Project

General

Profile

Actions

action #59115

closed

qe-yam - coordination #56477: Implement notifications in case specific files were changed in PR

[y][functional][timeboxed: 16h] Investigate the best way to integrate CI messages on GitHub

Added by oorlov about 5 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Spike/Research
Target version:
Start date:
2019-11-05
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

After deeper research, it was found out that GitHub Check API at the moment does not allow to show notifications for PR if push was made in forked repo.

So, the only solution left is to place a comment on the PR. This could be done with Issue Comments.

The goal of this ticket is to investigate on how much efforts need to implement the solution and what are the limitations of the solution.

Note: we have a user for CI on github, please, contact szarate for the details.

There are unknowns due to permissions, like github app vs github user.

Actions #1

Updated by oorlov about 5 years ago

  • Due date changed from 2019-11-20 to 2019-11-19
Actions #2

Updated by oorlov about 5 years ago

  • Parent task set to #56477
Actions #3

Updated by oorlov about 5 years ago

  • Target version set to future
Actions #4

Updated by riafarov about 5 years ago

  • Subject changed from [y][functional][timeboxed: 8h] Investigate the best way to integrate CI messages on GitHub to [y][functional][timeboxed: 16h] Investigate the best way to integrate CI messages on GitHub
  • Description updated (diff)
  • Category changed from Infrastructure to Spike/Research
  • Status changed from New to Workable
Actions #5

Updated by riafarov about 5 years ago

  • Due date changed from 2019-11-19 to 2019-12-17
Actions #6

Updated by riafarov about 5 years ago

  • Due date changed from 2019-12-17 to 2019-12-31
Actions #7

Updated by JERiveraMoya almost 5 years ago

  • Due date changed from 2019-12-31 to 2020-01-14

Shifting tickets after holiday period.

Actions #8

Updated by riafarov almost 5 years ago

  • Due date changed from 2020-01-14 to 2020-01-28
  • Assignee deleted (oorlov)
Actions #9

Updated by riafarov almost 5 years ago

  • Assignee set to riafarov
Actions #10

Updated by oorlov almost 5 years ago

Please, look at this solution if you'll not find something else.

The solution requires Jenkins.

https://github.com/openSUSE/github-pr

Actions #11

Updated by riafarov almost 5 years ago

  • Status changed from Workable to In Progress

So recap from the last time we have attempted to do this thing:

  • "Encrypted environment variables are not available to pull requests from forks due to the security risk of exposing such information to unknown code." (https://docs.travis-ci.com/user/environment-variables/). So that we are not able to provide github token to make a comment as expected in the Pull request from oorlov;
  • Internal Jenkins cannot be triggered by GitHub Webhook as it is not visible from the outside. Running cron job with some interval requires to check all the PRs every time and decide if the message should be put or not;
  • External Jenkins requires node to be located on physical machine in DMZ;
  • And finally, solution with posting a comment in PR requires special email to be created (in @suse.de or @suse.com domain) and GitHub account for the bot.

On top of that:

  • all the mentioned above issues persist and jenkins on opensuse.org is an overkill
  • we can easily host JS app with probot(https://probot.github.io/) on glitch platform (need to confirm if that's ok as we need to store tokens there)
  • we can also just use rest-api from ci.suse.de and implement whole logic there to detect new/edited PRs
  • original option of having github app running in azure is most prominent, will require more work to wrap everything in container to simplify maintenance, etc.
  • we have an account for os-autoinst we can use to access rest-api
  • glitch.com requires to many permission to run app stored on github, this is no go, therefore probot doesn't have clear advantages over ruby octokit https://github.com/octokit/octokit.rb
  • more of hacky solutions:
    • require comment in special format for VR, otherwise fail travis
    • use gitlab CI which will mirror all PR from github
    • use https://github.com/probot/smee.io to proxy webhook calls (as per readme, it's not designed for production, so should not be used)
Actions #12

Updated by riafarov almost 5 years ago

  • Status changed from In Progress to Resolved

I've created follow-up ticket with all the info. Checking if jdsn can propose any better solution than what we have figured out currently.

Actions #13

Updated by okurz over 3 years ago

  • Due date deleted (2020-01-28)
Actions

Also available in: Atom PDF