Re: Github fork issue with dependabot
I think the way it works is that when you forked the Commons Lang repo, you the whole repo of course including its .github folder which means you therefore asked for the Dependabot to run since its configuration file is there. Obviously if you do not want Dependabot to run, then just disable it (remove the file) Gary On Fri, Aug 14, 2020 at 7:56 PM John Patrick wrote: > Cheers for that Giles, > I read those emails as PR's raised at say > https://github.com/apache/commons-lang and dependabot, which I > understand. > I'm talking about my fork for commons-lang at > https://github.com/nhojpatrick/commons-lang. > > Dependabot appears to have been authorised against my fork without my > approval? > > If i visit > https://github.com/nhojpatrick/commons-lang/settings/security_analysis > dependabot is showing as disabled, but it appears to be > active. > > Hope that help explain I'm talking about my fork > (https://github.com/nhojpatrick/commons-lang) and my the forked > (https://github.com/apache/commons-lang) project. > > As I say, I totally understanding about getting emails regarding > dependabot as it's been authorised on the > https://github.com/apache/commons-lang project. > > John > > > On Fri, 14 Aug 2020 at 23:54, Gilles Sadowski > wrote: > > > > Hi. > > > > Le sam. 15 août 2020 à 00:02, John Patrick a > écrit : > > > > > > I've just noticed a load of pull requests that have been auto created > > > by dependabot, for changes to be merged into my forked version of > > > master. > > > > > > For commons-lang I've 20 PR's, commons-logging 10 PR's, I've not > > > checked all the other commons forks I've got. > > > > > > They are getting automatically closed once I sync the commons fork > > > into my forked repo. > > > > > > Has anyone else seen this issue? > > > > Oh, yes: > > https://markmail.org/message/2vutc4p3b3eqv73f > > https://markmail.org/message/6apxz6vrc75uq6ge > > > > Gilles > > > > > > > > It seems to be a change that happened about 20 days ago, as that is > > > when the first PR was raised. > > > > > > These changes also seem to be triggering cicd github actions, see > > > > https://github.com/nhojpatrick/commons-lang/runs/965399930?check_suite_focus=true > . > > > > > > John > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > - > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
Re: Github fork issue with dependabot
Typo: I think the way it works is that when you forked the Commons Lang repo, you *copied* the whole repo of course including its .github folder which means you therefore asked for the Dependabot to run since its configuration file is there. On Fri, Aug 14, 2020 at 11:19 PM Gary Gregory wrote: > I think the way it works is that when you forked the Commons Lang repo, > you the whole repo of course including its .github folder which means you > therefore asked for the Dependabot to run since its configuration file is > there. > > Obviously if you do not want Dependabot to run, then just disable it > (remove the file) > > Gary > > > On Fri, Aug 14, 2020 at 7:56 PM John Patrick > wrote: > >> Cheers for that Giles, >> I read those emails as PR's raised at say >> https://github.com/apache/commons-lang and dependabot, which I >> understand. >> I'm talking about my fork for commons-lang at >> https://github.com/nhojpatrick/commons-lang. >> >> Dependabot appears to have been authorised against my fork without my >> approval? >> >> If i visit >> https://github.com/nhojpatrick/commons-lang/settings/security_analysis >> dependabot is showing as disabled, but it appears to be >> active. >> >> Hope that help explain I'm talking about my fork >> (https://github.com/nhojpatrick/commons-lang) and my the forked >> (https://github.com/apache/commons-lang) project. >> >> As I say, I totally understanding about getting emails regarding >> dependabot as it's been authorised on the >> https://github.com/apache/commons-lang project. >> >> John >> >> >> On Fri, 14 Aug 2020 at 23:54, Gilles Sadowski >> wrote: >> > >> > Hi. >> > >> > Le sam. 15 août 2020 à 00:02, John Patrick a >> écrit : >> > > >> > > I've just noticed a load of pull requests that have been auto created >> > > by dependabot, for changes to be merged into my forked version of >> > > master. >> > > >> > > For commons-lang I've 20 PR's, commons-logging 10 PR's, I've not >> > > checked all the other commons forks I've got. >> > > >> > > They are getting automatically closed once I sync the commons fork >> > > into my forked repo. >> > > >> > > Has anyone else seen this issue? >> > >> > Oh, yes: >> > https://markmail.org/message/2vutc4p3b3eqv73f >> > https://markmail.org/message/6apxz6vrc75uq6ge >> > >> > Gilles >> > >> > > >> > > It seems to be a change that happened about 20 days ago, as that is >> > > when the first PR was raised. >> > > >> > > These changes also seem to be triggering cicd github actions, see >> > > >> https://github.com/nhojpatrick/commons-lang/runs/965399930?check_suite_focus=true >> . >> > > >> > > John >> > >> > - >> > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> > For additional commands, e-mail: dev-h...@commons.apache.org >> > >> >> - >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> For additional commands, e-mail: dev-h...@commons.apache.org >> >>
