github-actions does not have permissions to push to main
#680
Comments
|
I think only @hlopko has the power to help out here. |
|
Is bootstrapping cargo_universe requiring auto-commits back into the repository? |
|
The bootstrapping process doesn't but being able to distribute the built binaries to users does. Otherwise users need to go get the URLs and sha256 values themselves which is not ideal. |
|
I'm not comfortable with the repository being auto-updated for a API that's experimental. |
|
Why are you uncomfortable? And what are the alternatives? |
|
The API takes the url and sha256 as an input. The SHAs could be generated as an additional artifact. auto-commits are a significant jump in complexity to getting something working, and making sure they continue to work. |
|
I don't see how an additional artifact would solve for users having to copy/paste something in addition to having to go find the latest commit of the rules and the sha256 of these rules to use a built in rule. How do we solve for the usability concerns? |
|
Given that most bazel repositories require a user to locate it's url and SHA, I don't see it as a huge usability hurdle. |
|
I do see it as a sizable usability hurdle. I'd like to avoid putting users in situations where they're using incompatible binaries with their current rev of the rules. I hope to stabilize |
|
To clarify my concern, it being experimental is a secondary concern. I think every commit of the repository should function appropriately, and if the API requires a secondary commit for every change, then it doesn't seem to be following that principle. |
|
Aside from committing binaries to the repo, what other options are available? |
|
I agree that atomic self-contained commits are much nicer than separate ones (both ideologically, and for making things like bisects work properly). I can see the desire to avoid the complexity of auto-commits (at least for now) from a complexity perspective, but I don't think auto-commits are fundamentally problematic, other than that they break the self-contained-ness of commits. It feels like the ideal way to address this long-term would be for a bot to perform the merges for us (and do the generation on the way), rather than for us to merge and then trigger another process. In the mean time, I can imagine the now-existing "release" GitHub Action populating a copy-and-paste-able load(..., "http_archive", "http_file")
http_archive(
name = "rules_rust",
url = "[rules_rust tar]",
sha256 = "...",
...
)
http_file(
name = "rules_rust_crate_universe_resolver_darwin_...",
url = "[rules_rust tar]",
sha256 = "...",
)
...So that the primary way someone pulls in rules_rust is by copying this block. The rules could be written assuming you've registered the repos, and just consuming them assuming they have been. Given bootstrapping for development and for PR builds needs to be separate anyway, changing from copying one |
|
That's a fine solution for right now but I'd like to hear ideas about a long term solution. Eventually we should have something more streamline and I'd rather have conversations about what options there are vs things we don't like. |
|
Merging things into user's PR sounds risky and tough. Does anyone know of another repo that does this? |
|
This is no longer relevant due to #1195. Closing. |
In #663 a change was introduced to build new
crate_universe_resolverbinaries and push a change back to main containing the release URL where they were uploaded and thesha256checksums of each binary. Unfortunately, the github-actions user cannot push tomain.https://github.com/bazelbuild/rules_rust/runs/2289735079?check_suite_focus=true
The text was updated successfully, but these errors were encountered: