Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Github Action] Add backport workflow #24576

Closed
wants to merge 2 commits into from
Closed

Conversation

sorenlouv
Copy link
Member

@sorenlouv sorenlouv commented Mar 17, 2021

This adds the backport Github action.

It will automatically create backports for PRs containing the auto-backport label. The PRs will be merged automatically when they pass CI (this can be turned off if deemed too scary).

@brianseeders looks good to you?

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Mar 17, 2021
@ruflin ruflin added the Team:Elastic-Agent Label for the Agent team label Mar 17, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/agent (Team:Agent)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Mar 17, 2021
@ruflin
Copy link
Member

ruflin commented Mar 17, 2021

@ph Can you make sure we have all the necessary label in place and the team is aware of this.

@sqren THANK YOU!

@elasticmachine
Copy link
Collaborator

elasticmachine commented Mar 17, 2021

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Pull request #24576 updated

  • Start Time: 2021-03-17T07:55:16.547+0000

  • Duration: 11 min 6 sec

  • Commit: b232314

Trends 🧪

Image of Build Times

❕ Flaky test report

No test was executed to be analysed.

- name: Run Backport
uses: ./actions/backport
with:
github_token: ${{secrets.BACKPORT_ACTION_TOKEN}}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This secret can be added via Github repos settings.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is one of the reasons we do not want to use actions, the management of secrets.

uses: ./actions/backport
with:
github_token: ${{secrets.BACKPORT_ACTION_TOKEN}}
commit_user: kibanamachine
Copy link
Member Author

@sorenlouv sorenlouv Mar 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a Github user for beats similar to kibanamachine?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, they should use something other than kibanamachine, probably elasticmachine or their jenkins-beats-ci bot?

@mdelapenya mdelapenya requested a review from a team March 17, 2021 08:35
Copy link
Member

@v1v v1v left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @sqren , thanks for raising this PR! 🙏

I like this approach, in fact, it was in our TODO list among evaluating other tools such as mergify.

What Ivan mentioned about the credentials is something we would like to spend a bit more of time to think about it and come up with a final decision with the Beats team.

Would you mind if I ask you to hold on this PR for the time being until we get an agreement?

Thanks again for pushing this 🙏

@ph
Copy link
Contributor

ph commented Mar 17, 2021

@sqren I am trying to understand the auto-merge workflow, does that mean that you tag a PR with "auto-backport" and you add a label for the version / branch to target? Is this used by Kibana already? Is this the official doc https://github.com/sqren/backport-github-action ?

@v1v and @kuisathaverat I understand the complexity of managing secrets, but this seems something that could simplify dev workflow and the "managing' of secret could come after, or actually it's a problem we would need to solve anyway? If other teams are using a similar workflow, either they are fine with the token or they actually have something to manage it.

Looking at @ruflin comment and myself I would be OK to turn it on, maybe with auto merge off initially until we see how it behaves and turn it on after.

@sorenlouv
Copy link
Member Author

@sqren I am trying to understand the auto-merge workflow, does that mean that you tag a PR with "auto-backport" and you add a label for the version / branch to target?

Yes, the user adds auto-backport to PRs they want to enable auto backporting for. Then, when the PR is merged, the action will create backports according to the existing version labels eg v7.11.0, v7.12.0, v7.13.0

Is this used by Kibana already?

Yes! You can see all the PRs with the auto-backport label. You can also see this example of the status comment added by the action when the backports have been created.

Is this the official doc sqren/backport-github-action ?

No - it was the initial POC I did. Based on that the Kibana team then built this: https://github.com/elastic/kibana-github-actions/tree/main/backport

@kuisathaverat
Copy link
Contributor

@v1v and @kuisathaverat I understand the complexity of managing secrets, but this seems something that could simplify dev workflow and the "managing' of secret could come after, or actually, it's a problem we would need to solve anyway? If other teams are using a similar workflow, either they are fine with the token or they actually have something to manage it.

The secret is managed at the repository level, this is fine is you only have one repository on observability we have more than 90 repositories, this means that every time we rotate that token we have to update 90 repositories, because of that @v1v is testing alternatives, we have enabled mergify on out repository, and so so good, for public repositories fit the needs.

@v1v
Copy link
Member

v1v commented Mar 17, 2021

I just raised #24608 in order to add more context about the mergify approach.

@brianseeders
Copy link

mergify looks cool! I do like that on for kibana, though, we have the same backport tool/process for both automated and manual backports.

If you do want to use an action similar to ours, you have a couple of options for the secrets:

  • You could just use the default action user / token that executes the action, you just won't have control over the name.
  • You could use the API to set the secrets on all of the repos in bulk
  • You could use an organization secret, but you'll have to get help from Infra or another team to manage it (since you likely don't have access).

Not trying to push you toward actions, just making sure you're aware of options.

@sorenlouv sorenlouv closed this Mar 25, 2021
@sorenlouv sorenlouv deleted the add-backport-workflow branch March 25, 2021 20:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Team:Elastic-Agent Label for the Agent team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants