You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomee.apache.org by Cesar Hernandez <ce...@gmail.com> on 2023/02/14 22:25:17 UTC
Re: PR builds in TomEE
@Richard
I raise the question on apache infra, and there is no plan to automatically
build PRs from non-committers on the on-demand CI infra. This for security
reasons as currently implemented in the current CI infra.
@Swell,
Thank you for including the github actions for PR on 9.x branch.
I included the jenkins job creation for branch 9.x via TOMEE-4178 too.
El mar, 31 ene 2023 a las 6:59, Swell (<so...@gmail.com>) escribió:
> about PR builds in GitHub
>
> i saw there is:
> * no GitHub actions for Pull Requests on *branch 9.x* (code in main branch)
> * inversions of PR and non PR keys for the GitHub cache on *branch main*
>
> i have a PR ready if both needed.
>
> --
> Swell
>
> On Tue, 31 Jan 2023 at 00:32, Cesar Hernandez <ce...@gmail.com>
> wrote:
>
> > Thank you for the update Richard, I was not aware that Jenkins jobs have
> > the same restriction Github Actions has about not building PR's from
> > non-committers.
> > Indeed I have met with the INFRA team, and I'll raise these questions
> about
> > non-committers PR's.
> >
> > El lun, 30 ene 2023 a las 7:27, Richard Zowalla (<rz...@apache.org>)
> > escribió:
> >
> > > Hi all,
> > >
> > > the topic appeared a few times on the list. Short summary to remember:
> > >
> > > Currently, we cannot automatically build PRs from non committers due to
> > > ASF restrictions on Jenkins. INFRA (and I think Cesar?) is working on
> > > better build nodes (ephermal runners on AWS) to improve Jenkins
> > > performance and reduce the risk for security issues originating from
> > > PRs.
> > >
> > > At the moment I (most of the time) manually created jobs to get some
> > > feedback on PRs. To avoid that manual step, I created two parameterized
> > > jobs:
> > >
> > > - Java 8:
> > > https://ci-builds.apache.org/job/Tomee/job/pull-request-8.x-manual/
> > > - Java 11:
> > > https://ci-builds.apache.org/job/Tomee/job/pull-request-manual/
> > >
> > > They can be (manually triggered by any TomEE committer) either on the
> > > TomEE GitHub repo itself or on any fork. The branch is also a
> > > parameter. I think, that the security concern (from INFRA) is ok here
> > > as a build isn't triggered automatically and requires committer
> > > intervention to actually run.
> > >
> > > Happy building.
> > >
> > > Gruß
> > > Richard
> > >
> >
> >
> > --
> > Atentamente:
> > César Hernández.
> >
>
--
Atentamente:
César Hernández.
Re: PR builds in TomEE
Posted by Richard Zowalla <rz...@apache.org>.
@Cesar
Yeah. Thanks for asking. I was thinking that they will answer this way
after announcing the need to manual approve every GH action task
yesterday.
So it seems, that the manual PR strategy via the parameterized job is
the best thing we have atm given that our build takes such a long time
and we cannot simply run it on GH actions :-)
Gruß
Richard
Am Dienstag, dem 14.02.2023 um 16:25 -0600 schrieb Cesar Hernandez:
> @Richard
> I raise the question on apache infra, and there is no plan to
> automatically
> build PRs from non-committers on the on-demand CI infra. This for
> security
> reasons as currently implemented in the current CI infra.
>
> @Swell,
> Thank you for including the github actions for PR on 9.x branch.
> I included the jenkins job creation for branch 9.x via TOMEE-4178
> too.
>
>
>
>
>
> El mar, 31 ene 2023 a las 6:59, Swell (<so...@gmail.com>)
> escribió:
>
> > about PR builds in GitHub
> >
> > i saw there is:
> > * no GitHub actions for Pull Requests on *branch 9.x* (code in main
> > branch)
> > * inversions of PR and non PR keys for the GitHub cache on *branch
> > main*
> >
> > i have a PR ready if both needed.
> >
> > --
> > Swell
> >
> > On Tue, 31 Jan 2023 at 00:32, Cesar Hernandez <cesarguate@gmail.com
> > >
> > wrote:
> >
> > > Thank you for the update Richard, I was not aware that Jenkins
> > > jobs have
> > > the same restriction Github Actions has about not building PR's
> > > from
> > > non-committers.
> > > Indeed I have met with the INFRA team, and I'll raise these
> > > questions
> > about
> > > non-committers PR's.
> > >
> > > El lun, 30 ene 2023 a las 7:27, Richard Zowalla (<rzo1@apache.org
> > > >)
> > > escribió:
> > >
> > > > Hi all,
> > > >
> > > > the topic appeared a few times on the list. Short summary to
> > > > remember:
> > > >
> > > > Currently, we cannot automatically build PRs from non
> > > > committers due to
> > > > ASF restrictions on Jenkins. INFRA (and I think Cesar?) is
> > > > working on
> > > > better build nodes (ephermal runners on AWS) to improve Jenkins
> > > > performance and reduce the risk for security issues originating
> > > > from
> > > > PRs.
> > > >
> > > > At the moment I (most of the time) manually created jobs to get
> > > > some
> > > > feedback on PRs. To avoid that manual step, I created two
> > > > parameterized
> > > > jobs:
> > > >
> > > > - Java 8:
> > > > https://ci-builds.apache.org/job/Tomee/job/pull-request-8.x-manual/
> > > > - Java 11:
> > > > https://ci-builds.apache.org/job/Tomee/job/pull-request-manual/
> > > >
> > > > They can be (manually triggered by any TomEE committer) either
> > > > on the
> > > > TomEE GitHub repo itself or on any fork. The branch is also a
> > > > parameter. I think, that the security concern (from INFRA) is
> > > > ok here
> > > > as a build isn't triggered automatically and requires committer
> > > > intervention to actually run.
> > > >
> > > > Happy building.
> > > >
> > > > Gruß
> > > > Richard
> > > >
> > >
> > > --
> > > Atentamente:
> > > César Hernández.
> > >
>
>