You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/02/10 23:54:46 UTC
[GitHub] [pulsar] michaeljmarshall opened a new pull request #14226: Update .asf.yaml to protect release branches
michaeljmarshall opened a new pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226
### Motivation
Many of our current Pulsar branches are not protected. They are vulnerable to accidental force pushes. We should not allow for any modification of history on our release branches.
Further, it is important to update this check because we currently have several status checks that are not required. If a committer were not paying close attention, they could accidentally merge a PR that is not passing all tests. Here is an example: https://github.com/apache/pulsar/pull/14158#issuecomment-1035637925.
I followed the instructions here https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features#Git.asf.yamlfeatures-BranchProtection when drafting this PR.
### Modifications
* Update the `.asf.yaml` file.
** There are instructions here: https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features#Git.asf.yamlfeatures-BranchProtection
### Verifying this change
I opened this ASF Infra Jira ticket https://issues.apache.org/jira/browse/INFRA-22833 to discuss the current protections for our branches.
Checking with ASF infra is important because otherwise we could overwrite current protections:
> NB (1): Enabling any of the above checks overrides what you may have set previously, so you'll need to add all the existing checks to your .asf.yaml to reproduce any that Infra set manually for you.
### Does this pull request potentially affect one of the following parts:
This PR only affects the GitHub repo management.
### Documentation
We don't need documentation for this feature. The git history should be sufficient.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1036735068
@dave2wave - sorry, I forgot a word in my last message. I meant to say it's not possible to set _wildcard_ permissions via the REST API. This will work as is. We will just have to update the release process to include adding branch protections to new branches.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r804464516
##########
File path: .asf.yaml
##########
@@ -40,4 +40,80 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass. These names are
+ # found in the "name:" field of ./github/workflows/*.yaml files
+ # Note: here is the list of intentionally excluded contexts:
Review comment:
This isn't correct information. See https://github.com/apache/pulsar/pull/14226#issuecomment-1035997475 for the current information. The contexts gets passed as-is in the asfgit python code. I'll check where to get the correct context names.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari merged pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari merged pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari commented on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1035993351
btw. it's possible to find out currently protected branches with this GitHub API call
```
❯ curl -s https://api.github.com/repos/apache/pulsar/branches |jq -r '.[] | select(.protected) | .name'
asf-site
branch-1.15
branch-1.16
branch-1.17
branch-1.18
master
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] dave2wave commented on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
dave2wave commented on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1036729221
@michaeljmarshall The API used by .asf.yaml very likely predates the GraphQL. Changing the API would be a larger project and impacts every project that uses .asf.yaml which is a large proportion of ASF projects. If anyone is interested in helping ASF Infra I can connect you. (Note that one given is that everything with Infra must be Python and for templates EZT is preferred.)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1036456082
> Some workflows have duplicate names. I guess that's fine, but the only issue it causes it that you cannot distinguish a specific workflow.
@lhotari - this could be a feature in the sense that all duplicate names get the same treatment. For example, if all "unit tests" are named the same, they'll all be required. In the GitHub UI, they are visibly different because the top level `name` field is associated with the check. I left the duplicates in place for now. Please take a look and let me know what you think. Thanks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] zymap commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
zymap commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r804314242
##########
File path: .asf.yaml
##########
@@ -40,4 +40,80 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass. These names are
+ # found in the "name:" field of ./github/workflows/*.yaml files
+ # Note: here is the list of intentionally excluded contexts:
+ # - CI - OWASP Dependency Check
+ contexts:
+ - CI - Build - MacOS
+ - CI - Cancel duplicate workflows
+ - CI - CPP, Python Tests
+ - CI - CPP build on CentOS 7
+ - CI - CPP build on Windows
+ - Auto Labeling
Review comment:
I think this can be removed, it's not a check.
##########
File path: .asf.yaml
##########
@@ -40,4 +40,80 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass. These names are
+ # found in the "name:" field of ./github/workflows/*.yaml files
+ # Note: here is the list of intentionally excluded contexts:
+ # - CI - OWASP Dependency Check
+ contexts:
+ - CI - Build - MacOS
+ - CI - Cancel duplicate workflows
+ - CI - CPP, Python Tests
+ - CI - CPP build on CentOS 7
+ - CI - CPP build on Windows
