Skip to content
This repository has been archived by the owner on Oct 16, 2023. It is now read-only.
/ unblock-buildkite-pr-job Public archive

A web service service that unblocks Buildkite PR jobs

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

avtar/unblock-buildkite-pr-job

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
src
src
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
config.json
config.json
 
 
launch.js
launch.js
 
 
package.json
package.json
 
 

Repository files navigation

About

This web service processes incoming Buildkite webhook events. When a POST request is sent to its /unblock endpoint the following takes place:

  • Verification of the incoming Buildkite payload
  • A GitHub contributors API request to verify the PR author is a recognized contributor
  • If all of the above test cases pass then a Buildkite API request is issued to unblock the blocked PR job

Block pull request jobs in pipelines

It is necessary that all Buildkite pipeline configurations start with the following snippet:

steps:
  # The CI job will be paused for third-party PR branches. It can be resumed from the Buildkite dashboard.
  - block: "Run this CI job"
    # Buildkite uses an "account:branch" naming pattern for third-party branches.
    branches: "*:*"

Configure Buildkite webhook

A webhook needs to be set up by visiting your project's dashboard https://buildkite.com/organizations/<project name>/services/webhook/new.

  • The Webhook URL needs to point to wherever this web service will be hosted, for example https://domain.lol/unblock
  • Make a note of the Token
  • Only the build.finished event should be checked
  • Branch filtering should be set to *:*

Environment Variables

The following environment variables are mandatory:

  • BUILDKITE_ACCESS_TOKEN: A token needs to be generated with access to the read_builds and write_builds scopes
  • BUILDKITE_WEBHOOK_TOKEN: The token provided by Buildkite when setting up a webhook as detailed above
  • BUILDKITE_ACCOUNT_NAME: The account name used to unblock jobs
  • BUILDKITE_ACCOUNT_EMAIL: The email address associated with account used to unblock jobs
  • BUILDKITE_JOB_LABEL: The blocked job label used in pipeline configs, for example Run this CI job

These variables are optional:

  • GITHUB_ACCESS_TOKEN: There is no default but GitHub will limit unauthenticated requests to 60 per hour. To have a higher limit please provide a token with the repo scope
  • TCP_PORT: Defaults to 3000

Build image

docker build --rm -t <docker repository account>/unblock-buildkite-pr-job .

Start container

docker run \
-d \
-p 3000:3000 \
--name="unblock-buildkite-pr-job" \
-e BUILDKITE_ACCESS_TOKEN="your token" \
-e BUILDKITE_WEBHOOK_TOKEN="token provided in buildkite webhook settings" \
-e BUILDKITE_ACCOUNT_NAME="account name used to unblock jobs" \
-e BUILDKITE_ACCOUNT_EMAIL="email associated with account used to unblock jobs" \
-e BUILDKITE_JOB_LABEL="Blocked job label used in your pipeline config" \
avtar/unblock-buildkite-pr-job

About

A web service service that unblocks Buildkite PR jobs

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages