Closed
Bug 1267230
Opened 8 years ago
Closed 7 years ago
need a way to run tests against pull requests created by users without repo access
Categories
(Taskcluster :: Services, defect)
Taskcluster
Services
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1257540
People
(Reporter: bhearsum, Unassigned)
References
Details
Right now, pull requests created by users without any access to the repo will not run taskcluster-github jobs. This can be worked around giving them "read" permissions to the repo, but it doesn't easily allow new contributors to create pull requests and have them tested. I seem to recall that not allowing random people to create taskcluster-github tasks was done on purpose, but I'm not sure if that was due to paranoia, immaturity of the service, or for a more specific concern. As we start to use tc-gh for more things we really need a way to run tests on *any* pull request. The way services like Travis do this is to allow anyone to have tests run on their pull request. This would put the burden on folks who maintain .taskcluster.yml files to make sure their tasks are unable to expose secrets or other such things. Another idea that was thrown out in the past was to let authorized users trigger tasks manually with some special syntax in a pull request comment.
Comment 1•8 years ago
|
||
Another option is that we run these PR with a different set of scopes, managed by roles the way existing scopes are delegated. Having the magic comment syntax would be nice too though.. As that could trigger running in privileged mode.
Reporter | ||
Comment 2•8 years ago
|
||
(In reply to Jonas Finnemann Jensen (:jonasfj) from comment #1) > Another option is that we run these PR with a different set of scopes, > managed by roles the way existing scopes are delegated. I'm not quite sure what you mean by this. Are you suggesting just reducing the number of scopes that pull request triggered tasks get?
Reporter | ||
Comment 3•8 years ago
|
||
This might be a dupe of bug 1257540 or the other way around....
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Updated•5 years ago
|
Component: Github → Services
You need to log in
before you can comment on or make changes to this bug.
Description
•