Hey all, I have just disabled the openshift-apps playbooks from running in the master playbook run (see https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/master.yml?id=dccf42cd510703d6ddb5bb444aed7ce24ee1c334 ).
The reason behind is that the openshift-apps playbook are written to trigger a new build and a new deployment of the application at each run, this means that every time the master.yml playbook is run we build a version of the application and deploy it. Since a few of our applications are using source-to-image to build the container directly from git it means that a master.yml run can deploy new code into production without the maintainer of that application being aware of it. I wanted to raise awareness of this problem and ask the following questions. Do we need to have the openshift-apps in the master.yml ? If yes how do we prevent the run from deploying unwanted changes in production ? Thanks Clément
_______________________________________________ infrastructure mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
