From 4f78424a4413a2613bfd2e5768bb110feb9607d1 Mon Sep 17 00:00:00 2001 From: Kent Yao Date: Thu, 24 Aug 2023 20:02:44 +0800 Subject: [PATCH] [CELEBORN-910][INFRA] Support JIRA_ACCESS_TOKEN for merging script ### What changes were proposed in this pull request? This PR supports JIRA_ACCESS_TOKEN for merge script to enable token auth https://github.com/apache/spark/commit/c36d54a569e59e823aab83f47b97ae286fd7f4c4 ### Why are the changes needed? Tokens are more secure and easily revoked or expired. ### Does this PR introduce _any_ user-facing change? no ### How was this patch tested? Your Jira admins can create a token for verification. Closes #1837 from yaooqinn/CELEBORN-910. Authored-by: Kent Yao Signed-off-by: Cheng Pan --- dev/merge_pr.py | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/dev/merge_pr.py b/dev/merge_pr.py index 4af319023d4..b613816c6b4 100755 --- a/dev/merge_pr.py +++ b/dev/merge_pr.py @@ -52,6 +52,11 @@ ASF_USERNAME = os.environ.get("ASF_USERNAME", "") # ASF JIRA password ASF_PASSWORD = os.environ.get("ASF_PASSWORD", "") +# ASF JIRA access token +# If it is configured, username and password are dismissed +# Go to https://issues.apache.org/jira/secure/ViewProfile.jspa -> Personal Access Tokens for +# your own token management. +JIRA_ACCESS_TOKEN = os.environ.get("JIRA_ACCESS_TOKEN") # OAuth key used for issuing requests against the GitHub API. If this is not defined, then requests # will be unauthenticated. You should only need to configure this if you find yourself regularly # exceeding your IP's unauthenticated request rate limit. You can create an OAuth key at @@ -238,9 +243,12 @@ def cherry_pick(pr_num, merge_hash, default_branch): def resolve_jira_issue(merge_branches, comment, default_jira_id=""): - asf_jira = jira.client.JIRA( - {"server": JIRA_API_BASE}, basic_auth=(ASF_USERNAME, ASF_PASSWORD) - ) + jira_server = {"server": JIRA_API_BASE} + + if JIRA_ACCESS_TOKEN is not None: + asf_jira = jira.client.JIRA(jira_server, token_auth=JIRA_ACCESS_TOKEN) + else: + asf_jira = jira.client.JIRA(jira_server, basic_auth=(JIRA_USERNAME, JIRA_PASSWORD)) jira_id = input("Enter a JIRA id [%s]: " % default_jira_id) if jira_id == "": @@ -474,8 +482,9 @@ def main(): original_head = get_current_ref() # Check this up front to avoid failing the JIRA update at the very end - if not ASF_USERNAME or not ASF_PASSWORD: - continue_maybe("The env-vars ASF_USERNAME and/or ASF_PASSWORD are not set. Continue?") + if not JIRA_ACCESS_TOKEN and (not ASF_USERNAME or not ASF_PASSWORD): + msg = "The env-vars JIRA_ACCESS_TOKEN or ASF_USERNAME/ASF_PASSWORD are not set. Continue?" + continue_maybe(msg) branches = get_json("%s/branches" % GITHUB_API_BASE) branch_names = list(filter(lambda x: x.startswith("branch-"), [x["name"] for x in branches])) @@ -575,7 +584,7 @@ def main(): merged_refs = merged_refs + [cherry_pick(pr_num, merge_hash, latest_branch)] if JIRA_IMPORTED: - if ASF_USERNAME and ASF_PASSWORD: + if JIRA_ACCESS_TOKEN or (ASF_USERNAME and ASF_PASSWORD): continue_maybe("Would you like to update an associated JIRA?") jira_comment = "Issue resolved by pull request %s\n[%s/%s]" % ( pr_num, @@ -584,7 +593,7 @@ def main(): ) resolve_jira_issues(title, merged_refs, jira_comment) else: - print("ASF_USERNAME and ASF_PASSWORD not set") + print("Neither JIRA_ACCESS_TOKEN nor ASF_USERNAME/ASF_PASSWORD are set.") print("Exiting without trying to close the associated JIRA.") else: print("Could not find jira-python library. Run 'sudo pip3 install jira' to install.")