Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reference to ods-bitbucket-auth secret is removed from serviceaccount pipeline after operator update #603

Open
michaelsauter opened this issue Oct 4, 2022 · 1 comment
Open

Reference to ods-bitbucket-auth secret is removed from serviceaccount pipeline after operator update #603

michaelsauter opened this issue Oct 4, 2022 · 1 comment
Labels
bug Something isn't working

Comments

@michaelsauter
Copy link
Member

It has been observed that the ods-bitbucket secret reference is removed from the serviceaccount pipeline after an update of the OpenShift Pipelines operator (to version 1.6.4). This leads to failing git clone calls.

Editing the serviceaccount manually triggers a warning message that the serviceaccount is managed by the operator and therefore manual changes may be overridden. Editing the serviceaccount is still possible though, so simply adding the reference again fixes the problem temporarily. As the install script of ods-pipeline patches the serviceaccount (https://github.com/opendevstack/ods-pipeline/blob/master/deploy/install.sh#L109-L112), re-running the install script also fixes the issue.

After discussion with @henrjk, we see the following options how to address this:

  • Creating a separate serviceaccount (e.g. named ods) for use in ods-pipeline. That way, we control the serviceaccount and are not effected by external updates.
  • Querying the serviceaccount pipeline if a git clone operation fails to see if the secret reference is missing, and then logging this issue to point the user in the right direction how to fix it

The separate serviceaccount is probably the best solution if it works, that would need to be investigated.

@kuebler @henninggross Thanks for figuring out that the serviceaccount was updated - do you have any other comments on this?
@michaelsauter michaelsauter added the bug Something isn't working label Oct 4, 2022
@henrjk
Copy link
Member

henrjk commented Oct 4, 2022
edited by michaelsauter

The error triggered by this looks like this slight redacted:

INFO  | Checking out https://bitbucket.example.com/scm/p/p-core.git@refs/heads/feature/P-1359-not-enums into /workspace/source ...
ERROR | {"level":"error","ts":1664463872.3513749,"caller":"git/git.go:54","msg":"Error running git [fetch --recurse-submodules=yes --depth=1 origin --update-head-ok --force refs/heads/feature/P-1359-not-enums]: exit status 128\nfatal: could not read Username for 'https://bitbucket.example.com': No such device or address\n","stacktrace":"github.com/tektoncd/pipeline/pkg/git.run\n\t/opt/app-root/src/go/src/github.com/tektoncd/pipeline-0.24.0/pkg/git/git.go:54\ngithub.com/tektoncd/pipeline/pkg/git.Fetch\n\t/opt/app-root/src/go/src/github.com/tektoncd/pipeline-0.24.0/pkg/git/git.go:149\nmain.main\n\t/opt/app-root/src/go/src/github.com/tektoncd/pipeline-0.24.0/cmd/git-init/main.go:53\nruntime.main\n\t/usr/lib/golang/src/runtime/proc.go:255"}
{"level":"fatal","ts":1664463872.3514535,"caller":"git-init/main.go:54","msg":"Error fetching git repository: failed to fetch [refs/heads/feature/P-1359-not-enums]: exit status 128","stacktrace":"main.main\n\t/opt/app-root/src/go/src/github.com/tektoncd/pipeline-0.24.0/cmd/git-init/main.go:54\nruntime.main\n\t/usr/lib/golang/src/runtime/proc.go:255"}
2022/09/29 15:04:32 exit status 1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michaelsauter @henrjk