-
Notifications
You must be signed in to change notification settings - Fork 593
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable Mergify for dev workflow #2260
Comments
can the service also take a PR label into account?
do you know any such tools which could be appliable to the project? it could be quite nice to see not only tests- but also documentation-coverage |
It does. Right now it's used to ignore PR. What would you like to do with a label? Everything's documented at http://doc.mergify.io/ If doc are covered by the current jobs, that can be included in the rules. |
right now we have a label "PRs to be merged soon", i think having that label on a PR could be a good condition, meant what a PR confirmed by a human-review but pending some auto-checks or so
that's what i was asking -- if you know any tools for doc coverage which we could apply to awesome. it will be really amazing to start using something like that |
You actually don't need that. Those conditions are already configured on the Mergify side: you'd just have to write some rules like "2 humans must approve + all CI tests must pass" and that'll be enough.
I don't – though I don't think it's related to Mergify usage though here. |
it's indeed unrelated, i just thought you did some kind of research of the "market" of such tools so could give some guidance on that |
@actionless do you want to go ahead and enable it or do you want me to do it or help? |
let's wait for other feedback, my role in the project is too minimal for making such kind of decisions |
Ping @awesomeWM/write-access :) |
+0 from me. |
+0.5 from me since I imagine this makes me less important. I took a look at mergify and came up with the following configuration. This basically requires "everything has to be green" and I imagine that requiring
So, what do you think about this? Anyone strongly against this? Any suggestions for a different configuration? (What does codacy do again for us?) Edit: Added |
@psychon that sounds like a good config, it's the same one we use for https://github.com/gnocchixyz projects for example. And if there are some missing features that could help you guys with your PRs, feel free to ping me or open issues on https://github.com/mergifyio/mergify-engine/issues |
@jd and what will happen if a contributor will modify the settings in |
also, is it possible to choose to use UPD: my bad, i saw a message in my PR (#2129): |
@actionless The GitHub pull request determines what the target branch is; if you want to merge to a different branch, you have to open a different pull request. It's not related to Mergify (AFAIU). |
@jd I think the question is: Which |
Fixes: awesomeWM#2260 Signed-off-by: Uli Schlachter <psychon@znc.in>
Fixes: awesomeWM#2260 Signed-off-by: Uli Schlachter <psychon@znc.in>
@psychon The one from the pull request is taken into account. |
Umm, did I miss something? So the PR can disables everything and allow itself to be self-merged with malicious code? |
The PR can disable everything to make sure it is merged and once it is in the master branch Travis will run the changes to I agree that taking |
And from there if a JS framework with a catchy name uses this, you can replace the NPM package, lock everyone out of the github project and shut down half of the internet. |
You always need at least one review to merge a PR. :) That being said, @sileht is working on improving that initial workflow around |
By who? According to your doc I can just rewrite the IMO, as long as Mergify allows Mergify config to be modified using Mergify, that's big no from me. Any changes to |
According to your doc, From IRC:
|
so please disable it until @sileht work will be merged in UPD: because even it will require only one review, it still feeling not fine what it will use .mergify.yml not from the destination branch |
@actionless is has been merged, see the issue @psychon opened Mergifyio/mergify#27 |
also i was thinking about the case when code reviews are already approved but there are new commits: again in this PR: #2129 |
@actionless That's handled (on GitHub side) by the |
shouldn't it be forced by default? |
@actionless It is the default: https://doc.mergify.io/configuration.html#default |
i meant to always dismiss stale reviews disregard of that option if author of PR doesn't have write access |
@actionless has a point. Any PR that modifies As I said in #2260 (comment) , good default security values are not enough. Anything that touches the file affecting how |
@Elv13 That looks a good feature, the Github branch protection system doesn't help to do that. But if I can't use this API, I can implement this like |
Thanks for considering it, but I think I have to be a bit more insistent on how critical security is. Take those issues with a grain of salt. I didn't try to setup the service and pen-test it. Nor did I really review the code. I just looked up yesterday at the same time as @psychon did after @jd comment on the
Do you want me to open issues for those things or you will take care of them? Thanks for your useful project. Don't take those criticism negatively. It's just that I care. |
@Elv13 This is an awesome feedback, thank you. We're not taking anything negatively. I came here for awesome to be one of the first users because I knew I'd find such great feedback ;) We committed to build this engine in open source for that kind of reason! Everything you point seems valid, and some points we already aware. As you noticed, we're just starting up from our MVP so we took shortcuts obviously. I think it'd be great if you'd open issues for all of that so we can keep track and discuss them in the "proper" place. If you don't want to bother, let me know and I'll take care of it — you already did a lot. Thanks again! |
one more question, is it possible to choose if the merged branch commits will be squashed or rebased before the merge? |
@actionless Right now you can choose that on a per-repository basis, not on a per-pr basis. Feel free to open an issue/PR on mergify-engine if you need that. |
no, i was just asking to understand better the possibilities |
Yes, would be nice to allow for commands to the bot that it would act on.
Could not find it in the docs at https://doc.mergify.io/getting-started.html#configuration ?! And aren't commits rebased always in strict mode? |
This is what you're looking for I think: https://doc.mergify.io/configuration.html#merge-strategy
Not necessarily. Strict mode makes sure that if you have 2 PR ready to be merged, Mergify does: Whereas without strict mode it'll do: |
Both cases you mention appear to rebase the PR?!
When would a "merge" work while a "rebase" does not? |
That is if you set the merge method to
You can have a merge that have no conflict at all; imagine you have a branch Now, rebasing However, merging Example:
|
Hey team!
The current pull request configuration is pretty nice and has coverage, CI run, etc and uses code review. It seems to me there could be a large piece of automation that could be setup, and that's automatic merging based on those criteria.
I'd suggest to use Mergify for that on this repository: https://mergify.io/ which allows to do that easily.
WDYT?
(Full disclosure: I'm behind the service :)
The text was updated successfully, but these errors were encountered: