Skip to content

Don't use author_association for self-hosted vs public runner decision. #14718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ashb merged 11 commits into from
Mar 11, 2021
Merged

Don't use author_association for self-hosted vs public runner decision. #14718

ashb merged 11 commits into from
Mar 11, 2021

Conversation

@ashb
Copy link
Member

@ashb ashb commented Mar 11, 2021

Using this has two draw-backs for us.

  1. MEMBER applies to anyone in the org, not just members/commiters to this repo
  2. The value of this setting depends upon the user's "visiblity" in the org. I.e. if they hide their membership of the org, the author_association will show up as "CONTRIBUTOR" instead.

Both of these combined mean we should instead use an alternative list. Airflow committers is a scret that contains a list of GH user ids, such as ["ashb", "..."] etc.

@ashb
Don't use author_association for self-hosted vs public runner decision.
01d6fe4 
Using this has two draw-backs for us.

1. MEMBER applies to _anyone in the org_, not just members/commiters to
   this repo
2. The value of this setting depends upon the user's "visiblity" in the
   org. I.e. if they hide their membership of the org, the
   author_association will show up as "CONTRIBUTOR" instead.

Both of these combined mean we should instead use an alternative list.
Airflow committers is a scret that contains a list of GH user ids, such
as `["ashb", "..."]` etc.
@ashb ashb requested review from kaxil and potiuk as code owners March 11, 2021 11:24
@ashb
Copy link
Member Author

ashb commented Mar 11, 2021

Hmmm.

The workflow is not valid. .github/workflows/ci.yml (Line: 76, Col: 14): Unrecognized named-value: 'secrets'. Located at position 94 within expression: ( ( github.event_name == 'push' || github.event_name == 'schedule' || contains(secrets.AIRFLOW_COMMITERS, github.actor) ) && github.repository == 'apache/airflow' ) && 'self-hosted' || 'ubuntu-20.04'

@ashb ashb marked this pull request as draft March 11, 2021 11:25
@ashb
Copy link
Member Author

ashb commented Mar 11, 2021

Damn, It seems you can't reference secrets nor env in the runs-on step :/ Hmmm what to do.

@ashb
Copy link
Member Author

ashb commented Mar 11, 2021

Trying to include a hard-coded list in the ci.yaml (it's verifired/checked again on the runner so is "safe") fails too:

Unexpected symbol: '['.

Damn, not sure this is actually possible :/

@ashb
Copy link
Member Author

ashb commented Mar 11, 2021

contains(fromJSON('["ashb"]'), github.actor) works, but is... ugly.

@github-actions
Copy link

github-actions bot commented Mar 11, 2021

The Workflow run is cancelling this PR. Building image for the PR has been cancelled

@ashb ashb mentioned this pull request Mar 11, 2021
Merged
@ashb
Copy link
Member Author

ashb commented Mar 11, 2021

Down to at least one hard-coded list now.

ashb
ashb commented Mar 11, 2021
View reviewed changes
@ashb
Copy link
Member Author

ashb commented Mar 11, 2021

There, working, and not too horrible/duplictative. I would have liked to be able to use secrets, but sadly not possible.

@ashb ashb marked this pull request as ready for review March 11, 2021 12:30
@ashb
Copy link
Member Author

ashb commented Mar 11, 2021

Jobs after the first are running on self-hosted runners, don't need to wait on tests.

@ashb ashb merged commit 4213487 into apache:master Mar 11, 2021
@ashb ashb deleted the dont-user-author-assocation-selfhosted branch March 11, 2021 12:33
potiuk
potiuk reviewed Mar 11, 2021
View reviewed changes
.github/workflows/ci.yml

env:

AIRFLOW_COMMITERS: ${{ secrets.AIRFLOW_COMMITERS }}
Copy link
Member

@potiuk potiuk Mar 11, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess we can remove this one? That turned out to be not working for forked PRs I believe?

@ashb ashb mentioned this pull request Mar 11, 2021
Merged
potiuk added a commit to potiuk/airflow that referenced this pull request Mar 12, 2021
@potiuk
Fixed runs-on for non-apache repository
a7363c1 
The change apache#14718 by mistake left the 'self-hosted" runs-on in case of
push or schedule. This caused failures on non-apache repositories.
@potiuk potiuk mentioned this pull request Mar 12, 2021
Merged
potiuk added a commit that referenced this pull request Mar 12, 2021
@potiuk
Fixed runs-on for non-apache repository (#14737)
945a5b9 
The change #14718 by mistake left the 'self-hosted" runs-on in case of
push or schedule. This caused failures on non-apache repositories.
potiuk pushed a commit that referenced this pull request Mar 23, 2021
@ashb @potiuk
Don't use author_association for self-hosted vs public runner decisio…
035b0cb 
…n. (#14718)

Using this has two draw-backs for us.

1. MEMBER applies to _anyone in the org_, not just members/commiters to
   this repo
2. The value of this setting depends upon the user's "visiblity" in the
   org. I.e. if they hide their membership of the org, the
   author_association will show up as "CONTRIBUTOR" instead.

Both of these combined mean we should instead use an alternative list.

We can't use a secret as the `secrets.` context is not available in the runs-on
stanza, so we have to have a hard-coded list in the workflow file :( This is as
secure as the runner still checks the author against it's own list.

(cherry picked from commit 4213487)
potiuk added a commit that referenced this pull request Mar 23, 2021
@potiuk
Fixed runs-on for non-apache repository (#14737)
d68d58a 
The change #14718 by mistake left the 'self-hosted" runs-on in case of
push or schedule. This caused failures on non-apache repositories.

(cherry picked from commit 945a5b9)
ashb added a commit that referenced this pull request Apr 15, 2021
@ashb
Don't use author_association for self-hosted vs public runner decisio…
6ca12b6 
…n. (#14718)

Using this has two draw-backs for us.

1. MEMBER applies to _anyone in the org_, not just members/commiters to
   this repo
2. The value of this setting depends upon the user's "visiblity" in the
   org. I.e. if they hide their membership of the org, the
   author_association will show up as "CONTRIBUTOR" instead.

Both of these combined mean we should instead use an alternative list.

We can't use a secret as the `secrets.` context is not available in the runs-on
stanza, so we have to have a hard-coded list in the workflow file :( This is as
secure as the runner still checks the author against it's own list.

(cherry picked from commit 4213487)
ashb pushed a commit that referenced this pull request Apr 15, 2021
@potiuk @ashb
Fixed runs-on for non-apache repository (#14737)
11d915e 
The change #14718 by mistake left the 'self-hosted" runs-on in case of
push or schedule. This caused failures on non-apache repositories.

(cherry picked from commit 945a5b9)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@potiuk potiuk potiuk left review comments

@kaxil kaxil kaxil approved these changes

Assignees

No one assigned

Labels

area:dev-tools

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ashb @potiuk @kaxil