-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
RFC: Trigger Tests Based on PR Comments
- Loading branch information
Showing
2 changed files
with
32 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| # RFC 168 - Allow comments to trigger tasks for non-collaborators | ||
| * Comments: [#168](https://github.com/taskcluster/taskcluster-rfcs/pull/168) | ||
| * Proposed by: @bhearsum | ||
|
|
||
| # Summary | ||
|
|
||
| Allow collaborators to a Github repository to request that Tasks be run on Pull Requests that ran no tasks due to a restrictive `pullRequests` policy. | ||
|
|
||
| ## Motivation | ||
|
|
||
| Increasingly, Taskcluster is being used for projects hosted on Github. In many of these projects, Tasks that are run during Pull Requests rely on secrets or other sensitive information. In these cases we usually use a `pullRequests` policy of `collaborators` to ensure that untrusted people cannot gain access to such things. Because of this, it means we have no reasonable way of verifying Pull Requests submitted by non-collaborators. Workarounds have been found (eg: a separate Github Actions flow for such PRs) but this is both burdensome and typically does not provide robust enough testing. | ||
|
|
||
| # Details | ||
|
|
||
| `.taskcluster.yml` will be modified to support a new `allowApprovals` policy, which will support `collaborators` as a value. When set, collaborators to the repository may add a comment containing the string "taskcluster go" to a Pull Request that hasn't run tests because of its `pullRequests` policy. When this is done, Taskcluster will run any Tasks that it would've ran when the Pull Request was opened, had the author been authorized to start Tasks. | ||
|
|
||
| Taskcluster-Github will be modified to watch for [`issue_comment`](https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#issue_comment) events. When one is received, and the `allowApprovals` policy is set, it will check to see if "taskcluster go" is in the `comment`, and that the `sender` is a valid collaborator. If both of these conditions are true, Taskcluster-Github will create the appropriate Tasks. | ||
|
|
||
| This has been previously discussed in https://github.com/taskcluster/taskcluster-rfcs/issues/95 and https://github.com/taskcluster/taskcluster/issues/40. | ||
|
|
||
| # Implementation | ||
|
|
||
| <Once the RFC is decided, these links will provide readers a way to track the | ||
| implementation through to completion, and to know if they are running a new | ||
| enough version to take advantage of this change. It's fine to update this | ||
| section using short PRs or pushing directly to master after the RFC is | ||
| decided> | ||
|
|
||
| * <link to tracker bug, issue, etc.> | ||
| * <...> | ||
| * Implemented in Taskcluster version ... |