action #59115

action #37958: [functional][y][epic] self-tests in os-autoinst-distri-opensuse for impact on staging test schedule

[y][functional][timeboxed: 16h] Investigate the best way to integrate CI messages on GitHub

Added by oorlov 4 months ago. Updated 28 days ago.

Status:ResolvedStart date:05/11/2019
Priority:NormalDue date:28/01/2020
Assignee:riafarov% Done:


Target version:QA - future
Duration: 61


After deeper research, it was found out that GitHub Check API at the moment does not allow to show notifications for PR if push was made in forked repo.

So, the only solution left is to place a comment on the PR. This could be done with Issue Comments.

The goal of this ticket is to investigate on how much efforts need to implement the solution and what are the limitations of the solution.

Note: we have a user for CI on github, please, contact szarate for the details.

There are unknowns due to permissions, like github app vs github user.


#1 Updated by oorlov 4 months ago

  • Due date changed from 20/11/2019 to 19/11/2019

#2 Updated by oorlov 4 months ago

  • Parent task set to #56477

#3 Updated by oorlov 4 months ago

  • Target version set to future

#4 Updated by riafarov 4 months ago

  • Subject changed from [y][functional][timeboxed: 8h] Investigate the best way to integrate CI messages on GitHub to [y][functional][timeboxed: 16h] Investigate the best way to integrate CI messages on GitHub
  • Description updated (diff)
  • Category changed from Infrastructure to Spike/Research
  • Status changed from New to Workable

#5 Updated by riafarov 3 months ago

  • Due date changed from 19/11/2019 to 17/12/2019

#6 Updated by riafarov 2 months ago

  • Due date changed from 17/12/2019 to 31/12/2019

#7 Updated by JERiveraMoya about 1 month ago

  • Due date changed from 31/12/2019 to 14/01/2020

Shifting tickets after holiday period.

#8 Updated by riafarov about 1 month ago

  • Due date changed from 14/01/2020 to 28/01/2020
  • Assignee deleted (oorlov)

#9 Updated by riafarov about 1 month ago

  • Assignee set to riafarov

#10 Updated by oorlov about 1 month ago

Please, look at this solution if you'll not find something else.

The solution requires Jenkins.

#11 Updated by riafarov about 1 month ago

  • Status changed from Workable to In Progress

So recap from the last time we have attempted to do this thing:
* "Encrypted environment variables are not available to pull requests from forks due to the security risk of exposing such information to unknown code." ( So that we are not able to provide github token to make a comment as expected in the Pull request from oorlov;
* Internal Jenkins cannot be triggered by GitHub Webhook as it is not visible from the outside. Running cron job with some interval requires to check all the PRs every time and decide if the message should be put or not;
* External Jenkins requires node to be located on physical machine in DMZ;
* And finally, solution with posting a comment in PR requires special email to be created (in or domain) and GitHub account for the bot.

On top of that:
* all the mentioned above issues persist and jenkins on is an overkill
* we can easily host JS app with probot( on glitch platform (need to confirm if that's ok as we need to store tokens there)
* we can also just use rest-api from and implement whole logic there to detect new/edited PRs
* original option of having github app running in azure is most prominent, will require more work to wrap everything in container to simplify maintenance, etc.
* we have an account for os-autoinst we can use to access rest-api
* requires to many permission to run app stored on github, this is no go, therefore probot doesn't have clear advantages over ruby octokit
* more of hacky solutions:
- require comment in special format for VR, otherwise fail travis
- use gitlab CI which will mirror all PR from github
- use to proxy webhook calls (as per readme, it's not designed for production, so should not be used)

#12 Updated by riafarov 28 days ago

  • Status changed from In Progress to Resolved

I've created follow-up ticket with all the info. Checking if jdsn can propose any better solution than what we have figured out currently.

Also available in: Atom PDF