You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@yetus.apache.org by "Allen Wittenauer (Jira)" <ji...@apache.org> on 2020/10/08 04:38:00 UTC

[jira] [Commented] (YETUS-633) GitHub Checks integration

    [ https://issues.apache.org/jira/browse/YETUS-633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17209998#comment-17209998 ] 

Allen Wittenauer commented on YETUS-633:
----------------------------------------

With YETUS-992, I've done a lot more work on this:

* GitHub Actions is (effectively) a re-branded Azure Pipelines.  It provides very simple access to some things. Starting docs are here: https://docs.github.com/en/free-pro-team@latest/actions . Of particular interest is: https://docs.github.com/en/free-pro-team@latest/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token which says that, depending upon context, Actions may have access to write to GitHub Statuses and Checks.  Actions always have access to Check Run Annotations because they just need to spew out some specially formatted text to stdout. (Apache Yetus as of 0.13.0 will do/does this now in preference to the old linecomments code)

* If your bits don't run as an action, then to get equivalent access, they need to have both GitHub Statuses (https://docs.github.com/en/free-pro-team@latest/rest/reference/repos#statuses) and the Checks APIs (https://docs.github.com/en/free-pro-team@latest/rest/reference/checks). Both are meant for full blown GitHub Apps.  There is _no way_ to provide a personal access token to be able to _write_ to those APIs as of this writing.  (You _can_ get read access to Statuses.)  Running a GitHub App requires the ability to do a REST callback because users will be prompted to give permission and the token that is returned must be persisted between runs.... completely inappropriate for the current state of test-patch unless we want to build a hosting environment...

* That said, _some_ systems (such as Jenkins) allow for projects to get a delegated token. But first you probably need to rip apart your setup... (https://docs.cloudbees.com/docs/cloudbees-jenkins-platform/latest/github-app-auth) and then you get hit with some insane limitations... First is that getting a valid token in a pipeline is barely documented or even acknowledged. best docs? https://www.jenkins.io/blog/2020/04/16/github-app-authentication/ ... a #$^#$@#$ blog post... and then if you read that, you discover it is only good for an hour.  So how exactly is one supposed to get a new one after an hour? Back to the Jenkins Pipeline code with you!  It's poorly thought out.



> GitHub Checks integration
> -------------------------
>
>                 Key: YETUS-633
>                 URL: https://issues.apache.org/jira/browse/YETUS-633
>             Project: Yetus
>          Issue Type: Wish
>          Components: Precommit
>            Reporter: Sean Busbey
>            Priority: Major
>
> GitHub has launched a feature for putting CI feedback into its own tab:
> https://github.com/apache/yetus/pull/12/checks
> Would be nice. lots of open questions.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)