Re: Github fork issue with dependabot
Cheers for that Giles, I read those emails as PR's raised at say https://github.com/apache/commons-lang and dependabot, which I understand. I'm talking about my fork for commons-lang at https://github.com/nhojpatrick/commons-lang. Dependabot appears to have been authorised against my fork without my approval? If i visit https://github.com/nhojpatrick/commons-lang/settings/security_analysis dependabot is showing as disabled, but it appears to be active. Hope that help explain I'm talking about my fork (https://github.com/nhojpatrick/commons-lang) and my the forked (https://github.com/apache/commons-lang) project. As I say, I totally understanding about getting emails regarding dependabot as it's been authorised on the https://github.com/apache/commons-lang project. John On Fri, 14 Aug 2020 at 23:54, Gilles Sadowski wrote: > > Hi. > > Le sam. 15 août 2020 à 00:02, John Patrick a écrit : > > > > I've just noticed a load of pull requests that have been auto created > > by dependabot, for changes to be merged into my forked version of > > master. > > > > For commons-lang I've 20 PR's, commons-logging 10 PR's, I've not > > checked all the other commons forks I've got. > > > > They are getting automatically closed once I sync the commons fork > > into my forked repo. > > > > Has anyone else seen this issue? > > Oh, yes: > https://markmail.org/message/2vutc4p3b3eqv73f > https://markmail.org/message/6apxz6vrc75uq6ge > > Gilles > > > > > It seems to be a change that happened about 20 days ago, as that is > > when the first PR was raised. > > > > These changes also seem to be triggering cicd github actions, see > > https://github.com/nhojpatrick/commons-lang/runs/965399930?check_suite_focus=true. > > > > John > > - > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: Github fork issue with dependabot
Hi. Le sam. 15 août 2020 à 00:02, John Patrick a écrit : > > I've just noticed a load of pull requests that have been auto created > by dependabot, for changes to be merged into my forked version of > master. > > For commons-lang I've 20 PR's, commons-logging 10 PR's, I've not > checked all the other commons forks I've got. > > They are getting automatically closed once I sync the commons fork > into my forked repo. > > Has anyone else seen this issue? Oh, yes: https://markmail.org/message/2vutc4p3b3eqv73f https://markmail.org/message/6apxz6vrc75uq6ge Gilles > > It seems to be a change that happened about 20 days ago, as that is > when the first PR was raised. > > These changes also seem to be triggering cicd github actions, see > https://github.com/nhojpatrick/commons-lang/runs/965399930?check_suite_focus=true. > > John - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Github fork issue with dependabot
I've just noticed a load of pull requests that have been auto created by dependabot, for changes to be merged into my forked version of master. For commons-lang I've 20 PR's, commons-logging 10 PR's, I've not checked all the other commons forks I've got. They are getting automatically closed once I sync the commons fork into my forked repo. Has anyone else seen this issue? It seems to be a change that happened about 20 days ago, as that is when the first PR was raised. These changes also seem to be triggering cicd github actions, see https://github.com/nhojpatrick/commons-lang/runs/965399930?check_suite_focus=true. John - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: [All] New Jenkins: SonarQube jobs fail (for recently migrated jobs)
On Fri, 14 Aug 2020 at 18:26, Gilles Sadowski wrote: > Hello. > > It seems that the migration script could not copy over all the > necessary information: > ---CUT--- > [ERROR] Failed to execute goal > org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar > (default-cli) on project commons-rng-parent: Not authorized. Please > check the properties sonar.login and sonar.password. -> [Help 1] > ---CUT--- > > Full log is here: > > https://ci-builds.apache.org/job/Commons/job/commons-rng%20(SonarQube)/2/console > > [IIRC, a GitHub account was necessary in order to provide a "security > token" to SonarQube.] > I would guess that the sonar login property is not extracted over the API in raw form. Thus the migration created the new job with an invalid login. I generated a new login token on SonarCloud and it works for RNG. I have put the same token in for geometry, statistics and numbers. I started the jobs and will check they are OK when they have finished. Alex
[All] New Jenkins: SonarQube jobs fail (for recently migrated jobs)
Hello. It seems that the migration script could not copy over all the necessary information: ---CUT--- [ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project commons-rng-parent: Not authorized. Please check the properties sonar.login and sonar.password. -> [Help 1] ---CUT--- Full log is here: https://ci-builds.apache.org/job/Commons/job/commons-rng%20(SonarQube)/2/console [IIRC, a GitHub account was necessary in order to provide a "security token" to SonarQube.] Regards, Gilles - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: [All] Jenkins: Who has not migrated yet?
