret in Google Secret Manager.
Docs - The folder contains documents that provide an insight into Prow configuration, development, and testing.
Authorization - To deploy a Prow cluster, configure the following service accounts in the Google Cloud project you own.
Crier - Crier reports the Prow Job status changes. For now, it is responsible for Slack notifications as Plank is still reporting the Prow Job statuses to GitHub.
Obligatory Security Measures - Read about the obligatory security measures to take on a regular basis and when a Kyma organization member leaves the project.
Run ProwJobs in KinD or k3d - This document provides brief instructions on how to run ProwJobs in local kind (Kubernetes-in-Docker) or k3d locally.
Presets - This document contains the list of all Presets available in the config.yaml
file. Use them to define Prow Jobs for your components.
Prow Architecture - The document outlines Prow architecture and interconnections between different systems and components that are involved in it.
Prow Cluster Update - Updating a Prow cluster requires an improved Prow version. The Kubernetes Prow instance gets updated via a shell script. The shell script offers only a short list of the last pushed container tags and as a result, limits the versions to choose from. To cherry-pick updates, monitor Prow announcements to see when fixes or important changes are merged into the Kubernetes repository. This document describes how to update a Prow cluster using a cherry-picked Prow version.
HTML Lens - Spyglass HTML lens allows to render HTML files in the job results.
Image Autobump - This document provides an overview of autobump Prow Jobs.
Prow Cluster Monitoring Setup - This document describes how to install and manage Prow cluster monitoring.
Prow Test Clusters - This document gathers information about test clusters that Prow jobs build. All test clusters are built in the sap-kyma-prow-workloads
project.
Tide Introduction - Along with the Prow upgrade, we want to introduce Tide for merging the PRs automatically.
Prow Workload Clusters - This document describes workload clusters on which Prow schedules Pods to execute the logic of a given Prow job. All workload clusters are aggregated under the kyma-prow
Google Cloud project. We use two workload clusters for trusted and untrusted Prow jobs.
Prow Runtime Images - This directory contains images that can be used as runtime images for all ProwJobs in Kyma's Prow Instance.
Cluster - This folder contains files related to the configuration of the Prow production cluster that are used during the cluster provisioning.
Resources - This directory contains Helm charts used by a Prow cluster.
External Secrets - Kubernetes Secrets are synchronized with Google Cloud Secret Manager using External Secrets Operator.