| *** hashar has joined #openstack-jjb | 08:36 | |
| *** electrofelix has joined #openstack-jjb | 10:56 | |
| *** caphrim007_ has quit IRC | 15:34 | |
| *** caphrim007 has joined #openstack-jjb | 15:35 | |
| *** caphrim007 has quit IRC | 15:39 | |
| *** caphrim007 has joined #openstack-jjb | 16:57 | |
| *** hashar is now known as hasharDinner | 18:19 | |
| ssbarnea | i am trying to change gerrit filter to trigger only when "Workflow" label is added but the docs do not help much here. | 20:09 |
|---|---|---|
| ssbarnea | https://docs.openstack.org/infra/jenkins-job-builder/triggers.html has broken links pointing to gerrit docs. | 20:09 |
| ssbarnea | is suspect is something related to "approval-category" | 20:10 |
| zxiiro | ssbarnea: yes you need to add it to trigger-on: section under comment-added-event | 20:32 |
| zxiiro | ssbarnea: it will only trigger when that category is modified via gerrit comment though and is not a filter for as long as that category is set | 20:38 |
| zxiiro | I don't think there's a way with gerrit trigger to say "as long as this field is already set, then do this" | 20:38 |
| ssbarnea | zxiiro: i observed some magic 4 chars words, but I was wondering how does gerrit now how to translate Labels into magic chars. | 20:38 |
| zxiiro | ssbarnea: it's configured by the Gerrit admin. you have to poke in the database, i think the meta-config stuff if I recall. | 20:38 |
| ssbarnea | zxiiro: I added the "Workflow" label to the project, and in gerrit it works. | 20:38 |
| ssbarnea | zxiiro: this is on gerrithub.io --- where I am not an admin, I where it seems to impossible to even contact an admin | 20:38 |
| ssbarnea | is free, reliable, fast, but no chance of getting support on it. | 20:38 |
| *** openstack has quit IRC | 20:38 | |
| *** openstack has joined #openstack-jjb | 20:42 | |
| *** ChanServ sets mode: +o openstack | 20:42 | |
| ssbarnea | zxiiro: first, I need to find out what the correct way to do it. So far I found https://github.com/jenkinsci/gerrit-trigger-plugin/pull/270/files | 20:48 |
| ssbarnea | this makes me think that the docs are outdated A LOT. Also incompatible with full workflow. I have project with 3 labels: Code-Review, Verified and Workflow. How to configure this on gerrit trigger which seems to only have a dropdown with two values on it. | 20:49 |
| ssbarnea | maybe gerrit allows a free form value there, but the gerrit trigger plugin doesn't. | 20:49 |
| zxiiro | ssbarnea: I just checked our Jenkins instance. we're using Code-Review and Verified as well. I do recall Gerrit made some changes to the codes a few versions back now that you mention it. | 20:49 |
| zxiiro | ssbarnea: you might get lucky and be able to use "Workflow" | 20:50 |
| ssbarnea | zxiiro: yep, i was hopping for that a bug in code would allow me to do that. i will find out soon. | 20:50 |
| ssbarnea | zxiiro: even worse, it seems to trigger the build ignoring any label, trigger config is at https://gist.github.com/ssbarnea/36e872f3fe821ce41c2bb1f8104c6cf0 | 20:58 |
| zxiiro | ssbarnea: to be clear you have 4 triggers configured there which means there are 4 ways to trigger it | 20:59 |
| zxiiro | ssbarnea: it's not additive | 20:59 |
| ssbarnea | zxiiro: commenting the first two right now | 20:59 |
| zxiiro | so it will trigger-on patch-created OR draft-published OR someone leaves the comment pattern OR someone votes +1 Workflow | 20:59 |
| ssbarnea | zxiiro: does this means that is imposible to implement a trigger on special comment IF a label is present. | 21:00 |
| ssbarnea | meaning that if a "recheck" comment is implemented, anyone would be able to trigger a build. | 21:00 |
| zxiiro | ssbarnea: Gerrit Trigger does not provide us that level of conditionals. Each trigger is independently evaluated from the others. | 21:00 |
| zxiiro | that's right | 21:01 |
| ssbarnea | zxiiro: wow, that's is bad from the security point of view. kinda kills my attempt to secure builds (build only approved) | 21:01 |
| zxiiro | so workflow +1 is kind of useless if it's also allowed to trigger on "recheck" comment. | 21:01 |
| zxiiro | yeah our Jenkins servers are public so we have that issue | 21:02 |
| zxiiro | thankfully no one goes around typing "recheck" everywhere. | 21:02 |
| ssbarnea | zxiiro: i guess that in this case the only place to implement security would be inside triggered job. | 21:02 |
| ssbarnea | like "if I was triggered without getting the right labels, abandon build" | 21:03 |
| *** openstackgerrit has quit IRC | 21:03 | |
| zxiiro | yeah but then you waste server resources just to check that. In our case that would cost us money as we use the public cloud. | 21:04 |
| ssbarnea | zxiiro: not for me, we use jenkins and I could check this in groovy before alocating any node, so it would come almost as free/no resource. | 21:19 |
| ssbarnea | zxiiro: if you fail fast, before alocating node, there is not much cost into it | 21:20 |
| *** hashar has quit IRC | 22:58 | |
| *** openstackgerrit has joined #openstack-jjb | 23:16 | |
| openstackgerrit | Vam proposed openstack-infra/jenkins-job-builder master: GitLab Triggers https://review.openstack.org/531924 | 23:16 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!