revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-26 08:42:41 +01:00
Code Issues Releases Wiki Activity

Support a wider range of "Audit" rules for Owners packages

Browse source 
Summary:
Depends on D20124. Ref T13244. See PHI1055. Add a few more builtin audit behaviors to make Owners more flexible.

(At the upper end of flexibility you can trigger audits in a very granular way with Herald, but you tend to need to write one rule per Owners package, and providing a middle ground here has worked reasonably well for "review" rules so far.)

Test Plan:
  - Edited a package to select the various different audit rules.
  - Used `bin/repository reparse --force --owners <commit>` to trigger package audits under varied conditions.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13244

Differential Revision: https://secure.phabricator.com/D20126
This commit is contained in:
epriestley 2019-02-07 09:16:22 -08:00
parent 8fab8d8a18
commit 31a0ed92d0
3 changed files with 100 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
src/applications/owners/constants/PhabricatorOwnersAuditRule.php
View file

@ -4,7 +4,10 @@ final class PhabricatorOwnersAuditRule
extends Phobject { extends Phobject {
const AUDITING_NONE = 'none'; const AUDITING_NONE = 'none';
const AUDITING_AUDIT = 'audit'; const AUDITING_NO_OWNER = 'audit';
const AUDITING_UNREVIEWED = 'unreviewed';
const AUDITING_NO_OWNER_AND_UNREVIEWED = 'uninvolved-unreviewed';
const AUDITING_ALL = 'all';
private $key; private $key;
private $spec; private $spec;
@ -86,13 +89,26 @@ final class PhabricatorOwnersAuditRule
'0' => '"0"', '0' => '"0"',
), ),
), ),
self::AUDITING_AUDIT => array( self::AUDITING_UNREVIEWED => array(
'name' => pht('Audit Commits'), 'name' => pht('Audit Unreviewed Commits'),
'icon.icon' => 'fa-check',
),
self::AUDITING_NO_OWNER => array(
'name' => pht('Audit Commits With No Owner Involvement'),
'icon.icon' => 'fa-check', 'icon.icon' => 'fa-check',
'deprecated' => array( 'deprecated' => array(
'1' => '"1"', '1' => '"1"',
), ),
), ),
self::AUDITING_NO_OWNER_AND_UNREVIEWED => array(
'name' => pht(
'Audit Unreviewed Commits and Commits With No Owner Involvement'),
'icon.icon' => 'fa-check',
),
self::AUDITING_ALL => array(
'name' => pht('Audit All Commits'),
'icon.icon' => 'fa-check',
),
); );
} }

86
src/applications/repository/worker/PhabricatorRepositoryCommitOwnersWorker.php
View file

@ -132,16 +132,67 @@ final class PhabricatorRepositoryCommitOwnersWorker
$author_phid, $author_phid,
$revision) { $revision) {
// Don't trigger an audit if auditing isn't enabled for the package. $audit_uninvolved = false;
$audit_unreviewed = false;
$rule = $package->newAuditingRule(); $rule = $package->newAuditingRule();
if ($rule->getKey() === PhabricatorOwnersAuditRule::AUDITING_NONE) { switch ($rule->getKey()) {
case PhabricatorOwnersAuditRule::AUDITING_NONE:
return false;
case PhabricatorOwnersAuditRule::AUDITING_ALL:
return true;
case PhabricatorOwnersAuditRule::AUDITING_NO_OWNER:
$audit_uninvolved = true;
break;
case PhabricatorOwnersAuditRule::AUDITING_UNREVIEWED:
$audit_unreviewed = true;
break;
case PhabricatorOwnersAuditRule::AUDITING_NO_OWNER_AND_UNREVIEWED:
$audit_uninvolved = true;
$audit_unreviewed = true;
break;
}
// If auditing is configured to trigger on unreviewed changes, check if
// the revision was "Accepted" when it landed. If not, trigger an audit.
if ($audit_unreviewed) {
$commit_unreviewed = true;
if ($revision) {
$was_accepted = DifferentialRevision::PROPERTY_CLOSED_FROM_ACCEPTED;
if ($revision->isPublished()) {
if ($revision->getProperty($was_accepted)) {
$commit_unreviewed = false;
}
}
}
if ($commit_unreviewed) {
return true;
}
}
// If auditing is configured to trigger on changes with no involved owner,
// check for an owner. If we don't find one, trigger an audit.
if ($audit_uninvolved) {
$commit_uninvolved = $this->isOwnerInvolved(
$commit,
$package,
$author_phid,
$revision);
if ($commit_uninvolved) {
return true;
}
}
// We can't find any reason to trigger an audit for this commit.
return false; return false;
} }
// Trigger an audit if we don't recognize the commit's author. private function isOwnerInvolved(
if (!$author_phid) { PhabricatorRepositoryCommit $commit,
return true; PhabricatorOwnersPackage $package,
} $author_phid,
$revision) {
$owner_phids = PhabricatorOwnersOwner::loadAffiliatedUserPHIDs( $owner_phids = PhabricatorOwnersOwner::loadAffiliatedUserPHIDs(
array( array(
@ -149,12 +200,17 @@ final class PhabricatorRepositoryCommitOwnersWorker
)); ));
$owner_phids = array_fuse($owner_phids); $owner_phids = array_fuse($owner_phids);
// Don't trigger an audit if the author is a package owner. // If the commit author is identifiable and a package owner, they're
// involved.
if ($author_phid) {
if (isset($owner_phids[$author_phid])) { if (isset($owner_phids[$author_phid])) {
return false; return true;
}
} }
// Trigger an audit of there is no corresponding revision. // Otherwise, we need to find an owner as a reviewer.
// If we don't have a revision, this is hopeless: no owners are involved.
if (!$revision) { if (!$revision) {
return true; return true;
} }
@ -174,21 +230,19 @@ final class PhabricatorRepositoryCommitOwnersWorker
continue; continue;
} }
// If this reviewer accepted the revision and owns the package, we're // If this reviewer accepted the revision and owns the package, we've
// all clear and do not need to trigger an audit. // found an involved owner.
if (isset($accepted_statuses[$reviewer->getReviewerStatus()])) { if (isset($accepted_statuses[$reviewer->getReviewerStatus()])) {
$found_accept = true; $found_accept = true;
break; break;
} }
} }
// Don't trigger an audit if a package owner already reviewed the
// revision.
if ($found_accept) { if ($found_accept) {
return false;
}
return true; return true;
} }
return false;
}
} }

16
src/docs/user/userguide/owners.diviner
View file

@ -114,16 +114,22 @@ Auditing
======== ========
You can automatically trigger audits on unreviewed code by configuring You can automatically trigger audits on unreviewed code by configuring
**Auditing**. The available settings are: **Auditing**. The available settings allow you to select behavior based on
these conditions:
- **Disabled**: Do not trigger audits. - **No Owner Involvement**: Triggers an audit when the commit author is not
- **Enabled**: Trigger audits. a package owner, and no package owner reviewed an associated revision in
Differential.
- **Unreviewed Commits**: Triggers an audit when a commit has no associated
revision in Differential, or the associated revision in Differential landed
without being "Accepted".
When enabled, audits are triggered for commits which: For example, the **Audit Commits With No Owner Involvement** option triggers
audits for commits which:
- affect code owned by the package; - affect code owned by the package;
- were not authored by a package owner; and - were not authored by a package owner; and
- were not accepted by a package owner. - were not accepted (in Differential) by a package owner.
Audits do not trigger if the package has been archived. Audits do not trigger if the package has been archived.