mirror of
https://github.com/YunoHost/yunorunner.git
synced 2024-09-03 20:05:52 +02:00
Handle github-actions PRs to trigger CI
This commit is contained in:
tituspijean
parent
cd89ea729b
commit
90b4a06e64
1 changed files with 42 additions and 28 deletions
70
run.py
70
run.py
|
|
@ -1021,36 +1021,50 @@ async def github(request):
|
||||||
# We expect issue comments (issue = also PR in github stuff...)
|
# We expect issue comments (issue = also PR in github stuff...)
|
||||||
# - *New* comments
|
# - *New* comments
|
||||||
# - On issue/PRs which are still open
|
# - On issue/PRs which are still open
|
||||||
if hook_type != "issue_comment" \
|
if hook_type == "issue_comment":
|
||||||
or hook_infos["action"] != "created" \
|
if hook_infos["action"] != "created" \
|
||||||
or hook_infos["issue"]["state"] != "open" \
|
or hook_infos["issue"]["state"] != "open" \
|
||||||
or "pull_request" not in hook_infos["issue"]:
|
or "pull_request" not in hook_infos["issue"]:
|
||||||
|
# Nothing to do but success anyway (204 = No content)
|
||||||
|
abort(204, "Nothing to do")
|
||||||
|
|
||||||
|
# Check the comment contains proper keyword trigger
|
||||||
|
body = hook_infos["comment"]["body"].strip()[:100].lower()
|
||||||
|
triggers = ["!testme", "!gogogadgetoci", "By the power of systemd, I invoke The Great App CI to test this Pull Request!"]
|
||||||
|
if not any(trigger.lower() in body for trigger in triggers):
|
||||||
|
# Nothing to do but success anyway (204 = No content)
|
||||||
|
abort(204, "Nothing to do")
|
||||||
|
|
||||||
|
# We only accept this from people which are member of the org
|
||||||
|
# https://docs.github.com/en/rest/reference/orgs#check-organization-membership-for-a-user
|
||||||
|
# We need a token an we can't rely on "author_association" because sometimes, users are members in Private,
|
||||||
|
# which is not represented in the original webhook
|
||||||
|
async def is_user_in_organization(user):
|
||||||
|
token = open("./github_bot_token").read().strip()
|
||||||
|
async with aiohttp.ClientSession(headers={"Authorization": f"token {token}", "Accept": "application/vnd.github.v3+json"}) as session:
|
||||||
|
resp = await session.get(f"https://api.github.com/orgs/YunoHost-Apps/members/{user}")
|
||||||
|
return resp.status == 204
|
||||||
|
|
||||||
|
if not await is_user_in_organization(hook_infos["comment"]["user"]["login"]):
|
||||||
|
# Unauthorized
|
||||||
|
abort(403, "Unauthorized")
|
||||||
|
type = "issue"
|
||||||
|
|
||||||
|
elif hook_type == "pull_request":
|
||||||
|
if hook_infos["action"] != "opened":
|
||||||
# Nothing to do but success anyway (204 = No content)
|
# Nothing to do but success anyway (204 = No content)
|
||||||
abort(204, "Nothing to do")
|
abort(204, "Nothing to do")
|
||||||
|
# We only accept PRs that are created by github-action bot
|
||||||
# Check the comment contains proper keyword trigger
|
if hook_infos["pull_request"]["user"]["login"] != "github-actions[bot]":
|
||||||
body = hook_infos["comment"]["body"].strip()[:100].lower()
|
# Unauthorized
|
||||||
triggers = ["!testme", "!gogogadgetoci", "By the power of systemd, I invoke The Great App CI to test this Pull Request!"]
|
abort(403, "Unauthorized")
|
||||||
if not any(trigger.lower() in body for trigger in triggers):
|
type = "pull_request"
|
||||||
# Nothing to do but success anyway (204 = No content)
|
else:
|
||||||
abort(204, "Nothing to do")
|
# Nothing to do but success anyway (204 = No content)
|
||||||
|
abort(204, "Nothing to do")
|
||||||
# We only accept this from people which are member of the org
|
|
||||||
# https://docs.github.com/en/rest/reference/orgs#check-organization-membership-for-a-user
|
|
||||||
# We need a token an we can't rely on "author_association" because sometimes, users are members in Private,
|
|
||||||
# which is not represented in the original webhook
|
|
||||||
async def is_user_in_organization(user):
|
|
||||||
token = open("./github_bot_token").read().strip()
|
|
||||||
async with aiohttp.ClientSession(headers={"Authorization": f"token {token}", "Accept": "application/vnd.github.v3+json"}) as session:
|
|
||||||
resp = await session.get(f"https://api.github.com/orgs/YunoHost-Apps/members/{user}")
|
|
||||||
return resp.status == 204
|
|
||||||
|
|
||||||
if not await is_user_in_organization(hook_infos["comment"]["user"]["login"]):
|
|
||||||
# Unauthorized
|
|
||||||
abort(403, "Unauthorized")
|
|
||||||
|
|
||||||
# Fetch the PR infos (yeah they ain't in the initial infos we get @_@)
|
# Fetch the PR infos (yeah they ain't in the initial infos we get @_@)
|
||||||
pr_infos_url = hook_infos["issue"]["pull_request"]["url"]
|
pr_infos_url = hook_infos[type]["url"]
|
||||||
async with aiohttp.ClientSession() as session:
|
async with aiohttp.ClientSession() as session:
|
||||||
async with session.get(pr_infos_url) as resp:
|
async with session.get(pr_infos_url) as resp:
|
||||||
pr_infos = await resp.json()
|
pr_infos = await resp.json()
|
||||||
|
|
@ -1076,7 +1090,7 @@ async def github(request):
|
||||||
|
|
||||||
async def comment(body):
|
async def comment(body):
|
||||||
|
|
||||||
comments_url = hook_infos["issue"]["comments_url"]
|
comments_url = hook_infos[type]["comments_url"]
|
||||||
|
|
||||||
token = open("./github_bot_token").read().strip()
|
token = open("./github_bot_token").read().strip()
|
||||||
async with aiohttp.ClientSession(headers={"Authorization": f"token {token}"}) as session:
|
async with aiohttp.ClientSession(headers={"Authorization": f"token {token}"}) as session:
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue