github: action tasks don't work on pull requests
Categories
(Release Engineering :: Release Automation, enhancement, P3)
Tracking
(Not tracked)
People
(Reporter: jlorenzo, Assigned: jcristau)
References
Details
Attachments
(10 files)
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
49 bytes,
text/x-github-pull-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
49 bytes,
text/x-github-pull-request
|
Details | Review |
See bug 1631834 comment 18 for full context. There are 2 problems to tackle:
- Find a way to grant the role
hook-id:project-mobile/in-tree-action-1-generic/*[1] all fork action scopes. - On each PR, let the decision task be indexed on a different namespace than the level 3 tasks.
Updated•3 years ago
|
| Assignee | ||
Updated•3 years ago
|
| Assignee | ||
Comment 2•2 years ago
|
||
Add pr-action hooks/roles that are granted pull-requests (level1) scopes
on projects that opt in.
| Assignee | ||
Comment 3•2 years ago
|
||
| Assignee | ||
Updated•2 years ago
|
| Assignee | ||
Comment 4•2 years ago
|
||
| Assignee | ||
Updated•2 years ago
|
| Assignee | ||
Comment 6•2 years ago
|
||
Should fix:
Action is misconfigured: decision task's scopes do not satisfy in-tree:hook-action:project-taskgraph/in-tree-pr-action-1-generic/8b5d80f2bf
| Assignee | ||
Comment 8•2 years ago
|
||
| Assignee | ||
Comment 10•2 years ago
|
||
Initially I thought this would only be needed if the project itself had
a level>1, but that makes it hard for a pull-request decision task to
know which hook should be used, so we might as well always create them,
even if they duplicate the regular level1 action hooks and roles.
| Assignee | ||
Comment 11•2 years ago
|
||
Comment 12•2 years ago
|
||
| Assignee | ||
Comment 13•2 years ago
|
||
| Assignee | ||
Comment 14•2 years ago
|
||
run-task wants to check out the base-ref on the base repo, so we need to
pass that information down to action tasks for PRs instead of using the
head ref.
Comment 15•2 years ago
|
||
| Assignee | ||
Comment 16•2 years ago
|
||
| Assignee | ||
Comment 17•2 years ago
|
||
I think we got this to work by:
- adding a new
pr-actionvalue for thetasks_forparameter - adding new
pr-actionhooks for actions, and corresponding roles - granting the
pr-actionrole level 1 scopes for the repo (essentially treated the same as pull-request)
I'm still unsure this was all necessary, it's possible we could have done without the extra tasks_for and hooks, and instead granted l1 scopes to the in-tree-action-1-{perm}/{hash} hooks, and instead added the level explicitly in action scopes (e.g. repo:${repoUrl[8:]}:action:${level}:${action.action_perm} instead of the current repo:${repoUrl[8:]}:action:${action.action_perm}). On the other hand either way requires changes to .taskcluster.yml, and pr-action might make it more explicit what is being granted on PRs.
Remaining tasks (for followup bugs) will be to add the pr-actions feature to relevant repos, updating their .taskcluster.ymls (and version of taskgraph) to handle pr-action, and granting the trigger-hook scopes to users for the new hooks.
| Assignee | ||
Updated•2 years ago
|
Description
•