github: action tasks don't work on pull requests
Categories
(Release Engineering :: Release Automation: Other, enhancement, P3)
Tracking
(Not tracked)
People
(Reporter: jlorenzo, Assigned: jcristau)
References
Details
Attachments
(10 files)
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
49 bytes,
text/x-github-pull-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
49 bytes,
text/x-github-pull-request
|
Details | Review |
See bug 1631834 comment 18 for full context. There are 2 problems to tackle:
- Find a way to grant the role
hook-id:project-mobile/in-tree-action-1-generic/*
[1] all fork action scopes. - On each PR, let the decision task be indexed on a different namespace than the level 3 tasks.
Updated•1 year ago
|
Assignee | ||
Updated•1 year ago
|
Assignee | ||
Comment 2•8 months ago
|
||
Add pr-action hooks/roles that are granted pull-requests (level1) scopes
on projects that opt in.
Assignee | ||
Comment 3•8 months ago
|
||
Assignee | ||
Updated•8 months ago
|
Assignee | ||
Comment 4•8 months ago
|
||
Assignee | ||
Updated•8 months ago
|
Assignee | ||
Comment 6•8 months ago
|
||
Should fix:
Action is misconfigured: decision task's scopes do not satisfy in-tree:hook-action:project-taskgraph/in-tree-pr-action-1-generic/8b5d80f2bf
Assignee | ||
Comment 8•8 months ago
|
||
Assignee | ||
Comment 10•7 months ago
|
||
Initially I thought this would only be needed if the project itself had
a level>1, but that makes it hard for a pull-request decision task to
know which hook should be used, so we might as well always create them,
even if they duplicate the regular level1 action hooks and roles.
Assignee | ||
Comment 11•7 months ago
|
||
Comment 12•7 months ago
|
||
Assignee | ||
Comment 13•7 months ago
|
||
Assignee | ||
Comment 14•7 months ago
|
||
run-task wants to check out the base-ref on the base repo, so we need to
pass that information down to action tasks for PRs instead of using the
head ref.
Comment 15•7 months ago
|
||
Assignee | ||
Comment 16•7 months ago
|
||
Assignee | ||
Comment 17•7 months ago
|
||
I think we got this to work by:
- adding a new
pr-action
value for thetasks_for
parameter - adding new
pr-action
hooks for actions, and corresponding roles - granting the
pr-action
role level 1 scopes for the repo (essentially treated the same as pull-request)
I'm still unsure this was all necessary, it's possible we could have done without the extra tasks_for and hooks, and instead granted l1 scopes to the in-tree-action-1-{perm}/{hash}
hooks, and instead added the level explicitly in action scopes (e.g. repo:${repoUrl[8:]}:action:${level}:${action.action_perm}
instead of the current repo:${repoUrl[8:]}:action:${action.action_perm}
). On the other hand either way requires changes to .taskcluster.yml, and pr-action
might make it more explicit what is being granted on PRs.
Remaining tasks (for followup bugs) will be to add the pr-actions feature to relevant repos, updating their .taskcluster.yml
s (and version of taskgraph) to handle pr-action
, and granting the trigger-hook scopes to users for the new hooks.
Assignee | ||
Updated•7 months ago
|
Description
•