profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/cpanato/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Carlos Tadeu Panato Junior cpanato @mattermost Berlin https://cpanato.dev

cpanato/.github 0

Default community health files

cpanato/.github-2 0

Default files for all repos in the Kubernetes GitHub org

cpanato/addlicense 0

A program which ensures source code files have copyright license headers by scanning directory patterns recursively

cpanato/alertmanager-bot 0

Bot for Prometheus' Alertmanager

cpanato/arkade 0

Open Source Kubernetes Marketplace

cpanato/blog 0

Blog

cpanato/boskos 0

Boskos is a resource management service that provides reservation and lifecycle management of a variety of different kinds of resources.

cpanato/calendso 0

The open-source Calendly alternative.

cpanato/cert-manager 0

Automatically provision and manage TLS certificates in Kubernetes

Pull request review commentsigstore/cosign

WIP SBOM

+//+// Copyright 2021 The Sigstore Authors.+//+// Licensed under the Apache License, Version 2.0 (the "License");+// you may not use this file except in compliance with the License.+// You may obtain a copy of the License at+//+//     http://www.apache.org/licenses/LICENSE-2.0+//+// Unless required by applicable law or agreed to in writing, software+// distributed under the License is distributed on an "AS IS" BASIS,+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.+// See the License for the specific language governing permissions and+// limitations under the License.++package attach++import (+	"context"+	"flag"+	"io/ioutil"++	"github.com/google/go-containerregistry/pkg/authn"+	"github.com/google/go-containerregistry/pkg/name"+	"github.com/google/go-containerregistry/pkg/v1/empty"+	"github.com/google/go-containerregistry/pkg/v1/mutate"+	"github.com/google/go-containerregistry/pkg/v1/remote"+	"github.com/google/go-containerregistry/pkg/v1/types"+	"github.com/peterbourgon/ff/v3/ffcli"++	"github.com/sigstore/cosign/pkg/cosign"+	cremote "github.com/sigstore/cosign/pkg/cosign/remote"+)++func SBOM() *ffcli.Command {+	var (+		flagset = flag.NewFlagSet("cosign attach sbom", flag.ExitOnError)+		sbom    = flagset.String("sbom", "", "path to the sbom, or {-} for stdin")+	)+	return &ffcli.Command{+		Name:       "sbom",+		ShortUsage: "cosign attach sbom <image uri>",+		ShortHelp:  "attach sbom to the supplied container image",+		FlagSet:    flagset,+		Exec: func(ctx context.Context, args []string) error {+			if len(args) != 1 {+				return flag.ErrHelp+			}++			return SBOMCmd(ctx, *sbom, args[0])+		},+	}+}++func SBOMCmd(ctx context.Context, sbomRef, imageRef string) error {++	ref, err := name.ParseReference(imageRef)+	if err != nil {+		return err+	}++	b, err := ioutil.ReadFile(sbomRef)+	if err != nil {+		return err+	}+	s := &cremote.StaticLayer{+		B: b,+		// TODO: Fix me.+		Mt: types.MediaType("application/vnd.sbom.content.layer.v1+sbom"),+	}++	img := mutate.MediaType(empty.Image, types.OCIManifestSchema1)+	img, err = mutate.Append(img, mutate.Addendum{+		Layer: s,+	})+	if err != nil {+		return err+	}++	m, err := img.Manifest()+	if err != nil {+		return err+	}+	// TODO: Fix me.+	m.Config.MediaType = "application/vnd.sbom.config.v1+json"

No. I could eventually see the need for multiple SBOMs (one for the overall image, then some for sub-parts), but that would get tackled via annotations on each layer to indicate which portion of the image the SBOM is intended to cover.

