On 06Apr2020 1750, Victor Stinner wrote:
Le lun. 6 avr. 2020 à 13:31, Steve Dower email@example.com a écrit :
The CI configuration is loaded from the PR head, at least on GitHub Actions (where you can validate config changes in PR) and Azure Pipelines. I just validated this by re-running an old PR and watched it choose OpenSSL 1.1.1d instead of 1.1.1f (and then fail to check out a reference - see the logs at https://github.com/python/cpython/pull/18909/checks?check_run_id=564079685)
So I think it's an issue, and probably does require PRs to merge in master to get back in sync. But probably the best we can do is post a message in older PRs warning that they need to do it. Maybe we close them at the same time?
That's bad :-(
So is leaving them there when we know they can't be merged :(
We could also move some of these CI configuration variables out of the CI files and into separate scripts - many already are. This is annoying for anyone who forks and runs their own build, but it should mean that updates like the OpenSSL version get merged in during CI even for older PRs.
That sounds like a sane plan.
Provided there are options/environment variables available to override these without having to modify source files, I agree that it's sane.
Though we then need an explicit policy in our CI configurations to not put information in those - I've already noticed that people contribute changes to them that don't follow the existing conventions, so we'll have to be more explicit about it.