Re: Checkout of web-platform-tests pull request

Le jeudi 11 avril 2013 à 10:20 +0200, James Graham a écrit :
> > I don't think a manual approach is going to scale. I'm also not sure how the 
> > github API is related to security; all the github API is needed for is to get 
> > notifications about when there are new pull requests or when the repo is 
> > updated. If the security concern is just PHP files mod_pup should be disabled 
> > for the submission/ directory (or, for a more advanced solution, it should be 
> > disabled for files that have been changed on the pull request branch).
> So, I hacked together the beginnings of a script to do the syncing [1]. It 
> is mostly untested; I had the initial import working, but haven't tried 
> the synchronisation code at all. Obviously it's rather rough, but I think 
> the approach is basically right. Additionally, on its own it won't provide 
> any security at all. You need to disable PHP in the apache config for the 
> submissions/ directory or something similar.

As discussed on IRC:
* your python script seems a much better starting point than mine, in
particular in terms of how it manage clones (and thus save disk space)

* ideally, it would have a triggered mode (based on github events) and a
pull mode (for regular poll for things that github doesn't signal as

* if we could only clone pull requests that have been labeled via their
corresponding issues as mirror-worthy, it would alleviate my security

I'll see if I can look into this in the coming days (unless of course
someone else beats me to it :); given the existing checkouts, I don't
think there is a particular urgency though.


> [1]

Received on Thursday, 11 April 2013 14:11:22 UTC