Right now, config-bot only supports directly promoting the lockfile using git push. We should enhance it so that it instead opens up a PR to bump the lockfile. This unlocks (pun intended) a few things:
- a better CI workflow: we can actually test the OS against the latest base content before absorbing it
- smarter integration with coreos-koji-tagger: right now, it tags packages once the lockfile is merged, at which point builds won't actually succeed until the packages are signed (if not already), moved to the coreos-pool tag, and the coreos-pool repo is respinned. This means that there's a window of time during which
testing-devel would be unbuildable. Switching to a PR workflow would allow e.g. a merge bot to do the tagging and waiting for the repo respin before doing the merge, so that testing-devel can always be built.
Right now,
config-botonly supports directly promoting the lockfile usinggit push. We should enhance it so that it instead opens up a PR to bump the lockfile. This unlocks (pun intended) a few things:testing-develwould be unbuildable. Switching to a PR workflow would allow e.g. a merge bot to do the tagging and waiting for the repo respin before doing the merge, so thattesting-develcan always be built.