dlorenc

comment created time in 29 minutes

Pull request review commentsigstore/cosign

WIP SBOM

+//+// Copyright 2021 The Sigstore Authors.+//+// Licensed under the Apache License, Version 2.0 (the "License");+// you may not use this file except in compliance with the License.+// You may obtain a copy of the License at+//+//     http://www.apache.org/licenses/LICENSE-2.0+//+// Unless required by applicable law or agreed to in writing, software+// distributed under the License is distributed on an "AS IS" BASIS,+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.+// See the License for the specific language governing permissions and+// limitations under the License.++package attach++import (+	"context"+	"flag"+	"io/ioutil"++	"github.com/google/go-containerregistry/pkg/authn"+	"github.com/google/go-containerregistry/pkg/name"+	"github.com/google/go-containerregistry/pkg/v1/empty"+	"github.com/google/go-containerregistry/pkg/v1/mutate"+	"github.com/google/go-containerregistry/pkg/v1/remote"+	"github.com/google/go-containerregistry/pkg/v1/types"+	"github.com/peterbourgon/ff/v3/ffcli"++	"github.com/sigstore/cosign/pkg/cosign"+	cremote "github.com/sigstore/cosign/pkg/cosign/remote"+)++func SBOM() *ffcli.Command {+	var (+		flagset = flag.NewFlagSet("cosign attach sbom", flag.ExitOnError)+		sbom    = flagset.String("sbom", "", "path to the sbom, or {-} for stdin")+	)+	return &ffcli.Command{+		Name:       "sbom",+		ShortUsage: "cosign attach sbom <image uri>",+		ShortHelp:  "attach sbom to the supplied container image",+		FlagSet:    flagset,+		Exec: func(ctx context.Context, args []string) error {+			if len(args) != 1 {+				return flag.ErrHelp+			}++			return SBOMCmd(ctx, *sbom, args[0])+		},+	}+}++func SBOMCmd(ctx context.Context, sbomRef, imageRef string) error {++	ref, err := name.ParseReference(imageRef)+	if err != nil {+		return err+	}++	b, err := ioutil.ReadFile(sbomRef)+	if err != nil {+		return err+	}+	s := &cremote.StaticLayer{+		B: b,+		// TODO: Fix me.+		Mt: types.MediaType("application/vnd.sbom.content.layer.v1+sbom"),+	}++	img := mutate.MediaType(empty.Image, types.OCIManifestSchema1)+	img, err = mutate.Append(img, mutate.Addendum{+		Layer: s,+	})+	if err != nil {+		return err+	}++	m, err := img.Manifest()+	if err != nil {+		return err+	}+	// TODO: Fix me.+	m.Config.MediaType = "application/vnd.sbom.config.v1+json"

Is there any useful configuration you'd want to put in there?

dlorenc

comment created time in 31 minutes

pull request commentkubernetes-sigs/cluster-api-provider-gcp

Refactor cloud services into Reconcile/Delete pattern

@prksu: The following test failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
pull-cluster-api-provider-gcp-build fc739c1858e834a63f63611fd40c5a12d019e8d7 link /test pull-cluster-api-provider-gcp-build

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

<details>

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. </details> <!-- test report -->

prksu

comment created time in an hour

pull request commentkubernetes-sigs/cluster-api-provider-gcp

Refactor cloud services into Reconcile/Delete pattern

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: To complete the pull request process, please assign justinsb after the PR has been reviewed. You can assign the PR to them by writing /assign @justinsb in a comment when ready.

The full list of commands accepted by this bot can be found here.

<details open> Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment </details> <!-- META={"approvers":["justinsb"]} -->

prksu

comment created time in an hour

PR opened kubernetes-sigs/cluster-api-provider-gcp

Refactor cloud services into Reconcile/Delete pattern

<!-- If this is your first PR, welcome! Please make sure you read the contributing guidelines. -->

<!-- Please label this pull request according to what type of issue you are addressing (see ../CONTRIBUTING.md) --> What type of PR is this?

