-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Workflow to auto-patch vendored Samba code #768
Conversation
For each of the vendored and modified Samba files in `internal/policies/certificate`, add the unmodified versions from the official Samba repository, alongside the set of patches needed to bring them to the "final" state.
Since our vendored Samba code has a few patches, a good way to ensure we keep it in sync with upstream is to apply an auto-patch workflow where we take the original files and apply a series of patches to get the files to the final state. This way we ensure that we don't miss any of the changes that happen upstream. The implementation is self-explanatory for the most part, taking inspiration from our other automated PR workflows. Auto-merging is disabled to give maintainers the opportunity to review (and test) the changes before merging anything in. This means, in addition to vendoring the "final" versions in `./internal/policies/certificate`, we also need to vendor the upstream versions, and the series of patches to apply. As there's no reliable way to trigger this workflow only on upstream code changes (i.e. webhooks), the next best thing is to have the workflow run on schedule. We don't expect changes to the vendored part of our codebase given that it's been around 5-6 months since the last commits, so running it on a weekly cadence should suffice. I'm also leaving the `workflow_dispatch` trigger on in case we want to run it on demand. If the patching fails, the PR body will contain the hunks that failed to apply. In this case, the developer is expected to manually perform the actions of the workflow, updating the patches so they are applicable to the new Samba version. Fixes UDENG-1113
Codecov Report
@@ Coverage Diff @@
## main #768 +/- ##
=======================================
Coverage 86.07% 86.07%
=======================================
Files 77 77
Lines 8552 8552
=======================================
Hits 7361 7361
Misses 868 868
Partials 323 323 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Note that the patch series is still subject to changes regarding commit messages and splitting, but the code changes are final (and what we currently ship in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Did you test it in a separate repo? I'd like to see how the PR would look like when there's changes to be made.
Yes, sorry should have linked it: GabrielNagy#25 in this case I just deleted the comment lines from You can cycle through the PR comment edits to see the different states:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great! Thanks for linking the example PR!
Since our vendored Samba code has a few patches, a good way to ensure we keep it in sync with upstream is to apply an auto-patch workflow where we take the original files and apply a series of patches to get the
files to the final state. This way we ensure that we don't miss any of the changes that happen upstream.
The implementation is self-explanatory for the most part, taking inspiration from our other automated PR workflows. Auto-merging is disabled to give maintainers the opportunity to review (and test) the changes before merging anything in.
This means, in addition to vendoring the "final" versions in
./internal/policies/certificate
, we also need to vendor the upstream versions, and the series of patches to apply.As there's no reliable way to trigger this workflow only on upstream code changes (i.e. webhooks), the next best thing is to have the workflow run on schedule. We don't expect changes to the vendored part of our codebase given that it's been around 5-6 months since the last commits, so running it on a weekly cadence should suffice. I'm also leaving the
workflow_dispatch
trigger on in case we want to run it on demand.If the patching fails, the PR body will contain the hunks that failed to apply. In this case, the developer is expected to manually perform the actions of the workflow, updating the patches so they are applicable to the new Samba version.
Fixes UDENG-1113