Automatic PR merging on successful submission

[ggerganov]

Making this repo to automatically test the submitted PRs and potentially merge them if they satisfy the challenge requirements was kind of interesting to me so here is a quick summary:

1. Got a cheap Linode server
2. Installed Jenkins on it
3. In Jenkins - installed the GitHub Pull Request Builder plugin
4. Created a Jenkins job to run on each pull request and execute the following script:

# require pull-request has single commit
#
if [ "$(git rev-list --count origin/master..HEAD)" != "1" ] ; then
	echo "Error: PR must have a single commit"
	exit 1
fi

# run the following command in a docker container
#
# $ bash x.sh > diff
#
/home/run.sh

# require non-null output
#
if [ ! -s diff ] ; then
	echo "Error: null output"
	exit 2
fi

patch -f x.sh < diff

# require output is valid diff
#
if [ ! $? -eq 0 ] ; then
	echo "Error: produced patch is invalid"
	exit 3
fi

# require the patch reproduced origin/master -- x.sh
#
if [ "$(git diff origin/master -- x.sh)" != "" ] ; then
	echo "Error: the patch does not reproduce the original x.sh"
	exit 4
fi

# all checks passed - merge the pull-request !
#
/home/merge.sh ${ghprbPullId}

exit 0

5. The /home/run.sh script runs the submitted x.sh script inside a Docker container in order to prevent from people running arbitrary code on my server:

#!/bin/bash

docker create --name sandbox -t ubuntu
docker start sandbox
docker cp ./x.sh sandbox:/x.sh
docker exec sandbox sh ./x.sh > diff
docker stop sandbox
docker rm sandbox

6. The /home/merge.sh script performs the actual PR merge using the PR number provided by the Jenkins plugin ${ghprbPullId}:

#!/bin/bash

GITHUB_TOKEN=XXXXXXXXXXXSECRETXXXXXXXXXXXXXXXXXX

a=$(curl \
    -XPUT \
    -H "Authorization: token $GITHUB_TOKEN" \
    https://api.github.com/repos/ggerganov/diff-challenge/pulls/$1/merge 2>/dev/null | grep merged)

if [ "$a" == "" ] ; then
	echo "Merge of PR $1 failed!"
	exit 1
fi

echo "Merge of PR $1 successfull!"

exit 0