Scenario
You’re running an OSS project* and someone makes a pull request. You’ve got two choices:
- Merge and Pray
- Pull to local branch, build, run tests and merge if all OK
What do you do? Well, what is it going to be?
I know what I’d like to do, and GitHub makes it so so tempting:
But unfortunately I go with the second option.
That’s a pain, specially if you do a quick code-review and things look decent. Yet you still need to make sure that it builds and all tests pass.
Well there is a third way. And what’s even nicer, is that it’s also possible with TeamCity.
*This applies to non-OSS too
Automatically Building All Pull Requests
What I want to do is have TeamCity automatically build all Pull Requests for me of my main repository, and notify me if it is successful. And I want this to happen without me having to configure every single fork as a repository in TeamCity, because like that, it wouldn’t be manageable. Here’s a diagram explaining it:
This will drastically improve the workflow since we no longer have to manually create a local branch of the pull request, check it, build it and only then merge it.
Configuring TeamCity
Setting up TeamCity to do this is really simple. It actually only requires one thing: configuring the Branch Specification under the VCS root:
Let’s see what this means and why it works. When a pull request is made, GitHub automatically creates a reference that holds the pull request as well as one that is a merge with the master branch. What we’re saying to TeamCity is to monitor this branch, in addition to the main branch. In this syntax, pull refers to the pull request. The * refers to ANY pull request, and the merge indicates that we’re interested in the pull request merged with the master branch. This means that when TeamCity builds, it will build the branch that was merged. If we want to build the branch, without merging, we could use the following:
+:refs/pull/*/head
So to recap, adding merge builds the result of the merge, and adding head, just the pull request without the merge.
The result of these builds show up in TeamCity like so:
where the number denotes the pull request. Now, we can actually make this a bit nicer by allowing us to see whether the particular request was the result of a merge or just the branch itself. For that, we can specify the following in the Branch Specification
with TeamCity now indicating whether this was a merge or head:
In addition, TeamCity also provides us with a Dropdown, where we can filter all the different pull requests:
Seeing notifications on the Pull Request
As this is a normal build, like any other build, we can configure TeamCity to receive notifications via email, tray icon, etc, both on successful builds as well as failed builds. However, there is one other thing that we can do: see the result of the build on the Pull Request page on GitHub. In order for this to happen, we do need to install a plugin for TeamCity which currently doesn’t ship out of the box. This plugin, written by Eugene Petrenko uses some hooks GitHub provides to add notification information on the Pull Request page.
To install it, download the plugin as a zip file and place it in the plugins folder of the server and restart the server.
Once that’s installed, we can now display build status information on the GitHub pull request by adding a Build Feature to our Build Steps:
and filling in some simple configuration parameters:
And with that, we can see the status on the Pull Request page on GitHub.
* If you’re running your OSS project on TeamCity at CodeBetter, you now have this plugin available.
Summary
Although my example was based on TeamCity 8.0 which is currently in EAP, this feature also works with TeamCity 7.1.3+ (and even previously covered by others). The examples are also based on OSS projects, but you can apply the same workflow to private repositories also, hopefully making things a little bit easier.
Thanks for the walkthrough.
But I can’t get the Github notifications plugin to work in 7.1.4. Could you add more logging to the plugin and help get it fixed?
https://github.com/jonnyzzz/TeamCity.GitHub/issues/7
Brandon, please find my answer on GitHub issue
Can you setup something similar with Perforce?
Unfortunately no, as Perforce did not provide such abilities (pull requests, auto merge, easy branching, etc). Or does it now?
Is this safe? Sounds like a good way to let a 3rd party execute code on your server…
Does it differentiate between Opened vs Closed pull requests?
I’ve enabled this but it looks like it is building all the pull requests not just the Opened ones!
Another question, I have setup build chains so that the last step on the chain is to create a nuget package and upload it to nuget, obvioulsy I do not want this to run if all I’m doing is testing a PR.
So how do I tell TC to not do a certain build chain?
Isn’t this a security risk at least for public repositories? A build could involve executing arbitrary code, and you wouldn’t want to execute arbitrary code on your build server that people you don’t know send as pull requests.
@Harry, @Ricky
Any code that runs on your agent will potentially put your agent at risk unless it’s run under the current permissions. So essentially yes, this can cause a security risk, but this will happen with any system that does the same thing.
@John,
yes VCS trigger builds all the pull requests, because it doesn’t know anything about github. To build only new ones we probably need a dedicated github trigger that watches pull requests in repository. It can also run the builds only for pull requests from the specified trusted users, solving security problem.
To skip publishing nuget package you can analyze a config parameter ‘teamcity.build.branch’ in your build script. It has a value ” for builds from the default branch.
I meant <default>
Would this also work with GitLab?
Not tried it unfortunately.
Second that. We’re in the process of switching from GitHub enterprise to GitLab so really interested to see if we can get it working. Building PR’s is fundamental to our workflow.
Great article! We use this in our CI process. I potential gotcha is the use of a build trigger that fires on commit. GH will force a commit in refs/pull/xxx/merge whenever the status of the pull request is changed (reported to GH as a suspected bug). If refs/pull/*/merge is used as a branch specification, teamcity will pick up the change (different commit hash) and the trigger will fire another build…and so forth.
Thanks Pencho, running into this myself. Did you come up with a way to trigger the build only once per commit?
Im getting this as well. Did anyone find a work around / fix?
Seems like the only way to stop the never-ending-build-trigger-thingy (as of today) is to use
+:refs/pull/*/headinstead of+:refs/pull/(*/merge)(http://youtrack.jetbrains.com/issue/TW-33455#comment=27-657273).This seems to be the case for Teamcity 7.1. Does this work on Teamcity 8.0 and with enterprise github?
Yes
Hello!
Thank you for detailed article! I made the setup for TeamCity 8.0.4, but unfortunately it doesn’t work =(. TeamCity successfully picks up individual branches, but not merged pull request branches.
Here is what I have: http://d.pr/i/98Tv and at Trigger http://d.pr/i/QxD8
At the same time I see merged pull requests in Pending Changes – http://d.pr/i/xvYs
Thank you in advance for help!
Hmm. That should work. Can you email teamcity-feedback@jetbrains.com? We can handle it via support.
Hello!
Have you solved the issue? I have the same now
I’m doing this but I’m getting flooded by builds from closed merge branches.
There are two blockers for me here (from http://blog.jetbrains.com/teamcity/2013/02/automatically-building-pull-requests-from-github-with-teamcity/#comment-290):
– dedicated github build trigger
– running builds from trusted users only
I can’t find any info on whether this has improved in the last year?
Thanks for the article.
Is there any way to access the branch name that is parent to a pull request? Or at least to get the pull request number? May be there is some TC variable or something.
A shame, it seems Bitbucket does not expose pull requests via the git refs.
Troubleshooting tip that might come in handy: The GitHub user must have _write_ access to the repo in order for the PR’s merge status to update properly (at least when using the Personal Access Tokens as auth method). This caused us quite a bit of head scratching, and may be useful to others as well.