All right. Could you please give an example of a malicious PR? Would it be one which is done (locally tested) from an old version of macOS?
On Wed, Mar 27, 2019 at 9:55 PM Mojca Miklavec <[email protected]> wrote: > Dear Rajdeep, > > It's not just a question of how to fetch a PR. That shouldn't be too > difficult, I hope (and probably the link you provided works as intended). > > The tricky question is how to prevent malicious PRs from doing damage on > the builders. I assume that a proper solution would require starting a > fresh VM for each build. There is some support in the buildbot already: > > http://docs.buildbot.net/2.1.0/manual/configuration/workers-libvirt.html > https://github.com/kholia/OSX-KVM > but we would need to find a way to create VMs with macOS, so it might not > be trivial to do it. On top of that what we would really need the PRs for > are the old machines (say, 10.6, or even 10.4 if we would want to go to > extremes) where it might be even less trivial to automate this in a nice > way. > > (A compromise solution would be to only allow trusted developers to test > pull requests on devoted builders, where we would also need to make sure to > uninstall the software after the PR is done building.) > > While implementing this remains almost the number one requested thing when > people contribute to packages, I'm not sure how much time doing this would > take. It could be that this could be done in a day or a few days, but it's > also possible that there would be some stumbling block that would require > more hacking skills and would prevent us from proceeding, and not even two > months would suffice. In one way, I wouldn't mind if a student would work > on this for the full summer to get this working; on the other hand, if > there's a block and none of us is skilled enough to overcome it, it makes > more sense to proceed with other stuff that can certainly be done. > > Mojca > > > On Wed, 27 Mar 2019 at 16:05, Rajdeep Bharati <[email protected]> > wrote: > >> I could use the GitHubPullrequestPoller >> <http://docs.buildbot.net/current/manual/configuration/changesources.html#chsrc-GitHubPullrequestPoller> >> which >> periodically polls the Github API for new/updated PRs. >> >> Here is an example: >> https://github.com/halide/build_bot/blob/master/master/master.cfg >> >> c['change_source'].append(GitHubPullrequestPoller( >> owner = 'halide', >> repo = 'Halide', >> token = token, >> pullrequest_filter = pr_filter, >> pollInterval = 60*5, # Check Halide PRs every five minutes >> pollAtLaunch = True)) >> Rajdeep >> >> On Wed, Mar 27, 2019 at 3:59 AM Mojca Miklavec <[email protected]> >> wrote: >> >>> Dear Rajdeep, >>> >>> On Tue, 26 Mar 2019 at 19:51, Rajdeep Bharati wrote: >>> > >>> > I have submitted a draft proposal: >>> https://docs.google.com/document/d/12wRjA8sOWNOuApHZ_fm0n1aIPLVPt9Xm2yGiMwiK3AI/edit. >>> Could you please provide some feedback? >>> >>> Cool, thank you very much, it looks nice, please give us a bit of time. >>> >>> One question: what precisely is your plan for setting up disposable >>> builds for PRs? >>> >>> Mojca >>> >>
