Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block presubmit runs for PRs from 3rd-party forks. #1756

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Block presubmit runs for PRs from 3rd-party forks. #1756

wants to merge 1 commit into from

Conversation

fweikert
Copy link
Member

@fweikert fweikert commented Oct 6, 2023

Going forward these builds will be blocked before running any code, and must be unblocked by someone who has "Build & Read" permissions for the corresponding pipeline.

This commit also fixes is_pull_request() which returned incorrect results when the presubmit ran for a PR in a branch of the bazelbuild/bazel repo.

@fweikert fweikert added the CI:run label Oct 6, 2023
@fweikert
Block presubmit runs for PRs from 3rd-party forks.
cc8636b 
Going forward these builds will be blocked before running any code, and must be unblocked by someone who has "Build & Read" permissions for the corresponding pipeline.

This commit also fixes is_pull_request() which returned incorrect results when the presubmit ran for a PR in a branch of the bazelbuild/bazel repo.
@fweikert fweikert marked this pull request as ready for review October 6, 2023 23:54
@meteorcloudy
Copy link
Member

I assume this affects all CI pipeline? Can we somehow give a notice to CI users?

@fweikert
Copy link
Member Author

fweikert commented Oct 9, 2023

We don't have a good way of reaching all CI users, other than maybe the emergency banner (which also has its own problems in this case).

Right now a blocked build will be displayed in GitHub as "running" - we could change it to "failed" so that people don't wait too long.

@meteorcloudy
Copy link
Member

And the CI:run flag won't be removed when new changes are pushed to the PR?

@meteorcloudy
Copy link
Member

Right now a blocked build will be displayed in GitHub as "running" - we could change it to "failed" so that people don't wait too long.

Can we print out some instruction on how to resolve the failure?

@meteorcloudy
Copy link
Member

must be unblocked by someone who has "Build & Read" permissions for the corresponding pipeline.

Can Buildkite actually check who assigned the label?

@fweikert
Copy link
Member Author

fweikert commented Oct 9, 2023
edited

This is a different approach from the "CI:run" label - all Buildkite builds from 3rd party fork branches will have an additional "block" step, similar to the release pipeline. Someone with "Build & Read" permissions on the pipeline has to unblock the step. This is a Buildkite-based solution, not a GitHub-based one.

I think the UI is pretty self-explanatory, especially since I added some context to the prompt.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@meteorcloudy meteorcloudy Awaiting requested review from meteorcloudy meteorcloudy is a code owner

@Wyverald Wyverald Awaiting requested review from Wyverald Wyverald is a code owner

Assignees
No one assigned
Labels
CI:run
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@fweikert @meteorcloudy