Changelog Generator - This project is a Docker image that is used to generate a changelog in the kyma repository. It uses GitHub API to get pull requests with specified labels.
gcp-artifact-registry-terraform - This is the GCP image registry creator tool. Use the registry to publish modules that should be accessible to internal SAP teams.
Create Custom Image - The purpose of this document is to define how to create a new Google Compute Engine custom image with required dependencies. You can use the new image to provision virtual machine (VM) instances with all dependencies already installed.
gardener-rotate - The gardener-rotate tool allows you to generate a new access token for the Gardener service accounts and update kubeconfig stored in the Secret Manager.
Rotate Gardener service account secrets using Cloud Run - The Cloud Run application creates a new key for a GCP service account, updates the required secret data, and deletes old versions of a key. The function is triggered by a Pub/Sub message sent by a secret stored in Secret Manager.
Rotate KMS secrets using Cloud Run - The Cloud Run application decrypts and encrypts files in a bucket with the latest version of a KMS key, and deletes old versions of a key. The function is triggered by a HTTP POST request sent by a Cloud Scheduler.
image-builder - This tool serves as an intelligent wrapper for kaniko-project/executor. It reduces the complexity of building Docker images and removes the need of using Docker in Docker when building images in K8s infrastructure.
Image Detector - Image Detector is a tool for updating the security scanner config with the list of images in the Prow cluster. To achieve that, it receives paths to files used to deploy Prow or its components.
image-syncer - image-syncer is used to copy container images from one registry to another.
Image URL Helper - Image URL Helper is a tool that provides the following subcommands:
JobGuard - JobGuard is a simple tool that fetches all statuses for GitHub pull requests and waits for some of them to finish.
prowjobparser - The prowjobparser is a helper tool which parses all Prow Jobs under the provided path, matches them against the provided label filters, and prints matching Prow Job names to the standard output.
Rotate service account secrets - RotateServiceAccount creates a new key for a GCP service account and updates the required secret data. It's triggered by a Pub/Sub message sent by a secret stored in Secret Manager. It runs as a cloud run container.
Cleanup of service account secrets - The Cloud Run service deletes old keys for a GCP service account and updates the required secret data for all service account secrets stored in the Secret Manager. The service is triggered by a Cloud Scheduler job.
Tools - This project contains Go applications for the test-infra repository.
certbotauthenticator - Certbotauthenticator is a binary called by the certbot when it generates the certificate. The binary is used in during manual DNS challenge authentication. In the manual mode, the certbot passes the domain name and the authentication token as environment variables to the certbotauthenticator to create a TXT record in the domain. This way, the Let's Encrypt system can validate the domain ownership. After the validation completes, the certbotauthenticator is called again to clean the TXT records.
Clusters Garbage Collector - This command finds and removes orphaned clusters created by the kyma-gke-integration job in a Google Cloud Platform (GCP) project.
Config Uploader - This command uploads Prow plugins, configuration, and jobs to a Prow cluster. Use it for a newly created Prow cluster and to update changes in the configuration on a cluster from a forked repository.
Disks Garbage Collector - This command finds and removes orphaned disks created by the kyma-gke-integration job in a Google Cloud Platform (GCP) project.
IP Address and DNS Record Garbage Collector - This command finds and removes orphaned IP Addresses and related DNS records created by GKE integration jobs in a Google Cloud Platform (GCP) project.
External Secrets Checker - This command checks external Secrets synchronization status, and if every Secret has a corresponding external Secret.
GCR cleaner - This command finds and removes old GCR images created by Jobs in the Google Cloud Platform (GCP) project.
Github issues - This command queries all open Github issues in an organization or repository, and loads that data to a BigQuery table.
GitHub release - This command creates GitHub releases.
GitHub Statistics - githubstats fetches statistics for GitHub issues and prints the following JSON object:
IP cleaner - This command finds and removes orphaned IP addresses created by jobs in the Google Cloud Platform (GCP) project.
Job Guard - Job Guard was moved here.
oomfinder - oomfinder is a small tool designed to run in a Pod on each k8s worker node as a privileged container. It will check if Docker or Containerd is used and attach to its socket to listen for oom events. If an oom event occurs, oomfinder will print a message to os stdout with the following details:
Prow Job tester - Prow Job tester is a tool for testing changes to the Prow Jobs' definitions and code running in Prow Jobs. It uses the production Prow instance to run chosen Prow Jobs with changes from pull requests (PRs) without going through multiple cycles of new PRs, reviews, and merges. The whole development can be done within one cycle.
Render Templates - The Render Templates is a tool that reads the configuration from a config.yaml file and data files to generate output files, such as Prow component jobs. While the config.yaml file can hold configuration for an output file, you can place such data within the data files that hold configuration for related output files. Having separate files with grouped data is cleaner and easier to maintain than one huge config file.
Virtual Machines Garbage Collector - This command finds and removes orphaned virtual machines (VMs) created by Prow jobs in a Google Cloud Platform (GCP) project.
YAML merge - This command line tool enables merging yaml files into one single file. For the operation to work, the yaml files must follow the same source path.
PR Tag Builder - PR Tag Builder is a tool that finds a pull request number for a commit.
/development/tools/pkg/release/change-record.mdDocumentation guidelines - 1. Each repository must contain an automatically updated index page in docs directory.
Documentation - The folder contains documents that provide an insight into Azure DevOps (ADO) configuration, development, and testing.
GitHub.com and Azure Pipeline (ADO) integration - We have to verify that the integration of an SAP Azure DevopsPipeline as a quality gate for github.com works.
Add custom secret to Prow - This tutorial shows how to add a custom secret and use it in the Prow pipeline.
