Skip to content

Latest commit

 

History

History
34 lines (22 loc) · 2.7 KB

0153-remove-email-validation-for-metadata-owner.md

File metadata and controls

34 lines (22 loc) · 2.7 KB
Raw

RFC 153 - remove the email validation for metadata.owner

  • Comments: #153
  • Proposed by: @mihaitabara

Summary

We want to remove the email validation for metadata.owner to allow Github applications to safely set their names within the fields used in .taskcluster.yml without breaking the CI automation.

Motivation

Using Github bots has become a necessity in many repositories that are already using Taskcluster as their CI. Many of these bots set some of the context input fed in .taskcluster.yml without an easy way to tweak it. One of these examples is the event.sender.login which may be directly inferred from the bot without the possibility of configuring it. Since this field is often used to feed the metadata.owner with an email address, it can often break taskcluster-gitub logic.

Removing the email validation causes no harm and avoids if/else statements that attempt to guess and re-write that field directly in the .taskcluster.yml, making it more suple and easy to read.

Details

In the Github world, there are some helpful applications that are running in order to help developers. Examples include but are not limited to dependabot and bors which are used successfully in projects such as application-services or android-components. When taskcluster-github is rendering the .taskcluster.yml, it sometimes hits errors when validating the email set for metadata.owner. Normally that field is set to ${user}@users.noreply.github.com where user = ${event.sender.login}. For primitive github operations, sans bots, this works well while for cron-jobs triggered from hooks, we feed that value to our covenience. However, for when we're using bots, we may not always have that flexibility of tweaking the bot's input. Moreover, Github itself is adding the [bot] string to that input, which naturally breaks any sort of email validator we have under the hood.

In order to make checks such as this and this more generic (if we end up adding multiple bots for a repo), we propose removing the email validation for metadata.owner.

To our knowledge, the metadata.owner holds no security concern, so removing the email validation should be harmless.

Implementation