ci-k8sio-audit periodic job

config/jobs/kubernetes/wg-k8s-infra/trusted/wg-k8s-infra-trusted.yaml

@@ -22,6 +22,80 @@ periodics:
       args:
       - -c
       - "cd groups && make run -- --confirm"
+- name: ci-k8sio-audit
+  interval: 6h
+  cluster: k8s-infra-prow-build-trusted
+  decorate: true
+  max_concurrency: 1
+  annotations:
+    testgrid-dashboards: wg-k8s-infra-k8sio
+    testgrid-alert-email: hh@ii.coop
+    testgrid-num-failures-to-alert: '100'
+  extra_refs:
+  - org: kubernetes
+    repo: k8s.io
+    base_ref: master
+  - org: kubernetes
+    repo: test-infra
+    base_ref: master
+  rerun_auth_config:
+    github_users:
+      - hh
+  spec:
+    serviceAccountName: k8s-infra-gcp-auditor
+    containers:
+    - name: groups
+      image: gcr.io/k8s-testimages/gcb-docker-gcloud:v20201130-750d12f
+      command:
+      - bash
+      args:
+      - -c
+      - |
+        echo "Ensure gcloud creds are working" >&2
+        gcloud config list
+        echo "Running Audit Script to dump GCP configuration to yaml" >&2
+        push ./audit
+        ./audit-gcp.sh
+        popd
+
+        echo "Generate pr-creator binary from k/test-infra/robots" >&2
+        pushd ../test-infra
+        go build -o ../k8s.io/pr-creator robots/pr-creator/main.go
+        popd
+
+        echo -n "Calculate github user, name, and email from token: " >&2
+        GH_TOKEN=$(cat /etc/github-token/token)
+        GH_USER=$(curl -H "Authorization: token $GH_TOKEN" "https://api.github.com/user" 2>/dev/null | jq -r .login
+        GH_NAME=$(curl -H "Authorization: token $GH_TOKEN" "https://api.github.com/user" 2>/dev/null | jq -r .name
+        GH_EMAIL=$(curl -H "Authorization: token $GH_TOKEN" -H "X-Oauth-Scope: user:email" "https://api.github.com/user/emails" 2>/dev/null | jq -r '.[] | select( .primary == true ) | .email')
+        FORK_GH_BRANCH=autoaudit-${PROW_INSTANCE_NAME:-prow}
+        echo "Prepare commit for possible PR via $GH_USER" >&2
+        git config user.name ${GH_NAME}
+        git config user.email ${GH_EMAIL}
+        git add --all -u
+        git commit -m "audit: update as of $(date +%Y-%m-%d)"
+        echo -e "Pushing commit to github.com/${GH_USER}/${FORK_GH_REPO}:..." >&2
+        git push -f "https://${GH_USER}:${GH_TOKEN}@github.com/${GH_USER}/${FORK_GH_REPO}" "HEAD:${FORK_GH_BRANCH}}" 2>/dev/null
+
+        echo "Creating PR to merge ${GITHUB_USER}:${FORK_GH_BRANCH} into master..." >&2
+        title="audit: update as of $(date +%Y-%m-%d)"
+        body="Audit Updates\n/wg k8s-infra"
+        /pr-creator \
+          --github-token-path=/etc/github-token/token \
+          --org=kubernetes --repo=k8s.io --branch=main \
+          --source="${GH_USER}:${FORK_GH_BRANCH}" \
+          --head-branch="${FORK_GH_BRANCH}" \
+          --title="${title}" \
+          --body="${body}" \
+          --confirm
+      volumeMounts:
+      - name: github
+        mountPath: /etc/github-token
+        readOnly: true
+    volumes:
+    - name: github
+      secret:
+        secretName: cncf-ci-github-token
 
 postsubmits:
   kubernetes/k8s.io: