Run pipelines for GitHub pull requests
What does this MR do?
This MR introduces support for only/except: external_pull_requests
when using the project for CI/CD only with a GitHub repository. When using only/except: external_pull_requests
we allow jobs to be created for a pipeline if a GitHub pull request is open for the given ref
.
This MR is an alternative approach to https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31289
When using a mirror for CI/CD only we register a pull_request webhook. When a pull_request webhook is received for the pull request being created, if the repository already contains the SHA related to the pull request, we create immediately a new pipeline. Otherwise we store the pull request info for when changes are pushed to branches. When changes are pushed to branches we check if any pull requests are opened for the given ref and create pipelines for pull requests.
Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/65139
CE port: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31802
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation created/updated or follow-up review issue created -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Performance and testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
End-To-End test
- create new project as CI/CD for external repo
- select GitHub as option
- import repository
- ensure that on GitHub both push and pull_request webhooks are registered
- GitHub integration should also be active
- add a
.gitlab-ci.yml
on GitHub repository containg
always-run:
script: echo 'this should always run'
on-pull-requests:
script: echo 'this should run on pull requests'
only:
- external_pull_requests
except-pull-requests:
script: echo 'this should not run on pull requests'
except:
- external_pull_requests
- push changes to a new branch
- if push webhook updates the mirror we should see a pipeline creating jobs
always-run
andexcept-pull-requests
- open a pull request on GitHub
- if pull request webhook is sent we should see a pipeline creating jobs
always-run
andonly-pull-requests
- when pushing new changes to the same branch we should see a pipeline created with
always-run
andonly-pull-requests
jobs for as long as the pull request remains open - close the pull request, should not trigger any pipelines
- when pushing new changes to the same branch, this time, we should see a pipeline with
always-run
andexcept-pull-requests
TODO
-
always update ExternalPullRequest
on pull request webhook as the source/target sha may change -
if push and pull_request webhooks are sent together but