Re: Mesos commit hooks requiring internet access

[Andrew Schwartzmeyer]

Hi Benno and Armand,

Comments from other devs would be useful
to know if this would be a positive change or not.
I definitely view this as a positive change. I'm constantly running `git 
commit -n` anyway to skip hooks for a `WIP: I'm just pushing this to my 
other machine` commit.

It is when running `post-reviews.py` that the commits should be clean, 
and that the user expects an internet connection to be up.

I will suggest, however, that we attempt to do this verification 
separately from the posting. That is, it should be atomic. Either all 
the patches pass verification, and then get posted, or some patch 
doesn't pass, and no patches get posted (so a two-stage process).

By implementing the verification in, e.g. `verify-reviews.py`, and 
requiring a success pass from that before `post-reviews.py` continues, 
not only is it simpler, but we'll avoid causing lots of updates to be 
posted to Review Board if some patch in the middle fails and needs to be 
amended (I'm sure you're familiar with the pain of changing a patch 
chain and re-posting patches, it doesn't always work out easily). 
Additionally, by having a separate script, the user can run it at any 
point, not just when `post-reviews.py` invokes it.

Thanks,

Andrew Schwartzmeyer

On 11/10/2017 8:47 am, Armand Grillet wrote:
Hi Benno,

As I added the new JavaScript linter to support/mesos-style.py, let me
provide some details regarding its implementation.

"Indeed, it turns out that the pre-commit hook is installing both a pip
package and an npm package, eslint, along with all of its 1450
dependencies. (https://pastebin.com/hTZWRxcy)"

We chose ESLint due to its flexible CLI and good documentation, it 
provides
us an output going well with the two other linters we use for C++ and
Python and a linting that we have adapted to work with our JS codebase.
Concerning the metric you used: JSHint, which is the other JS linter
allowing customization from the collection
https://github.com/collections/clean-code-linters, has 972 dependencies
(number obtained using npm-remote-ls); this is a smaller number but 
still
in the same league. There is no equivalent to cpplint.py for JS, we had 
to
use a Node.js package (in that case a npm package).

Node.js packages require node, we install it from a new Python virtual
environment created for the linters (the Mesos Python linter also 
requires
some pip packages) using nodeenv (https://github.com/ekalinin/nodeenv).
This was a simple solution to install eslint and it explains the chain 
of
dependencies you described (pip package => npm package => JS 
dependencies).

"My proposal would be to move most checks to post-reviews.py, which
is a slow operation anyways and which actually marks the point in time
where the commits should be cleaned up enough to pass all checks."

I personally agree and this is feasible, please create a ticket 
regarding
that request and assign it to me. Comments from other devs would be 
useful
to know if this would be a positive change or not.

One last point regarding the length of the installation of this new 
linter
due to its dependencies: the two Python virtual environments we use in
Apache Mesos (one for the CLI, one for the linters) are only being 
rebuilt
when we update the pip requirements or update the virtual environment
installation scripts (
https://github.com/apache/mesos/blob/ab9039335723fc36cb8e8b4fbb17a15327520cc9/support/mesos-style.py#L406).
This is a not a common event as you can see from the history of the CLI
pip-requirements.txt:
https://github.com/apache/mesos/commits/master/src/python/cli_new/pip-requirements.txt
and
https://github.com/apache/mesos/commits/2d19111e4852aed25161e4549ff704f9d4c2f37b/src/cli_new/pip-requirements.txt
.

Best regards,

2017-11-10 16:28 GMT+01:00 Benno Evers <bev...@mesosphere.com>:

Hi guys,

Our commit hooks in mesos have been traditionally quite strict 
(something
many people here will have experienced when "quickly" commiting some 
work
in progress before changing branches). However, when I rebased a 
branch
today I was surprised to learn that I had to wait more than 5 minutes 
while
something was downloaded from the internet.

Indeed, it turns out that the pre-commit hook is installing both a pip
package and an npm package, eslint, along with all of its 1450
dependencies. (https://pastebin.com/hTZWRxcy)

Aside from the security implications (these are unsigned, and every 
single
one gets to execute custom javascript) I feel like there is something
fundamentally wrong here - a git commit is supposed to be a local
operation, it should not need internet access:

    bevers@poincare:~/mesos$ git commit -m "Dummy commit on cleaned
worktree."
    Virtualenv not detected... building
    Rebuilding virtualenv...
    Retrying (Retry(total=4, connect=None, read=None, redirect=None)) 
after
connection broken by
'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.
VerifiedHTTPSConnection
object at 0x7fea82eb11d0>: Failed to establish a new connection: 
[Errno -2]
Name or service not known',)': /simple/pip/
    [...]
    Retrying (Retry(total=0, connect=None, read=None, redirect=None)) 
after
connection broken by
'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.
VerifiedHTTPSConnection
object at 0x7f2e627456d0>: Failed to establish a new connection: 
[Errno -2]
Name or service not known',)': /simple/nodeenv/
    Could not find a version that satisfies the requirement 
nodeenv==1.1.2
(from -r /home/bevers/mesos/support/pip-requirements.txt (line 1)) 
(from
versions: )
    No matching distribution found for nodeenv==1.1.2 (from -r
/home/bevers/mesos/support/pip-requirements.txt (line 1))


I'm sure running various linters improves code quality, but there must 
be a
better way to implement this. My proposal would be to move most checks 
to
post-reviews.py, which is a slow operation anyways and which actually 
marks
the point in time where the commits should be cleaned up enough to 
pass all
checks.

What do you think?

Best regards,
--
Benno Evers
Software Engineer, Mesosphere