-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: auto start Jenkins CI via PR labels #34089
Conversation
ncu-config set username ${{ secrets.JENKINS_USER }} | ||
ncu-config set token none | ||
ncu-config set jenkins_token ${{ secrets.JENKINS_TOKEN }} | ||
ncu-config set owner ${{ env.OWNER }} | ||
ncu-config set repo ${{ env.REPOSITORY }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We probably should provide a way to set ncu configs via environment variables, so we don't have to worry about writing to disk here.
query: | | ||
query prs($owner:String!, $repo:String!) { | ||
repository(owner:$owner, name:$repo) { | ||
pullRequests(labels: ["request-ci"], states: OPEN, last: 100) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we're worried about the number of concurrent Jenkins jobs running, we could reduce this to 5 and increase the scheduler to 15-30 minutes.
If we add something like this, shouldn't we just get rid of the "CERTIFY_SAFE" checkbox in CI then, since there is no way to make such a confirmation explicit when applying the new label to a PR? |
That's a good question. We could consider that adding the label means the collaborator is certifying that this PR is safe (same could be said about starting a CI though) |
We could also have two labels, but that seems unnecessary |
@nodejs/build |
Not sure who I should ping to get consensus on adding the secrets to the repo (or if I need to do it) and to create the labels. @nodejs/tsc maybe? Also don't know who has access to the github-bot account to create a Jenkins token for it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
RSLGTM Impressive work!
f1c9444
to
a1121fa
Compare
Ok, figured out the github-bot bits, will create the tokens on the repository before landing it. Removed the (I'd like to land this before the commit queue since both use a similar approach, but this action won't make changes to our main branch) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really nice work 👍
a1121fa
to
9a4ae9c
Compare
@nodejs/build @nodejs/tsc any other reviews/comments/suggestions/objections before I land this tomorrow? (I thought about pinging collaborators but that might be too much :) ) |
Add an Action that will find every PR with the `request-ci` label and will start a Jenkins CI for each of these Pull Requests. The scheduler event is used to circumvent GitHub Actions limitations on Pull Requests from forks (where secrets are not accessible and the GITHUB_TOKEN is read-only). If the Action fails to start a CI, it will add a `request-ci-failed` label and will leave a comment with the error message from NCU. Fixes: nodejs/github-bot#234
9a4ae9c
to
84de5d9
Compare
Add an Action that will find every PR with the `request-ci` label and will start a Jenkins CI for each of these Pull Requests. The scheduler event is used to circumvent GitHub Actions limitations on Pull Requests from forks (where secrets are not accessible and the GITHUB_TOKEN is read-only). If the Action fails to start a CI, it will add a `request-ci-failed` label and will leave a comment with the error message from NCU. Fixes: nodejs/github-bot#234 PR-URL: #34089 Reviewed-By: Christian Clauss <cclauss@me.com>
Landed in 6cab3b0 |
Add an Action that will find every PR with the `request-ci` label and will start a Jenkins CI for each of these Pull Requests. The scheduler event is used to circumvent GitHub Actions limitations on Pull Requests from forks (where secrets are not accessible and the GITHUB_TOKEN is read-only). If the Action fails to start a CI, it will add a `request-ci-failed` label and will leave a comment with the error message from NCU. Fixes: nodejs/github-bot#234 PR-URL: #34089 Reviewed-By: Christian Clauss <cclauss@me.com>
Add an Action that will find every PR with the `request-ci` label and will start a Jenkins CI for each of these Pull Requests. The scheduler event is used to circumvent GitHub Actions limitations on Pull Requests from forks (where secrets are not accessible and the GITHUB_TOKEN is read-only). If the Action fails to start a CI, it will add a `request-ci-failed` label and will leave a comment with the error message from NCU. Fixes: nodejs/github-bot#234 PR-URL: #34089 Reviewed-By: Christian Clauss <cclauss@me.com>
Add an Action that will find every PR with the `request-ci` label and will start a Jenkins CI for each of these Pull Requests. The scheduler event is used to circumvent GitHub Actions limitations on Pull Requests from forks (where secrets are not accessible and the GITHUB_TOKEN is read-only). If the Action fails to start a CI, it will add a `request-ci-failed` label and will leave a comment with the error message from NCU. Fixes: nodejs/github-bot#234 PR-URL: #34089 Reviewed-By: Christian Clauss <cclauss@me.com>
Add an Action that will find every PR with the
request-ci
label andwill start a Jenkins CI for each of these Pull Requests. The scheduler
event is used to circumvent GitHub Actions limitations on Pull Requests
from forks (where secrets are not accessible and the GITHUB_TOKEN is
read-only).
If the Action fails to start a CI, it will add a
request-ci-failed
label and will leave a comment with the error message from NCU.
Requirements to land
JENKINS_USER
andJENKINS_TOKEN
secrets to this repository (or to the entire org, if we want this to work on forks such as quic and node-auto-test as well)request-ci
andrequest-ci-failed
labels in this repositoryChecklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes