You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tvm.apache.org by dr...@apache.org on 2022/08/02 23:14:08 UTC
[tvm] branch main updated: [ci] Specify permissions for tvm bot (#11937)
This is an automated email from the ASF dual-hosted git repository.
driazati pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tvm.git
The following commit(s) were added to refs/heads/main by this push:
new fefc27f261 [ci] Specify permissions for tvm bot (#11937)
fefc27f261 is described below
commit fefc27f26143e58120124aff30b8d2d4bf9a2e77
Author: driazati <94...@users.noreply.github.com>
AuthorDate: Tue Aug 2 16:14:03 2022 -0700
[ci] Specify permissions for tvm bot (#11937)
This adjusts some error reporting for tvm-bot and manually specifies the permissions it should run with to hopefully alleviate the 403 errors when merging PRs
---
.github/workflows/main.yml | 5 +++-
.github/workflows/tvmbot.yml | 8 +++++++
tests/scripts/git_utils.py | 9 ++++++-
tests/scripts/github_tvmbot.py | 54 +++++++++++++++++++++++++++++++-----------
4 files changed, 60 insertions(+), 16 deletions(-)
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index ee2f351795..55fe5f1441 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -25,10 +25,10 @@ on:
push:
branches:
- main
-
pull_request:
branches:
- main
+ workflow_dispatch:
concurrency:
group: CI-${{ github.event.pull_request.number || github.sha }}
@@ -36,6 +36,7 @@ concurrency:
jobs:
MacOS:
+ if: ${{ github.repository == 'apache/tvm' }}
runs-on: macOS-latest
steps:
- uses: actions/checkout@v2
@@ -78,6 +79,7 @@ jobs:
python -m pytest -v tests/python/contrib/test_rpc_server_device.py
Windows:
+ if: ${{ github.repository == 'apache/tvm' }}
runs-on: windows-2019
steps:
- uses: actions/checkout@v2
@@ -96,6 +98,7 @@ jobs:
python -m pytest -v tests/python/all-platform-minimal-test
Android:
+ if: ${{ github.repository == 'apache/tvm' }}
runs-on: Ubuntu-20.04
steps:
- uses: actions/checkout@v2
diff --git a/.github/workflows/tvmbot.yml b/.github/workflows/tvmbot.yml
index 784f6899a3..792977f92e 100644
--- a/.github/workflows/tvmbot.yml
+++ b/.github/workflows/tvmbot.yml
@@ -13,6 +13,14 @@ concurrency:
jobs:
run-tvm-bot:
+ permissions:
+ actions: write
+ checks: write
+ contents: write
+ id-token: write
+ issues: write
+ pull-requests: write
+ statuses: write
if: ${{ github.event.issue.pull_request && github.repository == 'apache/tvm' }}
runs-on: ubuntu-20.04
steps:
diff --git a/tests/scripts/git_utils.py b/tests/scripts/git_utils.py
index 7df8c0b93c..f0d300e2f0 100644
--- a/tests/scripts/git_utils.py
+++ b/tests/scripts/git_utils.py
@@ -87,11 +87,18 @@ class GitHubRepo:
try:
with request.urlopen(req, data) as response:
- response = json.loads(response.read())
+ content = response.read()
except error.HTTPError as e:
logging.info(f"Error response: {e.read().decode()}")
+ e.seek(0)
raise e
+ logging.info(f"Got response from {full_url}: {content}")
+ try:
+ response = json.loads(content)
+ except json.decoder.JSONDecodeError as e:
+ return content
+
return response
def put(self, url: str, data: Dict[str, Any]) -> Dict[str, Any]:
diff --git a/tests/scripts/github_tvmbot.py b/tests/scripts/github_tvmbot.py
index bfdbeb4039..e83318e18e 100755
--- a/tests/scripts/github_tvmbot.py
+++ b/tests/scripts/github_tvmbot.py
@@ -411,7 +411,9 @@ class PR:
logging.info(f"Dry run, would have merged with url={url} and data={to_json_str(data)}")
return
- self.github.put(url, data=data)
+ r = self.github.put(url, data=data)
+ logging.info(f"GitHub merge response: {r}")
+ return r
def author(self) -> str:
return self.raw["author"]["login"]
@@ -439,7 +441,17 @@ class PR:
return missing_expected_jobs
- def merge_if_passed_checks(self) -> None:
+ def trigger_gha_ci(self, sha: str) -> None:
+ logging.info(f"POST-ing a workflow_dispatch event to main.yml")
+ r = self.github.post(
+ url="actions/workflows/main.yml/dispatches",
+ data={
+ "ref": "main",
+ },
+ )
+ logging.info(f"Successful workflow_dispatch: {r}")
+
+ def merge_if_passed_checks(self) -> Optional[Dict[str, Any]]:
failed_ci_jobs = self.find_failed_ci_jobs()
all_ci_passed = len(failed_ci_jobs) == 0
has_one_approval = False
@@ -451,14 +463,14 @@ class PR:
self.comment(
f"Cannot merge, these CI jobs are not successful on {self.head_oid()}:\n{failed_jobs_msg}"
)
- return
+ return None
missing_expected_jobs = self.find_missing_expected_jobs()
if len(missing_expected_jobs) > 0:
missing_jobs_msg = "\n".join([f" * `{name}`" for name in missing_expected_jobs])
self.comment(f"Cannot merge, missing expected jobs:\n{missing_jobs_msg}")
- return
+ return None
head_commit_reviews = self.head_commit_reviews()
for review in head_commit_reviews:
@@ -466,22 +478,22 @@ class PR:
self.comment(
f"Cannot merge, found [this review]({review['url']}) on {self.head_oid()} with changes requested"
)
- return
+ return None
if review["state"] == "APPROVED":
has_one_approval = True
logging.info(f"Found approving review: {to_json_str(review)}")
if has_one_approval and all_ci_passed:
- self.merge()
+ return self.merge()
elif not has_one_approval:
self.comment(
f"Cannot merge, did not find any approving reviews from users with write access on {self.head_oid()}"
)
- return
+ return None
elif not all_ci_passed:
self.comment(f"Cannot merge, CI did not pass on on {self.head_oid()}")
- return
+ return None
def rerun_jenkins_ci(self) -> None:
url = JENKINS_URL + f"job/tvm/job/PR-{self.number}/buildWithParameters"
@@ -491,6 +503,16 @@ class PR:
else:
post(url, auth=("tvm-bot", TVM_BOT_JENKINS_TOKEN))
+ def comment_failure(self, msg: str, exception: Exception):
+ if not self.dry_run:
+ exception_msg = traceback.format_exc()
+ comment = f"{msg} in {args.run_url}\n\n<details>\n\n```\n{exception_msg}\n```\n\n"
+ if hasattr(exception, "read"):
+ comment += f"with response\n\n```\n{exception.read().decode()}\n```\n\n"
+ comment += "</details>"
+ pr.comment(comment)
+ return exception
+
class Merge:
triggers = [
@@ -501,16 +523,20 @@ class Merge:
@staticmethod
def run(pr: PR):
+ info = None
try:
- pr.merge_if_passed_checks()
+ info = pr.merge_if_passed_checks()
except Exception as e:
- if not args.dry_run:
- msg = traceback.format_exc()
- pr.comment(
- f"Failed to process merge request in {args.run_url}\n\n<details>\n\n```\n{msg}\n```\n\n</details>"
- )
+ pr.comment_failure("Failed to process merge request", e)
raise e
+ if info is not None:
+ try:
+ pr.trigger_gha_ci(sha=info["sha"])
+ except Exception as e:
+ pr.comment_failure("Failed to trigger GitHub Actions", e)
+ raise e
+
class Rerun:
triggers = [