Skip to content
Sign in
Success

Changes

Summary

  1. ci(pingcap-qe/ci): add PR content policy check (#4476) (commit: f3d0a9c) (details)
Commit f3d0a9cf479f4a2d989c9650a6cf42fc51cecf4b by noreply
ci(pingcap-qe/ci): add PR content policy check (#4476)

This pull request introduces a new content policy check for pull
requests, updates Jenkins URLs to a new domain, and improves container
image management and security in CI pipelines. The major changes include
adding a script and Prow job to enforce PR content rules, updating
Jenkins references from the old to the new domain, enhancing Renovate
configuration to update container images in YAML files, and upgrading
the `flux-cli` container image for better security and features.

**Pull Request Content Policy Enforcement:**

* Added `.ci/check-pr-content-policy.sh`, a script to check added lines
in pull requests for forbidden substrings and unauthorized `pingcap.net`
hosts, with reporting and usage instructions.
* Integrated the new content policy check as a required presubmit job
`pull-verify-pr-content-policy` in
`prow-jobs/pingcap-qe/ci/presubmits.yaml`, ensuring all PRs to `main`
are validated.

**Jenkins URL Migration:**

* Updated all references to the Jenkins root URL from
`https://do.pingcap.net/jenkins` to `https://prow.tidb.net/jenkins` in
scripts, documentation, and usage examples
(`.ci/replay-jenkins-build.sh`,
`.agents/skills/test-jenkins-pipeline-changes-in-pr-by-replaying/SKILL.md`).
[[1]](diffhunk://#diff-969a7a1cc3ceb372eef89a32e75e315481bda7de329d354bc535543e36fe2152L126-R126)
[[2]](diffhunk://#diff-969a7a1cc3ceb372eef89a32e75e315481bda7de329d354bc535543e36fe2152L157-R157)
[[3]](diffhunk://#diff-969a7a1cc3ceb372eef89a32e75e315481bda7de329d354bc535543e36fe2152L182-R182)
[[4]](diffhunk://#diff-e4ae88c1b62fa5819dc1406b2a6267de3e218438d35f461755a1744f62b1b7c6L26-R26)
[[5]](diffhunk://#diff-e4ae88c1b62fa5819dc1406b2a6267de3e218438d35f461755a1744f62b1b7c6L544-R544)

**Container Image Management Improvements:**

* Enhanced `.github/renovate.json` with a custom manager to
automatically update container images referenced in `pipelines/` and
`prow-jobs/` YAML files.

**CI Pipeline Security and Maintenance:**

* Upgraded `flux-cli` container images in multiple Prow job
configurations to version `v2.2.3` for improved security and features
(`prow-jobs/pingcap-qe/ci/presubmits.yaml`,
`prow-jobs/ti-community-infra/configs/presubmits.yaml`).
[[1]](diffhunk://#diff-9db5df27906664c96b24883b91f2527720f4898654f108244cda91118a5e9d4aL115-R134)
[[2]](diffhunk://#diff-91e31271871087bd1f75ae2bd75142333bc1f221adbab3334950d34899af89f0L84-R84)
[[3]](diffhunk://#diff-91e31271871087bd1f75ae2bd75142333bc1f221adbab3334950d34899af89f0L112-R112)


The job is short-term for migration, it will be deprecated in future.
 (commit: f3d0a9c)
The file was modifiedprow-jobs/ti-community-infra/configs/presubmits.yaml (diff)
The file was modified.agents/skills/test-jenkins-pipeline-changes-in-pr-by-replaying/SKILL.md (diff)
The file was modifiedprow-jobs/pingcap-qe/ci/presubmits.yaml (diff)
The file was added.ci/check-pr-content-policy.sh
The file was modified.ci/replay-jenkins-build.sh (diff)
The file was modified.github/renovate.json (diff)