Re: [GSoC] Progress Report

Sun, 04 Jun 2017 18:49:18 -0700 

On Sun, Jun 04, 2017 at 11:13:54PM +0200, Rainer Müller wrote:

As far as I understand it, the CI "bot" are just scripts to be executed
on Travis CI, but the PR bot will be a daemon process running on our own
infrastructure?


Yes, except that the CI bot is not just scripts.
The CI bot is written in Go to share code with the PR bot.


The design docs are available at https://github.com/l2dy/mpbot-design,
but the code is not functional yet so I'm not sharing it for now.


Quoting from the linked document:

| 1. List subports
| 2. port lint test
| 3. port -d install test
| 4. Send data to CI bot
                 ^^
That is supposed to be PR bot, right?


Thanks, indeed.


| The CI bot generates an ECDSA key pair on start and prints the public
| key on Travis log. While testing ports, the bot attempts handshake
| with the PR bot by signing the salt PR bot provided (TCP or HTTP?).
| The PR bot would grab the public key from Travis logs and verify the
| signature.

This seems overly complex. In case the CI bot needs to communicate with
the PR bot directly, shouldn't a simple password/access token passed in
the environment [1] be secure enough for this? Or are we running into
these restrictions [2]?


Yes, those restrictions apply. We can't have secrets in Travis's
environment for PRs.


As I see it, the status of the PR on GitHub needs to be updated. Travis
already has functionality to do so, what role does the PR bot play at
that point? Couldn't it just pick up the notification from GitHub [3]?


Adding labels like "type:update" and notify maintainers. Foreign Tcl
code can't be safely executed on our infra. Pulling foreign git branches
consumes bandwidth and disk space. So the plan is to let Travis generate
needed data not available from GitHub API and these data be sent to and
sanitized by the PR bot.


Rainer

[1] https://docs.travis-ci.com/user/environment-variables/
[2]
https://docs.travis-ci.com/user/pull-requests/#Pull-Requests-and-Security-Restrictions
[3]
https://developer.github.com/v3/activity/events/types/#pullrequestreviewevent


--
Best regards,
Zero King

Don't trust the From address.



Attachment:
smime.p7s

Description: S/MIME cryptographic signature






















					Reply via email to