+ - Auto Labeling
+ - CI - Go Functions style check
+ - CI - Go Functions Tests
+ - CI - Integration - Backwards Compatibility
+ - CI - Integration - Cli
+ - CI - Integration - Function & IO
+ - CI - Integration - Messaging
+ - CI - Integration - Process
+ - CI - Integration - Pulsar-IO Sinks and Sources
+ - CI - Integration - Pulsar-IO Oracle Source
+ - CI - Integration - Schema
+ - CI - Integration - Sql
+ - CI - Integration - Standalone
+ - CI - Integration - Thread
+ - CI - Integration - Tiered FileSystem
+ - CI - Integration - Tiered JCloud
+ - CI - Integration - Transaction
+ - CI - Misc
+ - CI - Maven Dependency Cache Update
+ - CI - Pulsar Website build
+ - Pulsar Bot
Review comment:
Those three can remove I think
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r804795093
##########
File path: .asf.yaml
##########
@@ -40,4 +40,80 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass. These names are
+ # found in the "name:" field of ./github/workflows/*.yaml files
+ # Note: here is the list of intentionally excluded contexts:
Review comment:
Thank you for finding this. I struggled to find documentation on this piece, and determined it was the name based on the the way the GitHub UI takes input. This makes much more sense.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r804791846
##########
File path: .asf.yaml
##########
@@ -40,4 +40,80 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass. These names are
+ # found in the "name:" field of ./github/workflows/*.yaml files
+ # Note: here is the list of intentionally excluded contexts:
+ # - CI - OWASP Dependency Check
+ contexts:
+ - CI - Build - MacOS
+ - CI - Cancel duplicate workflows
+ - CI - CPP, Python Tests
+ - CI - CPP build on CentOS 7
+ - CI - CPP build on Windows
+ - Auto Labeling
+ - CI - Go Functions style check
+ - CI - Go Functions Tests
+ - CI - Integration - Backwards Compatibility
+ - CI - Integration - Cli
+ - CI - Integration - Function & IO
+ - CI - Integration - Messaging
+ - CI - Integration - Process
+ - CI - Integration - Pulsar-IO Sinks and Sources
+ - CI - Integration - Pulsar-IO Oracle Source
+ - CI - Integration - Schema
+ - CI - Integration - Sql
+ - CI - Integration - Standalone
+ - CI - Integration - Thread
+ - CI - Integration - Tiered FileSystem
+ - CI - Integration - Tiered JCloud
+ - CI - Integration - Transaction
+ - CI - Misc
+ - CI - Maven Dependency Cache Update
+ - CI - Pulsar Website build
+ - Pulsar Bot
+ - CI - Python - Build 3.9 client
+ - CI - Shade - Test
+ - CI - Unit
+ - CI - Unit - Brokers - Broker Group
+ - CI - Unit - Brokers - Client Api
+ - CI - Unit - Brokers - Client Impl
+ - CI - Unit - Broker - JDK8
+ - CI - Unit - Brokers - Other
+ - CI - Unit - Proxy
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ asf-site: {}
+ branch-1.15: {}
+ branch-1.16: {}
+ branch-1.17: {}
+ branch-1.18: {}
+ branch-1.19: {}
+ branch-1.20: {}
+ branch-1.21: {}
+ branch-1.22: {}
+ branch-2.0: {}
+ branch-2.1: {}
+ branch-2.2: {}
+ branch-2.3: {}
+ branch-2.4: {}
+ branch-2.5: {}
+ branch-2.6: {}
+ branch-2.7: {}
+ branch-2.8: {}
+ branch-2.9: {}
Review comment:
Thanks for finding that @lhotari. We could always make a feature request, if it becomes too much work.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r804453332
##########
File path: .asf.yaml
##########
@@ -40,4 +40,80 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass. These names are
+ # found in the "name:" field of ./github/workflows/*.yaml files
+ # Note: here is the list of intentionally excluded contexts:
+ # - CI - OWASP Dependency Check
+ contexts:
+ - CI - Build - MacOS
+ - CI - Cancel duplicate workflows
+ - CI - CPP, Python Tests
+ - CI - CPP build on CentOS 7
+ - CI - CPP build on Windows
+ - Auto Labeling
+ - CI - Go Functions style check
+ - CI - Go Functions Tests
+ - CI - Integration - Backwards Compatibility
+ - CI - Integration - Cli
+ - CI - Integration - Function & IO
+ - CI - Integration - Messaging
+ - CI - Integration - Process
+ - CI - Integration - Pulsar-IO Sinks and Sources
+ - CI - Integration - Pulsar-IO Oracle Source
+ - CI - Integration - Schema
+ - CI - Integration - Sql
+ - CI - Integration - Standalone
+ - CI - Integration - Thread
+ - CI - Integration - Tiered FileSystem
+ - CI - Integration - Tiered JCloud
+ - CI - Integration - Transaction
+ - CI - Misc
+ - CI - Maven Dependency Cache Update
+ - CI - Pulsar Website build
+ - Pulsar Bot
+ - CI - Python - Build 3.9 client
+ - CI - Shade - Test
+ - CI - Unit
+ - CI - Unit - Brokers - Broker Group
+ - CI - Unit - Brokers - Client Api
+ - CI - Unit - Brokers - Client Impl
+ - CI - Unit - Broker - JDK8
+ - CI - Unit - Brokers - Other
+ - CI - Unit - Proxy
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ asf-site: {}
+ branch-1.15: {}
+ branch-1.16: {}
+ branch-1.17: {}
+ branch-1.18: {}
+ branch-1.19: {}
+ branch-1.20: {}
+ branch-1.21: {}
+ branch-1.22: {}
+ branch-2.0: {}
+ branch-2.1: {}
+ branch-2.2: {}
+ branch-2.3: {}
+ branch-2.4: {}
+ branch-2.5: {}
+ branch-2.6: {}
+ branch-2.7: {}
+ branch-2.8: {}
+ branch-2.9: {}
Review comment:
the source where this is implemented is here: https://github.com/apache/infrastructure-puppet/blob/deployment/modules/gitbox/files/asfgit/asfyaml.py#L278-L302 . It doesn't look like regexs are supported.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari edited a comment on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari edited a comment on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1035997475
Getting current required status checks:
```
❯ curl -s -H 'Accept: application/vnd.github.v3+json' https://api.github.com/repos/apache/pulsar/branches/master | jq .protection
{
"enabled": true,
"required_status_checks": {
"enforcement_level": "non_admins",
"contexts": [
"License check",
"backwards-compatibility",
"cli",
"cpp-tests",
"function-state",
"messaging",
"process",
"schema",
"sql",
"standalone",
"thread",
"tiered-filesystem",
"tiered-jcloud",
"unit-tests"
],
"checks": [
{
"context": "License check",
"app_id": null
},
{
"context": "backwards-compatibility",
"app_id": null
},
{
"context": "cli",
"app_id": null
},
{
"context": "cpp-tests",
"app_id": null
},
{
"context": "function-state",
"app_id": null
},
{
"context": "messaging",
"app_id": null
},
{
"context": "process",
"app_id": null
},
{
"context": "schema",
"app_id": null
},
{
"context": "sql",
"app_id": null
},
{
"context": "standalone",
"app_id": null
},
{
"context": "thread",
"app_id": null
},
{
"context": "tiered-filesystem",
"app_id": null
},
{
"context": "tiered-jcloud",
"app_id": null
},
{
"context": "unit-tests",
"app_id": null
}
]
}
}
```
GitHub API docs: https://docs.github.com/en/rest/reference/branches#get-branch-protection
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari commented on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1035997475
Getting current required status checks:
```
❯ curl -s -H 'Accept: application/vnd.github.v3+json' https://api.github.com/repos/apache/pulsar/branches/master | jq .protection
{
"enabled": true,
"required_status_checks": {
"enforcement_level": "non_admins",
"contexts": [
"License check",
"backwards-compatibility",
"cli",
"cpp-tests",
"function-state",
"messaging",
"process",
"schema",
"sql",
"standalone",
"thread",
"tiered-filesystem",
"tiered-jcloud",
"unit-tests"
],
"checks": [
{
"context": "License check",
"app_id": null
},
{
"context": "backwards-compatibility",
"app_id": null
},
{
"context": "cli",
"app_id": null
},
{
"context": "cpp-tests",
"app_id": null
},
{
"context": "function-state",
"app_id": null
},
{
"context": "messaging",
"app_id": null
},
{
"context": "process",
"app_id": null
},
{
"context": "schema",
"app_id": null
},
{
"context": "sql",
"app_id": null
},
{
"context": "standalone",
"app_id": null
},
{
"context": "thread",
"app_id": null
},
{
"context": "tiered-filesystem",
"app_id": null
},
{
"context": "tiered-jcloud",
"app_id": null
},
{
"context": "unit-tests",
"app_id": null
}
]
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari merged pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari merged pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1036640697
@dave2wave - that makes sense to me. I'd expect to just need `branch-*`. I will test it out and update this PR if that works.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari edited a comment on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari edited a comment on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1036038903
Listing job names, requires [yq](https://mikefarah.gitbook.io/yq) (`brew install yq`):
```
for f in .github/workflows/*.yaml; do FILE=$f yq eval -o j '.jobs | to_entries | {"file": env(FILE),"id":.[].key, "name":.[].value.name}' $f; done
```
The name of the job is the id if the name is empty or unspecified. for example
```
{
"file": ".github/workflows/ci-license.yaml",
"id": "license-check",
"name": "License check"
}
```
and in comparison
```
{
"file": ".github/workflows/ci-owasp-dep-check.yaml",
"id": "owasp-dep-check",
"name": null
}
```
matrix jobs are an exception. if the name isn't specified, the matrix variable will be part of the name, for example for file .github/workflows/ci-unit-broker-broker-gp.yaml, the generated names are:
```
pulsar-ci-test (group3)
pulsar-ci-test (group2)
pulsar-ci-test (group1)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r805176460
##########
File path: .asf.yaml
##########
@@ -40,4 +40,64 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass.
+ # See ./github/workflows/README.md for more documentation on this list.
+ contexts:
+ - License check
+ - backwards-compatibility
+ - build
+ - cli
+ - cpp-tests
+ - function-state
+ - messaging
+ - owasp-dep-check
+ - process
+ - pulsar-ci-test (group1)
+ - pulsar-ci-test (group2)
+ - pulsar-ci-test (group3)
+ - pulsar-io
+ - schema
+ - shade-check
+ - sql
+ - standalone
+ - thread
+ - tiered-filesystem
+ - tiered-jcloud
+ - transaction
+ - unit-tests
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ branch-1.15: {}
+ branch-1.16: {}
+ branch-1.17: {}
+ branch-1.18: {}
+ branch-1.19: {}
+ branch-1.20: {}
+ branch-1.21: {}
+ branch-1.22: {}
+ branch-2.0: {}
+ branch-2.1: {}
+ branch-2.2: {}
+ branch-2.3: {}
+ branch-2.4: {}
+ branch-2.5: {}
+ branch-2.6: {}
+ branch-2.7: {}
+ branch-2.8: {}
+ branch-2.9: {}
Review comment:
I believe these branches also have required status checks
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] dave2wave commented on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
dave2wave commented on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1036747461
Sure. If a volunteer wished to implement wildcard branch protection update then you would start by rewriting https://github.com/apache/infrastructure-puppet/blob/deployment/modules/gitbox/files/asfgit/asfyaml.py#L257-L391
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari edited a comment on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari edited a comment on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1036038903
Listing job names, requires [yq](https://mikefarah.gitbook.io/yq) (`brew install yq`):
```
for f in .github/workflows/*.yaml; do FILE=$f yq eval -o j '.jobs | to_entries | {"file": env(FILE),"id":.[].key, "name":.[].value.name}' $f; done
