| kep-number | title | authors | owning-sig | participating-sigs | reviewers | approvers | editor | creation-date | last-updated | status | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
28 |
New label for trusted PR identification |
|
sig-testing |
|
|
|
TBD |
2018-06-25 |
2018-09-03 |
provisional |
- Table of Contents
- Summary
- Motivation
- Proposal
- Graduation Criteria
- Future evolutions
- References
- Implementation History
This document describes a major change to the way the trigger plugin determines if test jobs should be started on a pull request (PR).
We propose introducing a new label named ok-to-test that will be applied on non-member PRs once they have been /ok-to-test by a legitimate reviewer.
PR test jobs are started by the trigger plugin on trusted PR events, or when a untrusted PR becomes trusted.
A PR is considered trusted if the author is a member of the trusted organization for the repository or if such a member has left an
/ok-to-testcommand on the PR.
It is easy spot an untrusted PR opened by a non-member of the organization by its needs-ok-to-test label. However the contrary is difficult and involves scanning every comment for a /ok-to-test, which increases code complexity and API token consumption.
This KEP will only target PRs authored from non-members of the organization:
- introduce a new
ok-to-testlabel - modify
/ok-to-testcommand to applyok-to-teston success - modify
triggerplugin and other tools to useok-to-testfor PR trust - support
/ok-to-testcalls inside review comments
This KEP will not change the current process for members of the organization.
We suggest introducing a new label named ok-to-test that would be required on any non-member PR before automatic test jobs can be started by the trigger plugin.
This label will be added by members of the trusted organization for the repository using the /ok-to-test command, detected with a single GenericCommentEvent handler on corresponding events (issue_comment, pull_request_review, and pull_request_review_comment).
- PR: declare
ok-to-test- add
ok-to-testtolabel_sync
- add
- (custom tool needed) batch add
ok-to-testlabel to non-members trusted PRs- for all PR without
ok-to-testorneeds-ok-to-test - if author is not a member of trusted org
- add
ok-to-test
- for all PR without
- documentation updates
- edit all documentation references to
needs-ok-to-test
- edit all documentation references to
- other cookie crumbs updates
- update infra links (eg: redirect https://go.k8s.io/needs-ok-to-test)
- update locations where edits are expected (eg: https://github.com/search?q=org%3Akubernetes+needs-ok-to-test&type=Code)
- PR: switch to
ok-to-test- remove
needs-ok-to-testfrommissingLabelsinprow/config.yaml - edit
prow/config/jobs_test.go - edit
prow/cmd/deck/static/style.css - edit
prow/cmd/tide/README.md - code changes in
trigger:/ok-to-testaddsok-to-test- PR trust relies on
ok-to-test - if PR has both labels, drop
needs-ok-to-test - edit all references to
needs-ok-to-test
- remove
- run batch job again, to catch new PRs that arrived between first run and merge/deploy
- (to be discussed) periodically check for and report PRs with both
ok-to-testandneeds-ok-to-testlabels
- Trusted PRs are easily identified by either being authored by org members, or by having the
ok-to-testlabel. - Race conditions can no longer happen when checking if a PR is trusted.
- API tokens are saved by avoiding listing the comments, reviews, and review comments every time we need to check if a PR is trusted.
TODO
TODO
In the future, we might decide to require the new label for all PRs, which means that organization members will also need the ok-to-test label applied to their PRs before automatic testing can be triggered.
Trusted and untrusted PRs will be even easier to tell apart.
This would require adding automatically the ok-to-test label to member authored PRs to keep the current functionality.
- 2018-06-25: creation of the KEP
- 2018-07-09: KEP content LGTM during sig-testing presentation
- 2018-07-24: KEP updated to keep
needs-ok-to-testfor better UX - 2018-09-03: KEP rewritten with template
- 2018-10-04: KEP merged into master
- 2018-10-08: start of implementation
- 2018-10-10:
ok-to-testlabel added