Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

koji_hub: move coreos signing tags to tag policy section

Browse source 
Also use globs instead of the Fedora Number vars.
This commit is contained in:
Dusty Mabe 2019-08-20 15:29:25 -04:00 committed by Pierre-Yves Chibon
parent 7aa452750b
commit fc736c27d1
1 changed files with 6 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

14
roles/koji_hub/templates/hub.conf.j2
View file

@ -94,9 +94,10 @@ tag =
# CoreOS continuous builds, https://pagure.io/releng/issue/8165
operation tag && tag f{{FedoraRawhideNumber}}-coreos-continuous f{{FedoraBranchedNumber}}-coreos-continuous f{{FedoraCycleNumber}}-coreos-continuous f{{FedoraPreviousCycleNumber}}-coreos-continuous && has_perm coreos-continuous :: allow
operation untag && fromtag f{{FedoraRawhideNumber}}-coreos-continuous f{{FedoraBranchedNumber}}-coreos-continuous f{{FedoraCycleNumber}}-coreos-continuous f{{FedoraPreviousCycleNumber}}-coreos-continuous && has_perm coreos-continuous :: allow
# CoreOS coreos-pool and coreos-release tags, https://pagure.io/releng/issue/8294
operation tag && tag coreos-pool coreos-release && has_perm coreos-continuous :: allow
operation untag && fromtag coreos-pool coreos-release && has_perm coreos-continuous :: allow
# CoreOS coreos-pool and intermediate signing tags as well
# as the coreos-release tag. https://pagure.io/releng/issue/8294
operation tag && tag coreos-pool f*-coreos-signing-pending coreos-release && has_perm coreos-continuous :: allow
operation untag && fromtag coreos-pool f*-coreos-signing-pending coreos-release && has_perm coreos-continuous :: allow
# deny tagging secureboot packages that are not related to coreos-continuous
package kernel shim grub2 fedora-release fedora-repos pesign :: deny
# Allow people to tag stuff into infra-candidate if they're infra
@ -159,11 +160,8 @@ package_list =
tag *infra* && has_perm infra && match action add unblock block :: allow
# CoreOS continuous builds, https://pagure.io/releng/issue/8165
tag f{{FedoraRawhideNumber}}-coreos-continuous f{{FedoraBranchedNumber}}-coreos-continuous f{{FedoraCycleNumber}}-coreos-continuous f{{FedoraPreviousCycleNumber}}-coreos-continuous && has_perm coreos-continuous && match action add unblock block :: allow
# CoreOS coreos-release tag https://pagure.io/releng/issue/8294
tag coreos-release && has_perm coreos-continuous && match action add unblock block :: allow
# CoreOS coreos-pool tag and intermediate signing tags that lead
# to coreos-pool https://pagure.io/releng/issue/8294
tag coreos-pool f{{FedoraRawhideNumber}}-coreos-signing-pending f{{FedoraBranchedNumber}}-coreos-signing-pending f{{FedoraCycleNumber}}-coreos-signing-pending f{{FedoraPreviousCycleNumber}}-coreos-signing-pending && has_perm coreos-continuous && match action add unblock block :: allow
# CoreOS coreos-pool and coreos-release tags, https://pagure.io/releng/issue/8294
tag coreos-pool coreos-release && has_perm coreos-continuous && match action add unblock block :: allow
# Catch-all rule.
all :: deny