```
The name of the job is the id if the name is empty or unspecified. for example
```
{
"file": ".github/workflows/ci-license.yaml",
"id": "license-check",
"name": "License check"
}
```
and in comparison
```
{
"file": ".github/workflows/ci-owasp-dep-check.yaml",
"id": "owasp-dep-check",
"name": null
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari commented on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1036038903
Listing job names:
```
for f in .github/workflows/*.yaml; do FILE=$f yq eval -o j '.jobs | to_entries | {"file": env(FILE),"id":.[].key, "name":.[].value.name}' $f; done
```
The name of the job is the id if the name is empty or unspecified. for example
```
{
"file": ".github/workflows/ci-license.yaml",
"id": "license-check",
"name": "License check"
}
```
and in comparison
```
{
"file": ".github/workflows/ci-owasp-dep-check.yaml",
"id": "owasp-dep-check",
"name": null
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari commented on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1036016625
Here's a list of the correct context names for `required_status_checks`:
```
❯ curl -s "https://api.github.com/repos/apache/pulsar/commits/$(curl -s https://api.github.com/repos/apache/pulsar/pulls/14147 | jq -r .head.sha)/check-runs" |jq -r '.check_runs | .[] | .name'
labeling
action-runner
unit-tests
unit-tests
pulsar-ci-test (group3)
pulsar-ci-test (group2)
pulsar-ci-test (group1)
cli
unit-tests
unit-tests
tiered-filesystem
owasp-dep-check
sql
messaging
shade-check
process
tiered-jcloud
function-state
schema
transaction
cpp-tests
pulsar-io
thread
License check
standalone
build
unit-tests
backwards-compatibility
unit-tests
pulsar-io
```
Some workflows have duplicate names. I guess that's fine, but the only issue it causes it that you cannot distinguish a specific workflow.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r804253170
##########
File path: .asf.yaml
##########
@@ -40,4 +40,80 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass. These names are
+ # found in the "name:" field of ./github/workflows/*.yaml files
+ # Note: here is the list of intentionally excluded contexts:
+ # - CI - OWASP Dependency Check
+ contexts:
+ - CI - Build - MacOS
+ - CI - Cancel duplicate workflows
+ - CI - CPP, Python Tests
+ - CI - CPP build on CentOS 7
+ - CI - CPP build on Windows
+ - Auto Labeling
+ - CI - Go Functions style check
+ - CI - Go Functions Tests
+ - CI - Integration - Backwards Compatibility
+ - CI - Integration - Cli
+ - CI - Integration - Function & IO
+ - CI - Integration - Messaging
+ - CI - Integration - Process
+ - CI - Integration - Pulsar-IO Sinks and Sources
+ - CI - Integration - Pulsar-IO Oracle Source
+ - CI - Integration - Schema
+ - CI - Integration - Sql
+ - CI - Integration - Standalone
+ - CI - Integration - Thread
+ - CI - Integration - Tiered FileSystem
+ - CI - Integration - Tiered JCloud
+ - CI - Integration - Transaction
+ - CI - Misc
+ - CI - Maven Dependency Cache Update
+ - CI - Pulsar Website build
+ - Pulsar Bot
+ - CI - Python - Build 3.9 client
+ - CI - Shade - Test
+ - CI - Unit
+ - CI - Unit - Brokers - Broker Group
+ - CI - Unit - Brokers - Client Api
+ - CI - Unit - Brokers - Client Impl
+ - CI - Unit - Broker - JDK8
+ - CI - Unit - Brokers - Other
+ - CI - Unit - Proxy
Review comment:
Please let me know if any of these CI jobs are not supposed to be required. Thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] dave2wave commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
dave2wave commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r804881078
##########
File path: .asf.yaml
##########
@@ -40,4 +40,80 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass. These names are
+ # found in the "name:" field of ./github/workflows/*.yaml files
+ # Note: here is the list of intentionally excluded contexts:
+ # - CI - OWASP Dependency Check
+ contexts:
+ - CI - Build - MacOS
+ - CI - Cancel duplicate workflows
+ - CI - CPP, Python Tests
+ - CI - CPP build on CentOS 7
+ - CI - CPP build on Windows
+ - Auto Labeling
+ - CI - Go Functions style check
+ - CI - Go Functions Tests
+ - CI - Integration - Backwards Compatibility
+ - CI - Integration - Cli
+ - CI - Integration - Function & IO
+ - CI - Integration - Messaging
+ - CI - Integration - Process
+ - CI - Integration - Pulsar-IO Sinks and Sources
+ - CI - Integration - Pulsar-IO Oracle Source
+ - CI - Integration - Schema
+ - CI - Integration - Sql
+ - CI - Integration - Standalone
+ - CI - Integration - Thread
+ - CI - Integration - Tiered FileSystem
+ - CI - Integration - Tiered JCloud
+ - CI - Integration - Transaction
+ - CI - Misc
+ - CI - Maven Dependency Cache Update
+ - CI - Pulsar Website build
+ - Pulsar Bot
+ - CI - Python - Build 3.9 client
+ - CI - Shade - Test
+ - CI - Unit
+ - CI - Unit - Brokers - Broker Group
+ - CI - Unit - Brokers - Client Api
+ - CI - Unit - Brokers - Client Impl
+ - CI - Unit - Broker - JDK8
+ - CI - Unit - Brokers - Other
+ - CI - Unit - Proxy
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ asf-site: {}
Review comment:
Agreed plus that branch is moving to the pulsar-site repository
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1036652431
@dave2wave - as far as I can tell, it's not possible to set protections using the REST API. It's only possible with the GraphQL API. @lhotari found the GitBox code https://github.com/apache/infrastructure-puppet/blob/deployment/modules/gitbox/files/asfgit/asfyaml.py#L278-L302, and it looks to me like it currently uses the REST API.
Source: https://github.community/t/rest-api-v3-wildcard-branch-protection/13593/13
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r806079826
##########
File path: .asf.yaml
##########
@@ -40,4 +40,64 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass.
+ # See ./github/workflows/README.md for more documentation on this list.
+ contexts:
+ - License check
+ - backwards-compatibility
+ - build
+ - cli
+ - cpp-tests
+ - function-state
+ - messaging
+ - owasp-dep-check
+ - process
+ - pulsar-ci-test (group1)
+ - pulsar-ci-test (group2)
+ - pulsar-ci-test (group3)
+ - pulsar-io
+ - schema
+ - shade-check
+ - sql
+ - standalone
+ - thread
+ - tiered-filesystem
+ - tiered-jcloud
+ - transaction
+ - unit-tests
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ branch-1.15: {}
+ branch-1.16: {}
+ branch-1.17: {}
+ branch-1.18: {}
+ branch-1.19: {}
+ branch-1.20: {}
+ branch-1.21: {}
+ branch-1.22: {}
+ branch-2.0: {}
+ branch-2.1: {}
+ branch-2.2: {}
+ branch-2.3: {}
+ branch-2.4: {}
+ branch-2.5: {}
+ branch-2.6: {}
+ branch-2.7: {}
+ branch-2.8: {}
+ branch-2.9: {}
Review comment:
Based on talking with infra, there are no special protections for any `branch-*` branches. Looking at the api, I don't see any, either:
```
mmarshall-rmbp16:pulsar michaelmarshall$ curl -s -H 'Accept: application/vnd.github.v3+json' https://api.github.com/repos/apache/pulsar/branches/branch-2.8 | jq .protection
{
"enabled": false,
"required_status_checks": {
"enforcement_level": "off",
"contexts": [],
"checks": []
}
}
mmarshall-rmbp16:pulsar michaelmarshall$ curl -s -H 'Accept: application/vnd.github.v3+json' https://api.github.com/repos/apache/pulsar/branches/branch-2.9 | jq .protection
{
"enabled": false,
"required_status_checks": {
"enforcement_level": "off",
"contexts": [],
"checks": []
}
}
```
We can, of course, add requirements, if we want.
##########
File path: .asf.yaml
##########
@@ -40,4 +40,64 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass.
+ # See ./github/workflows/README.md for more documentation on this list.
+ contexts:
+ - License check
+ - backwards-compatibility
+ - build
+ - cli
+ - cpp-tests
+ - function-state
+ - messaging
+ - owasp-dep-check
+ - process
+ - pulsar-ci-test (group1)
+ - pulsar-ci-test (group2)
+ - pulsar-ci-test (group3)
+ - pulsar-io
+ - schema
+ - shade-check
+ - sql
+ - standalone
+ - thread
+ - tiered-filesystem
+ - tiered-jcloud
+ - transaction
+ - unit-tests
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ branch-1.15: {}
+ branch-1.16: {}
+ branch-1.17: {}
+ branch-1.18: {}
+ branch-1.19: {}
+ branch-1.20: {}
+ branch-1.21: {}
+ branch-1.22: {}
+ branch-2.0: {}
+ branch-2.1: {}
+ branch-2.2: {}
+ branch-2.3: {}
+ branch-2.4: {}
+ branch-2.5: {}
+ branch-2.6: {}
+ branch-2.7: {}
+ branch-2.8: {}
+ branch-2.9: {}
Review comment:
Anecdotally, none of the checks in this PR have "required" next to them: https://github.com/apache/pulsar/pull/13122.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r807043650
##########
File path: .asf.yaml
##########
@@ -40,4 +40,64 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass.
+ # See ./github/workflows/README.md for more documentation on this list.
+ contexts:
+ - License check
+ - backwards-compatibility
+ - build
+ - cli
+ - cpp-tests
+ - function-state
+ - messaging
+ - owasp-dep-check
+ - process
+ - pulsar-ci-test (group1)
+ - pulsar-ci-test (group2)
+ - pulsar-ci-test (group3)
+ - pulsar-io
+ - schema
+ - shade-check
+ - sql
+ - standalone
+ - thread
+ - tiered-filesystem
+ - tiered-jcloud
+ - transaction
+ - unit-tests
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ branch-1.15: {}
+ branch-1.16: {}
+ branch-1.17: {}
+ branch-1.18: {}
+ branch-1.19: {}
+ branch-1.20: {}
+ branch-1.21: {}
+ branch-1.22: {}
+ branch-2.0: {}
+ branch-2.1: {}
+ branch-2.2: {}
+ branch-2.3: {}
+ branch-2.4: {}
+ branch-2.5: {}
+ branch-2.6: {}
+ branch-2.7: {}
+ branch-2.8: {}
+ branch-2.9: {}
Review comment:
Yes that seems to be the case. Thanks for checking.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1040476591
@lhotari - can you take another look? Thanks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] dlg99 commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
dlg99 commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r804253094
##########
File path: .asf.yaml
##########
@@ -40,4 +40,80 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass. These names are
+ # found in the "name:" field of ./github/workflows/*.yaml files
+ # Note: here is the list of intentionally excluded contexts:
+ # - CI - OWASP Dependency Check
+ contexts:
+ - CI - Build - MacOS
+ - CI - Cancel duplicate workflows
+ - CI - CPP, Python Tests
+ - CI - CPP build on CentOS 7
+ - CI - CPP build on Windows
+ - Auto Labeling
+ - CI - Go Functions style check
+ - CI - Go Functions Tests
+ - CI - Integration - Backwards Compatibility
+ - CI - Integration - Cli
+ - CI - Integration - Function & IO
+ - CI - Integration - Messaging
+ - CI - Integration - Process
+ - CI - Integration - Pulsar-IO Sinks and Sources
+ - CI - Integration - Pulsar-IO Oracle Source
+ - CI - Integration - Schema
+ - CI - Integration - Sql
+ - CI - Integration - Standalone
+ - CI - Integration - Thread
+ - CI - Integration - Tiered FileSystem
+ - CI - Integration - Tiered JCloud
+ - CI - Integration - Transaction
+ - CI - Misc
+ - CI - Maven Dependency Cache Update
+ - CI - Pulsar Website build
+ - Pulsar Bot
+ - CI - Python - Build 3.9 client
+ - CI - Shade - Test
+ - CI - Unit
+ - CI - Unit - Brokers - Broker Group
+ - CI - Unit - Brokers - Client Api
+ - CI - Unit - Brokers - Client Impl
+ - CI - Unit - Broker - JDK8
+ - CI - Unit - Brokers - Other
+ - CI - Unit - Proxy
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ asf-site: {}
+ branch-1.15: {}
+ branch-1.16: {}
+ branch-1.17: {}
+ branch-1.18: {}
+ branch-1.19: {}
+ branch-1.20: {}
+ branch-1.21: {}
+ branch-1.22: {}
+ branch-2.0: {}
+ branch-2.1: {}
+ branch-2.2: {}
+ branch-2.3: {}
+ branch-2.4: {}
+ branch-2.5: {}
+ branch-2.6: {}
+ branch-2.7: {}
+ branch-2.8: {}
+ branch-2.9: {}
Review comment:
Is it possible to use a pattern/regex here?
Or at least have release scripts update this list for each new release automatically.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r804253925
##########
File path: .asf.yaml
##########
@@ -40,4 +40,80 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass. These names are
+ # found in the "name:" field of ./github/workflows/*.yaml files
+ # Note: here is the list of intentionally excluded contexts:
+ # - CI - OWASP Dependency Check
+ contexts:
+ - CI - Build - MacOS
+ - CI - Cancel duplicate workflows
+ - CI - CPP, Python Tests
+ - CI - CPP build on CentOS 7
+ - CI - CPP build on Windows
+ - Auto Labeling
+ - CI - Go Functions style check
+ - CI - Go Functions Tests
+ - CI - Integration - Backwards Compatibility
+ - CI - Integration - Cli
+ - CI - Integration - Function & IO
+ - CI - Integration - Messaging
+ - CI - Integration - Process
+ - CI - Integration - Pulsar-IO Sinks and Sources
+ - CI - Integration - Pulsar-IO Oracle Source
+ - CI - Integration - Schema
+ - CI - Integration - Sql
+ - CI - Integration - Standalone
+ - CI - Integration - Thread
+ - CI - Integration - Tiered FileSystem
+ - CI - Integration - Tiered JCloud
+ - CI - Integration - Transaction
+ - CI - Misc
+ - CI - Maven Dependency Cache Update
+ - CI - Pulsar Website build
+ - Pulsar Bot
+ - CI - Python - Build 3.9 client
+ - CI - Shade - Test
+ - CI - Unit
+ - CI - Unit - Brokers - Broker Group
+ - CI - Unit - Brokers - Client Api
+ - CI - Unit - Brokers - Client Impl
+ - CI - Unit - Broker - JDK8
+ - CI - Unit - Brokers - Other
+ - CI - Unit - Proxy
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ asf-site: {}
+ branch-1.15: {}
+ branch-1.16: {}
+ branch-1.17: {}
+ branch-1.18: {}
+ branch-1.19: {}
+ branch-1.20: {}
+ branch-1.21: {}
+ branch-1.22: {}
+ branch-2.0: {}
+ branch-2.1: {}
+ branch-2.2: {}
+ branch-2.3: {}
+ branch-2.4: {}
+ branch-2.5: {}
+ branch-2.6: {}
+ branch-2.7: {}
+ branch-2.8: {}
+ branch-2.9: {}
Review comment:
The ASF documentation is thin here. I can double check. I agree that this solution is manual.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r804482074
##########
File path: .asf.yaml
##########
@@ -40,4 +40,80 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass. These names are
+ # found in the "name:" field of ./github/workflows/*.yaml files
+ # Note: here is the list of intentionally excluded contexts:
Review comment:
list of context names: https://github.com/apache/pulsar/pull/14226#issuecomment-1036016625 .
The context name is the name of the job in the workflow yaml file. It's not the name of the workflow.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall edited a comment on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall edited a comment on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1036652431
@dave2wave - as far as I can tell, it's not possible to set wildcard protections using the REST API. It's only possible with the GraphQL API. @lhotari found the GitBox code https://github.com/apache/infrastructure-puppet/blob/deployment/modules/gitbox/files/asfgit/asfyaml.py#L278-L302, and it looks to me like it currently uses the REST API.
