-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Committing with the Github's desktop app breaks Chain of Trust #334
Comments
@sblatz could you make a commit (on Fenix) with the desktop app and let someone else merge the PR? This data would be useful to assess what's the best fix. |
@JohanLorenzo: this is an example of me committing with desktop app and someone else merging: mozilla-mobile/fenix#2121 |
Thanks for the link! So, it seems the bug only occurs when someone makes a commit with the desktop app and then merges the PR themselves. mozilla-mobile/fenix#2121 shows: |
https://help.github.com/en/desktop/getting-started-with-github-desktop/authenticating-to-github-using-the-browser might explain why the "Web Flow" user is also used on desktop. I didn't find any other explanation on Github's help pages. |
Rolling it out to production workers via mozilla-releng/build-puppet#476 |
Hmmm, I don't understand. Even though the change is deployed, the error remains: https://tools.taskcluster.net/groups/UDHP3ZpqSE-PyoDmxl_2sg/tasks/Dr4ies5VSWWpTE96Y2qXdw/runs/1/logs/public%2Flogs%2Fchain_of_trust.log I'm looking into it |
Actually, the change isn't deployed because the worker is pinned to another environment. Unpinning it. |
I confirm it now works! https://tools.taskcluster.net/groups/UDHP3ZpqSE-PyoDmxl_2sg/tasks/Dr4ies5VSWWpTE96Y2qXdw/runs/2 |
See also bug 1781051 for another issue with |
Error spotted at https://treeherder.mozilla.org/#/jobs?repo=fenix&revision=4cd0d464a7d5e15cc85f29e0dc14fcd127cca4ea&selectedJob=242996267:
https://api.github.com/repos/mozilla-mobile/fenix/commits/4cd0d464a7d5e15cc85f29e0dc14fcd127cca4ea returns:
which points to this Github user:
git show --format=fuller 4cd0d464a7d5e15cc85f29e0dc14fcd127cca4ea
shows:I confirmed with @sblatz that he used Github's desktop app to make this commit. That error happened on other commits of his.
In #327, I changed CoT to use the committer data, instead of the author one because of a similar kind of breakage (#326).
We might want to change
scriptworker/scriptworker/cot/verify.py
Line 1201 in 8e97bbd
web-flow
and then fall back to the author data instead. We may run into another error if the person who merges the PR is different. Let's check that first.The text was updated successfully, but these errors were encountered: