YunoHost/yunorunner
1
0
Fork 0
mirror of https://github.com/YunoHost/yunorunner.git synced 2024-09-03 20:05:52 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add logging and use response.empty()

Browse source
This commit is contained in:
Salamandar 2024-07-29 12:45:49 +02:00
parent 04f97eb8e5
commit 9a56302af9
1 changed files with 21 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
run.py
View file

@ -1,4 +1,5 @@
# encoding: utf-8 #!/usr/bin/env python3
# # encoding: utf-8
import os import os
@ -1557,7 +1558,7 @@ async def github(request):
if not hmac.compare_digest(str(mac.hexdigest()), str(signature)): if not hmac.compare_digest(str(mac.hexdigest()), str(signature)):
api_logger.info( api_logger.info(
f"Received a webhook but signature authentication failed (is the secret properly configured?)" "Received a webhook but signature authentication failed (is the secret properly configured?)"
) )
return response.json({"error": "Bad signature ?!"}, 403) return response.json({"error": "Bad signature ?!"}, 403)
@ -1574,13 +1575,15 @@ async def github(request):
or "pull_request" not in hook_infos["issue"] or "pull_request" not in hook_infos["issue"]
): ):
# Nothing to do but success anyway (204 = No content) # Nothing to do but success anyway (204 = No content)
return response.json({"msg": "Nothing to do"}, 204) api_logger.debug("Received an issue_comment webhook but doesn't qualify for starting a job.")
return response.empty(status=204)
# Check the comment contains proper keyword trigger # Check the comment contains proper keyword trigger
body = hook_infos["comment"]["body"].strip()[:100].lower() body = hook_infos["comment"]["body"].strip()[:100].lower()
if not any(trigger.lower() in body for trigger in app.config.WEBHOOK_TRIGGERS): if not any(trigger.lower() in body for trigger in app.config.WEBHOOK_TRIGGERS):
# Nothing to do but success anyway (204 = No content) # Nothing to do but success anyway (204 = No content)
return response.json({"msg": "Nothing to do"}, 204) api_logger.debug("Received an issue_comment webhook but doesn't contain any keyword.")
return response.empty(status=204)
# We only accept this from people which are member of the org # We only accept this from people which are member of the org
# https://docs.github.com/en/rest/reference/orgs#check-organization-membership-for-a-user # https://docs.github.com/en/rest/reference/orgs#check-organization-membership-for-a-user
@ -1594,12 +1597,14 @@ async def github(request):
} }
) as session: ) as session:
resp = await session.get( resp = await session.get(
f"https://api.github.com/orgs/YunoHost-Apps/members/{user}" f"https://api.github.com/orgs/YunoHost-Apps/members/{user}",
) )
return resp.status == 204 return resp.status == 204
if not await is_user_in_organization(hook_infos["comment"]["user"]["login"]): github_username = hook_infos["comment"]["user"]["login"]
if not await is_user_in_organization(github_username):
# Unauthorized # Unauthorized
api_logger.warning(f"User {github_username} is not authorized to run webhooks!")
return response.json({"error": "Unauthorized"}, 403) return response.json({"error": "Unauthorized"}, 403)
# Fetch the PR infos (yeah they ain't in the initial infos we get @_@) # Fetch the PR infos (yeah they ain't in the initial infos we get @_@)
pr_infos_url = hook_infos["issue"]["pull_request"]["url"] pr_infos_url = hook_infos["issue"]["pull_request"]["url"]
@ -1607,7 +1612,9 @@ async def github(request):
elif hook_type == "pull_request": elif hook_type == "pull_request":
if hook_infos["action"] != "opened": if hook_infos["action"] != "opened":
# Nothing to do but success anyway (204 = No content) # Nothing to do but success anyway (204 = No content)
return response.json({"msg": "Nothing to do"}, 204) api_logger.debug("Received a pull_request webhook but doesn't qualify for starting a job.")
return response.empty(status=204)
# We only accept PRs that are created by github-action bot # We only accept PRs that are created by github-action bot
if hook_infos["pull_request"]["user"][ if hook_infos["pull_request"]["user"][
"login" "login"
@ -1617,19 +1624,18 @@ async def github(request):
"ci-auto-update-" "ci-auto-update-"
): ):
# Unauthorized # Unauthorized
return response.json({"msg": "Nothing to do"}, 204) api_logger.debug("Received a pull_request webhook but from an unknown github user.")
return response.empty(status=204)
if not app.config.ANSWER_TO_AUTO_UPDATER: if not app.config.ANSWER_TO_AUTO_UPDATER:
# Unauthorized # Unauthorized
return response.json( api_logger.info("Received a pull_request webhook but configured to ignore the auto-updater.")
{"msg": "Nothing to do, I am configured to ignore the auto-updater"}, return response.empty(status=204)
204,
)
# Fetch the PR infos (yeah they ain't in the initial infos we get @_@) # Fetch the PR infos (yeah they ain't in the initial infos we get @_@)
pr_infos_url = hook_infos["pull_request"]["url"] pr_infos_url = hook_infos["pull_request"]["url"]
else: else:
# Nothing to do but success anyway (204 = No content) # Nothing to do but success anyway (204 = No content)
return response.json({"msg": "Nothing to do"}, 204) return response.empty(status=204)
async with aiohttp.ClientSession() as session: async with aiohttp.ClientSession() as session:
async with session.get(pr_infos_url) as resp: async with session.get(pr_infos_url) as resp:
@ -1652,9 +1658,8 @@ async def github(request):
) )
if not job: if not job:
return response.json( api_logger.warning("Corresponding job already scheduled!")
{"msg": "Nothing to do, corresponding job already scheduled"}, 204 return response.empty(status=204)
)
# Answer with comment with link+badge for the job # Answer with comment with link+badge for the job