Source: https://github.community/t/rest-api-v3-wildcard-branch-protection/13593/13
EDIT: add wildcard in first sentence.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r806079826
##########
File path: .asf.yaml
##########
@@ -40,4 +40,64 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass.
+ # See ./github/workflows/README.md for more documentation on this list.
+ contexts:
+ - License check
+ - backwards-compatibility
+ - build
+ - cli
+ - cpp-tests
+ - function-state
+ - messaging
+ - owasp-dep-check
+ - process
+ - pulsar-ci-test (group1)
+ - pulsar-ci-test (group2)
+ - pulsar-ci-test (group3)
+ - pulsar-io
+ - schema
+ - shade-check
+ - sql
+ - standalone
+ - thread
+ - tiered-filesystem
+ - tiered-jcloud
+ - transaction
+ - unit-tests
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ branch-1.15: {}
+ branch-1.16: {}
+ branch-1.17: {}
+ branch-1.18: {}
+ branch-1.19: {}
+ branch-1.20: {}
+ branch-1.21: {}
+ branch-1.22: {}
+ branch-2.0: {}
+ branch-2.1: {}
+ branch-2.2: {}
+ branch-2.3: {}
+ branch-2.4: {}
+ branch-2.5: {}
+ branch-2.6: {}
+ branch-2.7: {}
+ branch-2.8: {}
+ branch-2.9: {}
Review comment:
Based on talking with infra, there are no special protections for any `branch-*` branches. Looking at the api, I don't see any, either:
```
mmarshall-rmbp16:pulsar michaelmarshall$ curl -s -H 'Accept: application/vnd.github.v3+json' https://api.github.com/repos/apache/pulsar/branches/branch-2.8 | jq .protection
{
"enabled": false,
"required_status_checks": {
"enforcement_level": "off",
"contexts": [],
"checks": []
}
}
mmarshall-rmbp16:pulsar michaelmarshall$ curl -s -H 'Accept: application/vnd.github.v3+json' https://api.github.com/repos/apache/pulsar/branches/branch-2.9 | jq .protection
{
"enabled": false,
"required_status_checks": {
"enforcement_level": "off",
"contexts": [],
"checks": []
}
}
```
We can, of course, add requirements, if we want.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] merlimat commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
merlimat commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r804256620
##########
File path: .asf.yaml
##########
@@ -40,4 +40,80 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass. These names are
+ # found in the "name:" field of ./github/workflows/*.yaml files
+ # Note: here is the list of intentionally excluded contexts:
+ # - CI - OWASP Dependency Check
+ contexts:
+ - CI - Build - MacOS
+ - CI - Cancel duplicate workflows
+ - CI - CPP, Python Tests
+ - CI - CPP build on CentOS 7
+ - CI - CPP build on Windows
+ - Auto Labeling
+ - CI - Go Functions style check
+ - CI - Go Functions Tests
+ - CI - Integration - Backwards Compatibility
+ - CI - Integration - Cli
+ - CI - Integration - Function & IO
+ - CI - Integration - Messaging
+ - CI - Integration - Process
+ - CI - Integration - Pulsar-IO Sinks and Sources
+ - CI - Integration - Pulsar-IO Oracle Source
+ - CI - Integration - Schema
+ - CI - Integration - Sql
+ - CI - Integration - Standalone
+ - CI - Integration - Thread
+ - CI - Integration - Tiered FileSystem
+ - CI - Integration - Tiered JCloud
+ - CI - Integration - Transaction
+ - CI - Misc
+ - CI - Maven Dependency Cache Update
+ - CI - Pulsar Website build
+ - Pulsar Bot
+ - CI - Python - Build 3.9 client
+ - CI - Shade - Test
+ - CI - Unit
+ - CI - Unit - Brokers - Broker Group
+ - CI - Unit - Brokers - Client Api
+ - CI - Unit - Brokers - Client Impl
+ - CI - Unit - Broker - JDK8
+ - CI - Unit - Brokers - Other
+ - CI - Unit - Proxy
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ asf-site: {}
Review comment:
we can remove the protection on this branch. that would allows to get rid of 1GB of auto-generated updates in the site
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r805012268
##########
File path: .asf.yaml
##########
@@ -40,4 +40,80 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass. These names are
+ # found in the "name:" field of ./github/workflows/*.yaml files
+ # Note: here is the list of intentionally excluded contexts:
+ # - CI - OWASP Dependency Check
+ contexts:
+ - CI - Build - MacOS
+ - CI - Cancel duplicate workflows
+ - CI - CPP, Python Tests
+ - CI - CPP build on CentOS 7
+ - CI - CPP build on Windows
+ - Auto Labeling
+ - CI - Go Functions style check
+ - CI - Go Functions Tests
+ - CI - Integration - Backwards Compatibility
+ - CI - Integration - Cli
+ - CI - Integration - Function & IO
+ - CI - Integration - Messaging
+ - CI - Integration - Process
+ - CI - Integration - Pulsar-IO Sinks and Sources
+ - CI - Integration - Pulsar-IO Oracle Source
+ - CI - Integration - Schema
+ - CI - Integration - Sql
+ - CI - Integration - Standalone
+ - CI - Integration - Thread
+ - CI - Integration - Tiered FileSystem
+ - CI - Integration - Tiered JCloud
+ - CI - Integration - Transaction
+ - CI - Misc
+ - CI - Maven Dependency Cache Update
+ - CI - Pulsar Website build
+ - Pulsar Bot
+ - CI - Python - Build 3.9 client
+ - CI - Shade - Test
+ - CI - Unit
+ - CI - Unit - Brokers - Broker Group
+ - CI - Unit - Brokers - Client Api
+ - CI - Unit - Brokers - Client Impl
+ - CI - Unit - Broker - JDK8
+ - CI - Unit - Brokers - Other
+ - CI - Unit - Proxy
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ asf-site: {}
Review comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r805176460
##########
File path: .asf.yaml
##########
@@ -40,4 +40,64 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass.
