[Twisted-Python] CI FYI
Glyph Lefkowitz
glyph at twistedmatrix.com
Mon Dec 12 16:38:38 MST 2016
Hello Twisted maintainers,
I realized today that not not everyone is aware of this quirk in our build infrastructure, and since it's a required step, y'all should probably know about it.
Any PR that we merge should run not just on public CI (travis, appveyor, codecov) but also our own Buildbot infrastructure. Many of our supported platforms, particularly desktop Windows and OS X, do not have good support from multi-tenant CI vendors. This has always been true, but recently it became mechanically necessary because the OS X status from buildbot became a required status, which means that it appears in the "waiting" state even if no build has actually been started. No twisted PR will have a successful build unless some TM Labs member has done the following.
Since our buildbots do not have adequate security to run totally untrusted code, only project members may submit builds to them. The way a project member submits such a build is they cause a ref to exist in the official Twisted repo's namespace.
So, a necessary step in the code review process is to scan the diff to ensure that it's not malicious, and to then ensure that a branch exists in the https://github.com/twisted/twisted/ <https://github.com/twisted/twisted/> namespace pointing at the exact commit that you want buildbot builds to run tests for. (Don't worry: the buildbots are not fully secured, but neither do they contain particularly sensitive data. If you screw this check up, the main potentially bad consequence is to availability of the build fleet, not compromise of PyPI releases or anything like that. That said, if you screw up the security check in the full review and it lands on master, then some really bad stuff can happen...)
The way to express this intent to Git is something like:
$ git fetch origin "refs/pull/${PR_NUMBER}/head"
$ git push origin FETCH_HEAD:"${TICKET_NUMBER}-branchname"
I don't know of a way to do it through the github web UI but perhaps someone more knowledgeable could chime in.
Thanks,
-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://twistedmatrix.com/pipermail/twisted-python/attachments/20161212/f19a5d90/attachment.html>
More information about the Twisted-Python
mailing list