def _check_issue_comment_event(
self,
event: Union[IssueCommentEvent, IssueCommentGitlabEvent],
project: GitProject,
service_config: ServiceConfig,
job_configs: Iterable[JobConfig],
) -> bool:
account_name = event.user_login
if not account_name:
raise KeyError(f"Failed to get account_name from {type(event)}")
namespace = event.repo_namespace
namespace_approved = self.is_approved(namespace)
user_approved = project.can_merge_pr(account_name)
if namespace_approved and user_approved:
return True
msg = (f"Namespace {namespace} is not on our allowlist!"
if not namespace_approved else
f"Account {account_name} has no write access!")
logger.error(msg)
project.issue_comment(event.issue_id, msg)
return False
def check_and_report(self, event: Optional[Any],
project: GitProject) -> bool:
"""
Check if account is approved and report status back in case of PR
:param event: PullRequest and Release TODO: handle more
:param project: GitProject
:return:
"""
# TODO: modify event hierarchy so we can use some abstract classes instead
if isinstance(event, ReleaseEvent):
account_name = event.repo_namespace
if not account_name:
raise KeyError(
f"Failed to get account_name from {type(event)}")
if not self.is_approved(account_name):
logger.info(
f"Refusing release event on not whitelisted repo namespace"
)
return False
return True
if isinstance(
event,
(CoprBuildEvent, TestingFarmResultsEvent, DistGitEvent,
InstallationEvent),
):
return True
if isinstance(event, (PullRequestEvent, PullRequestCommentEvent)):
account_name = event.github_login
if not account_name:
raise KeyError(
f"Failed to get account_name from {type(event)}")
namespace = event.base_repo_namespace
if not (self.is_approved(account_name)
or self.is_approved(namespace)):
msg = f"Neither account {account_name} nor owner {namespace} are on our whitelist!"
logger.error(msg)
# TODO also check blacklist,
# but for that we need to know who triggered the action
if event.trigger == JobTriggerType.comment:
project.pr_comment(event.pr_id, msg)
else:
msg = "Account is not whitelisted!" # needs to be shorter
r = BuildStatusReporter(project, event.commit_sha, None)
r.report(
"failure",
msg,
url=FAQ_URL,
check_names=PRCheckName.get_account_check(),
)
return False
# TODO: clear failing check when present
return True
if isinstance(event, IssueCommentEvent):
account_name = event.github_login
if not account_name:
raise KeyError(
f"Failed to get account_name from {type(event)}")
if not self.is_approved(account_name):
logger.error(
f"User {account_name} is not approved on whitelist!")
# TODO also check blacklist,
# but for that we need to know who triggered the action
msg = "Account is not whitelisted!"
project.issue_comment(event.issue_id, msg)
return False
return True
msg = f"Failed to validate account: Unrecognized event type {type(event)}."
logger.error(msg)
raise PackitException(msg)
def check_and_report(self, event: Optional[Any], project: GitProject,
config: ServiceConfig) -> bool:
"""
Check if account is approved and report status back in case of PR
:param config: service config
:param event: PullRequest and Release TODO: handle more
:param project: GitProject
:return:
"""
# TODO: modify event hierarchy so we can use some abstract classes instead
if isinstance(event, ReleaseEvent):
account_name = event.repo_namespace
if not account_name:
raise KeyError(
f"Failed to get account_name from {type(event)}")
if not self.is_approved(account_name):
logger.info(
f"Refusing release event on not whitelisted repo namespace"
)
return False
return True
if isinstance(
event,
(CoprBuildEvent, TestingFarmResultsEvent, DistGitEvent,
InstallationEvent),
):
return True
if isinstance(event, (PullRequestEvent, PullRequestCommentEvent)):
account_name = event.github_login
if not account_name:
raise KeyError(
f"Failed to get account_name from {type(event)}")
namespace = event.base_repo_namespace
# FIXME:
# Why check account_name when we whitelist namespace only (in whitelist.add_account())?
if not (self.is_approved(account_name)
or self.is_approved(namespace)):
msg = f"Neither account {account_name} nor owner {namespace} are on our whitelist!"
