Open matttrach opened 1 year ago
matttrach
commented
1 year ago The dependabot PRs are running on both drone-pr and drone-publish, since they’re using branches on the main repo. We should update the drone config to not run publish CI on branches other than master and release-*
matttrach
commented
1 year ago RKE2 Repos:
matttrach
commented
1 year ago matttrach
commented
1 year ago To implement this we need to add a when clause to the steps which points to the main/master and release-* branch. example:
when:
ref:
include:
- "refs/heads/master"
- "refs/heads/release-*"The when clause's main objects must all evaluate to true for the CI to run, but sub objects are OR, so in the above example ref must be true for the CI to run, but ref = true if any of the include items are true. This means that the CI will run if the ref path includes refs/heads/master OR refs/heads/release-*.
The ref object is not compatible with the event tag sub-object because tags are not associated with a branch. This means that if the when clause includes and event tag object we should not add a ref object, these carry the assumption that they are only on the master/main branch.
Most steps carry either the event tag or ref objects already, so we can safely exclude those.
matttrach
commented
1 year ago https://docs.drone.io/yaml/exec/#the-when-section https://docs.drone.io/yaml/exec/#the-conditions-object https://docs.drone.io/yaml/exec/#the-include-attribute https://docs.drone.io/yaml/exec/#the-ref-attribute https://docs.drone.io/yaml/exec/#the-event-enum https://docs.drone.io/pipeline/conditions/#by-branch
matttrach
commented
1 year ago ref is where the object comes from
branch is where a pull or push wants to go to
matttrach
commented
1 year ago The context of ref is where the CI is pulling from, this is sent to Drone via the webhook.
The ref will therefore be one of these three paths:
refs/heads/* infers a push/merge event and the ref is a commit on the branch that accepted the mergerefs/tags/* infers a tag event and the ref is to the tagrefs/pull/* infers a pull_request event and the ref is to the special GitHub branch that contains the PR in your repomatttrach
commented
1 year ago Events (tag, push, pull_request) to Instances (PR, Publish)
tag = Publish, tag != PR
push = Publish, push != PR
pull_request != Publish, pull_request = PR
Publish = tag && push
PR = pull_request
matttrach
commented
1 year ago Steps to Events:
tag and push events are sent to only the Publish instancepull_request events are sent to only the PR instance
matttrach
commented
1 year ago Refs to Events and Instances:
ref is where (in Git history) the CI will pull from to run stepsrefs: head, tag, and pull
ref relates directly to the corresponding event type
push event will have a head reftag event will have a tag refpull_request event will have a pull refref type directly relates to event type then we can relate instance to refmatttrach
commented
1 year ago Steps to Refs:
tag, pull, and head refs, but only for main/master and release branches (ex. build, test)tag refs (ex. verify release)head and pull refs (ex. skip files)We can infer events and instances by ref, there is only one ref for a pipeline, so we can control any step by ref.
When Dependabot generates PRs they are running in both drone-publish and drone-pr. They should only be running on drone-publish.