From 04ea4409487e9b23d40aa22b98ec7963bbd901f9 Mon Sep 17 00:00:00 2001
From: Jonas Qvigstad <jonas.lund.qvigstad@gmail.com>
Date: Tue, 28 Mar 2023 17:00:33 +0200
Subject: [PATCH 1/6] Bot comments when label is set without permission

---
 app.cfg.example |  2 ++
 tasks/build.py  | 11 ++++++++++-
 tasks/deploy.py | 11 ++++++++++-
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/app.cfg.example b/app.cfg.example
index aa2db12a..47cc386e 100644
--- a/app.cfg.example
+++ b/app.cfg.example
@@ -72,6 +72,7 @@ submit_command = /usr/bin/sbatch
 # if value is left/empty everyone can trigger the build
 # value can be a space delimited list of GH accounts
 build_permission = Hafsa-Naeem
+no_build_permission_comment = Label `bot:build` has been set by user `{build_labeler}`, but only users `{build_permission_users}` have permission to trigger the action
 
 [deploycfg]
 # script for uploading built software packages
@@ -104,6 +105,7 @@ upload_policy = once
 # if value is left/empty everyone can trigger the deployment
 # value can be a space delimited list of GH accounts
 deploy_permission = trz42
+no_deploy_permission_comment = Label `bot:deploy` has been set by user `{deploy_labeler}`, but only users `{deploy_permission_users}` have permission to trigger the action
 
 
 [architecturetargets]
diff --git a/tasks/build.py b/tasks/build.py
index dafb29d1..1408f7ed 100644
--- a/tasks/build.py
+++ b/tasks/build.py
@@ -34,6 +34,7 @@
 SLURM_PARAMS = "slurm_params"
 SUBMIT_COMMAND = "submit_command"
 BUILD_PERMISSION = "build_permission"
+NO_BUILD_PERMISSION_COMMENT = "no_build_permission_comment"
 ARCHITECTURE_TARGETS = "architecturetargets"
 
 Job = namedtuple('Job', ('working_dir', 'arch_target', 'slurm_opts'))
@@ -440,7 +441,15 @@ def check_build_permission(pr, event_info):
     build_labeler = event_info['raw_request_body']['sender']['login']
     if build_labeler not in build_permission.split():
         log(f"{funcname}(): GH account '{build_labeler}' is not authorized to build")
-        # TODO update PR comments for this bot instance?
+        no_build_permission_comment = buildenv.get(NO_BUILD_PERMISSION_COMMENT)
+        gh = github.get_instance()
+        repo_name = event_info["raw_request_body"]["repository"]["full_name"]
+        repo = gh.get_repo(repo_name)
+        pull_request = repo.get_pull(pr.number)
+        pull_request.create_issue_comment(
+            no_build_permission_comment.format(build_labeler=build_labeler,
+                                               build_permission_users=", ".join(build_permission.split()))
+        )
         return False
     else:
         log(f"{funcname}(): GH account '{build_labeler}' is authorized to build")
diff --git a/tasks/deploy.py b/tasks/deploy.py
index 459f14c3..8f7950ab 100644
--- a/tasks/deploy.py
+++ b/tasks/deploy.py
@@ -26,6 +26,7 @@
 BUCKET_NAME = "bucket_name"
 UPLOAD_POLICY = "upload_policy"
 DEPLOY_PERMISSION = "deploy_permission"
+NO_DEPLOY_PERMISSION_COMMENT = "no_deploy_permission_comment"
 
 
 def determine_job_dirs(pr_number):
@@ -405,7 +406,15 @@ def deploy_built_artefacts(pr, event_info):
     # permission to trigger the deployment
     if labeler not in deploy_permission.split():
         log(f"{funcname}(): GH account '{labeler}' is not authorized to deploy")
-        # TODO update PR comments for this bot instance?
+        no_deploy_permission_comment = deploy_cfg.get(NO_DEPLOY_PERMISSION_COMMENT)
+        gh = github.get_instance()
+        repo_name = event_info["raw_request_body"]["repository"]["full_name"]
+        repo = gh.get_repo(repo_name)
+        pull_request = repo.get_pull(pr.number)
+        pull_request.create_issue_comment(
+            no_deploy_permission_comment.format(deploy_labeler=labeler,
+                                               deploy_permission_users=", ".join(deploy_permission.split()))
+        )
         return
     else:
         log(f"{funcname}(): GH account '{labeler}' is authorized to deploy")

From e2c7f8b9344c92f9f56fb6efee7cbb0fa39a820b Mon Sep 17 00:00:00 2001
From: Jonas Qvigstad <jonas.lund.qvigstad@gmail.com>
Date: Tue, 28 Mar 2023 17:15:19 +0200
Subject: [PATCH 2/6] Fixed indentation error

---
 tasks/deploy.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/deploy.py b/tasks/deploy.py
index 8f7950ab..8d63d80d 100644
--- a/tasks/deploy.py
+++ b/tasks/deploy.py
@@ -413,7 +413,7 @@ def deploy_built_artefacts(pr, event_info):
         pull_request = repo.get_pull(pr.number)
         pull_request.create_issue_comment(
             no_deploy_permission_comment.format(deploy_labeler=labeler,
-                                               deploy_permission_users=", ".join(deploy_permission.split()))
+                                                deploy_permission_users=", ".join(deploy_permission.split()))
         )
         return
     else:

