I'm trying to set up an automated CI process GitHub and Jenkins. The goal is to have developers create feature branches and generate pull requests that are automatically merged (if they pass build, of course) using Jenkins Github Pull Request Merger.
It is a further goal to require that pull requests be against an open GitHub issue. For us, that means that either the pull request title or at least one of the pull request commit messages must contain a substring like "fixes #NN" where #NN must reference an open GitHub issue. This 'issue_opened' check is also automated - our 'issue_opened' GitHub App queries the GitHub issues and examines commit messages and the PR title, then it POSTs the pull request with a status (for testing purposes I'm always posting 'failure').
The process envisioned is as follows:
1. Feature branch pushes are automatically built by Jenkins.
2. When a feature branch is ready and passes Jenkins testing, a developer will generate a pull request; this automatically triggers steps 3 & 4, each running independently:
3. Our 'issue_opened' GitHub App very quickly POSTs a status to the pull request.
4. Jenkins performs the build - it takes much longer than step 3. If the build passes, Jenkins applies that status. If all statuses are 'success', the pull request is automatically merged.
What I observe:
Currently, my pull requests are merging feature branches to master. Master is protected (GitHub master branch: Settings>Branches>Protect this branch>Require status checks to pass before merging and the 'issue_opened' status check is set to Required.) Everything works as planned, except that the Github Pull Request Merger breaks GitHub convention and only respects its own status, not the other statuses.
So the PR merge depends only on Jenkins:
After step 3 POSTs a 'failure' status but before step 4 completes, GitHub reports that "Required statuses must pass before merging" and indicates that the 'issue_opened' status is 'failure'. But when the Jenkins build succeeds, the merge takes place anyway.
FWIW, the merge also happens if the feature branch already has a bad status at the time the pull request is created.
Any way I can get this to do what I want?
1 Answers
After more desperate fiddling I tried enabling the GH master branch protection setting Settings>Branches>Protected Branches>master>Protect this branch>Include administrators and 'voila': it pretty much works for me, more or less:
Jenkins Github Pull Request Merger still tries to do the merge, but GitHub returns this:
HTTP response code: 405, message: 'Method Not Allowed'.
As a result of the rc 405, Jenkins generates a java.io.IOException and regurgitates this json message from GH:
{"message":"2 of 2 required status checks have not succeeded: 1 failing and 1 pending.","documentation_url":"https://help.github.com/enterprise/2.10/user/articles/about-protected-branches"}
Jenkins then POSTS a 'failure' status (which one might quibble over because the build itself didn't fail).
This makes sense, since I am an admin for this repo, but I didn't anticipate that the Jenkins Github Pull Request Merger would not check the statuses. But I'm very pleased that this will get the job done for me, though from my point of view it would be cleaner if Jenkins first posted the build status, then POSTed the merge. Even better, if it checked the statuses it could simply skip the attempt to POST, and I wouldn't have had to enable the Include administrators protection. As it stands, I don't see a way to clear the Jenkins-posted failure status on the pull request. So we'll have to close such failed pull requests and create new ones.
Additional Info
Since posting initial answer I have discovered that one must not set/enable the GitHub Branch protections status check that comes from the Jenkins build. If it is not enabled, one can close the failed pull request, correct whatever problems caused other status checks or the Jenkins build to fail, and then start the pull request process over again by opening a new pull request.
