[
https://issues.apache.org/jira/browse/YETUS-633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17209998#comment-17209998
]
Allen Wittenauer commented on YETUS-633:
----------------------------------------
With YETUS-992, I've done a lot more work on this:
* GitHub Actions is (effectively) a re-branded Azure Pipelines. It provides
very simple access to some things. Starting docs are here:
https://docs.github.com/en/free-pro-team@latest/actions . Of particular
interest is:
https://docs.github.com/en/free-pro-team@latest/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token
which says that, depending upon context, Actions may have access to write to
GitHub Statuses and Checks. Actions always have access to Check Run
Annotations because they just need to spew out some specially formatted text to
stdout. (Apache Yetus as of 0.13.0 will do/does this now in preference to the
old linecomments code)
* If your bits don't run as an action, then to get equivalent access, they need
to have both GitHub Statuses
(https://docs.github.com/en/free-pro-team@latest/rest/reference/repos#statuses)
and the Checks APIs
(https://docs.github.com/en/free-pro-team@latest/rest/reference/checks). Both
are meant for full blown GitHub Apps. There is _no way_ to provide a personal
access token to be able to _write_ to those APIs as of this writing. (You
_can_ get read access to Statuses.) Running a GitHub App requires the ability
to do a REST callback because users will be prompted to give permission and the
token that is returned must be persisted between runs.... completely
inappropriate for the current state of test-patch unless we want to build a
hosting environment...
* That said, _some_ systems (such as Jenkins) allow for projects to get a
delegated token. But first you probably need to rip apart your setup...
(https://docs.cloudbees.com/docs/cloudbees-jenkins-platform/latest/github-app-auth)
and then you get hit with some insane limitations... First is that getting a
valid token in a pipeline is barely documented or even acknowledged. best docs?
https://www.jenkins.io/blog/2020/04/16/github-app-authentication/ ... a
#$^#$@#$ blog post... and then if you read that, you discover it is only good
for an hour. So how exactly is one supposed to get a new one after an hour?
Back to the Jenkins Pipeline code with you! It's poorly thought out.
> GitHub Checks integration
> -------------------------
>
> Key: YETUS-633
> URL: https://issues.apache.org/jira/browse/YETUS-633
> Project: Yetus
> Issue Type: Wish
> Components: Precommit
> Reporter: Sean Busbey
> Priority: Major
>
> GitHub has launched a feature for putting CI feedback into its own tab:
> https://github.com/apache/yetus/pull/12/checks
> Would be nice. lots of open questions.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
