{"id":25738747,"url":"https://github.com/rhobs/syncbot","last_synced_at":"2025-02-26T07:33:49.120Z","repository":{"id":37920633,"uuid":"421771592","full_name":"rhobs/syncbot","owner":"rhobs","description":"Workflows to automate merge activities for Openshift monitoring dependencies","archived":false,"fork":false,"pushed_at":"2024-04-11T10:21:02.000Z","size":153,"stargazers_count":5,"open_issues_count":8,"forks_count":8,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-04-18T18:28:30.045Z","etag":null,"topics":["automation","mergebot","upstream-sync"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rhobs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-10-27T10:22:10.000Z","updated_at":"2024-04-23T12:59:49.370Z","dependencies_parsed_at":"2024-04-04T07:42:02.414Z","dependency_job_id":"26c6289e-7405-401f-87ce-80840c8fe62d","html_url":"https://github.com/rhobs/syncbot","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhobs%2Fsyncbot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhobs%2Fsyncbot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhobs%2Fsyncbot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhobs%2Fsyncbot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rhobs","download_url":"https://codeload.github.com/rhobs/syncbot/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240813209,"owners_count":19861795,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","mergebot","upstream-sync"],"created_at":"2025-02-26T07:33:16.947Z","updated_at":"2025-02-26T07:33:49.059Z","avatar_url":"https://github.com/rhobs.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Syncbot\n\nWorkflows to automate Openshift monitoring dependency upgrades.\n\n## Introduction\nCluster Monitoring Operator relies on various upstream components to fulfill the monitoring needs for Openshift. [Here is a list](https://github.com/openshift/cluster-monitoring-operator/blob/main/jsonnet/versions.yaml) of those components,\n\n- [prometheus](https://github.com/openshift/prometheus)\n- [prometheus-alertmanager](https://github.com/openshift/prometheus-alertmanager)\n- [prometheus-operator](https://github.com/openshift/prometheus-operator)\n- [thanos](https://github.com/openshift/thanos)\n- [node_exporter](https://github.com/openshift/node_exporter)\n- [kube-state-metrics](https://github.com/openshift/kube-state-metrics)\n- [kubernetes-metrics-server](https://github.com/openshift/kubernetes-metrics-server)\n- [prom-label-proxy](https://github.com/openshift/prom-label-proxy)\n- [kube_rbac_proxy(auth team handles it)](https://github.com/openshift/kube-rbac-proxy)\n- [grafana (deprecated)](https://github.com/openshift/grafana)\n\nSince those components are shipped as part of the Openshift release payload, it must be built using Openshift build jobs (OSBS), which requires customization to build scripts. To accomplish this, the Monitoring team maintains a fork of all those components under openshift github org.\n\n## Downstream Changes\n\nThe forks are almost the same as the upstream repo with the following additional changes,\n\n1. Master/Main branch pointing to upstream latest release rather than upstream Master/Main\n2. Vendors go mod packages to enable air gapped builds\n3. Custom Dockerfile to use Openshift build system provided base image\n4. Makefile changes to enable unit \u0026 e2e tests\n5. OWNERS file changes\n6. .gitignore changes to allow vendor directory\n7. UI assets gobin file - assets_vfsdata.go(prometheus, alertmanager, grafana)\n\n# Problem Statement\nThe workflow we have currently for synchronizing our downstream forks and CMO with upstream relies heavily on manual intervention. It is also tedious because we tend to bump all projects at the same time which makes it harder to detect regressions and it requires bigger changes than expected in the jsonnet code sometimes.\n\nhttps://issues.redhat.com/browse/MON-1856\n\n# Prior Art\n\nThere is a tool named [merge-bot](https://github.com/shiftstack/merge-bot) from #forum-shiftstack, which updates [openshift/cloud-provider-openstack](https://github.com/openshift/clould-provider-openstack) and [openshift/csi-driver-nfs](https://github.com/openshift/csi-driver-nfs) repo from the respective upstream.\n\n[https://prow.ci.openshift.org/?type=periodic\u0026job=*merge-bot*](https://prow.ci.openshift.org/?type=periodic\u0026job=*merge-bot*)\n\nHere is a sample PR created by the merge bot: [csi-driver-nfs/pull#53](https://github.com/openshift/csi-driver-nfs/pull/53)\n\nAnother tool named rebasebot which is a fork of merge-bot with additional rebase features with a simple development workflow.\n\n[https://prow.ci.openshift.org/?type=periodic\u0026job=*rebasebot*](https://prow.ci.openshift.org/?type=periodic\u0026job=*rebasebot*)\n\nHere is a sample PR created by the rebase bot: [cloud-provider-gcp/pull/6](https://github.com/openshift/cloud-provider-gcp/pull/6)\n\n# Using Github Actions\n\nInitially we thought of using prow CI, however it was quite difficult to bring up the entire GH PR workflow into prow CI. However, Github Actions has plenty of [pre-built](https://github.com/peter-evans/create-pull-request) actions from the marketplace and it is quite easy to reuse for our use cases.\n\n## Orchestration using Github Action\n\n![Workflow](assets/img/gh-workflow.svg \"Github Actions workflow\")\n\n## Github App based Auth flow\n\nThe workflow makes uses of Github Apps based credential mode to interact with Github services.\nThe following applications must be created,\n\n### [Cloner application](https://github.com/apps/monitoring-commit-bot)\nThis should be installed in the intermediate GitHub organization(for example [rhobs](https://github.com/rhobs)) with the permissions as follows:\n\n- Contents: Read \u0026 Write\n- Metadata: Read-only\n- Workflows: Read \u0026 Write\n\n### [PR creation App](https://github.com/apps/openshift-monitoring-bot)\nThis should be installed in the [openshift](https://github.com/openshift) GitHub organization with the following permissions:\n\n- Contents: Read\n- Metadata: Read-only\n- Pull requests: Read \u0026 Write\n\n\nHere are instructions on how to [create](https://docs.github.com/en/developers/apps/building-github-apps/creating-a-github-app) and [install](https://docs.github.com/en/developers/apps/managing-github-apps/installing-github-apps) a GitHub application.\n\nCredentials of the above-mentioned app will be stored as repo secrets and passed down to the automation workflow through the following env vars,\n- APP_ID\n- APP_PRIVATE_KEY\n- CLONER_APP_ID\n- CLONER_APP_PRIVATE_KEY\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhobs%2Fsyncbot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frhobs%2Fsyncbot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhobs%2Fsyncbot/lists"}