Name: pulls.web-platform-tests.org
Owner: World Wide Web Consortium
Owner: web-platform-tests
Description: null
Created: 2017-04-24 12:38:12.0
Updated: 2018-04-18 09:52:06.0
Pushed: 2018-05-09 20:49:00.0
Homepage: https://pulls.web-platform-tests.org/
Size: 639
Language: Python
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
This application listens to pull request webhooks from GitHub, build notifications from TravisCI, and requests from other bots in the web-platform-tests ecosystem; consolidates the data from each of those providers; and posts a single summary comment on the state of the pull request to the PR in GitHub. The application also provides a UI to allow web-platform-tests maintainers to browse complete build results.
This application lives on a server, and only web-platform-tests infrastructure maintainers need concern themselves with it.
The server is configured an deployed via Ansible. See that directory for more details.
The following GitHub and Travis configurations will tie them into the application and allow the data to be captured.
If you're performing these tasks, you're probably a maintainer of this
project. You should be
set up as a deployer (you
will need the vault_pass
file to make changes here anyway). Read over the
Ansible Vault section as well.
When changing a secret token in the vault
, follow this procedure (Remember
to add --vault-password-file=path-to-vault_pass-file
to these commands if
you haven't exported the ANSIBLE_VAULT_PASSWORD_FILE=path-to-vault_pass-file
environment variable on your system):
ansible-vault decrypt ansible/group_vars/all/vault
ansible-vault encrypt ansible/group_vars/all/vault
You need to set up an account on GitHub to act as the user commenting on PRs with build information, and share the personal access token with this project.
public_repo
and user:email
permissions.vault_github_commenter_token
value in the vault to the personal access token. Commit and deploy.GitHub needs to send a pull request notification to this application in order to populate it with PR and commit data. This will require a secret key. See https://developer.github.com/webhooks/securing/#setting-your-secret-token for more details.
ruby -rsecurerandom -e 'puts SecureRandom.hex(20)'
vault_github_webhook_token
value in the vault to the secret key from Step 2. Commit and deploy.Travis needs to send a build notification to this application in order to populate it with build status data.
notifications.webhooks
in .travis.yml
(probably at the bottom) in
https://github.com/w3c/web-platform-tests to point to
http://pulls.web-platform-tests.org/api/build
.The GitHub webhook payload includes a secret token to verify that the request is issued from the correct repository.
Requests to this endpoint without the correct token will return 401 Unauthorized
.
See https://developer.github.com/webhooks/securing/#setting-your-secret-token for more information.
The Travis webhook payload includes a secret token to verify that the request originates from Travis. This does not ensure that the request is spawned by a build in w3c/web-platform-tests, so we perform an extra validation step to make sure the Travis payload has an organization name and repository name that match the expected values.
Requests to this endpoint without the correct Travis signature header will return 401 Unauthorized
.
Requests to this endpoint that do not match the organization name and repository name will return 403 Forbidden
.