This PR consists of cloud package refactors:

  • Refactor cloud services into Reconcile/Delete pattern
  • Move google compute api spec under scope package
  • Adopt github.com/GoogleCloudPlatform/k8s-cloud-provider that has a better interface. (which also used by k/cloud-provider-gcp and k/ingress-gce project)

/kind cleanup

What this PR does / why we need it: The main purpose of this PR is to bring a consistent interface for modifying both capg (GCPCluster/GCPMachine) object and google cloud resources which inspired by capz https://github.com/kubernetes-sigs/cluster-api-provider-azure/issues/110

Special notes for your reviewer: In general, there are no API changes in this PR and have the same logic as the current behavior.

TODOs: <!-- Put an "X" character inside the brackets of each completed task. Some may be optional depending on the PR. -->

  • [ ] squashed commits
  • [ ] includes documentation
  • [ ] adds unit tests

Release note: <!-- Write your release note:

  1. Enter your extended release note in the below block. If the PR requires additional action from users switching to the new release, include the string "action required".
  2. If no release note is required, just write "NONE". -->
None
+2157 -1705

0 comment

36 changed files

pr created time in an hour

MemberEvent

pull request commentkubernetes/sig-release

Update CI Signal handbook

@mkorbi: Adding label do-not-merge/contains-merge-commits because PR contains merge commits, which are not allowed in this repository. Use git rebase to reapply your commits on top of the target branch. Detailed instructions for doing so can be found here.

<details>

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. </details>

mkorbi

comment created time in 3 hours

issue commentfalcosecurity/charts

Falco not able to build driver module

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

shashwat-sec

comment created time in 3 hours

Pull request review commentsigstore/cosign

WIP SBOM

+//+// Copyright 2021 The Sigstore Authors.+//+// Licensed under the Apache License, Version 2.0 (the "License");+// you may not use this file except in compliance with the License.+// You may obtain a copy of the License at+//+//     http://www.apache.org/licenses/LICENSE-2.0+//+// Unless required by applicable law or agreed to in writing, software+// distributed under the License is distributed on an "AS IS" BASIS,+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.+// See the License for the specific language governing permissions and+// limitations under the License.++package attach++import (+	"context"+	"flag"+	"io/ioutil"++	"github.com/google/go-containerregistry/pkg/authn"+	"github.com/google/go-containerregistry/pkg/name"+	"github.com/google/go-containerregistry/pkg/v1/empty"+	"github.com/google/go-containerregistry/pkg/v1/mutate"+	"github.com/google/go-containerregistry/pkg/v1/remote"+	"github.com/google/go-containerregistry/pkg/v1/types"+	"github.com/peterbourgon/ff/v3/ffcli"++	"github.com/sigstore/cosign/pkg/cosign"+	cremote "github.com/sigstore/cosign/pkg/cosign/remote"+)++func SBOM() *ffcli.Command {+	var (+		flagset = flag.NewFlagSet("cosign attach sbom", flag.ExitOnError)+		sbom    = flagset.String("sbom", "", "path to the sbom, or {-} for stdin")+	)+	return &ffcli.Command{+		Name:       "sbom",+		ShortUsage: "cosign attach sbom <image uri>",+		ShortHelp:  "attach sbom to the supplied container image",+		FlagSet:    flagset,+		Exec: func(ctx context.Context, args []string) error {+			if len(args) != 1 {+				return flag.ErrHelp+			}++			return SBOMCmd(ctx, *sbom, args[0])+		},+	}+}++func SBOMCmd(ctx context.Context, sbomRef, imageRef string) error {++	ref, err := name.ParseReference(imageRef)+	if err != nil {+		return err+	}++	b, err := ioutil.ReadFile(sbomRef)+	if err != nil {+		return err+	}+	s := &cremote.StaticLayer{+		B: b,+		// TODO: Fix me.+		Mt: types.MediaType("application/vnd.sbom.content.layer.v1+sbom"),+	}++	img := mutate.MediaType(empty.Image, types.OCIManifestSchema1)+	img, err = mutate.Append(img, mutate.Addendum{+		Layer: s,+	})+	if err != nil {+		return err+	}++	m, err := img.Manifest()+	if err != nil {+		return err+	}+	// TODO: Fix me.+	m.Config.MediaType = "application/vnd.sbom.config.v1+json"