Standard Terraform configuration - This document describes the standard Terraform configuration that is used in test-infra repository.
Docs - The folder contains documents that provide an insight into Prow configuration, development, and testing.
Authorization - To deploy a Prow cluster, configure the following service accounts in the GCP project you own.
Crier - Crier reports the Prow Job status changes. For now, it is responsible for Slack notifications as Plank is still reporting the Prow Job statuses to GitHub.
Run K3d cluster inside ProwJobs - This document provides simple instructions, with examples, on how to prepare a ProwJob to use a K3d cluster and Docker.
Label_sync - Label_sync updates or migrates GitHub labels on repositories in a GitHub organisation based on a YAML file. It is triggered as a ci-prow-label-sync Prow job.
Manage component jobs with templates - This document describes how to define, modify, and remove Prow jobs for Kyma components using predefined templates that create both presubmit and postsubmit jobs for your component. Also, this document gives you the steps required to prepare your component for the Prow CI pipeline.
Obligatory security measures - Read about the obligatory security measures to take on a regular basis and when a Kyma organization member leaves the project.
Presets - This document contains the list of all Presets available in the config.yaml file. Use them to define Prow Jobs for your components.
Prow Architecture - The document outlines Prow architecture and interconnections between different systems and components that are involved in it.
Prow cluster update - Updating a Prow cluster requires an improved Prow version. The Kubernetes Prow instance gets updated via a shell script. The shell script offers only a short list of the last pushed container tags and as a result, limits the versions to choose from. To cherry-pick updates, monitor Prow announcements to see when fixes or important changes are merged into the Kubernetes repository. This document describes how to update a Prow cluster using a cherry-picked Prow version.
HTML lens - Spyglass HTML lens allows to render HTML files in the job results.
Image autobump - This document provides an overview of autobump Prow Jobs.
Prow Jobs QuickStart - This document provides an overview of how to quickly start working with Prow jobs.
TestGrid - TestGrid is an interactive dashboard for viewing tests results in a grid. It parses JUnit reports for generating a grid view from the tests.
Prow Cluster Monitoring Setup - This document describes how to install and manage Prow cluster monitoring that is available at https://monitoring.build.kyma-project.io.
Quality metrics - This document describes reports that provide an overview of the basic quality measures for the Kyma project.
Security Leaks Scanner - Security Leaks Scanner is a tool that scans a repository for potential security leaks, thus providing protection against any potential security threats and vulnerabilities. It operates using Gitleaks, which ensures a thorough and efficient examination of your repository.
Prow Test Clusters - This document gathers information about test clusters that Prow jobs build. All test clusters are built in the sap-kyma-prow-workloads project.
Tide introduction - Along with the Prow upgrade, we want to introduce Tide for merging the PRs automatically.
Prow Workload Clusters - This document describes workload clusters on which Prow schedules Pods to execute the logic of a given Prow job. All workload clusters are aggregated under the kyma-prow GCP project. We use two workload clusters for trusted and untrusted Prow jobs.
Prow runtime images - This directory contains images that can be used as runtime images for all ProwJobs in Kyma's Prow Instance.
E2E DinD K3d - This image contains common tools for all jobs/tasks that test Kyma modules in K3d.
Prow - Prow is a Kubernetes-developed system that you can use as a Continuous Integration (CI) tool for validating your GitHub repositories and components, managing automatic validation of pull requests (PRs), applying and removing labels, or opening and closing issues.
Cluster - This folder contains files related to the configuration of the Prow production cluster that are used during the cluster provisioning.
Resources - This directory contains Helm charts used by a Prow cluster.
External Secrets - Kubernetes Secrets are synchronized with GCP Secret Manager using External Secrets Operator.
Monitoring - This chart contains the monitoring stack for a Prow cluster. It also includes custom-defined Grafana dashboards.
Probot Stale - This chart contains the probot-stale configuration.
Images - > DEPRECATED: Use the images directory instead.
Bootstrap Docker Image - This folder contains the Bootstrap image for Prow infrastructure. Use it for a root image for other Prow images and for generic builds.
Buildpack Golang Docker Image - This folder contains the Buildpack Golang image that is based on the Bootstrap image. Use it to build Golang components.
Buildpack Node.js Docker Image - This folder contains the Buildpack Node.js image that is based on the Bootstrap image. Use it to build Node.js components.
Cleaner Docker Image - This image contains the script which performs a cleanup of the service account profile in the kyma-project project.
Gardener-rotate image - This folder contains the gardener-rotate image that is used to automatically update Gardener kubeconfig secrets.
Golangci-lint image - This folder contains the Golangci-lint image that is based on the upstream Golangci-lint image. Use it to lint Go source files.
Kyma integration images - This folder contains the image with tools that are necessary to provision Kyma integration clusters.
Probot Stale - This folder contains the image for probot-stale.
Prow Tools - The directory contains the Dockerfile for the prow tools image with prebuilt tools used in the prow pipelines.
Vulnerability Scanner - This folder contains the WhiteSource Unified Agent image that is based on the Java Buildpack image. Use it to perform WhiteSource vulnerability scans.
Cluster Integration Job - The folder contains the source code for the integration job that installs and tests Kyma on a temporary cluster provisioned on Google Kubernetes Engine (GKE).
Cluster - The folder contains helper scripts with commonly used functions.
#Overview - The folder contains files that are directly used by Prow pipeline scripts.
Cluster - This folder contains configuration files for the Prow workload. This configuration is used during cluster provisioning.
Templates - Jobs and Prow configuration are generated from templates by the Render Templates tool. Check the Render Templates documentation for details about usage.