feat: support external source URL for build testing#1179
Conversation
|
augment review |
1 similar comment
|
augment review |
🤖 Augment PR SummarySummary: Adds support for building/testing against an alternate “source” repository URL during CI-driven Jenkins builds. Changes:
Technical Notes: Intended to allow Jenkins test builds to consume code from forks/alternate repos while keeping the port repository/branch selection unchanged. 🤖 Was this summary useful? React with 👍 or 👎 |
![augmentcode[bot]](https://avatars.githubusercontent.com/in/1027498?s=60&v=4){kind=small}
| secrets: inherit | ||
| with: | ||
| repo: 'https://github.com/zopencommunity/metaport.git' | ||
| git_source_url: ${{ github.event.pull_request.head.repo.clone_url }} |
There was a problem hiding this comment.
.github/workflows/jenkins-test.yml:28 — This references github.event.pull_request..., but this workflow also runs on issue_comment events where github.event.pull_request isn’t populated, so git_source_url may end up empty and the external-source feature won’t be exercised for /run tests triggers.
Severity: medium
Other Locations
.github/workflows/build_and_test.yml:66
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
| JENKINS_JOB_URL="${{ vars.JENKINS_HOST_URL }}/job/Port-Build/buildWithParameters?token=jenkinstest&cause=${ENCODED_CAUSE}" | ||
|
|
||
| RESPONSE=$(curl -k -X POST -s -i -u "${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_API_TOKEN }}" "${JENKINS_JOB_URL}" -F PORT_GITHUB_REPO="${repo}" -F PORT_DESCRIPTION="Github CI Test of ${repo}" -F PORT_BRANCH="${branch}" ${BUILD_BRANCH_OPT}) | ||
| RESPONSE=$(curl -k -X POST -s -i -u "${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_API_TOKEN }}" "${JENKINS_JOB_URL}" -F PORT_GITHUB_REPO="${repo}" -F PORT_DESCRIPTION="Github CI Test of ${repo}" -F PORT_BRANCH="${branch}" ${GIT_SOURCE_URL_OPT} ${BUILD_BRANCH_OPT}) |
There was a problem hiding this comment.
.github/workflows/build_and_test.yml:81 — Expanding ${GIT_SOURCE_URL_OPT} unquoted means a git_source_url containing whitespace or curl form metacharacters could be split into multiple args or interpreted unexpectedly (e.g., values beginning with @ / < can trigger file upload semantics with curl -F). Since this ultimately comes from workflow inputs/PR data, it’s worth ensuring the value can’t alter the curl invocation.
Severity: medium
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
…rked repositories
sachintu47
requested review from
DevonianTeuchter,
HarithaIBM,
IgorTodorovskiIBM,
MikeFultonDev and
v1gnesh
as code owners
| secrets: inherit | ||
| with: | ||
| repo: 'https://github.com/zopencommunity/metaport.git' | ||
| use_pr_source_url: true |
There was a problem hiding this comment.
In .github/workflows/jenkins-test.yml:28, use_pr_source_url: true is passed for all triggers, including workflow_dispatch where there is no PR payload. That can cause the called workflow to try to read PR API data that doesn’t exist (or fail the request step), so the manual dispatch path may break.
Severity: medium
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
| if [ -z "${branch}" ]; then | ||
| branch="${{ fromJson(steps.request.outputs.data).head.ref }}" | ||
| fi | ||
| if ${{ inputs.use_pr_source_url }}; then |
There was a problem hiding this comment.
In .github/workflows/build_and_test.yml:70, the use_pr_source_url path assumes steps.request.outputs.data contains valid PR JSON and immediately runs fromJson(...). For non-PR callers (e.g., workflow_dispatch or other workflow_call users), the request route may be empty and fromJson/field access can fail.
Severity: medium
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
| stable build URL (either git or tarball). | ||
|
|
||
| Optional: | ||
| ZOPEN_SOURCE_URL If set, use this as ZOPEN_URL before checking |
There was a problem hiding this comment.
In bin/zopen-build:53, help text adds ZOPEN_SOURCE_URL as an override, but the “Required” section above still states ZOPEN_DEV_URL/ZOPEN_STABLE_URL are required for DEV/STABLE builds. With the new behavior, those URLs aren’t required when ZOPEN_SOURCE_URL is set, so the help output is now misleading.
Severity: low
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
2 participants
What type of PR is this? (check all applicable)
Category
Description
Support external source URL for build testing
Related Issues
[optional] Are there any post-deployment tasks or follow-up actions required?