@jonjohnsonjr what do i put here

dlorenc

comment created time in 4 hours

pull request commentkubernetes-sigs/e2e-framework

[WIP] CRUD operations for managing cluster objects

@ShwethaKumbla: The following test failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
pull-e2e-framework-test 3eae8940e668218e4ac7607d504b2c21c1fa094d link /test pull-e2e-framework-test

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

<details>

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. </details> <!-- test report -->

ShwethaKumbla

comment created time in 6 hours

push eventmattermost/i18n-wip

Mmbot

commit sha d70b01a16f71ab4e7d6f1439a34ca21372e578e5

Updated mattermost-server. [ci skip]

view details

push time in 6 hours

issue commentkubernetes/release

Building at version marker commit leaves out latest changes

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale

puerco

comment created time in 7 hours

push eventfalcosecurity/falcosidekick-ui

Frank Jogeleit

commit sha 05f1fc8f14ef6fd4e7e6f759b9be325d2e2d0fbd

Add padding for small outputs Signed-off-by: Frank Jogeleit <fj@move-elevator.de>

view details

push time in 9 hours

PR merged falcosecurity/falcosidekick-ui

Reviewers
Add padding for small outputs approved dco-signoff: yes kind/bug lgtm size/XS

Signed-off-by: Frank Jogeleit fj@move-elevator.de

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

What this PR does / why we need it:

Add padding if the output of an event is small and the table cell has the minimal height.

Bildschirmfoto 2021-06-24 um 10 35 47

+1 -1

2 comments

1 changed file

fjogeleit

pr closed time in 9 hours

pull request commentfalcosecurity/falcosidekick-ui

Add padding for small outputs

LGTM label has been added. <details>Git tree hash: 08182a745986a33f836ed801085f62cb2567c749</details>

fjogeleit

comment created time in 9 hours

pull request commentfalcosecurity/falcosidekick-ui

Add padding for small outputs

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: <a href="https://github.com/falcosecurity/falcosidekick-ui/pull/37#" title="Author self-approved">fjogeleit</a>, <a href="https://github.com/falcosecurity/falcosidekick-ui/pull/37#pullrequestreview-691487183" title="Approved">Issif</a>

The full list of commands accepted by this bot can be found here.

The pull request process is described here

<details > Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment </details> <!-- META={"approvers":[]} -->

fjogeleit

comment created time in 9 hours

pull request commentfalcosecurity/falcosidekick-ui

Add padding for small outputs

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: <a href="https://github.com/falcosecurity/falcosidekick-ui/pull/37#" title="Author self-approved">fjogeleit</a>

The full list of commands accepted by this bot can be found here.

The pull request process is described here

<details > Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment </details> <!-- META={"approvers":[]} -->

fjogeleit

comment created time in 9 hours

PR opened falcosecurity/falcosidekick-ui

Reviewers
Add padding for small outputs

Signed-off-by: Frank Jogeleit fj@move-elevator.de

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

What this PR does / why we need it:

Add padding if the output of an event is small and the table cell has the minimal height.

Bildschirmfoto 2021-06-24 um 10 35 47

+1 -1

0 comment

1 changed file

pr created time in 9 hours

issue commentkubernetes/release

Clarification regarding versioning of cri-tools

AFAIK packages are actually still built with some shell scripts

https://github.com/kubernetes/release/tree/master/hack/rapture -> https://github.com/kubernetes/release/blob/eff40a556b1f7ec298a7f376588bd8c4a16d0cf2/hack/rapture/k8s-rapture.sh#L178 https://github.com/kubernetes/release/blob/eff40a556b1f7ec298a7f376588bd8c4a16d0cf2/hack/rapture/k8s-rapture.sh#L123

