feat: add APISnoop ProwJob periodics

[BobyMCbobs]

adds periodic ProwJobs to replace APISnoop GitHub Actions

Why is this needed?

GitHub Actions can no longer update content due to an organization policy

[k8s-ci-robot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: BobyMCbobs
Once this PR has been reviewed and has the lgtm label, please assign wojtek-t for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• config/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[BobyMCbobs]

When running locally

export CONFIG_PATH=$(realpath ../../kubernetes/test-infra/config/prow/config.yaml) JOB_CONFIG_PATH=$(realpath ../../kubernetes/test-infra/config/jobs/kubernetes-sigs/apisnoop/trusted/kubernetes-sigs-apisnoop.yaml) NODE_DIR=/opt/disks/kind-node OUT_DIR=/opt/disks/prowjob-out
./pkg/pj-on-kind.sh apisnoop-weekly-updater

Current logs I see are

Building dependency tree...
Reading state information...
Package netcat is a virtual package provided by:
  netcat-openbsd 1.219-1
  netcat-traditional 1.10-47

E: Package 'netcat' has no installation candidate
/bin/bash: line 5: /etc/github-token/oauth: No such file or directory
You are not logged into any GitHub hosts. To log in, run: gh auth login
/bin/bash: line 8: docker: command not found
/bin/bash: line 9: psql: command not found
/bin/bash: line 10: docker: command not found
/bin/bash: line 9: psql: command not found
/bin/bash: line 10: docker: command not found
/bin/bash: line 9: psql: command not found
/bin/bash: line 10: docker: command not found
/bin/bash: line 9: psql: command not found
/bin/bash: line 10: docker: command not found
/bin/bash: line 9: psql: command not found
/bin/bash: line 10: docker: command not found

[BobyMCbobs]

Now using snoopdb as the job container.

it progresses the full way now.

...
 done
server stopped

PostgreSQL init process complete; ready for start up.


Not a prow job, will keep db running

2024-08-27 22:14:23.042 UTC [702] LOG:  starting PostgreSQL 15.5 (Debian 15.5-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
2024-08-27 22:14:23.045 UTC [702] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2024-08-27 22:14:23.045 UTC [702] LOG:  listening on IPv6 address "::", port 5432
2024-08-27 22:14:23.047 UTC [702] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2024-08-27 22:14:23.054 UTC [899] LOG:  database system was shut down at 2024-08-27 22:14:22 UTC
2024-08-27 22:14:23.069 UTC [702] LOG:  database system is ready to accept connections
+ psql -U apisnoop -d apisnoop -h localhost -c 'select 0;'
 ?column?
----------
        0
(1 row)

++ git rev-parse --show-toplevel
+ cd /home/prow/go/src/github.com/kubernetes-sigs/apisnoop
+ psql -U apisnoop -d apisnoop -h localhost -f ./505_output_coverage_jsons.sql
BEGIN
running with latest_release as 1.32.0 and output_file to resources/coverage/1.32.0.json
Tuples only is on.
Output format is unaligned.
Output format is aligned.
Tuples only is off.
COMMIT
+ grep '--regexp=[.]json$'
+ git ls-files --others --exclude-standard
+ git diff-index --name-only --diff-filter=d HEAD
resources/coverage/1.32.0.json
resources/coverage/conformance-coverage-per-release.json
resources/coverage/conformance-endpoints.json
resources/coverage/conformance-progress.json
resources/coverage/ineligible_endpoints.json
+ echo changes detected
changes detected
++ date +%Y-%m-%d-%H-%M
+ TIMESTAMP=2024-08-27-22-14
+ NEW_BRANCH=coverage-update-for-2024-08-27-22-14
+ git add resources/coverage/1.15.0.json resources/coverage/1.16.0.json resources/coverage/1.17.0.json resources/coverage/1.18.0.json resources/coverage/1.19.0.json resources/coverage/1.20.0.json resources/coverage/1.21.0.json resources/coverage/1.22.0.json resources/coverage/1.23.0.json resources/coverage/1.24.0.json resources/coverage/1.25.0.json resources/coverage/1.26.0.json resources/coverage/1.27.0.json resources/coverage/1.28.0.json resources/coverage/1.29.0.json resources/coverage/1.30.0.json resources/coverage/1.31.0.json resources/coverage/1.32.0.json resources/coverage/conformance-coverage-per-release.json resources/coverage/conformance-endpoints.json resources/coverage/conformance-progress.json resources/coverage/ineligible_endpoints.json resources/coverage/new-endpoints.json
+ git branch coverage-update-for-2024-08-27-22-14
+ git checkout coverage-update-for-2024-08-27-22-14
Switched to branch 'coverage-update-for-2024-08-27-22-14'
M       resources/coverage/1.32.0.json
+ git commit -m 'chore: update coverage for 2024-08-27-22-14' -m 'updates coverage metadata for 2024-08-27-22-14'
[coverage-update-for-2024-08-27-22-14 fe8db5a] chore: update coverage for 2024-08-27-22-14
 1 file changed, 15 insertions(+), 19 deletions(-)
+ git push origin coverage-update-for-2024-08-27-22-14
fatal: 'origin' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
+ gh pr create --title 'Update APISnoop coverage 2024-08-27-22-14' --body 'updates to coverage for 2024-08-27-22-14'
gh: To use GitHub CLI in automation, set the GH_TOKEN environment variable.

[k8s-ci-robot]

@BobyMCbobs: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-test-infra-unit-test	a98a264	link	true	/test pull-test-infra-unit-test
pull-test-infra-unit-test-race-detector-nonblocking	a98a264	link	false	/test pull-test-infra-unit-test-race-detector-nonblocking

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[BobyMCbobs]

According to

{Failed  === RUN   TestK8sInfraTrusted
    jobs_test.go:387: apisnoop-weekly-updater defined in ../../jobs/kubernetes-sigs/apisnoop/trusted/kubernetes-sigs-apisnoop.yaml may not run in cluster: k8s-infra-prow-build-trusted
    jobs_test.go:387: apisnoop-kubernetes-version-updater defined in ../../jobs/kubernetes-sigs/apisnoop/trusted/kubernetes-sigs-apisnoop.yaml may not run in cluster: k8s-infra-prow-build-trusted
    jobs_test.go:389: summary:    2/1902 jobs fail to meet k8s-infra-prow-build-trusted CI policy
--- FAIL: TestK8sInfraTrusted (0.00s)
}

this job may require being placed elsewhere.
Given it needs access to a token for a GitHub account to push changes, should it move to the sig-k8s-infra trusted folder?

[BenTheElder]

Presubmit enforces that jobs in that cluster must be in that directory for approval purposes.

We don't permit arbitrary code in the trusted cluster. You can run arbitrary code in a cloudbuild in a dedicated staging project which can be launched from a trusted job.

But that doesn't address the access to k8s-ci-robot, which I really don't think we want to be wiring up to a bash script.

Can we host the results by some other means? (E.G. we could have a cloud build upload to a GCS bucket or something ...)