Announce: octobot


#1

Hello!

I wanted to share with you all the first medium-sized rust endeavor: octobot.

This began as a way for me on the side to actually learn Rust by using it on a non-trivial project, as well as to help improve some tooling at work as well, and we have just recently open-sourced it.

It can do some cool things:

  • Integrate PR activity with slack channels and slack DMs for faster code-review feedback
  • Automatically backports PRs on merge to release branches
  • Detects force-pushes to PRs and comments on the PR to not lose history, and lists files that changed in relative diff pre/post force-push.
  • Integrate github PRs with JIRA: comments on issues w/ PR links, transitions issues to Resolved/Fixed status
  • Can add version information to JIRA if versions can be calculated from the repo itself (calculated from git tags, for example)

These things have helped some of our teams be more productive and I hope it will help some others as well. Since it has been mostly for internal consumption until now, docs are sparing, yet not entirely absent. Hopefully it will be useful to some of you too.


#2

Why does it require --privileged for the docker container?


#3

Great question. The --privileged flag is related to the way octobot runs version scripts:

When a PR is merged that references a JIRA issue, and when that repo has a version script enabled, octobot will clone the repo, and execute the version script inside firejail to provide some level of isolation.

I tried hard to get around this with specific docker privileges and even with --cap-add=ALL, but it still was not enough to make firejail happy. I think this is because firejail itself is using some of the same linux primitives that docker uses for containerization, if I’m not mistaken. In the end, I decided that running docker with --privileged was better than not using firejail.