KUDOS for sharing this beast!

[yarikoptic]

what else could I say besides -- thank you ;) I just started to elaborate my little setup also with docker and was looking for ways to integrate with github PRs -- and you seems have it working. so once again -- thanks for sharing ;-)

P.S. just now noted though that there is no COPYRIGHT/LICENSE ... ;-)

[caktux]

Glad you like :) See also the ethereum branch in my buildbot repo for better PR integration. I need to rebase it on the latest "eight" branch of buildbot and submit a PR to them when I'll find the time, or feel free to contribute to that :)

[yarikoptic]

Thank you @caktux . So current etherum-buildbot setup requires your patched buildbot? (myself I started with current buildbot 0.9 branch but it seems still missing few things, so I might well better fall back a bit ;) )

[caktux]

You'll need the "eight" branch of buildbot or that ethereum branch for pull request handling with webhooks and a small fix for Windows builds, otherwise everything should work fine with the vanilla version of eight. Nine hasn't been released yet, and a build server needs to be as stable as it can be ;)

[yarikoptic]

yeah... that is what I feel.. I just will drop those "autostarting" docker builders then and start them manually, and migrate back to "eight" (or that ethereum branch) ;) Thanks again for guidance

[yarikoptic]

yeap -- "eight" is now working but unfortunately it seems to me it has no ability to react to pull-requests properly, and just returns 400 as a result of the hook call from github. So I guess I have to use ethereum branch for the integration with PRs... ?

[yarikoptic]

Reporting back that with ethereum branch PRs builds werepicked up -- THANKS AGAIN! ;) BTW -- do you know how reporting status back would "interact" with the travis? We have configured it to be used originally and "ideally" I would prefer to keep both, but I guess it might be infeasible. Do you know? (I just see in the logs that buildbot sent update against my commit in the PR, but I don't see PR being updated, only old travis status is there)

[caktux]

Build statuses from buildbot use GitHub contexts, so does the Travis ones. Make sure you have the latest txgithub, and that your tokens are set up in tokens.json.

[yarikoptic]

On Fri, 13 Mar 2015, caktux wrote:

Build statuses from buildbot use GitHub contexts, so does the Travis ones.

but that is my question -- either they could "co-exist"... sounds like they should

Make sure you have the latest txgithub,

installed via pip install txgithub.

and that your tokens are set up in tokens.json

yeap -- all that was setup I believe... ok -- I will check may be first by disabling travis/coveralls

Yaroslav O. Halchenko, Ph.D. http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Research Scientist, Psychological and Brain Sciences Dept. Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik

[yarikoptic]

@caktux I owe you a beer or two whenever there is a chance! ;) so -- my problem was that in tokens I specified my login for 'owner' not the organization under which account's repository I have made the hook... and now everything works just splendid, including travis and coveralls -- just perfect!!! THANKS A LOT. I could only encourage you though to

• specify the copyright/license for this awesome buildbot setup repo
• try to incorporate you buildbot changes upstream. It would suck to loose them in the long run

And now I need to figure out how to "Filter" PRs: not all PRs should be built automagically to avoid possible trojan/backdoor injection into buildslaves. only the ones from specified users or approved by them (e.g. a tag for a PR or some comment from those users) must be built automagically. I saw some setups like that but didn't bookmark them...

[caktux]

The license was already added following your suggestion, that commit closed this issue ;) And I already mentioned I needed to rebase this on the latest eight and submit a PR to the buildbot project, I just don't have time for it right now. About the buildslaves for PRs, this is why we're using docker for them and pretty much every builder, the other solutions are overcomplicated at best and even with a small project, no one wants to maintain a list of approved submitters. The point about backdoors is moot anyway, since you'll see who and what was sent in the first place, so even without docker, as long as you're running buildslaves on any kind of virtualized architecture with revertable snapshots then you're fine.

[yarikoptic]

ah, I am sorry for not checking what closed this issue.

although I also use docker and virtualbox (for windows slave) I thought to stay with "native" OSX installation. And even though I don't care much about that box, I still think that limiting triggering by malicious PRs could be a sane precaution. Especially in small projects it would be easy to list all "trustworthy" fellas IMHO.

Once again thank you and keep on great work!

[caktux]

You're right, OSX is problematic in that regard indeed. But as I said, you do see what code gets checked in anyway. Filtering for trustworthy committers can also be done easily in your buildbot configs using build properties, without the need for anything else running alongside your build server.

Glad this was useful to you, don't hesitate to show your setup sometimes :)

[yarikoptic]

ok -- pushed my comparingly boring and basic setup to http://github.com/datalad/buildbot ;)

as for "what code gets checked in" -- sure you would see it but it might be too late ;-) not to say that PR could be rewritten removing malicious code, making it even less obvious and requiring checking local reflogs etc

[yarikoptic]

FWIW -- here is my attempt to make up such restriction mechanism https://github.com/datalad/buildbot/commit/61f47dc8e434a59986af2b4a2ce473b33d313783 if sounds interesting/appealing -- I would be honored to meld it into your handler and send your a PR so later it becomes a part of your PR upstream.

[caktux]

Nicely done and clean, very well done. I'll keep that in mind if there's a need for it, but for now we'll keep the PR builders going for every committer :)

[yarikoptic]

I have now two choices:

1. wait for your PR upstream to then propose my enhancement
2. I still prepare a PR against your branch for you so you could generously agree to absorb it and it would become a part of your PR in the future (I would prefer this ;) ). It would make implementation even cleaner and I could forget about maintaining it. You wouldn't have to use it BUT if the need comes -- it would be right there ready for you ;)

[caktux]

Pushed the PR for this to buildbot, number 1597 (not linking it as a reference to here would be quite off-topic).

[yarikoptic]

That is awesome. Thank you very much!

On March 15, 2015 3:24:06 PM EDT, caktux notifications@github.com wrote:

Pushed the PR for this to buildbot, number 1597 (not linking it as a reference to here would be quite off-topic).

---

Reply to this email directly or view it on GitHub: https://github.com/ethereum/ethereum-buildbot/issues/35#issuecomment-81207987