Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upbuild: auto start Jenkins CI via PR labels #34089
Conversation
Add an Action that will find every PR with the `request-ci` label and will start a Jenkins CI for each of these Pull Requests. The scheduler event is used to circumvent GitHub Actions limitations on Pull Requests from forks (where secrets are not accessible and the GITHUB_TOKEN is read-only). If the Action fails to start a CI, it will add a `request-ci-failed` label and will leave a comment with the error message from NCU.
| ncu-config set username ${{ secrets.JENKINS_USER }} | ||
| ncu-config set token none | ||
| ncu-config set jenkins_token ${{ secrets.JENKINS_TOKEN }} | ||
| ncu-config set owner ${{ env.OWNER }} | ||
| ncu-config set repo ${{ env.REPOSITORY }} |
This comment has been minimized.
This comment has been minimized.
mmarchini
Jun 27, 2020
Author
Member
We probably should provide a way to set ncu configs via environment variables, so we don't have to worry about writing to disk here.
| query: | | ||
| query prs($owner:String!, $repo:String!) { | ||
| repository(owner:$owner, name:$repo) { | ||
| pullRequests(labels: ["request-ci"], states: OPEN, last: 100) { |
This comment has been minimized.
This comment has been minimized.
mmarchini
Jun 27, 2020
Author
Member
If we're worried about the number of concurrent Jenkins jobs running, we could reduce this to 5 and increase the scheduler to 15-30 minutes.
|
If we add something like this, shouldn't we just get rid of the "CERTIFY_SAFE" checkbox in CI then, since there is no way to make such a confirmation explicit when applying the new label to a PR? |
|
That's a good question. We could consider that adding the label means the collaborator is certifying that this PR is safe (same could be said about starting a CI though) |
|
We could also have two labels, but that seems unnecessary |
|
Not sure who I should ping to get consensus on adding the secrets to the repo (or if I need to do it) and to create the labels. @nodejs/tsc maybe? Also don't know who has access to the github-bot account to create a Jenkins token for it. |
mmarchini commentedJun 27, 2020
•
edited
Add an Action that will find every PR with the
request-cilabel andwill start a Jenkins CI for each of these Pull Requests. The scheduler
event is used to circumvent GitHub Actions limitations on Pull Requests
from forks (where secrets are not accessible and the GITHUB_TOKEN is
read-only).
If the Action fails to start a CI, it will add a
request-ci-failedlabel and will leave a comment with the error message from NCU.
Requirements to land
JENKINS_USERandJENKINS_TOKENsecrets to this repository (or to the entire org, if we want this to work on forks such as quic and node-auto-test as well)request-ciandrequest-ci-failedlabels in this repositoryChecklist
make -j4 test(UNIX), orvcbuild test(Windows) passes