Closed Bug 1907217 Opened 2 months ago Closed 16 days ago

remove `*` branches from projects.yml

Categories

(Release Engineering :: Firefox-CI Administration, task)

Product:
Release Engineering
Component:
Firefox-CI Administration
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bhearsum, Assigned: bhearsum)

References

Details

Attachments

(3 files, 1 obsolete file)

[mozilla-releng/fxci-config] Bug 1907217: remove `*` branch from RelEng github repositories and `maple` (#18)
53 bytes, text/x-github-pull-request
Details | Review
[mozilla-releng/fxci-config] bug 1907217: remove `*` branch from vpn and autoland repositories (#40)
53 bytes, text/x-github-pull-request
Details | Review
[mozilla-releng/fxci-config] bug 1907217: remove * star branches from remaining github repositories (#46)
53 bytes, text/x-github-pull-request
Details | Review

This is a follow-up from https://bugzilla.mozilla.org/show_bug.cgi?id=1903776 where the * branches were added to minimize risk when that work first landed. Removing the * branches removes a bunch of grants which I believe to be unneeded (and in many cases redundant), but it's virtually impossible to be certain of that before landing it.

I intend to do the removal in stages. Note that Mercurial is excluded here. We've decided to simply not bother making changes to it, because there's little to no value in doing so, and all of these repositories will be migrated in the next year or so.

GitHub:

  • RelEng repos as a basic sanity check. They have a decent amount of activity in them, and we'll obviously see and be able to respond to any issues that come up.
  • mozilla-vpn-client next. This repo has extra releases/* branches and uses release promotion, so it will sanity check some other types of scopes, and is arguably lower risk/impact than other similar repos.
  • everything else

Stage one of the plan written out in the bug.

This should be quite safe. For Try, all of the scopes that branch:* has are already granted by branch:default.

For GitHub we have some differences, but as far as I can tell, only where the explicit branches have more scopes than branch:* due to grants such as https://github.com/mozilla-releng/fxci-config/blob/944ea85da779ab430e932f9829f1f02bb11ee11c/grants.yml#L1185-L1200.

(In reply to bhearsum@mozilla.com (:bhearsum) from comment #0)

Mercurial:

  • try first to get a basic sanity check done. It's got enough throughput that any issues should be notice very quickly.
  • autoland next, to sanity check L3
  • mozilla-central afterwards to sanity check anything relating to scriptworker and nightly scopes
  • mozilla-beta to sanity check release promotion actions, etc.
  • everything else

jcristau pointed out that we support pushing to try on non-default branches. With that in mind, it's completely appropiate to keep the * branch for that repo (we should actually drop the default branch instead). Instead of try, I'll use maple as a first test and do what sanity checking I can there.

Attachment #9412155 - Attachment is obsolete: true

Phase 1 of this work has landed. I did some explicit testing on maple by pushing there, firing an action, and triggering a cron task. All of that worked fine.

On the GitHub side, I'm monitoring the repos that had scope adjustments made to them for an issues. If things look good I intend to move forward with a second set of projects on Monday.

We've done what we're going to here. We ended up keeping * branches for Mercurial repos, which will go away whenever Mercurial does. We also kept * branches for releng staging repos, because those are level 1, and intended as playgrounds - so there's little benefit and much annoyance if we restrict branches we can build from there.

Status: NEW → RESOLVED
Closed: 16 days ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: