mirror of
https://github.com/odoo/runbot.git
synced 2025-03-15 23:45:44 +07:00
d4fa1fd353
This commit revisits the commands set in order to make it more
regular, and limit inconsistent command-sets, although it includes
pseudo-command aliases for common tasks now removed from the core set.
Hard Errors
===========
The previous iteration of the commands set would ignore any
non-command term in a command line. This has been changed to hard
error (and ignoring the entire thing) if any command is unknown or
invalid.
This fixes inconsistent / unexpected interpretations where a user
sends a command, then writes a novel on the same line some words of
which happen to *also* be commands, leading to merge states they did
not expect. They should now be told to fuck off.
Priority Restructuring
----------------------
The numerical priority system was pretty messy in that it confused
"staging priority" (in ways which were not entirely straightforward)
with overrides to other concerns.
This has now being split along all the axis, with separate command
subsets for:
- staging prioritisation, now separated between `default`, `priority`,
and `alone`,
- `default` means PRs are picked by an unspecified order when
creating a staging, if nothing better is available
- `priority` means PRs are picked first when staging, however if
`priority` PRs don't fill the staging the rest will be filled with
`default`, this mode did not previously exist
- `alone` means the PRs are picked first, before splits, and only
`alone` PRs can be part of the staging (which usually matches the
modename)
- `skipchecks` overrides both statuses and approval checks, for the
batch, something previously implied in `p=0`, but now
independent. Setting `skipchecks` basically makes the entire batch
`ready`.
For consistency this also sets the reviewer implicitly: since
skipchecks overrides both statuses *and approval*, whoever enables
this mode is essentially the reviewer.
- `cancel` cancels any ongoing staging when the marked PR becomes
ready again, previously this was also implied (in a more restricted
form) by setting `p=0`
FWBot removal
=============
While the "forwardport bot" still exists as an API level (to segregate
access rights between tokens) it has been removed as an interaction
point, as part of the modules merge plan. As a result,
fwbot stops responding
----------------------
Feedback messages are now always sent by the mergebot, the
forward-porting bot should not send any message or notification
anymore.
commands moved to the merge bot
-------------------------------
- `ignore`/`up to` simply changes bot
- `close` as well
- `skipci` is now a choice / flag of an `fw` command, which denotes
the forward-port policy,
- `fw=default` is the old `ci` and resets the policy to default,
that is wait for the PR to be merged to create forward ports, and
for the required statuses on each forward port to be received
before creating the next
- `fw=skipci` is the old `skipci`, it waits for the merge of the
base PR but then creates all the forward ports immediately (unless
it gets a conflict)
- `fw=skipmerge` immediately creates all the forward ports, without
even waiting for the PR to be merged
This is a completely new mode, and may be rather broken as until
now the 'bot has always assumed the source PR had been merged.
approval rework
---------------
Because of the previous section, there is no distinguishing feature
between `mergebot r+` = "merge this PR" and `forwardbot r+` = "merge
this PR and all its parent with different access rights".
As a result, the two have been merged under a single `mergebot r+`
with heuristics attempting to provide the best experience:
- if approving a non-forward port, the behavior does not change
- else, with review rights on the source, all ancestors are approved
- else, as author of the original, approves all ancestors which descend
from a merged PR
- else, approves all ancestors up to and including the oldest ancestor
to which we have review rights
Most notably, the source's author is not delegated on the source or
any of its descendants anymore. This might need to be revisited if it
provides too restrictive.
For the very specialized need of approving a forward-port *and none of
its ancestors*, `review=` can now take a comma (`,`) separated list of
pull request numbers (github numbers, not mergebot ids).
Computed State
==============
The `state` field of pull requests is now computed. Hopefully this
makes the status more consistent and predictable in the long run, and
importantly makes status management more reliable (because reference
datum get updated naturally flowing to the state).
For now however it makes things more complicated as some of the states
have to be separately signaled or updated:
- `closed` and `error` are now separate flags
- `merge_date` is pulled down from forwardport and becomes the
transition signal for ready -> merged
- `reviewed_by` becomes the transition signal for approval (might be a
good idea to rename it...)
- `status` is computed from the head's statuses and overrides, and
*that* becomes the validation state
Ideally, batch-level flags like `skipchecks` should be on, well, the
batch, and `state` should have a dependency on the batch. However
currently the batch is not a durable / permanent member of the system,
so it's a PR-level flag and a messy pile.
On notable change is that *forcing* the state to `ready` now does that
but also sets the reviewer, `skipchecks`, and overrides to ensure the
API-mediated readying does not get rolled back by e.g. the runbot
sending a status.
This is useful for a few types of automated / programmatic PRs
e.g. translation exports, where we set the state programmatically to
limit noise.
recursive dependency hack
-------------------------
Given a sequence of PRs with an override of the source, if one of the
PRs is updated its descendants should not have the override
anymore. However if the updated PR gets overridden, its descendants
should have *that* override.
This requires some unholy manipulations via an override of `modified`,
as the ORM supports recursive fields but not recursive
dependencies (on a different field).
unconditional followup scheduling
---------------------------------
Previously scheduling forward-port followup was contigent on the FW
policy, but it's not actually correct if the new PR is *immediately*
validated (which can happen now that the field is computed, if there
are no required statuses *or* all of the required statuses are
overridden by an ancestor) as nothing will trigger the state change
and thus scheduling of the fp followup.
The followup function checks all the properties of the batch to port,
so this should not result on incorrect ports. Although it's a bit more
expensive, and will lead to more spam.
Previously this would not happen because on creation of a PR the
validation task (commit -> PR) would still have to execute.
Misc Changes
============
- If a PR is marked as overriding / canceling stagings, it now does
so on retry not just when setting initially.
This was not handled at all previously, so a PR in P0 going into
error due to e.g. a non-deterministic bug would be retried and still
p=0, but a current staging would not get cancelled. Same when a PR
in p=0 goes into error because something was failed, then is updated
with a fix.
- Add tracking to a bunch of relevant PR fields.
Post-mortem analysis currently generally requires going through the
text logs to see what happened, which is annoying.
There is a nondeterminism / inconsistency in the tracking which
sometimes leads the admin user to trigger tracking before the bot
does, leading to the staging tracking being attributed to them
during tests, shove under the carpet by ignoring the user to whom
that tracking is attributed.
When multiple users update tracked fields in the same transaction
all the changes are attributed to the first one having triggered
tracking (?), I couldn't find why the admin sometimes takes over.
- added and leveraged support for enum-backed selection fields
- moved variuous fields from forwardport to runbot_merge
- fix a migration which had never worked and which never run (because
I forgot to bump the version on the module)
- remove some unnecessary intermediate de/serialisation
fixes #673, fixes #309, fixes #792, fixes #846 (probably)
|
||
|---|---|---|
| .. | ||
| changelog | ||
| controllers | ||
| data | ||
| migrations | ||
| models | ||
| security | ||
| static | ||
| tests | ||
| views | ||
| __init__.py | ||
| __manifest__.py | ||
| exceptions.py | ||
| git.py | ||
| github.py | ||
| README.rst | ||
| sentry.py | ||
| utils.py | ||
Merge Bot
=========
Odoo workflow
-------------
The sticky branches are protected on the github odoo project to restrict
push for the Merge Bot (MB) only.
The MB only works with PR's using the github API.
1. When a PR is created the github notifies the MB. The MB labels the PR
as 'seen 🙂' on github [#]_.
2. Once the PR github statuses are green [#]_ , the MB labels the PR as
'CI 🤖'.
3. When a reviewer, known by the MB, approves the PR, the MB labels that
PR as 'r+ 👌'.
4. At this moment, MB tries to merge the PR and labels the PR with
'merging 👷'.
5. If the merge is successfull, MB labels it 'merged 🎉', removes the
label 'merging 👷' and closes the PR. A message from MB gives a link
to the merge's commit [#]_.
If an error occurs during the step 4, MB labels the PR with 'error 🙅'
and adds a message in the conversion stating what kind of error. For
example 'Unable to stage PR (merge conflict)'.
If a new commit is pushed in the PR, the process starts again from the
begining.
It's possible to interact with the MB by the way of github messages
containing `Commands`_. The message must start with the MB name (for
instance 'robodoo').
.. [#] Any activity on a PR the MB hasn't seen yet will bring it to the
MB's attention. e.g a comment on a PR.
.. [#] At this moment the statuses are: Runbot build is green and CLA is
signed if needed. The expected statuses may change in the future.
.. [#] If a PR contains only one commit, the PR is rebased and the
commit is fast forwarded. With more than one commit, the PR is
rebased and the commits are merged with a merge commit. When one
wants to avoid the rebase, 'rebase-' command should be used.
Setup
-----
* Setup a project with relevant repositories and branches the bot
should manage (e.g. odoo/odoo and 10.0).
* Set up reviewers (github_login + boolean flag on partners).
* Add "Issue comments", "Pull request reviews", "Pull requests" and
"Statuses" webhooks to managed repositories.
* If applicable, add "Statuses" webhook to the *source* repositories.
Github does not seem to send statuses cross-repository when commits
get transmigrated so if a user creates a branch in odoo-dev/odoo,
waits for CI to run then creates a PR targeted to odoo/odoo the PR
will never get status-checked (unless we modify runbot to re-send
statuses on pull_request webhook).
Working Principles
------------------
Useful information (new PRs, CI, comments, ...) is pushed to the MB
via webhooks. Most of the staging work is performed via a cron job:
1. for each active staging, check if they are done
1. if successful
* ``push --ff`` to target branches
* close PRs
2. if only one batch, mark as failed
for batches of multiple PRs, the MB attempts to infer which
specific PR failed
3. otherwise split staging in 2 (bisection search of problematic
batch)
2. for each branch with no active staging
* if there are inactive stagings, stage one of them
* otherwise look for batches targeted to that PR (PRs grouped by
label with branch as target)
* attempt staging
1. reset temp branches (one per repo) to corresponding targets
2. merge each batch's PR into the relevant temp branch
* on merge failure, mark PRs as failed
3. once no more batch or limit reached, reset staging branches to
tmp
4. mark staging as active
Commands
--------
A command string is a line starting with the mergebot's name and
followed by various commands. Self-reviewers count as reviewers for
the purpose of their own PRs, but delegate reviewers don't.
retry
resets a PR in error mode to ready for staging
can be used by a reviewer or the PR author to re-stage the PR after
it's been updated or the target has been updated & fixed.
r(review)+
approves a PR, can be used by a reviewer or delegate reviewer
submitting an "approve" review implicitly r+'s the PR
r(eview)-
removes approval from a PR, allows un-reviewing a PR in error (staging
failed) so it can be updated and re-submitted
.. squash+/squash-
.. marks the PR as squash or merge, can override squash inference or a
.. previous squash command, can only be used by reviewers
delegate+/delegate=<users>
adds either PR author or the specified (github) users as authorised
reviewers for this PR. ``<users>`` is a comma-separated list of
github usernames (no @), can be used by reviewers
p(riority)=2|1|0
sets the priority to normal (2), pressing (1) or urgent (0),
lower-priority PRs are selected first and batched together, can be
used by reviewers
rebase-
the default merge mode is to rebase and merge the PR into the
target, however for some situations this is not suitable and
a regular merge is necessary; this command toggles rebasing
mode off (and thus back to a regular merge)
Structure
---------
A *project* is used to manage multiple *repositories* across many
*branches*.
Each *PR* targets a specific branch in a specific repository.
A *batch* is a number of co-dependent PRs, PRs which are assumed to
depend on one another (the exact relationship is irrelevant) and thus
always need to be batched together. Batches are normally created on
the fly during staging.
A *staging* is a number of batches (up to 8 by default) which will be
tested together, and split if CI fails. Each staging applies to a
single *branch* the target) across all managed repositories. Stagings
can be active (currently live on the various staging branches) or
inactive (to be staged later, generally as a result of splitting a
failed staging).
Notes
-----
* When looking for stageable batches, priority is taken in account and
isolating e.g. if there's a single high-priority PR, low-priority
PRs are ignored completely and only that will be staged on its own
* Reviewers are set up on partners so we can e.g. have author-tracking
& delegate reviewers without needing to create proper users for
every contributor.
* MB collates statuses on commits independently from other objects, so
a commit getting CI'd in odoo-dev/odoo then made into a PR on
odoo/odoo should be correctly interpreted assuming odoo-dev/odoo
sent its statuses to the MB.
* Github does not support transactional sequences of API calls, so
it's possible that "intermediate" staging states are visible & have
to be rollbacked e.g. a staging succeeds in a 2-repo scenario,
A.{target} is ff-d to A.{staging}, then B.{target}'s ff to
B.{staging} fails, we have to rollback A.{target}.
* Co-dependence is currently inferred through *labels*, which is a
pair of ``{repo}:{branchname}`` e.g. odoo-dev:11.0-pr-flanker-jke.
If this label is present in a PR to A and a PR to B, these two
PRs will be collected into a single batch to ensure they always
get batched (and failed) together.
Previous Work
-------------
bors-ng
~~~~~~~
* r+: accept (only for trusted reviewers)
* r-: unaccept
* r=users...: accept on behalf of users
* delegate+: allows author to self-review
* delegate=users...: allow non-reviewers users to review
* try: stage build (to separate branch) but don't merge on succes
Why not bors-ng
###############
* no concurrent staging (can only stage one target at a time)
* can't do co-dependent repositories/multi-repo staging
* cancels/forgets r+'d branches on FF failure (emergency pushes)
instead of re-staging
homu
~~~~
Additionally to bors-ng's:
* SHA option on r+/r=, guards
* p=NUMBER: set priority (unclear if best = low/high)
* rollup/rollup-: should be default
* retry: re-attempt PR (flaky?)
* delegate-: remove delegate+/delegate=
* force: ???
* clean: ???