+ # See ./github/workflows/README.md for more documentation on this list.
+ contexts:
+ - License check
+ - backwards-compatibility
+ - build
+ - cli
+ - cpp-tests
+ - function-state
+ - messaging
+ - owasp-dep-check
+ - process
+ - pulsar-ci-test (group1)
+ - pulsar-ci-test (group2)
+ - pulsar-ci-test (group3)
+ - pulsar-io
+ - schema
+ - shade-check
+ - sql
+ - standalone
+ - thread
+ - tiered-filesystem
+ - tiered-jcloud
+ - transaction
+ - unit-tests
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ branch-1.15: {}
+ branch-1.16: {}
+ branch-1.17: {}
+ branch-1.18: {}
+ branch-1.19: {}
+ branch-1.20: {}
+ branch-1.21: {}
+ branch-1.22: {}
+ branch-2.0: {}
+ branch-2.1: {}
+ branch-2.2: {}
+ branch-2.3: {}
+ branch-2.4: {}
+ branch-2.5: {}
+ branch-2.6: {}
+ branch-2.7: {}
+ branch-2.8: {}
+ branch-2.9: {}
Review comment:
I believe these branches also have required status checks
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r806089883
##########
File path: .asf.yaml
##########
@@ -40,4 +40,64 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass.
+ # See ./github/workflows/README.md for more documentation on this list.
+ contexts:
+ - License check
+ - backwards-compatibility
+ - build
+ - cli
+ - cpp-tests
+ - function-state
+ - messaging
+ - owasp-dep-check
+ - process
+ - pulsar-ci-test (group1)
+ - pulsar-ci-test (group2)
+ - pulsar-ci-test (group3)
+ - pulsar-io
+ - schema
+ - shade-check
+ - sql
+ - standalone
+ - thread
+ - tiered-filesystem
+ - tiered-jcloud
+ - transaction
+ - unit-tests
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ branch-1.15: {}
+ branch-1.16: {}
+ branch-1.17: {}
+ branch-1.18: {}
+ branch-1.19: {}
+ branch-1.20: {}
+ branch-1.21: {}
+ branch-1.22: {}
+ branch-2.0: {}
+ branch-2.1: {}
+ branch-2.2: {}
+ branch-2.3: {}
+ branch-2.4: {}
+ branch-2.5: {}
+ branch-2.6: {}
+ branch-2.7: {}
+ branch-2.8: {}
+ branch-2.9: {}
Review comment:
Anecdotally, none of the checks in this PR have "required" next to them: https://github.com/apache/pulsar/pull/13122.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#issuecomment-1040476591
@lhotari - can you take another look? Thanks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on a change in pull request #14226: Update .asf.yaml to protect release branches
Posted by GitBox <gi...@apache.org>.
lhotari commented on a change in pull request #14226:
URL: https://github.com/apache/pulsar/pull/14226#discussion_r807043650
##########
File path: .asf.yaml
##########
@@ -40,4 +40,64 @@ github:
# disable merge button:
merge: false
# disable rebase button:
- rebase: false
\ No newline at end of file
+ rebase: false
+ protected_branches:
+ master:
+ required_status_checks:
+ # strict means "Require branches to be up to date before merging".
+ strict: false
+ # Contexts are the names of checks that must pass.
+ # See ./github/workflows/README.md for more documentation on this list.
+ contexts:
+ - License check
+ - backwards-compatibility
+ - build
+ - cli
+ - cpp-tests
+ - function-state
+ - messaging
+ - owasp-dep-check
+ - process
+ - pulsar-ci-test (group1)
+ - pulsar-ci-test (group2)
+ - pulsar-ci-test (group3)
+ - pulsar-io
+ - schema
+ - shade-check
+ - sql
+ - standalone
+ - thread
+ - tiered-filesystem
+ - tiered-jcloud
+ - transaction
+ - unit-tests
+
+ required_pull_request_reviews:
+ dismiss_stale_reviews: true
+ require_code_owner_reviews: true
+ required_approving_review_count: 1
+
+ # squash or rebase must be allowed in the repo for this setting to be set to true.
+ required_linear_history: true
+
+ required_signatures: false
+
+ # The following branch protections only ensure that force pushes are not allowed
+ branch-1.15: {}
+ branch-1.16: {}
+ branch-1.17: {}
+ branch-1.18: {}
+ branch-1.19: {}
+ branch-1.20: {}
+ branch-1.21: {}
+ branch-1.22: {}
+ branch-2.0: {}
+ branch-2.1: {}
+ branch-2.2: {}
+ branch-2.3: {}
+ branch-2.4: {}
+ branch-2.5: {}
+ branch-2.6: {}
+ branch-2.7: {}
+ branch-2.8: {}
+ branch-2.9: {}
Review comment:
Yes that seems to be the case. Thanks for checking.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org