Zuul should not run jenkins-bot on changes for refs/meta/* branches.
Description
Details
- Reference
- bz50389
Related Objects
Event Timeline
Causes various false positives and hilarious failures about missing files and what not.
On changes such https://gerrit.wikimedia.org/r/#/c/117146/ we always get a down vote because Jenkins tries to build it.
(In reply to Antoine "hashar" Musso from comment #3)
Use the web interface ? :-)
That is not an option because for change I'm making most often (disabling Verified/Submit for regular users) doesn't work in the the web interface.
The web interface of Gerrit is broken. It requires all values to be autocompleted, and one due to a bug in Gerrit you can only autocomplete group names you're an admin of (so only Gerrit root admins can make changes that introduce group names).
Through the commit interface it works fine however, and there is no security reason to restrict it either, it's purely a bug in the UI.
Either way, there are other branches as well. Zuul should only run on repository code related branches. These meta branches, unless we plan to write jobs for them (at which point we should have to explicitly whitelist them), there is no point in letting Zuul run over it.
I was merely minding Timo sorry ;-D
You can potentially add a ref filter on each of the Zuul pipeline. Something like:
- name: test trigger: gerrit:
- event: patchset-created ref: ^(?!refs/meta/config).*$
That should discard patches on refs/meta/config
Change 311032 had a related patch set uploaded (by Paladox):
Ignore refs/meta/config refs from jenkins
@hashar hi, would this https://gerrit.wikimedia.org/r/#/c/311032/ look ok? Since I doint thin you can filter refs on patchset-created any more? Unless I was doing it wrong.
Or we can just block user Jenkins on refs/meta/config from gerrit gui
Change 311105 had a related patch set uploaded (by Paladox):
Doint allow jenkins to test refs/meta/config
Change 311105 abandoned by Hashar:
Doint allow jenkins to test refs/meta/config
Reason:
Stop those non sense attempts please:
- we usually dont use user/ but a group (JenkinsBot)
- that will cause a random Gerrit exception in Zuul failing to read the ref which I have no idea what are the impact.
The fix is suggested on T52389 which is to have Zuul to filter out / ignore changes made to refs/meta/config for which I dont have a good implementation idea.
Change 311105 restored by Paladox:
Doint allow jenkins to test refs/meta/config
Reason:
Hi, sorry you thought this was a nonsense attempt but it really wasent. Ive been testing on gerrit-test and it has no side affects since it wont allow jenkins to read that ref so it wont know that it needs to test that ref.
This really works.
Upstream in openstack actually only allow project owners to read refs/meta/config (https://review.openstack.org/#/admin/projects/All-Projects,access) so it seems that will work without breaking.
Change 313387 had a related patch set uploaded (by Hashar):
Filter out refs/meta/config from all pipelines
Mentioned in SAL (#wikimedia-releng) [2016-10-11T08:29:33Z] <hashar> Reloading Zuul to deploy https://gerrit.wikimedia.org/r/#/c/313387/ Filter out refs/meta/config from all pipelines T52389
Change 315210 had a related patch set uploaded (by Hashar):
Test CI not reacting to refs/meta/config
Change 315211 had a related patch set uploaded (by Hashar):
Filter out refs/meta/config from check-only/check-voter
Change 315211 merged by jenkins-bot:
Filter out refs/meta/config from check-only/check-voter
Tested out on https://gerrit.wikimedia.org/r/#/c/315210/ . The Gerrit change is fetched by Zuul but does not enter any pipeline:
2016-10-11 08:45:15,138 INFO zuul.source.Gerrit: Updating <Change 0x7f12a8f511d0 315210,3> 2016-10-11 08:45:15,194 DEBUG zuul.source.Gerrit: Updating <Change 0x7f12a8f511d0 315210,3>: Getting git-dependent change 71103,1 2016-10-11 08:45:15,195 INFO zuul.source.Gerrit: Updating <Change 0x7f12ab3dc0d0 71103,1> 2016-10-11 08:45:15,296 DEBUG zuul.source.Gerrit: Updating <Change 0x7f12ab3dc0d0 71103,1>: change is merged 2016-10-11 08:45:15,296 DEBUG zuul.source.Gerrit: Updating <Change 0x7f12a8f511d0 315210,3>: Running query message:I07ba7399e5354f4c1509af2b1021f320f680b568 to find changes needed-by 2016-10-11 08:45:15,403 DEBUG zuul.Scheduler: Adding trigger event: <TriggerEvent patchset-created mediawiki/extensions/UploadWizard refs/meta/config 315210,3> 2016-10-11 08:45:15,403 DEBUG zuul.Scheduler: Done adding trigger event: <TriggerEvent patchset-created mediawiki/extensions/UploadWizard refs/meta/config 315210,3> 2016-10-11 08:45:15,403 DEBUG zuul.Scheduler: Run handler awake 2016-10-11 08:45:15,404 DEBUG zuul.Scheduler: Fetching trigger event 2016-10-11 08:45:15,404 DEBUG zuul.Scheduler: Processing trigger event <TriggerEvent patchset-created mediawiki/extensions/UploadWizard refs/meta/config 315210,3> 2016-10-11 08:45:15,404 DEBUG zuul.IndependentPipelineManager: Starting queue processor: check 2016-10-11 08:45:15,404 DEBUG zuul.IndependentPipelineManager: Finished queue processor: check (changed: False) 2016-10-11 08:45:15,404 DEBUG zuul.IndependentPipelineManager: Starting queue processor: check-only 2016-10-11 08:45:15,404 DEBUG zuul.IndependentPipelineManager: Finished queue processor: check-only (changed: False) 2016-10-11 08:45:15,404 DEBUG zuul.IndependentPipelineManager: Starting queue processor: check-voter 2016-10-11 08:45:15,404 DEBUG zuul.IndependentPipelineManager: Finished queue processor: check-voter (changed: False) 2016-10-11 08:45:15,404 DEBUG zuul.IndependentPipelineManager: Starting queue processor: test 2016-10-11 08:45:15,405 DEBUG zuul.IndependentPipelineManager: Checking for changes needed by <Change 0x7f12a9173c90 315207,4>: 2016-10-11 08:45:15,405 DEBUG zuul.IndependentPipelineManager: No changes needed 2016-10-11 08:45:15,405 DEBUG zuul.IndependentPipelineManager: Finished queue processor: test (changed: False) 2016-10-11 08:45:15,405 DEBUG zuul.IndependentPipelineManager: Starting queue processor: experimental 2016-10-11 08:45:15,405 DEBUG zuul.IndependentPipelineManager: Finished queue processor: experimental (changed: False) 2016-10-11 08:45:15,405 DEBUG zuul.IndependentPipelineManager: Starting queue processor: php5 2016-10-11 08:45:15,405 DEBUG zuul.IndependentPipelineManager: Finished queue processor: php5 (changed: False) 2016-10-11 08:45:15,405 DEBUG zuul.DependentPipelineManager: Starting queue processor: gate-and-submit 2016-10-11 08:45:15,405 DEBUG zuul.DependentPipelineManager: Checking for changes needed by <Change 0x7f1271c06f50 315212,1>: 2016-10-11 08:45:15,405 DEBUG zuul.DependentPipelineManager: No changes needed 2016-10-11 08:45:15,405 DEBUG zuul.DependentPipelineManager: Finished queue processor: gate-and-submit (changed: False) 2016-10-11 08:45:15,406 DEBUG zuul.IndependentPipelineManager: Starting queue processor: postmerge 2016-10-11 08:45:15,406 DEBUG zuul.IndependentPipelineManager: Finished queue processor: postmerge (changed: False) 2016-10-11 08:45:15,406 DEBUG zuul.IndependentPipelineManager: Starting queue processor: post 2016-10-11 08:45:15,406 DEBUG zuul.IndependentPipelineManager: Finished queue processor: post (changed: False) 2016-10-11 08:45:15,406 DEBUG zuul.IndependentPipelineManager: Starting queue processor: publish 2016-10-11 08:45:15,406 DEBUG zuul.IndependentPipelineManager: Finished queue processor: publish (changed: False) 2016-10-11 08:45:15,406 DEBUG zuul.Scheduler: Run handler sleeping