Proxy Jenkins build status to GitHub #35
Conversation
|
Is this page the only official docs on it? https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API cc @jbergstroem |
|
Made some improvements to this today. My biggest question atm is how we should trigger Jenkins polling in the first place? I've thought of two different approaches so far:
Any other thoughts? |
|
All of my existing ideas have been around suggestion 1. -- by far the most reliable. |
|
@phillipj we could implement it [pinging the bot] as a build step. The problem here is security; the receiving end can't use much else than ip/hostname matching for security. If that's acceptable it would likely be the best path forward. As for methodology; I'd like to suggest the following:
Also, once we close in on this I reckon we should split linter from the test-pr job and start calling it separately from the gh bot on pretty much every commit, as well as create a set of slaves that does the same for commit message validation. |
Can it be over https? Github and the like just send a secret to verify, or the hash of a secret. Would that be possible? That being said ip/hostname matching probably isn't too bad? I like the methodology suggestions. @jbergstroem how difficult would it be to make those subjobs so we can start trying this? |
|
@Fishrock123 the problem isn't so much man in the middle, but the fact that we can't store credentials at jenkins since a PR could potentially just do @Fishrock123 by subjobs i was referring to the fact that |
|
@jbergstroem no problem going for ip/host matching for incoming HTTP requests. To ensure we're on the same page here: if the bot gets HTTP requests upon subjob start and completion, it will not perform any Jenkins polling at all, but will work more like a proxy for updating github PR (commit) status? ..if so that sounds very good 👍 It would be very helpful if we could get our hands on some example payloads those subjob requests from Jenkins include. |
@phillipj correct.
Yes. this. :D |
|
Example payloads: I can craft them whatever way we want -- will essentially just pass stuff through curl. |
|
@jbergstroem we should come a long way with:
The structure of the payload isn't important, as long as it's JSON. Is it doable? |
|
What do we need build params for? |
|
Imo, we'll need:
|
@Fishrock123 the POST_STATUS_TO_PR option. Should we simply ignore it and report 'em all? |
|
@phillipj I presume that would determine if the bot gets contacted at all or not? |
|
@Fishrock123 ahh that makes sense. Agreed we could do wo/build params then. |
|
More a summary of yours, but yeah; this is what I'm thinking: on start:
on completion:
We should poll jobs occasionally slave might go away during job. Not very likely but it happens. Also, we sometimes have ci-related failures. Reporting them as a "ci fail" would be a nice ui improvement. |
|
@jbergstroem @Fishrock123 just did some adjustments based on what we've been discussing here. I did some assumptions on the structure and made three fixtures:
You can see the result of POSTing those payloads in TestOrgPleaseIgnore/node#13 What's missing from @jbergstroem last comment is use of designated slave and different kinds of build results. It also doesn't use two different endpoints for start / completion, I did see the need for that so far. ..and it would have been nice to get this covered by tests. |
| @@ -0,0 +1,12 @@ | |||
| { | |||
| "fullDisplayName": "node-test-commit-arm #3087", | |||
| "result": "FAILURE", | |||
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
|
Thanks for reviewing so quick guys!
@Fishrock123 it's the same structure as the Jenkins json/api uses. If we're not tied to that structure/format and can do adhoc, I'm more than happy to keep it simpler. |
|
As just mentioned ^ if we're able to use whatever structure/format we want, just ignore the fixtures added here. @jbergstroem would you be able to post an example of what these curl jobs could provide the bot with? |
|
@phillipj jenkins basically has the same information available as what you can get from the api; so I'll just build a query similar to what we expect. I will build different queries based on fail/success/etc. |
|
@jbergstroem How about making it curl an object like this, and we'll go from there? {
"info": "something about node-test-commit-linux",
"status": "FAILURE",
"commit": "shasum",
"url": "https://ci.nodejs.org/job/node-test-commit-linux/3176/"
} |
|
@Fishrock123 sounds good. in addition to that, we should probably add |
|
How about something like: $ curl \
--connect-timeout 5 \
-X POST \
-H "Content-Type: application/json" \
-d "{ \
\"identifier\": \"linter\", \
\"status\": \"pending\", \
\"url\": \"${BUILD_URL}\", \
\"commit\": \"$(git rev-parse HEAD)\", \
\"message\": \"checking for errors\" \
}" \
https://deepthought.nodejs.org/endpoint/..and with payload: curl \
--connect-timeout 5 \
-X POST \
-H "Content-Type: application/json" \
-d "{ \
\"identifier\": \"test/linux\", \
\"status\": \"failure\", \
\"url\": \"${BUILD_URL}\", \
\"commit\": \"$(git rev-parse HEAD)\", \
\"message\": \"tests failed\",
\"data\": { \
\"total\": \"12345\", \
\"pass\": \"12340\", \
\"fail\": \"3\", \
\"skip\": \"2\" \
} \
}" \
https://deepthought.nodejs.org/endpoint/The rationale behind abstracting data is that we could store it and start generating insights over time. I see something similar as part of the other data we collect from github by receiving all the events (briefly mentioned in #4). It's also easier working with the data -- |
|
@jbergstroem LGTM, I'll update the fixtures tonight. I suggest we leave |
phillipj
changed the title
|
@phillipj that means I'll be formatting the failures from bash then? |
|
@jbergstroem hm... you would prefer the status description (the text displayed to the right of the status) to be a combination of curl's |
|
@jbergstroem I think you can include the data but we will worry about processing that after we have the initial things up and running? |
|
Just updated the fixtures, and deleted lots of code which ended up giving a lot of flexibility from the curl side of things. It's now very much a proxy to update GH statuses, forwarding whatever it gets as input, rather than trying to do smart transformations. PTAL and shout if I've missed something from your comments. |
|
@Fishrock123 yeah I agree. So, where do I post for now? Also, I'm kind of interested in finding a way of queueing/delegating all the curl requests so they return instantly -- anyone got any ideas? |
|
@Fishrock123 nope, that's for the github repo hooks (used to trigger Travis polling). I'll send the URL to @jbergstroem on IRC as the location of the bot shouldn't be public atm since we don't have a ip/hostname match or other security measures in place. |
|
@Fishrock123 @jbergstroem soooo, I just pushed a commit loading the gun so to speak ^. ATM the bot gets curl updates from node-test-linter in production, but doesn't do anything since these changes hasn't been merged yet. Are we ready to merge & deploy this as is, or do we need more things before rolling forward? |
phillipj
changed the title
|
I've made a test PR at nodejs/node#6674 -- forgot to make this on the repot itself though. LMK if it should open a new one from a node repo branch so you can push to it. |
|
..and now it even has tests ensuring github is requested with the expected payload as well 🎆 |
|
@jbergstroem fyi I'm holding this 'til you respond. I could potentially deploy this specific branch instead of merging it to master, if you'd rather do a couple of test runs before we going full throttle ;) |
|
I've now implemented check for POST_STATUS_FOR_PR. I'll default that to off for now and start adding status updates to more jobs. |
|
This is now live in production 💥 |
This is work in progress atm, PR exists for public scrutiny and to show I've started working on it.
Any thoughts are much appreciated!
Refs #5