For each package and binary we need, this pulls in all the files and
deps (shared libs, mostly). The build is slower but the final image is
85 MB (versus 157 MB before). e2e passes. Hopefully less CVE surface.
This is based on scripts used in kubernetes and KinD.
This ensures we do not miss events. E.g.
before:
t0: hash changes to X
t1: send webhook(X), waiting for response
t2: hash changes to Y
t3: queue next webhook(Y) but can't send because previous is not done
t4: crash
t5: restart
t6: find repo at hash Y
no webhook(Y) was sent.
after:
t0: hash changes to X
t1: send webhook(X), waiting for response
t2: hash changes to Y
t3: queue next webhook(Y) but can't send because previous is not done
t4: crash
t5: restart
t6: find repo at hash Y
t7: send webhook(Y), waiting for response
This is a breaking change. The `--change-permissions` flag was too
coarse (e.g. changed directories and files alike) and not expressive (no
way to say "g+w").
I doubt if anyone was using it, and if they were, the new
`--group-write` is almost certainly what they want.
To do this, we run the e2e test as a different user. To do that, we
need git-sync to make sure that everything is group accessible. To
clean up after the test, we need everything to be group writable. To do
that, we add a new flag: `--group-write`.
The previous (v3) sync loop betrays my lack of understanding about git.
It tried to codify my archaic mental model (e.g. --branch and --rev
being disting things) and was ultimately a patchwork of corner-cases
evolved over a few years.
This commit is less of a "diff" and more of a "rewrite".
The new logic is simpler and more efficient. It does not `git clone`
ever. It does not differentiate the first sync from subsequent syncs.
It uses `git fetch` to get the exact SHA and then makes a worktree from
that.
The new `--ref` flag replaces both `--rev` and `--branch`, though it
will use those if specified. In fact, almost all of the e2e tests
passed without change - using --ref and --branch!
I will follow this commit up with more cleanups and e2es.
Tim Hockin
Kubernetes Prow Robot
Sacha Viscaino