[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Patch checking bot
From: |
Fam Zheng |
Subject: |
Re: [Qemu-devel] Patch checking bot |
Date: |
Tue, 21 Oct 2014 16:19:52 +0800 |
On Mon, Oct 20, 2014 at 6:25 PM, Stefan Hajnoczi <address@hidden> wrote:
> Hi,
> At KVM Forum 2014 we discussed a patch checking bot that automates patch
> format checking and smoke testing:
>
> 1. Did the patch submitter include Signed-off-by?
> 2. Does checkpatch.pl pass?
> 3. Does the patch apply to qemu.git/master?
> 4. Does each patch compile?
> 5. Does the series pass make check and qemu-iotests?
>
> Here are some thoughts on the patch checker:
>
> If a patch series passes successfully, no email is sent. If a patch
> series fails, an email with the errors is sent as a reply to the patch
> series email thread. The patch submitter can then respond in case there
> are false positive (e.g. from checkpatch.pl) - the bot doesn't care
> about replies but it tells the human reviewers and maintainers what the
> patch submitter intends to do.
>
> The bot should detect new patches within 15 minutes so humans can rely
> on it to perform these basic checks before they review the patch series.
>
> There should be a web page showing the check status of each patch series
> on the mailing list. This allows anyone to see which patch series have
> passed, failed, or are pending check.
>
> Ideas on the implementation:
>
> The "patches" tool allows querying patch series on the mailing list. It
> can be used to apply patches to a git tree and display patches in mbox
> format:
>
> https://github.com/stefanha/patches/tree/stefanha-tweaks
>
> Patch series contain untrusted code so it is critical that operations
> are performed inside a sandbox. Otherwise people could send email to
> address@hidden with Makefile or checkpatch.pl changes that get
> executed with the bot's privileges!
>
> Use docker or lxc to run a container for builds. The root file system
> should be fresh for each build so previous builds cannot affect later
> ones. The container cannot have external networking connectivity (for
> security).
A small question: if the container doesn't have network connectivity,
where does the bot's checking scripts read the patch mail from?
>
> Include automated deployment scripts so bot instances can be created
> easily. Here is an example of automated deployment scripts written with
> Fabric that I use for VM that builds the QEMU "patches" database:
>
> https://github.com/stefanha/qemu-patches