Skip to content

Check implementation ZCAP expirations. #105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Check implementation ZCAP expirations. #105

wants to merge 10 commits into from

Conversation

BigBlueHat
Copy link
Member

@BigBlueHat BigBlueHat commented Aug 4, 2025
edited
Loading

The goal of this PR is to avoid expired ZCAPs from sneaking up on anyone. The tests will fail if a ZCAP capability expires a month from the test run. Tests are run once every Thursday morning (3 days before test suites run on Sunday mornings).

@BigBlueHat BigBlueHat requested a review from davidlehn August 4, 2025 18:34
@BigBlueHat BigBlueHat changed the title check imp expirations Check implementation ZCAP expirations. Aug 4, 2025
@BigBlueHat BigBlueHat requested a review from PatStLouis August 4, 2025 18:45
@BigBlueHat BigBlueHat mentioned this pull request Aug 5, 2025
Open
davidlehn
davidlehn approved these changes Aug 12, 2025
View reviewed changes
Copy link
Contributor

@davidlehn davidlehn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I expect this will be an annoyance when it happens. Any expired zcap will block all merges?

Perhaps this test could be run as a different job that would show the error but not block?

@BigBlueHat
Copy link
Member Author

Perhaps this test could be run as a different job that would show the error but not block?

It looks like for this to work, someone with Admin privileges on this repo (not me...) will have to configure which tests will block the build. The most I can do at this point is separate the test out and run it as a separate GitHub Workflow so it could be avoided (by someone with those settings).

That said, it's still possible to push through a PR (for folks with the right permission levels...like me in this case), even if the ZCAPs are expired and that test fails. So...it sadly feels easier/more obvious to leave it as it is--so at least the warnings/errors won't get overlooked even if they have to be pushed past in some cases.

@BigBlueHat BigBlueHat force-pushed the check-imp-expirations branch from ee4d985 to b7b0f50 Compare August 27, 2025 14:30
@BigBlueHat BigBlueHat requested a review from davidlehn September 8, 2025 13:34
@BigBlueHat
Copy link
Member Author

@davidlehn the build will no longer be blocked. Pretty certain these will just get overlooked again, though...but at least if someone checks the logs they'll see the info.

@BigBlueHat
Copy link
Member Author

@tminard I added a new test here to check endpoint against invocationTarget. This one is a blocking test as the downstream test suite test runs which use a mismatched ZCAP will fail if/when these don't match. These were harder to find previously. Now they won't happen. In theory. 😉

@BigBlueHat BigBlueHat force-pushed the check-imp-expirations branch from 83e4169 to 3852c59 Compare September 8, 2025 16:08
@BigBlueHat BigBlueHat requested a review from bparth24 September 8, 2025 16:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PatStLouis PatStLouis Awaiting requested review from PatStLouis

@davidlehn davidlehn Awaiting requested review from davidlehn

@bparth24 bparth24 Awaiting requested review from bparth24

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BigBlueHat @davidlehn