On Fri, 14 Aug 2020 at 16:46, Gilles Sadowski wrote: > > > > I thought I had just done them. > > > > Then, one of us may have overwritten the other's just set > > up configuration; maybe the Jenkins instance's log has > > some trace. > > On the new Jenkins's page, the builds currently in the queue > report that I started them... > > Gilles > OK. I think I must have been a few minutes behind you as the jobs were not there when I looked and then were present after I had run the migration script. I did read some of the CloudBees docs and managed to link commons-rng_jdk9 to run after commons-rng. That was missing when I inspected the jobs. We shall wait to see if the sonar jobs get run as expected. Alex
Re: [All] Jenkins: Who has not migrated yet?
Le ven. 14 août 2020 à 17:34, Gilles Sadowski a écrit : > > Le ven. 14 août 2020 à 17:05, Alex Herbert a écrit > : > > > > On Fri, 14 Aug 2020 at 15:40, Gilles Sadowski wrote: > > > > > Hi Alex. > > > > > > Le ven. 14 août 2020 à 16:07, Alex Herbert a > > > écrit : > > > > > > > > On Fri, 14 Aug 2020 at 13:55, Gary Gregory > > > wrote: > > > > > > > > > This below is from the build list. If anyone wants to look over at > > > > > migration or recreating these builds, feel free to dig in. > > > > > > > > > > > > > I will have a look at moving the RNG, Geometry, Statistics and Numbers > > > jobs. > > > > > > Done already. > > > But thanks! > > > > > > > Done by you? > > I thought so, yes, as they appeared in order right after calling > said script... > > > I thought I had just done them. > > Then, one of us may have overwritten the other's just set > up configuration; maybe the Jenkins instance's log has > some trace. On the new Jenkins's page, the builds currently in the queue report that I started them... Gilles > > [...] - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: [All] Jenkins: Who has not migrated yet?
Le ven. 14 août 2020 à 17:05, Alex Herbert a écrit : > > On Fri, 14 Aug 2020 at 15:40, Gilles Sadowski wrote: > > > Hi Alex. > > > > Le ven. 14 août 2020 à 16:07, Alex Herbert a > > écrit : > > > > > > On Fri, 14 Aug 2020 at 13:55, Gary Gregory > > wrote: > > > > > > > This below is from the build list. If anyone wants to look over at > > > > migration or recreating these builds, feel free to dig in. > > > > > > > > > > I will have a look at moving the RNG, Geometry, Statistics and Numbers > > jobs. > > > > Done already. > > But thanks! > > > > Done by you? I thought so, yes, as they appeared in order right after calling said script... > I thought I had just done them. Then, one of us may have overwritten the other's just set up configuration; maybe the Jenkins instance's log has some trace. > Here's the e-mail I was just > about to send: > > Migration was a simple task. The jobs are now on the new > ci-builds.apache.org [1]. They are waiting for a free executor to start a > build. > > I did not move all the old jenkins jobs over for all the projects [2]. > However some of the old jenkins jobs deployed snapshots when successful > using the deploy goal of maven. A quick investigation lists these that do > snapshot deployment (via the deploy goal): > > commons-rng > commons-math * > commons-dbutils * > commons-numbers > commons-geometry > commons-beanutils * > commons-statistics > commons-codec * > > So there are 4 projects that used snapshot deployment that have not been > migrated (marked with *). Note there may be other projects that deploy > snapshots via a different mechanism. I only checked by exporting the old > job configurations and grepping for 'deploy'. > > Unless anyone objects I would recommend migrating these 4 projects that use > snapshot deployment. > > A look at the old projects by name lists the following other projects for > SonarQube: > > Commons-Compress SonarQube > > The new ci-builds server already has some compress jobs so someone else has > migrated/set-up those and not taken the SonarQube job. Since the other > downstream SonarQube jobs for RNG etc migrated by default in the process I > assume that the person who migrated the compress jobs decided to delete the > SonarQube job. So I will leave that for now. > > If there are other uses of the Jenkins CI besides running SonarQube and > snapshot deployment then please let me know. I said about the same in my reply to Gary's post. Except that your proposal is much more extensive and configurable, as usual. ;-) Gilles > > Alex > > [1] https://ci-builds.apache.org/job/Commons/ > [2] https://builds.apache.org/search/?q=commons - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: [All] Jenkins: Who has not migrated yet?
