Re: Checkout of web-platform-tests pull request

On Wed, 10 Apr 2013, Dominique Hazael-Massieux wrote:

> Hi,
>
> Following a discussion on #webapps today, I've made a manual [*]
> checkout of all the existing pull requests on the web-platform-tests
> repository:
> https://github.com/w3c/web-platform-tests/pulls

Excellent!

> They have been checked out in
> https://w3c-test.org/web-platform-tests/submissions/ using the labels of
> the pull requests as the directory name (look at how many ways one can
> spell "w3c:submission").

Could we just use the pull request number as the directory name?

> At least one submission checkout didn't succeed due to conflicts in
> merging (https://github.com/w3c/web-platform-tests/pull/44)

How can a checkout have merge conflicts? That isn't making any sense to 
me. Unless you are trying to auto-rebase onto master and them checkout. 
That doesn't seem like a good idea though.

> The purpose of these checkout is to make it somewhat easier to run the
> submitted test cases in one's browser.
>
> The discussion in #webapps had alluded to something more automated (e.g.
> automatic checkout each time a pull request is made), but I didn't
> manage to find a reasonable security approach within what the github API
> offers; meanwhile, I expect a manual approach will work fine for now,
> and I expect a more involved review system will provide a more automated
> approach in the future.

I don't think a manual approach is going to scale. I'm also not sure how 
the github API is related to security; all the github API is needed for is 
to get notifications about when there are new pull requests or when the 
repo is updated. If the security concern is just PHP files mod_pup should 
be disabled for the submission/ directory (or, for a more advanced 
solution, it should be disabled for files that have been changed on the 
pull request branch).

Received on Wednesday, 10 April 2013 19:02:59 UTC