-> https://github.com/kubernetes/release/blob/master/packages/rpm/docker-build.sh https://github.com/kubernetes/release/blob/master/packages/deb/jenkins.sh

however since this is essentially not versioned with kubernetes, it's tricky to safely fix this. https://github.com/kubernetes/release/issues/1913

erihanse

comment created time in 11 hours

delete branch kubernetes/release

delete branch : dependabot/go_modules/golang.org/x/tools-0.1.4

delete time in 11 hours

push eventkubernetes/release

dependabot[bot]

commit sha 0fed2a7d669627fbc038ae63e22404222097c564

build(deps): bump golang.org/x/tools from 0.1.3 to 0.1.4 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.3 to 0.1.4. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.1.3...v0.1.4) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Kubernetes Prow Robot

commit sha eff40a556b1f7ec298a7f376588bd8c4a16d0cf2

Merge pull request #2145 from kubernetes/dependabot/go_modules/golang.org/x/tools-0.1.4 build(deps): bump golang.org/x/tools from 0.1.3 to 0.1.4

view details

push time in 11 hours

PR merged kubernetes/release

Reviewers
build(deps): bump golang.org/x/tools from 0.1.3 to 0.1.4 approved area/dependency area/release-eng cncf-cla: yes lgtm needs-kind needs-priority ok-to-test release-note-none sig/release size/XS

Bumps golang.org/x/tools from 0.1.3 to 0.1.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/d824a7481dff873bb36f76c5b92c46c97852d52e"><code>d824a74</code></a> gopls/doc: include instructions for compiling generic code</li> <li><a href="https://github.com/golang/tools/commit/6d3e43932267c52ce8491fbdc1385202c8cf36d6"><code>6d3e439</code></a> gopls/doc: add instructions for working with generic code</li> <li><a href="https://github.com/golang/tools/commit/4c651fc1fc751d8e42d6b4f099ee1b9df6404e07"><code>4c651fc</code></a> internal/lsp/source: add inferred types to generic function hover</li> <li><a href="https://github.com/golang/tools/commit/d25f9066828099517056ecb554d8d0b84f026ddd"><code>d25f906</code></a> internal/lsp: do not block on channel when there is an error</li> <li><a href="https://github.com/golang/tools/commit/463a76b3dc7546fb34cbac5dbc48b4ed68eb96e8"><code>463a76b</code></a> internal/lsp: only reload invalid metadata when necessary</li> <li><a href="https://github.com/golang/tools/commit/116feaea4581560a370de353120153502e19fc48"><code>116feae</code></a> internal/lsp: move the progress tracker to the session</li> <li><a href="https://github.com/golang/tools/commit/3f7c32638c09af103a99661c2dba5837243fc88b"><code>3f7c326</code></a> gopls/internal/regtest: skip the flaky TestResolveImportCycle</li> <li><a href="https://github.com/golang/tools/commit/b12e6172dcbceeb9b1b898035a3299c248210c8c"><code>b12e617</code></a> internal/lsp/cache: don't delete metadata until it's reloaded</li> <li><a href="https://github.com/golang/tools/commit/4b484fb1367ed62d15dd9142cbd1d7c1b74becce"><code>4b484fb</code></a> internal/lsp: exclude the module cache from the workspace</li> <li><a href="https://github.com/golang/tools/commit/9a55cb1fbb78265fb924e3698f1a064c015ca962"><code>9a55cb1</code></a> internal/lsp/command: minor clean-up of StartDebugging description</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.1.3...v0.1.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+3 -3

2 comments

2 changed files

dependabot[bot]

pr closed time in 11 hours

pull request commentkubernetes/release

build(deps): bump golang.org/x/tools from 0.1.3 to 0.1.4

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: <a href="https://github.com/kubernetes/release/pull/2145#" title="Author self-approved">dependabot[bot]</a>, <a href="https://github.com/kubernetes/release/pull/2145#pullrequestreview-691381899" title="Approved">saschagrunert</a>

The full list of commands accepted by this bot can be found here.

