Comments (10)
Not all repos have the .kokoro
folder at the root. For example, https://github.com/GoogleCloudPlatform/golang-samples/tree/master/testing/kokoro.
from repo-automation-bots.
@chingor13 have you found that the search
approach you used for finding pom.xml
works? maybe we could use this for kokoro.
from repo-automation-bots.
👋 I switched this to a feature request, in practice I haven't heard too many complaints about trusted contributor bot not doing what it needs to do, is this still something we need to fix?
from repo-automation-bots.
Ok bad idea time. What if checked each repository, and specifically looked for ones with a webhook configured to hit http://35.184.182.122:8080
? I think you need that webhook for kokoro to work, so maybe that's a good global thing to check?
I would of course try to detect this once, and then cache the result inside Datastore with a TTL of 24 hours or something.
from repo-automation-bots.
Looking at:
https://github.com/googleapis/repo-automation-bots/tree/master/packages/trusted-contribution
I'm a bit confused why this is a problem.
Is this because we enabled this bot at the org level?
from repo-automation-bots.
I mean, if this causes problems because we enabled this bot at the org level, can we just do a one time sweep and stop org level configuration and add repo level configuration files?
from repo-automation-bots.
I think that it is still possible to implement automatic detection for whether the repo is using Kokoro or not, but I don't think this gives enough value justifying the cost.
If we think long term, there will be a high chance that other CI systems start introducing manual trigger (the label for Kokoro builds) for builds for contributions from 3rd parties.
I'd like to expand this bot's capability to handle such manual triggers for other CIs.
from repo-automation-bots.
There's no org level configuration, but it seems like the bot has the default trusted contributors list and it uses the default list.
Presumably the bot is installed at the org level.
I think we need some designs for solving this situation.
from repo-automation-bots.
FYI, for a workaround, I added disabled:
field in the config file, so if you add .github/trusted-contribution.yml
with the following:
disabled: true
The bot will ignore that repo.
from repo-automation-bots.
It's not the ideal solution, but now there's a workaround for disabling trusted-contribution, so I'd like to close this issue.
If you have specific repo you want to opt-out from it, please let me know, I'll add a config file.
from repo-automation-bots.
Related Issues (20)
- Owlbot Copy error HOT 6
- release-please bot is being triggered when merging it's own PRs HOT 2
- Error: Changes must be made through a pull request.
- allow creation of a single automated PR per rep rather than multiple analogous PRs HOT 1
- Snippet Bot: Snippet check fails on first run only HOT 1
- auto-approve bot: The bot isn't approving PR as intended. HOT 2
- Comment on viable auto-approve candidates if they were not approved
- can't set repoToClone to a local directory
- Request access to repo-automation-bots project HOT 1
- LINT_PATHS in `noxfile.py` doesn't include `vertexai` HOT 1
- Release-please is not running on gax-nodejs HOT 2
- I can no longer access owlbot logs on PRs HOT 1
- Critical: Security Risks Identified in Automation Bots with node:14-slim Dockerfile Base Image
- bug(owlbot): `owlbot:run` label does not trigger owlbot; `owlbot:run` label is not removed HOT 5
- release-please creates pull requests that have already been merged
- trusted-contributor-bot: comment on PRs from "untrusted" contributors indicating kokoro:force-run label is needed
- do not merge: block release-please PR for "api: foo" until "api: foo" issue with "release blocking" is closed HOT 2
- conventional-commit-lint: treat label 'automerge: exact' the as label 'automerge' HOT 1
- WebAssembly.compile() error HOT 4
- FR(owlbot): Add support for Github Merge Queues
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from repo-automation-bots.