[Mesa-dev] Thoughts after hitting 100 merge requests?
Daniel Stone
daniel at fooishbar.org
Thu Jan 17 19:06:55 UTC 2019
Hi,
On Thu, 17 Jan 2019 at 16:35, Jason Ekstrand <jason at jlekstrand.net> wrote:
> On January 17, 2019 08:58:03 Erik Faye-Lund <erik.faye-lund at collabora.com> wrote:
> > Whoops! I meant to say something like "we'd need to be able to
> > distinguis between CI steps that are triggered due to new MRs versus
> > updated MRs, or pushes to existing branches".
> >
> >> Anyway, Jason did actually write that hook, and it's something I'm
> >> happy to host on existing fd.o machines. I just haven't got to doing
> >> it, since I ended up taking my sabbatical a lot more seriously than I
> >> expected, and now I'm back to work I've got a bit of a backlog. But
> >> we
> >> can definitely do it, and pretty soon.
> >
> > Cool, then I won't worry about it, and just assume it'll appear
> > magically soon :)
>
> My script was a total hack. It's probably massively insecure and doesn't
> include any code to provide a diffstat which has been requested by several
> people. Someone taking it a bit more seriously would probably be good
> before we deploy anything.
With the caveat that I can no longer see the script because it's been
expired out of the pastebin (why not make a GitLab repo or at least
upload it to a snippet?) ...
I had the same assumption when you posted it, but came to the
conclusion it was actually OK, or at least would be with very minimal
work. We can configure Apache and GitLab pretty easily so it can only
be triggered with a secret token which is buried in the repo config
and/or accessible only to admins. It calls back into GitLab to get the
changes, so there's no danger of it sending completely arbitrary
content even if someone does figure out how to trigger it when they
shouldn't. It also has GitLab project -> email destination hardcoded
in the script, so there's no danger of it being used to spam arbitrary
addresses either.
Even without that, given that people currently only need to sign up to
Bugzilla (without a captcha) in order to send email with arbitrary
content to mesa-dev@, 'less spam-prone than the status quo' is an
embarrassingly low bar anyway.
Whoever wants to see this happen should ping Jason to get the script
and his suggested changes, get it in a GitLab repo, then file an issue
on https://gitlab.freedesktop.org/freedesktop/freedesktop/issues/new/
and I'll get it deployed.
Cheers,
Daniel
More information about the mesa-dev
mailing list