The pull request process is described here

<details > Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment </details> <!-- META={"approvers":[]} -->

dependabot[bot]

comment created time in 11 hours

PR opened sigstore/cosign

WIP SBOM

Signed-off-by: Dan Lorenc dlorenc@google.com

<!-- Thanks for opening a pull request!

Please remember to:

  • mention any issue(s) that this PR closes using a closing keyword as well as the issue number, such as "Closes #XYZ" or "Resolves sigstore/repo-name#XYZ", cf. documentation
  • ensure your commits are signed-off, as sigstore uses the DCO using git commit -s, or git commit -s --amend if you want to amend already existing commits
  • lastly, ensure there are no merge commits! Thank you :) -->
+112 -3

0 comment

3 changed files

pr created time in 15 hours

push eventsigstore/rekor

asraa

commit sha e5dcf0a507e0388c6468998d0dc9af86a48df79f

base64 encode timestamping cert chain (#340) Signed-off-by: Asra Ali <asraa@google.com>

view details

push time in 16 hours

PR merged sigstore/rekor

base64 encode timestamping cert chain

Because of pesky newlines

Signed-off-by: Asra Ali asraa@google.com

<!-- Thanks for opening a pull request!

Please remember to:

  • mention any issue(s) that this PR closes using a closing keyword as well as the issue number, such as "Closes #XYZ" or "Resolves sigstore/repo-name#XYZ", cf. documentation
  • ensure your commits are signed-off, as sigstore uses the DCO using git commit -s, or git commit -s --amend if you want to amend already existing commits
  • lastly, ensure there are no merge commits! Thank you :) -->
+7 -3

0 comment

1 changed file

asraa

pr closed time in 16 hours

Pull request review commentkubernetes/sig-release

Clarify enhancements lead time requirements

 Helpful characteristics of an Enhancements Lead include: - product / project / program management experience - release management experience -Approximate Time Commitments-- Beginning of the cycle through enhancement freeze: 6-10 hours a week fluctuating based on how many SIG meetings need to be attended-- Enhancement Freeze through Code Freeze: 4-7 hours a week-- Code Freeze through Release Day: 1-4 hours a week+### Time Commitments++Enhancement is one of the most time-intensive areas of the release team, and especially so during the early parts of the release. An Enhancements Lead can expect to spend:+- Beginning of the cycle through enhancement freeze: ~8–15 hours a week+- Week of enhancements freeze: 20+ hours+- Enhancement Freeze through Code Freeze: ~4–7 hours a week+- Code Freeze through Release Day: ~1–4 hours a week++Note that Enahncements Lead in particular will need to do work **during the week** during the early release, and will need to be available at least daily.++Enhancements shadows have much lower time committments, but can still expect to spend 5+ hours a week during the early release, and ~1–4 hours a week after enhancements freeze. Unlike Enhancements Lead, shadows can expect to do their work largely on weekends if they desire.

I don't have data, but I think I spent about the same as an enhancements shadow in v1.21. What kind of time do we think is appropriate for the shadows? Maybe about half of what the lead has as an expectation? Or move them closer together even. We could give general time commitments for all members, and then say (the lead can expect to spend +X% more).

JamesLaverack

comment created time in 16 hours

pull request commentkubernetes/release

build(deps): bump golang.org/x/tools from 0.1.3 to 0.1.4

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: <a href="https://github.com/kubernetes/release/pull/2145#" title="Author self-approved">dependabot[bot]</a> To complete the pull request process, please assign justaugustus after the PR has been reviewed. You can assign the PR to them by writing /assign @justaugustus in a comment when ready.

The full list of commands accepted by this bot can be found here.

<details open> Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment </details> <!-- META={"approvers":["justaugustus"]} -->

dependabot[bot]

comment created time in 16 hours

pull request commentkubernetes/release

build(deps): bump golang.org/x/tools from 0.1.3 to 0.1.4

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

<details>

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. </details>

dependabot[bot]

comment created time in 16 hours