Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set up auto-syncing of edge branch from upstream (with branch locked for everything else) #55

Closed
wants to merge 12 commits into from
Closed

Set up auto-syncing of edge branch from upstream (with branch locked for everything else) #55

wants to merge 12 commits into from

Conversation

patcon
Copy link
Member

@patcon patcon commented Oct 22, 2024
edited
Loading

Resolves #53

This adds a new workflow to run regularly and pull commit from upstream edge and push them to our edge, so it stays up-to-date. It also documents some associated settings changes in repo.

It is currently set up to run once/day at 2am ET, and can be manually triggered from it's workflow page (see screenshot below).

The hard part was making it so that a workflow could push to a protected branch, but no regular users can without changing settings, even ones who are admin on the repo (who might easily do so by accident).

Starting review with the workflow file will be most helpful, as it explain context on the rest :)

Of note:

  • admins can't push any new refs to branch (ONLY the workflow can push, via its repo deploy key)
  • making any changes to edge will require adding a bypass to the branch protection rule (for admin users)

Todos

  • write the workflow
  • documented repo ruleset config in code: .github/config.yml
  • test the workflow (see patcon/polis repo)
    • that admin can't push from workstation via ssh key
    • that admin personal access token can't push
    • that workflow github_token can't push
    • that deploy key in workflow CAN push
  • will do if/when approved

Screenshot of manual trigger

Screenshot 2024-10-22 at 4 38 23 PM

@patcon
Copy link
Member Author

patcon commented Oct 22, 2024

Here's all the test runs I did. I kept force-pushing to remove the final upstream commit from my edge, and seeing if it would get pulled when I manually triggered the action.

https://github.com/patcon/polis/actions/workflows/sync-from-upstream.yml

screenshot of the manual trigger than will show up if/when we merge:
Screenshot 2024-10-22 at 4 38 23 PM

@patcon patcon mentioned this pull request Oct 29, 2024
Open
@patcon
Copy link
Member Author

patcon commented Oct 29, 2024

Ah, I've realized there's another way to do this, which is much better and more maintainable: #53 (comment)

@patcon patcon closed this Oct 29, 2024
@patcon patcon mentioned this pull request Oct 29, 2024
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Auto-sync edge branch from upstream
1 participant
@patcon