def _check_issue_comment_event( self, event: Union[IssueCommentEvent, IssueCommentGitlabEvent], project: GitProject, service_config: ServiceConfig, job_configs: Iterable[JobConfig], ) -> bool: account_name = event.user_login if not account_name: raise KeyError(f"Failed to get account_name from {type(event)}") namespace = event.repo_namespace namespace_approved = self.is_approved(namespace) user_approved = project.can_merge_pr(account_name) if namespace_approved and user_approved: return True msg = (f"Namespace {namespace} is not on our allowlist!" if not namespace_approved else f"Account {account_name} has no write access!") logger.error(msg) project.issue_comment(event.issue_id, msg) return False
def check_and_report(self, event: Optional[Any], project: GitProject) -> bool: """ Check if account is approved and report status back in case of PR :param event: PullRequest and Release TODO: handle more :param project: GitProject :return: """ # TODO: modify event hierarchy so we can use some abstract classes instead if isinstance(event, ReleaseEvent): account_name = event.repo_namespace if not account_name: raise KeyError( f"Failed to get account_name from {type(event)}") if not self.is_approved(account_name): logger.info( f"Refusing release event on not whitelisted repo namespace" ) return False return True if isinstance( event, (CoprBuildEvent, TestingFarmResultsEvent, DistGitEvent, InstallationEvent), ): return True if isinstance(event, (PullRequestEvent, PullRequestCommentEvent)): account_name = event.github_login if not account_name: raise KeyError( f"Failed to get account_name from {type(event)}") namespace = event.base_repo_namespace if not (self.is_approved(account_name) or self.is_approved(namespace)): msg = f"Neither account {account_name} nor owner {namespace} are on our whitelist!" logger.error(msg) # TODO also check blacklist, # but for that we need to know who triggered the action if event.trigger == JobTriggerType.comment: project.pr_comment(event.pr_id, msg) else: msg = "Account is not whitelisted!" # needs to be shorter r = BuildStatusReporter(project, event.commit_sha, None) r.report( "failure", msg, url=FAQ_URL, check_names=PRCheckName.get_account_check(), ) return False # TODO: clear failing check when present return True if isinstance(event, IssueCommentEvent): account_name = event.github_login if not account_name: raise KeyError( f"Failed to get account_name from {type(event)}") if not self.is_approved(account_name): logger.error( f"User {account_name} is not approved on whitelist!") # TODO also check blacklist, # but for that we need to know who triggered the action msg = "Account is not whitelisted!" project.issue_comment(event.issue_id, msg) return False return True msg = f"Failed to validate account: Unrecognized event type {type(event)}." logger.error(msg) raise PackitException(msg)
def check_and_report(self, event: Optional[Any], project: GitProject, config: ServiceConfig) -> bool: """ Check if account is approved and report status back in case of PR :param config: service config :param event: PullRequest and Release TODO: handle more :param project: GitProject :return: """ # TODO: modify event hierarchy so we can use some abstract classes instead if isinstance(event, ReleaseEvent): account_name = event.repo_namespace if not account_name: raise KeyError( f"Failed to get account_name from {type(event)}") if not self.is_approved(account_name): logger.info( f"Refusing release event on not whitelisted repo namespace" ) return False return True if isinstance( event, (CoprBuildEvent, TestingFarmResultsEvent, DistGitEvent, InstallationEvent), ): return True if isinstance(event, (PullRequestEvent, PullRequestCommentEvent)): account_name = event.github_login if not account_name: raise KeyError( f"Failed to get account_name from {type(event)}") namespace = event.base_repo_namespace # FIXME: # Why check account_name when we whitelist namespace only (in whitelist.add_account())? if not (self.is_approved(account_name) or self.is_approved(namespace)): msg = f"Neither account {account_name} nor owner {namespace} are on our whitelist!" logger.error(msg) # TODO also check blacklist, # but for that we need to know who triggered the action if event.trigger == JobTriggerType.comment: project.pr_comment(event.pr_id, msg) else: job_helper = CoprBuildJobHelper( config=config, package_config=event.get_package_config(), project=project, event=event, ) msg = "Account is not whitelisted!" # needs to be shorter job_helper.report_status_to_all(description=msg, state="error", url=FAQ_URL) return False # TODO: clear failing check when present return True if isinstance(event, IssueCommentEvent): account_name = event.github_login if not account_name: raise KeyError( f"Failed to get account_name from {type(event)}") namespace = event.base_repo_namespace # FIXME: # Why check account_name when we whitelist namespace only (in whitelist.add_account())? if not (self.is_approved(account_name) or self.is_approved(namespace)): msg = f"Neither account {account_name} nor owner {namespace} are on our whitelist!" logger.error(msg) project.issue_comment(event.issue_id, msg) # TODO also check blacklist, # but for that we need to know who triggered the action return False return True msg = f"Failed to validate account: Unrecognized event type {type(event)}." logger.error(msg) raise PackitException(msg)
def check_and_report( self, event: Optional[Any], project: GitProject, service_config: ServiceConfig, job_configs: Iterable[JobConfig], ) -> bool: """ Check if account is approved and report status back in case of PR :param service_config: service config :param event: PullRequest and Release TODO: handle more :param project: GitProject :param job_configs: iterable of jobconfigs - so we know how to update status of the PR :return: """ # whitelist checks dont apply to CentOS (Pagure, Gitlab) if isinstance( event, ( PushPagureEvent, PullRequestPagureEvent, PullRequestCommentPagureEvent, MergeRequestCommentGitlabEvent, IssueCommentGitlabEvent, MergeRequestGitlabEvent, PushGitlabEvent, ), ): logger.info( "Centos (Pagure, Gitlab) events don't require whitelist checks." ) return True # TODO: modify event hierarchy so we can use some abstract classes instead if isinstance(event, (ReleaseEvent, PushGitHubEvent)): account_name = event.repo_namespace if not account_name: raise KeyError( f"Failed to get account_name from {type(event)!r}") if not self.is_approved(account_name): logger.info( "Refusing release event on not whitelisted repo namespace." ) return False return True if isinstance( event, ( CoprBuildEvent, TestingFarmResultsEvent, DistGitEvent, InstallationEvent, KojiBuildEvent, ), ): return True if isinstance(event, (PullRequestGithubEvent, PullRequestCommentGithubEvent)): account_name = event.user_login if not account_name: raise KeyError( f"Failed to get account_name from {type(event)}") namespace = event.target_repo_namespace # FIXME: # Why check account_name when we whitelist namespace only (in whitelist.add_account())? if not (self.is_approved(account_name) or self.is_approved(namespace)): msg = f"Neither account {account_name} nor owner {namespace} are on our whitelist!" logger.error(msg) if event.trigger == TheJobTriggerType.pr_comment: project.pr_comment(event.pr_id, msg) else: for job_config in job_configs: job_helper = CoprBuildJobHelper( service_config=service_config, package_config=event.get_package_config(), project=project, metadata=EventData.from_event_dict( event.get_dict()), db_trigger=event.db_trigger, job_config=job_config, ) msg = "Account is not whitelisted!" # needs to be shorter job_helper.report_status_to_all( description=msg, state=CommitStatus.error, url=FAQ_URL) return False # TODO: clear failing check when present return True if isinstance(event, IssueCommentEvent): account_name = event.user_login if not account_name: raise KeyError( f"Failed to get account_name from {type(event)}") namespace = event.repo_namespace # FIXME: # Why check account_name when we whitelist namespace only (in whitelist.add_account())? if not (self.is_approved(account_name) or self.is_approved(namespace)): msg = f"Neither account {account_name} nor owner {namespace} are on our whitelist!" logger.error(msg) project.issue_comment(event.issue_id, msg) return False return True msg = f"Failed to validate account: Unrecognized event type {type(event)!r}." logger.error(msg) raise PackitException(msg)