On Fri, 14 Aug 2020 at 15:40, Gilles Sadowski wrote: > Hi Alex. > > Le ven. 14 août 2020 à 16:07, Alex Herbert a > écrit : > > > > On Fri, 14 Aug 2020 at 13:55, Gary Gregory > wrote: > > > > > This below is from the build list. If anyone wants to look over at > > > migration or recreating these builds, feel free to dig in. > > > > > > > I will have a look at moving the RNG, Geometry, Statistics and Numbers > jobs. > > Done already. > But thanks! > Done by you? I thought I had just done them. Here's the e-mail I was just about to send: Migration was a simple task. The jobs are now on the new ci-builds.apache.org [1]. They are waiting for a free executor to start a build. I did not move all the old jenkins jobs over for all the projects [2]. However some of the old jenkins jobs deployed snapshots when successful using the deploy goal of maven. A quick investigation lists these that do snapshot deployment (via the deploy goal): commons-rng commons-math * commons-dbutils * commons-numbers commons-geometry commons-beanutils * commons-statistics commons-codec * So there are 4 projects that used snapshot deployment that have not been migrated (marked with *). Note there may be other projects that deploy snapshots via a different mechanism. I only checked by exporting the old job configurations and grepping for 'deploy'. Unless anyone objects I would recommend migrating these 4 projects that use snapshot deployment. A look at the old projects by name lists the following other projects for SonarQube: Commons-Compress SonarQube The new ci-builds server already has some compress jobs so someone else has migrated/set-up those and not taken the SonarQube job. Since the other downstream SonarQube jobs for RNG etc migrated by default in the process I assume that the person who migrated the compress jobs decided to delete the SonarQube job. So I will leave that for now. If there are other uses of the Jenkins CI besides running SonarQube and snapshot deployment then please let me know. Alex [1] https://ci-builds.apache.org/job/Commons/ [2] https://builds.apache.org/search/?q=commons
Re: [All] Jenkins: Who has not migrated yet?
Hi Alex. Le ven. 14 août 2020 à 16:07, Alex Herbert a écrit : > > On Fri, 14 Aug 2020 at 13:55, Gary Gregory wrote: > > > This below is from the build list. If anyone wants to look over at > > migration or recreating these builds, feel free to dig in. > > > > I will have a look at moving the RNG, Geometry, Statistics and Numbers jobs. Done already. But thanks! Regards, Gilles > > The main jobs for each project all have downstream jobs that run Sonarcloud > analysis so this is something not available using Travis or Github CI. > > Alex > > > > > > [...] - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: Who has not migrated yet?
Hello. Le ven. 14 août 2020 à 14:55, Gary Gregory a écrit : > > This below is from the build list. If anyone wants to look over at > migration or recreating these builds, feel free to dig in. Thanks for the heads-up. [I had no idea of the deadline; did INFRA send that information to the projects' "dev" list?] I've used the script referred to in the doc page; it worked fairly well, except for the jobs that have space characters in their name (those must be replaced with "%20" in the argument passed to the script). I've just migrated the jobs associated with the math-related components; they are all in the build queue (but not started yet). I can readily run the script for more jobs so that they will appear on the new Jenkins page. Just let me know which from the below list should be migrated: Commons Test commons-bcel commons-beanutils commons-build-plugin commons-cli Commons-Codec Commons-Codec-Adhoc commons-collections Commons-Collections-Java8 Commons-Compress JDK-Matrix Commons-Compress PullRequest Commons-Compress SonarQube Commons-Compress-Windows Commons-configuration Commons-CRYPTO-JDK1.7 Commons-CRYPTO-JDK1.8 commons-csv commons-dbcp commons-dbutils commons-email commons-fileupload commons-imaging commons-io-ubuntu commons-jcs commons-jexl commons-lang Commons Lang commons-logging Commons-ognl commons-pool commons-rdf commons-scxml Regards, Gilles > > Gary > > -- Forwarded message - > From: Gavin McDonald > Date: Fri, Aug 14, 2020, 04:33 > Subject: Who has not migrated yet? > To: builds > > > Hi All, > > Tomorrow is the deadline for migrating to ci-builds.a.o and for builds.a.o > to be turned off. > > So, who has not migrated yet? > If not, why not? What is holding you up? > > If you need help, ask. > > If you have many jobs to migrate - please check out the script [1] which > can help you > migrate all jobs in less than 5 minutes! (I know, I've tested it!) > > Are there plugins missing you need ? (except ghprb) > What else are you waiting for? > > Are there outstanding tasks that Infra needs to do that might have been > missed? > > Lets see if we can get off by end of day tomorrow > > [1] - > https://cwiki.apache.org/confluence/display/INFRA/Migrating+Jenkins+jobs+from+Jenkins+to+Cloudbees > > > -- > > *Gavin McDonald* > Systems Administrator > ASF Infrastructure Team - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
[All] Jenkins: Who has not migrated yet?
On Fri, 14 Aug 2020 at 13:55, Gary Gregory wrote: > This below is from the build list. If anyone wants to look over at > migration or recreating these builds, feel free to dig in. > I will have a look at moving the RNG, Geometry, Statistics and Numbers jobs. The main jobs for each project all have downstream jobs that run Sonarcloud analysis so this is something not available using Travis or Github CI. Alex > > Gary > > -- Forwarded message - > From: Gavin McDonald > Date: Fri, Aug 14, 2020, 04:33 > Subject: Who has not migrated yet? > To: builds > > > Hi All, > > Tomorrow is the deadline for migrating to ci-builds.a.o and for builds.a.o > to be turned off. > > So, who has not migrated yet? > If not, why not? What is holding you up? > > If you need help, ask. > > If you have many jobs to migrate - please check out the script [1] which > can help you > migrate all jobs in less than 5 minutes! (I know, I've tested it!) > > Are there plugins missing you need ? (except ghprb) > What else are you waiting for? > > Are there outstanding tasks that Infra needs to do that might have been > missed? > > Lets see if we can get off by end of day tomorrow > > [1] - > > https://cwiki.apache.org/confluence/display/INFRA/Migrating+Jenkins+jobs+from+Jenkins+to+Cloudbees > > > -- > > *Gavin McDonald* > Systems Administrator > ASF Infrastructure Team >
Fwd: Who has not migrated yet?
This below is from the build list. If anyone wants to look over at migration or recreating these builds, feel free to dig in. Gary -- Forwarded message - From: Gavin McDonald Date: Fri, Aug 14, 2020, 04:33 Subject: Who has not migrated yet? To: builds Hi All, Tomorrow is the deadline for migrating to ci-builds.a.o and for builds.a.o to be turned off. So, who has not migrated yet? If not, why not? What is holding you up? If you need help, ask. If you have many jobs to migrate - please check out the script [1] which can help you migrate all jobs in less than 5 minutes! (I know, I've tested it!) Are there plugins missing you need ? (except ghprb) What else are you waiting for? Are there outstanding tasks that Infra needs to do that might have been missed? Lets see if we can get off by end of day tomorrow [1] - https://cwiki.apache.org/confluence/display/INFRA/Migrating+Jenkins+jobs+from+Jenkins+to+Cloudbees -- *Gavin McDonald* Systems Administrator ASF Infrastructure Team