Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

change(dev doc): Document how to change branch protection rules #7773

Merged
merged 5 commits into from
Oct 22, 2023
Merged

change(dev doc): Document how to change branch protection rules #7773

Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c358076
Document branch protection rules
teor2345 Oct 18, 2023
5e94eb7
Document automatic jobs for new crates
teor2345 Oct 18, 2023
af57dc5
Link to patch workflow docs
teor2345 Oct 19, 2023
09665dd
Merge branch 'main' into branch-protection
teor2345 Oct 19, 2023
596c3ed
Update book/src/dev/continuous-integration.md
gustavovalverde Oct 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 19 additions & 2 deletions book/src/dev/continuous-integration.md
View file
Open in desktop
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought this would include actual details (and possibly screenshots) of where and how these can be changed in github. e.g from the repo go to Settings > Branches and click "Edit" on the main branch entry.

I was able to figure this out myself but I was a bit nervous clicking around unsure of what would happen...

Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,27 @@
Some PRs don't use Mergify:
- Mergify config updates
- Admin merges, which happen when there are multiple failures on the `main` branch
- Manual merges
(these are disabled by our branch protection rules, but admins can remove the "don't allow bypassing these rules" setting)
- Manual merges (these are usually disabled by our branch protection rules)

We use workflow conditions to skip some checks on PRs, Mergify, or the `main` branch.
For example, some workflow changes skip Rust code checks.
For example, some workflow changes skip Rust code checks. When a workflow can skip a check, we need to create a patch workflow
with an empty job with the same name. This lets the branch protection rules pass when the job is skipped. In Zebra, we name these
teor2345 marked this conversation as resolved.
Show resolved Hide resolved
workflows with the extension `.patch.yml`.

Branch protecion rules should be added for every failure that should stop a PR merging, break a release, or cause problems for Zebra users.

Check warning on line 44 in book/src/dev/continuous-integration.md

View workflow job for this annotation

GitHub Actions / codespell

[codespell] book/src/dev/continuous-integration.md#L44 

protecion ==> protection
Raw output 
./book/src/dev/continuous-integration.md:44: protecion ==> protection
We also add branch protection rules for developer or devops features that we need to keep working, like coverage.

But the following jobs don't need branch protection rules:
* Testnet jobs: testnet is unreliable.
* Optional linting jobs: some lint jobs are required, but some jobs like spelling and actions are optional.
* Jobs that rarely run: for example, cached state rebuild jobs.
* Setup jobs that will fail another later job which always runs, for example: Google Cloud setup jobs.
We have branch protection rules for build jobs, but we could remove them if we want.

When a new job is added in a PR, use the `#devops` Slack channel ask a GitHub admin to add a branch protection rule after it merges.
gustavovalverde marked this conversation as resolved.
Show resolved Hide resolved
Adding a new Zebra crate automatically adds a new job to build that crate by itself in [ci-build-crates.yml](https://github.com/ZcashFoundation/zebra/blob/main/.github/workflows/ci-build-crates.yml),
so new crate PRs also need to add a branch protection rule.

### Pull Requests from Forked Repositories

Expand Down
Loading