logger.error(msg)
# TODO also check blacklist,
# but for that we need to know who triggered the action
if event.trigger == JobTriggerType.comment:
project.pr_comment(event.pr_id, msg)
else:
job_helper = CoprBuildJobHelper(
config=config,
package_config=event.get_package_config(),
project=project,
event=event,
)
msg = "Account is not whitelisted!" # needs to be shorter
job_helper.report_status_to_all(description=msg,
state="error",
url=FAQ_URL)
return False
# TODO: clear failing check when present
return True
if isinstance(event, IssueCommentEvent):
account_name = event.github_login
if not account_name:
raise KeyError(
f"Failed to get account_name from {type(event)}")
namespace = event.base_repo_namespace
# FIXME:
# Why check account_name when we whitelist namespace only (in whitelist.add_account())?
if not (self.is_approved(account_name)
or self.is_approved(namespace)):
msg = f"Neither account {account_name} nor owner {namespace} are on our whitelist!"
logger.error(msg)
project.issue_comment(event.issue_id, msg)
# TODO also check blacklist,
# but for that we need to know who triggered the action
return False
return True
msg = f"Failed to validate account: Unrecognized event type {type(event)}."
logger.error(msg)
raise PackitException(msg)
def check_and_report(
self,
event: Optional[Any],
project: GitProject,
service_config: ServiceConfig,
job_configs: Iterable[JobConfig],
) -> bool:
"""
Check if account is approved and report status back in case of PR
:param service_config: service config
:param event: PullRequest and Release TODO: handle more
:param project: GitProject
:param job_configs: iterable of jobconfigs - so we know how to update status of the PR
:return:
"""
# whitelist checks dont apply to CentOS (Pagure, Gitlab)
if isinstance(
event,
(
PushPagureEvent,
PullRequestPagureEvent,
PullRequestCommentPagureEvent,
MergeRequestCommentGitlabEvent,
IssueCommentGitlabEvent,
MergeRequestGitlabEvent,
PushGitlabEvent,
),
):
logger.info(
"Centos (Pagure, Gitlab) events don't require whitelist checks."
)
return True
# TODO: modify event hierarchy so we can use some abstract classes instead
if isinstance(event, (ReleaseEvent, PushGitHubEvent)):
account_name = event.repo_namespace
if not account_name:
raise KeyError(
f"Failed to get account_name from {type(event)!r}")
if not self.is_approved(account_name):
logger.info(
"Refusing release event on not whitelisted repo namespace."
)
return False
return True
if isinstance(
event,
(
CoprBuildEvent,
TestingFarmResultsEvent,
DistGitEvent,
InstallationEvent,
KojiBuildEvent,
),
):
return True
if isinstance(event,
(PullRequestGithubEvent, PullRequestCommentGithubEvent)):
account_name = event.user_login
if not account_name:
raise KeyError(
f"Failed to get account_name from {type(event)}")
namespace = event.target_repo_namespace
# FIXME:
# Why check account_name when we whitelist namespace only (in whitelist.add_account())?
if not (self.is_approved(account_name)
or self.is_approved(namespace)):
msg = f"Neither account {account_name} nor owner {namespace} are on our whitelist!"
logger.error(msg)
if event.trigger == TheJobTriggerType.pr_comment:
project.pr_comment(event.pr_id, msg)
else:
for job_config in job_configs:
job_helper = CoprBuildJobHelper(
service_config=service_config,
package_config=event.get_package_config(),
project=project,
metadata=EventData.from_event_dict(
event.get_dict()),
db_trigger=event.db_trigger,
job_config=job_config,
)
msg = "Account is not whitelisted!" # needs to be shorter
job_helper.report_status_to_all(
description=msg,
state=CommitStatus.error,
url=FAQ_URL)
return False
# TODO: clear failing check when present
return True
if isinstance(event, IssueCommentEvent):
account_name = event.user_login
if not account_name:
raise KeyError(
f"Failed to get account_name from {type(event)}")
namespace = event.repo_namespace
# FIXME:
# Why check account_name when we whitelist namespace only (in whitelist.add_account())?
if not (self.is_approved(account_name)
or self.is_approved(namespace)):
msg = f"Neither account {account_name} nor owner {namespace} are on our whitelist!"
logger.error(msg)
project.issue_comment(event.issue_id, msg)
return False
return True
msg = f"Failed to validate account: Unrecognized event type {type(event)!r}."
logger.error(msg)
raise PackitException(msg)
