Il sab 29 dic 2018, 15:17 Stephen Connolly <stephen.alan.conno...@gmail.com> ha scritto:
> There is a security issue with building PRs automatically. > > I can see about adding PR discovery to the existing ASF gitbox plugin, but > we’d need committers to ok the build and have reviewed the code as the PR > could contain attacks to be run from ASF hardware... which is why we don’t > build PRs at present. > Now I have to review and then push to ASF repo and I have to tell to the contributor that I will make CI start. IMHO a good tradeoff is: - a committer adds a 'test this please' comment, or '@asfbot test this please' and then a CI job start - this job updates the status line of the PR, with a link to the logs and the status of the job How does it sounds to you? Enrico > Other projects at ASF probably missed this point in the video series > chronicling the development of the plugin... > > On Sat 29 Dec 2018 at 13:10, Enrico Olivelli <eolive...@gmail.com> wrote: > > > Hervè, > > This is the plugin > > > > > https://wiki.jenkins.io/display/JENKINS/GitHub+Branch+Source+Plugin?desktop=true¯oName=unmigrated-inline-wiki-markup > > > > I see our "maven-box" is using some special "Scan Apache Hosted Git > > Folder Triggers" source > > (https://builds.apache.org/job/maven-box/configure) > > In the Jenkins of my company in a "Multibranch Pipeline" I have a > > "Branch Sources" box with a "GitHub" option which lets me trigger > > builds by using PRs > > > > > > Enrico > > > > Il giorno sab 29 dic 2018 alle ore 13:43 Hervé BOUTEMY > > <herve.bout...@free.fr> ha scritto: > > > > > > Le samedi 29 décembre 2018, 12:40:20 CET Enrico Olivelli a écrit : > > > > Il sab 29 dic 2018, 12:37 Mickael Istria <mist...@redhat.com> ha > > scritto: > > > > > On Sat, Dec 29, 2018 at 12:01 PM Hervé BOUTEMY < > > herve.bout...@free.fr> > > > > > > > > > > wrote: > > > > > > But in both cases, currently, there is no automatic GitHub PR > > > > > > > > > > integration: > > > > > > Maven committers need to create a branch in the official > > repository to > > > > > > benefit > > > > > > from ASF Jenkins build > > > > > > > > > > Ah ok, I wasn't aware the GitHub repo was "unofficial" and couldn't > > be > > > > > used > > > > > to trigger builds. That sucks... > > > > > > > > Maven migrated to gitbox so actually github is an official repo for > > Maven. > > > > I see the same setup in Zookeeper and Bookkeeper and github pr plugin > > works > > > > like a charm (and I partecipated in setting it up) > > > oh great, that would be nice to have the same setup for Maven repos! > > > > > > > > > > > Enrico > > > > > > > > > Any idea how we could have GitHub PR reviews without this branch > > creation > > > > > > > > > > > by > > > > > > committers, be it at ASF or somewhere else? > > > > > > > > > > Using TravisCI could be a solution. > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > > > For additional commands, e-mail: dev-h...@maven.apache.org > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > > For additional commands, e-mail: dev-h...@maven.apache.org > > > > -- > Sent from my phone > -- -- Enrico Olivelli
