Oh, with our new Jenkins that's not an issue - I have admin access there, the issue is with checking old CI configuration, GitHub, infra stuff, etc. FYI, all PMC members as well have admin access to the new CI and can install plugins.
This 'fetching&whitelisting committers during seed job' solution should not disable phrases. That will work as expected. On Thu, Jul 23, 2020 at 10:58 PM Udi Meiri <eh...@google.com> wrote: > I have the same issue with Jenkins privileges. There's usually no insight > to test triggering logic. > For instance I happen to know that tests won't be started right now > because Infra is restarting Jenkins to install a plugin, but that's only > because I opened the ticket. > > I think fetching the list of allowed user IDs as part of the seed job is > okay. Even if this disables phrases we can always manually trigger the seed > job from the Jenkins UI. > > On Thu, Jul 23, 2020 at 1:11 PM Damian Gadomski < > damian.gadom...@polidea.com> wrote: > >> Yes, I thought that whitelisting apache organization will do the trick, >> but apparently, it doesn't. Actually, it makes sense as we want to allow >> only beam committers and not all apache committers. I don't know the >> implications of membership in the apache github organization, but you for >> instance are not there :) Neither is Ahmet. >> >> >> Therefore there's nothing wrong with the Ghprb plugin, it correctly >> forbade triggering. From my investigation, the "beam-committers" GitHub >> team (which is under the apache org) is the list of people that should be >> allowed. But firstly, you cant whitelist a team with Ghprb. There's a >> ticket for that, open for 5 years >> <https://github.com/jenkinsci/ghprb-plugin/issues/160>. I could >> implement that but, secondly, the team is secret. I can't even see it. Even >> asfbot doesn't have permission to see it. >> >> You may ask, how it worked before, because on the builds.apache.org >> somehow only committers were allowed to trigger PR builds. It appeared that >> Infra created a webhook relay. It's configured here >> <https://github.com/apache/infrastructure-puppet/blob/deployment/modules/gitbox/files/conf/relay.yaml> >> and >> it filters out all the non-committers events. I wish I had known that >> before as it was also the reason for different issues during the migration. >> Anyway, it would be hard to use that mechanism in our case as we want to >> configure it depending on the job. >> >> >> There's a publicly available source of committers list - it's LDAP. I've >> tested it and it allows anonymous connection and provides the list of the >> committers as well as the github usernames. My current idea is to read this >> from LDAP as a part of the seed job and configure the jobs with the apache >> committers present on the ghprb whitelist. >> >> >> Hope that I didn't miss anything ;) It isn't that easy to investigate >> that kind of issues with my poor privileges ;) >> >> >> Regards, >> >> Damian >> >> >> On Thu, Jul 23, 2020 at 6:52 PM Udi Meiri <eh...@google.com> wrote: >> >>> Thanks Damian! I saw that the config also has this: >>> orgWhitelist(['apache']) >>> Shouldn't that be enough to allow all Apache committers? >>> >>> I traced the code for the membership check here: >>> >>> https://github.com/jenkinsci/ghprb-plugin/blob/4e86ed47a96a01eeaa51a479ff604252109635f6/src/main/java/org/jenkinsci/plugins/ghprb/GhprbGitHub.java#L27 >>> Is there a way to see these logs? >>> >>> >>> On Thu, Jul 23, 2020 at 7:08 AM Damian Gadomski < >>> damian.gadom...@polidea.com> wrote: >>> >>>> Hi, >>>> >>>> You are right, the current behavior is wrong, I'm currently working to >>>> fix it asap. Our intention was to disable that only for non-committers. >>>> >>>> As a workaround, as a committer, you could manually add yourself (your >>>> GitHub username) to the whitelist of the SeedJob configuration: >>>> https://ci-beam.apache.org/job/beam_SeedJob/configure >>>> Then, your comment "Run Seed Job" will trigger the build. I've already >>>> manually triggered it for you that way. >>>> >>>> Of course, it will only work until the seed job gets executed - it will >>>> then override the whitelist with an empty one. >>>> >>>> [image: Selection_408.png] >>>> >>>> As a target solution, I'm planning to fetch the list of beam committers >>>> from LDAP and automatically add them to the whitelist above as a part of >>>> the seed job. I'll keep you updated about the progress. >>>> >>>> Regards, >>>> Damian >>>> >>>> >>>> On Wed, Jul 22, 2020 at 11:03 PM Ahmet Altay <al...@google.com> wrote: >>>> >>>>> +Damian Gadomski <damian.gadom...@polidea.com>, it might be related >>>>> to this change: https://github.com/apache/beam/pull/12319. >>>>> >>>>> /cc +Tyson Hamilton <tyso...@google.com> >>>>> >>>>> On Wed, Jul 22, 2020 at 1:17 PM Udi Meiri <eh...@google.com> wrote: >>>>> >>>>>> HI, >>>>>> I'm trying to test a groovy change but I can't seem to trigger the >>>>>> seed job. It worked yesterday so I'm not sure what changed. >>>>>> >>>>>> https://github.com/apache/beam/pull/12326 >>>>>> >>>>>>
