Comments (10)
tbpg
commented on July 22, 2024
Not all repos have the .kokoro folder at the root. For example, https://github.com/GoogleCloudPlatform/golang-samples/tree/master/testing/kokoro.
from repo-automation-bots.
bcoe
commented on July 22, 2024
@chingor13 have you found that the search approach you used for finding pom.xml works? maybe we could use this for kokoro.
from repo-automation-bots.
bcoe
commented on July 22, 2024
👋 I switched this to a feature request, in practice I haven't heard too many complaints about trusted contributor bot not doing what it needs to do, is this still something we need to fix?
from repo-automation-bots.
JustinBeckwith
commented on July 22, 2024
Ok bad idea time. What if checked each repository, and specifically looked for ones with a webhook configured to hit http://35.184.182.122:8080? I think you need that webhook for kokoro to work, so maybe that's a good global thing to check?
I would of course try to detect this once, and then cache the result inside Datastore with a TTL of 24 hours or something.
from repo-automation-bots.
tmatsuo
commented on July 22, 2024
Looking at:
https://github.com/googleapis/repo-automation-bots/tree/master/packages/trusted-contribution
I'm a bit confused why this is a problem.
Is this because we enabled this bot at the org level?
from repo-automation-bots.
tmatsuo
commented on July 22, 2024
I mean, if this causes problems because we enabled this bot at the org level, can we just do a one time sweep and stop org level configuration and add repo level configuration files?
from repo-automation-bots.
tmatsuo
commented on July 22, 2024
I think that it is still possible to implement automatic detection for whether the repo is using Kokoro or not, but I don't think this gives enough value justifying the cost.
If we think long term, there will be a high chance that other CI systems start introducing manual trigger (the label for Kokoro builds) for builds for contributions from 3rd parties.
I'd like to expand this bot's capability to handle such manual triggers for other CIs.
from repo-automation-bots.
tmatsuo
commented on July 22, 2024
There's no org level configuration, but it seems like the bot has the default trusted contributors list and it uses the default list.
Presumably the bot is installed at the org level.
I think we need some designs for solving this situation.
from repo-automation-bots.
tmatsuo
commented on July 22, 2024
FYI, for a workaround, I added disabled: field in the config file, so if you add .github/trusted-contribution.yml with the following:
disabled: true
The bot will ignore that repo.
from repo-automation-bots.
tmatsuo
commented on July 22, 2024
It's not the ideal solution, but now there's a workaround for disabling trusted-contribution, so I'd like to close this issue.
If you have specific repo you want to opt-out from it, please let me know, I'll add a config file.
from repo-automation-bots.
Related Issues (20)
- Owlbot Copy error HOT 6
- release-please bot is being triggered when merging it's own PRs HOT 2
- Error: Changes must be made through a pull request.
- allow creation of a single automated PR per rep rather than multiple analogous PRs HOT 1
- Snippet Bot: Snippet check fails on first run only HOT 1
- auto-approve bot: The bot isn't approving PR as intended. HOT 2
- Comment on viable auto-approve candidates if they were not approved
- can't set repoToClone to a local directory
- Request access to repo-automation-bots project HOT 1
- LINT_PATHS in `noxfile.py` doesn't include `vertexai` HOT 1
- Release-please is not running on gax-nodejs HOT 2
- I can no longer access owlbot logs on PRs HOT 1
- Critical: Security Risks Identified in Automation Bots with node:14-slim Dockerfile Base Image
- bug(owlbot): `owlbot:run` label does not trigger owlbot; `owlbot:run` label is not removed HOT 5
- release-please creates pull requests that have already been merged
- trusted-contributor-bot: comment on PRs from "untrusted" contributors indicating kokoro:force-run label is needed
- do not merge: block release-please PR for "api: foo" until "api: foo" issue with "release blocking" is closed HOT 2
- conventional-commit-lint: treat label 'automerge: exact' the as label 'automerge' HOT 1
- WebAssembly.compile() error HOT 4
- FR(owlbot): Add support for Github Merge Queues
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from repo-automation-bots.