add support for cloning Git repository via SSH rather than HTTPS

[boegel]

This is useful when the target repository of PRs that the bot should act on is a private repository.

Opt-in via this in bot configuration file (app.cfg):

[buildenv]
clone_git_repo_via = 'ssh'

(draft PR since this needs actual testing, and perhaps more changes)

[smoors]

if you're now creating the diff like this, shouldn't you remove the curl_cmd above?

[boegel]

Yes, of course, I'll tackle that too

[smoors]

edit: nvm

[boegel]

@smoors made a good point (in Slack) about this change: this doesn't take into account that there may be changes in the main branch that are not included in the PR branch yet.

So, a better approach would be to:

• fetch the PR branch
• check out the PR branch
• git merge main
• swap back to main branch
• git diff
• git apply

[trz42]

This procedure hasn't been implemented yet, right?

A few thoughts:

• main should probably be the target branch of the PR, for example, for EESSI/2023.06 that would be 2023.06-software.eessi.io?
• the git diff after the swap back to "main" is really just the plain git diff or rather git diff PR_branch?

[boegel]

to determine base branch for PR (the target branch), maybe git merge-base is useful...

[boegel]

I'll change this so the new approach based on git is only used when clone_via is set to 'ssh' (so nothing changes for existing bots that listen to a public repo).

That gives us some freedom to experiment with the situation where the target branch has been updated since the branch for the PR was created.

[boegel]

I've updated this in a99ae60 to only use the git diff approach when clone_git_repo_via is used.

It's still doing only git fetch + git diff, so you could still have issues when the PR branch is way behind on the target branch, I'll try to look into that next.

[smoors]

created a PR to this PR using git merge-base:
boegel#1

[boegel]

This is working as expected now, so marking it ready-for-review.

Hopefully @trz42 has time to take a look?

[trz42]

Works as intended. See trz42/software-layer#78

The optional settings have to be commented. The intention with listing them, is more to document that they are optional and it could be easily changed in the future if we wish so.

I think, it might be good to add some comments (README.md and app.cfg.example) about what is needed if the ssh key has not a standard name and if it uses a passphrase.

[boegel]

I haven't actually re-tested this after the changes I've made, and some more changes are required to the git diff approach to take into account that the target branch of a PR may have been updated since the PR was opened, so I'm marking this as work-in-progress for now...

[smoors]

this works as expected now that we're creating a diff from the merge-base instead of from the HEAD, which produces exactly the same diff as the one downloaded directly from api.github.com.

one thing that doesn't work with SSH is the bot: status command as that still requires using the github api. might be good to add a note about this.

[smoors]

one thing that doesn't work with SSH is the bot: status command as that still requires using the github api. might be good to add a note about this.

@boegel README updated in boegel#2

[boegel]

@trz42 This should be good to go now, can you take a look?

It doesn't change anything in the default behavior, but extra feature it adds is essential for working with private repositories, since those can't be cloned via HTTPS.

[trz42]

Minor comment.

Can you also pull in upstream changes, thus one could test this PR and the PR for allowing no spaces between bot: and build?

[trz42]

These settings should probably be added to the list of required settings.

[boegel]

fixed in 750b8a4

[trz42]

Tested via a pull request to a private repo. Works as intended.

Nice work @boegel and @smoors !