Closed Bug 1641282 Opened 4 years ago Closed 7 months ago

github: action tasks don't work on pull requests

Categories

(Release Engineering :: Release Automation: Other, enhancement, P3)

Product:
Release Engineering
Component:
Release Automation: Other
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jlorenzo, Assigned: jcristau)

References

Details

Attachments

(10 files)

Bug 1641282 - support action tasks on github pull requests.
48 bytes, text/x-phabricator-request
Details | Review
Bug 1641282 - enable pr-actions feature for taskgraph
48 bytes, text/x-phabricator-request
Details | Review
[taskcluster/taskgraph] Bug 1641282 - support action tasks on github pull requests (#426)
49 bytes, text/x-github-pull-request
Details | Review
Bug 1641282 - add in-tree:hook-action scope for pr-action hooks to PR decision tasks.
48 bytes, text/x-phabricator-request
Details | Review
Bug 1641282 - grant treeherder pr scopes to pr-action jobs. r?#releng
48 bytes, text/x-phabricator-request
Details | Review
Bug 1641282 - create pr-action hooks/roles for all projects regardless of level. r?#releng
48 bytes, text/x-phabricator-request
Details | Review
Bug 1641282 - enable pr-actions feature for staging-firefox-translations-training. r?#releng
48 bytes, text/x-phabricator-request
Details | Review
Bug 1641282 - fix linting error. r?#releng
48 bytes, text/x-phabricator-request
Details | Review
Bug 1641282 - add push.base_branch to actions context. r?#releng
48 bytes, text/x-phabricator-request
Details | Review
[taskcluster/taskgraph] ci: add push.base_branch to tc.yml (#459)
49 bytes, text/x-github-pull-request
Details | Review

See bug 1631834 comment 18 for full context. There are 2 problems to tackle:

  1. Find a way to grant the role hook-id:project-mobile/in-tree-action-1-generic/*[1] all fork action scopes.
  2. On each PR, let the decision task be indexed on a different namespace than the level 3 tasks.

[1] https://firefox-ci-tc.services.mozilla.com/auth/roles/hook-id%3Aproject-mobile%2Fin-tree-action-1-generic%2F*

Severity: -- → S4
Priority: -- → P3
Summary: mobile: action tasks don't work on pull requests → github: action tasks don't work on pull requests
Duplicate of this bug: 1784563

Add pr-action hooks/roles that are granted pull-requests (level1) scopes
on projects that opt in.

Assignee: nobody → jcristau
Status: NEW → ASSIGNED
Keywords: leave-open
Pushed by jcristau@mozilla.com: https://hg.mozilla.org/ci/ci-configuration/rev/ae6f2571eb42 support action tasks on github pull requests. r=releng-reviewers,ahal,gabriel https://hg.mozilla.org/ci/ci-configuration/rev/9c120fe32541 enable pr-actions feature for taskgraph r=releng-reviewers,ahal

Should fix:
Action is misconfigured: decision task's scopes do not satisfy in-tree:hook-action:project-taskgraph/in-tree-pr-action-1-generic/8b5d80f2bf

Pushed by jcristau@mozilla.com: https://hg.mozilla.org/ci/ci-configuration/rev/1a9627ba5f99 add in-tree:hook-action scope for pr-action hooks to PR decision tasks. r=releng-reviewers,ahal
Pushed by jcristau@mozilla.com: https://hg.mozilla.org/ci/ci-configuration/rev/07c2d46d8b7e grant treeherder pr scopes to pr-action jobs. r=releng-reviewers,hneiva

Initially I thought this would only be needed if the project itself had
a level>1, but that makes it hard for a pull-request decision task to
know which hook should be used, so we might as well always create them,
even if they duplicate the regular level1 action hooks and roles.

Pushed by jcristau@mozilla.com: https://hg.mozilla.org/ci/ci-configuration/rev/4eda0dd89a29 create pr-action hooks/roles for all projects regardless of level. r=releng-reviewers,gabriel https://hg.mozilla.org/ci/ci-configuration/rev/59298378d387 enable pr-actions feature for staging-firefox-translations-training. r=releng-reviewers,gabriel

run-task wants to check out the base-ref on the base repo, so we need to
pass that information down to action tasks for PRs instead of using the
head ref.

Pushed by jcristau@mozilla.com: https://hg.mozilla.org/ci/ci-configuration/rev/c0875596add0 fix linting error. r=releng-reviewers,gabriel https://hg.mozilla.org/ci/ci-configuration/rev/7cc90da36623 add push.base_branch to actions context. r=releng-reviewers,gabriel

I think we got this to work by:

  • adding a new pr-action value for the tasks_for parameter
  • adding new pr-action hooks for actions, and corresponding roles
  • granting the pr-action role level 1 scopes for the repo (essentially treated the same as pull-request)

I'm still unsure this was all necessary, it's possible we could have done without the extra tasks_for and hooks, and instead granted l1 scopes to the in-tree-action-1-{perm}/{hash} hooks, and instead added the level explicitly in action scopes (e.g. repo:${repoUrl[8:]}:action:${level}:${action.action_perm} instead of the current repo:${repoUrl[8:]}:action:${action.action_perm}). On the other hand either way requires changes to .taskcluster.yml, and pr-action might make it more explicit what is being granted on PRs.

Remaining tasks (for followup bugs) will be to add the pr-actions feature to relevant repos, updating their .taskcluster.ymls (and version of taskgraph) to handle pr-action, and granting the trigger-hook scopes to users for the new hooks.

Keywords: leave-open
Status: ASSIGNED → RESOLVED
Closed: 7 months ago
Resolution: --- → FIXED
Blocks: 1880157
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: