Add a rule for SRLabs audits #136
Comments
|
@the-right-joyce few questions:
instead of:
this:
https://github.com/orgs/paritytech/teams/core-devs/members i think it includes almost everyone of "knowers-of-the-code", and if I (not a core-dev) change any of the listed files, that would require srlabs to approve too? this change would:
|
|
Thank you for driving this and our call last week @the-right-joyce ! We had some further discussions with the team what might make sense to have in place for the new auditing process:
|
it's for the polkadot-sdk, so once we're live with it it would be good to have this implemented asap (currently we're using the
sounds good! @redzsina |
|
Hi! I'm Javier and I'm currently working on the automatic review system! Given the requirements of this ticket, I believe it would be better for it to become its own project. FlowTo make it clear, the project requirements would work the following way:
For the next step:
This should be easy to achieve by adding a new rule to the PRCR bot (soon to be replaced by https://github.com/paritytech/review-bot). Regarding @redzsina comments:
I just looked into it and you can see the changes inside the PR/Issue itself: My questions
Could we have "draft" PRs instead for this situation? priorities: Should we keep the labeling system for the priorities? Is this "used" by any system? Let me know if this would satisfy all your requirements! |
This was solved, I've added the status "in progress" on the board
Also here, we have a field on the project where the priorities are given. For the monorepo we don't want to use priority-labels any longer as a PR/issue can have different priorities on each project. |
|
As discussed in this issue, some PRs in the polkadot-sdk repository are now required to have a review by a member of @paritytech/SRLabs. Unfortunately there is a bug with the CI bot automating this workflow. I reviewed one of these PRs and marked it as such. The CI bot then re-requested a review from us, in effect nullifying my action. paritytech/polkadot-sdk#1194 (comment)
|
|
Hi @louismerlin, this seems to be intentional. From the latests changes: - min_approvals: 2
teams:
- srlabsChanging that number to one would fix this problem |
As requested by @the-right-joyce and @louismerlin, the amount of required reviews from the `srlabs` team has been reduced to 1. See related discussion: paritytech/pr-custom-review#136 (comment)
As requested by @the-right-joyce and @louismerlin, the amount of required reviews from the `srlabs` team has been reduced to 1. See related discussion: paritytech/pr-custom-review#136 (comment)
As requested by @the-right-joyce and @louismerlin, the amount of required reviews from the `srlabs` team has been reduced to 1. See related discussion: paritytech/pr-custom-review#136 (comment)
Added rule which allows the audit team to lock particular important changes when they were created by someone who does not belong to the core-devs team This resolves paritytech/pr-custom-review#136
Added rule which allows the audit team to lock particular important changes when they were created by someone who does not belong to the core-devs team This resolves paritytech/pr-custom-review#136
Created a Github Action that uses the [Review-Bot app](https://github.com/paritytech/review-bot) to require more fine tuned requirements to review pull requests before allowing the PR to be merged. This uses [`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) for the event, not `pull_request`. This is a security measure so that an attacker doesn’t have access to the secrets. All the rules have been copied from the original `.github/pr-custom-review.yml` file. I want to clarify, this particular commit is **not intended to replace PRCR yet**. # Advantages it brings over `PRCR` Most of the features available in `PRCR` have been duplicated and enhanced. For a complete detailed write up, please see: - paritytech/pr-custom-review#114 -> Proposal for the rewrite - [Review Bot Documentation](https://github.com/paritytech/review-bot/blob/main/README.md) The most important features are: - `include` and `exclude` fields now accept an array, making it easier to read the regular expressions. - Ability to skip a rule - We can set that PRs coming from a particular user or team will cause the rule to be skipped. - This is used in the `Audit rule`, which was requested by @the-right-joyce. - This resolves paritytech/pr-custom-review#136 - Ability to request fellows instead of teams - As requested in polkadot-fellows/runtimes#7, this bot has the ability to request fellows by rank instead of users. - We currently have polkadot-fellows/runtimes#31 which is using that feature. Aside from all the rules available in `PRCR` I have added a particular rule to lock the review-bot files and require a review from the `locks-review` team, the @paritytech/ci team and the @paritytech/opstooling team to ensure that the file has been written correctly. ## Next steps The next steps will consist on paritytech/review-bot#53, once this issue has been resolved, and `review-bot` has worked without any issues on this repository for a while, we will upgrade it to be able to fully replace `PRCR`.
@0xJayPi, @serhanwbahar and I had a call today with SRLabs where we discussed how the current labels-based auditing process should be replaced in our beautiful monorepo.
Currently, the CI enforces users to add a
D*label to their PRs in case these files are touched:polkadot:
^runtime/polkadotpolkadot :
^runtime/kusamapolkadot :
^primitives/src/polkadot :
^runtime/commonsubstrate :
^frame/substrate :
^primitives/We aligned that we want to keep the enforcement of the auditing process for the same files (the runtime files will be obsolete, as we won't have them in the monorepo), but the process should now look like this:
The text was updated successfully, but these errors were encountered: