[infra][upstream-institute] Bot to vote on changes in the sandbox
Tony Breeds
tony at bakeyournoodle.com
Fri Feb 1 23:55:20 UTC 2019
On Fri, Feb 01, 2019 at 12:34:20PM +0000, Jeremy Stanley wrote:
> On 2019-02-01 11:25:47 +0000 (+0000), Sean Mooney wrote:
> > do you need an actual bot
> > why not just have a job defiend in the sandbox repo itself that
> > runs say pep8 or some simple test like check the commit message
> > for Close-Bug: or somting like that.
>
> I think that's basically what he was suggesting: a Zuul job which
> votes on (some) changes to the openstack/sandbox repository.
>
> Some challenges there... first, you'd probably want credentials set
> as Zuul secrets, but in-repository secrets can only be used by jobs
> in safe "post-review" pipelines (gate, promote, post, release...) to
> prevent leakage through speculative execution of changes to those
> job definitions. The workaround would be to place the secrets and
> any playbooks which use them into a trusted config repository such
> as openstack-infra/project-config so they can be safely used in
> "pre-review" pipelines like check.
Yup that was my plan. It also means that new contributors can't
accidentallt break the bot :)
>
> > i noticed that if you are modifying zuul jobs and have a syntax
> > error we actully comment on the patch to say where it is. like
> > this https://review.openstack.org/#/c/632484/2/.zuul.yaml@31
> >
> > so you could just develop a custom job that ran in the a seperate
> > pipline and set the sucess action to Code-Review: +2 an failure to
> > Code-Review: -1
> [...]
>
> It would be a little weird to have those code review votes showing
> up for the Zuul account and might further confuse students. Also,
> what you describe would require a custom pipeline definition as
> those behaviors apply to pipelines, not to jobs.
>
> I think Tony's suggestion of doing this as a job with custom
> credentials to log into Gerrit and leave code review votes is
> probably the most workable and least confusing solution, but I also
> think a bulk of that job definition will end up having to live
> outside the sandbox repo for logistical reasons described above.
Cool. There clearly isn't a rush on this but it would be really good to
have it in place before the Denver summit. Can someone that knows how
either create the gerrit user and zuul secrets or point me at how to do
it.
Yours Tony.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190202/831f28b1/attachment.sig>
More information about the openstack-discuss
mailing list