Re: [vdsm] Jenkins and Gerrit.

From: "Robert Middleswarth" <robert(a)middleswarth.net&gt; To: "Dan Kenigsberg" <danken(a)redhat.com&gt; Cc: "VDSM Project Development" <vdsm-devel(a)lists.fedorahosted.org&gt;, "infra" <infra(a)ovirt.org&gt; Sent: Wednesday, August 8, 2012 10:53:35 PM Subject: Re: [vdsm] Jenkins and Gerrit. On 08/08/2012 03:07 PM, Dan Kenigsberg wrote: > On Wed, Aug 08, 2012 at 09:58:17AM -0400, Robert Middleswarth > wrote: >> On 08/08/2012 09:50 AM, Dan Kenigsberg wrote: >>> On Wed, Aug 08, 2012 at 02:55:17PM +0200, Ewoud Kohl van >>> Wijngaarden wrote: >>>> On Wed, Aug 08, 2012 at 03:48:13PM +0300, Dan Kenigsberg wrote: >>>>> On Wed, Aug 08, 2012 at 07:47:02AM -0400, Robert Middleswarth >>>>> wrote: >>>>>> I have setup patch review on Jenkins.info for newly submitted >>>>>> patches and it seems to be working pretty well over all but >>>>>> last >>>>>> night well tweaking the process I broken it for a few min but >>>>>> that >>>>>> was long enough that about 50 jobs were marked -1 I will be >>>>>> fixing >>>>>> that today by rerunning the jobs. I am sorry if one of your >>>>>> patches >>>>>> was dinged and it should be fixed by this time tomorrow. >>>>> Thanks, Robert, for working on this. It is highly important for >>>>> me to >>>>> know that something is going to break the build before taking >>>>> it in. >>>>> >>>>> However, would it be possible to have a repository where we can >>>>> review >>>>> the code of the robot? >>>> It's Gerrit Trigger[1] and the code is on github[2]. >>>> >>>>> I think it is important for the robot to be less noisy, and >>>>> particularly, never give V+1. This task is reserved to humans >>>>> that >>>>> actually know what the patch should be doing. >>>> The V+1 has been fixed. Will give 0 when they pass, -1 when they >>>> fail. >>>> >>>>> Also, I am not at all sure that the robot is limitting itself >>>>> to be >>>>> running code of trustworthy authors. >>>> Eyal added a feature request for this[3]. This was the result of >>>> a >>>> discussion on the infra mailing list[4]. >>> As much as I like (and need) this per-commit verification, I >>> think we >>> should not deploy it before the feature is implemented. >>> >>> BTW, Federico suggested to initiate the test only on request >>> (when oVirt >>> Jenkins CI Server is added as reviewer). This would allow a more >>> silent >>> start for CI. >>> >>> Thanks, >>> Dan. >> I already wrote a little bash code to do this outside the plug-in. >> It will be in place by the end of the day. > This kind of script is exactly the thing I'd like to be > peer-reviewed > before applied en mass to gerrit changes. Particularly due to the > security implications. > > Regards, > Dan. If you are talking about the jenkins app that updates Gerrit that is has been in use on ovirt-node-devel for some time. As for the whitelist script that is like 4 lines. git log --pretty="%ce" -n 1 > $WORKSPACE/current_author.txt grep -f $WORKSPACE/current_author.txt $WORKSPACE/jenkins-whitelist.txt RETVAL=$? [ $RETVAL -ne 0 ] && curl -u jenkins_bot:xxxxxx $BUILD_URL/stop; It is simple and the files are generated outside of the repo so it should be safe.

-- Thanks Robert Middleswarth @rmiddle (twitter/IRC) _______________________________________________ Infra mailing list Infra(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/infra