qe-yast - coordination #56477: Implement notifications in case specific files were changed in PR
[y][functional][timeboxed: 16h] Investigate the best way to integrate CI messages on GitHub
After deeper research, it was found out that GitHub Check API at the moment does not allow to show notifications for PR if push was made in forked repo.
So, the only solution left is to place a comment on the PR. This could be done with Issue Comments.
The goal of this ticket is to investigate on how much efforts need to implement the solution and what are the limitations of the solution.
Note: we have a user for CI on github, please, contact szarate for the details.
There are unknowns due to permissions, like github app vs github user.
#4 Updated by riafarov over 1 year ago
- Subject changed from [y][functional][timeboxed: 8h] Investigate the best way to integrate CI messages on GitHub to [y][functional][timeboxed: 16h] Investigate the best way to integrate CI messages on GitHub
- Description updated (diff)
- Category changed from Infrastructure to Spike/Research
- Status changed from New to Workable
#11 Updated by riafarov about 1 year ago
- Status changed from Workable to In Progress
So recap from the last time we have attempted to do this thing:
- "Encrypted environment variables are not available to pull requests from forks due to the security risk of exposing such information to unknown code." (https://docs.travis-ci.com/user/environment-variables/). So that we are not able to provide github token to make a comment as expected in the Pull request from oorlov;
- Internal Jenkins cannot be triggered by GitHub Webhook as it is not visible from the outside. Running cron job with some interval requires to check all the PRs every time and decide if the message should be put or not;
- External Jenkins requires node to be located on physical machine in DMZ;
- And finally, solution with posting a comment in PR requires special email to be created (in @suse.de or @suse.com domain) and GitHub account for the bot.
On top of that:
- all the mentioned above issues persist and jenkins on opensuse.org is an overkill
- we can easily host JS app with probot(https://probot.github.io/) on glitch platform (need to confirm if that's ok as we need to store tokens there)
- we can also just use rest-api from ci.suse.de and implement whole logic there to detect new/edited PRs
- original option of having github app running in azure is most prominent, will require more work to wrap everything in container to simplify maintenance, etc.
- we have an account for os-autoinst we can use to access rest-api
- glitch.com requires to many permission to run app stored on github, this is no go, therefore probot doesn't have clear advantages over ruby octokit https://github.com/octokit/octokit.rb
- more of hacky solutions:
- require comment in special format for VR, otherwise fail travis
- use gitlab CI which will mirror all PR from github
- use https://github.com/probot/smee.io to proxy webhook calls (as per readme, it's not designed for production, so should not be used)