From dcea041136a81d5d72dceebcd05257678bc39715 Mon Sep 17 00:00:00 2001
From: Jonas Qvigstad <jonas.lund.qvigstad@gmail.com>
Date: Tue, 11 Apr 2023 14:04:53 +0200
Subject: [PATCH 3/6] Removed list of users with permission

---
 app.cfg.example            |  4 ++--
 eessi_bot_event_handler.py |  5 ++++-
 tasks/build.py             | 12 ++++--------
 tasks/deploy.py            | 12 ++++--------
 tools/pr_comments.py       | 15 +++++++++++++++
 5 files changed, 29 insertions(+), 19 deletions(-)

diff --git a/app.cfg.example b/app.cfg.example
index dfa61ca6..597e41c9 100644
--- a/app.cfg.example
+++ b/app.cfg.example
@@ -76,7 +76,7 @@ submit_command = /usr/bin/sbatch
 # if value is left/empty everyone can trigger the build
 # value can be a space delimited list of GH accounts
 build_permission = Hafsa-Naeem
-no_build_permission_comment = Label `bot:build` has been set by user `{build_labeler}`, but only users `{build_permission_users}` have permission to trigger the action
+no_build_permission_comment = Label `bot:build` has been set by user `{build_labeler}`, but this person does not have permission to trigger builds
 
 [deploycfg]
 # script for uploading built software packages
@@ -109,7 +109,7 @@ upload_policy = once
 # if value is left/empty everyone can trigger the deployment
 # value can be a space delimited list of GH accounts
 deploy_permission = trz42
-no_deploy_permission_comment = Label `bot:deploy` has been set by user `{deploy_labeler}`, but only users `{deploy_permission_users}` have permission to trigger the action
+no_deploy_permission_comment = Label `bot:deploy` has been set by user `{deploy_labeler}`, but this person does not have permission to trigger deployments
 
 
 [architecturetargets]
diff --git a/eessi_bot_event_handler.py b/eessi_bot_event_handler.py
index 14e30179..45bbc69d 100644
--- a/eessi_bot_event_handler.py
+++ b/eessi_bot_event_handler.py
@@ -16,6 +16,7 @@
 import waitress
 import sys
 import tasks.build as build
+import tasks.deploy as deploy
 
 from connections import github
 from tools import config
@@ -164,7 +165,9 @@ def main():
     opts = event_handler_parse()
 
     required_config = {
-        build.SUBMITTED_JOB_COMMENTS: [build.INITIAL_COMMENT, build.AWAITS_RELEASE]
+        build.SUBMITTED_JOB_COMMENTS: [build.INITIAL_COMMENT, build.AWAITS_RELEASE],
+        build.BUILDENV: [build.NO_BUILD_PERMISSION_COMMENT],
+        deploy.DEPLOYCFG: [deploy.NO_DEPLOY_PERMISSION_COMMENT]
     }
     # config is read and checked for settings to raise an exception early when the event_handler starts.
     config.check_required_cfg_settings(required_config)
diff --git a/tasks/build.py b/tasks/build.py
index 87c5e9e2..bcd7e1c9 100644
--- a/tasks/build.py
+++ b/tasks/build.py
@@ -22,7 +22,7 @@
 from datetime import datetime, timezone
 from pyghee.utils import log, error
 from retry.api import retry_call
-from tools import config, run_cmd
+from tools import config, run_cmd, pr_comments
 
 AWAITS_RELEASE = "awaits_release"
 BUILDENV = "buildenv"
@@ -656,14 +656,10 @@ def check_build_permission(pr, event_info):
     if build_labeler not in build_permission.split():
         log(f"{funcname}(): GH account '{build_labeler}' is not authorized to build")
         no_build_permission_comment = buildenv.get(NO_BUILD_PERMISSION_COMMENT)
-        gh = github.get_instance()
         repo_name = event_info["raw_request_body"]["repository"]["full_name"]
-        repo = gh.get_repo(repo_name)
-        pull_request = repo.get_pull(pr.number)
-        pull_request.create_issue_comment(
-            no_build_permission_comment.format(build_labeler=build_labeler,
-                                               build_permission_users=", ".join(build_permission.split()))
-        )
+        pr_comments.create_comment(repo_name,
+                                   pr.number,
+                                   no_build_permission_comment.format(build_labeler=build_labeler))
         return False
     else:
         log(f"{funcname}(): GH account '{build_labeler}' is authorized to build")
diff --git a/tasks/deploy.py b/tasks/deploy.py
index 8d63d80d..6c8d85e7 100644
--- a/tasks/deploy.py
+++ b/tasks/deploy.py
@@ -17,7 +17,7 @@
 from datetime import datetime, timezone
 from pyghee.utils import log
 from tasks.build import get_build_env_cfg
-from tools import config, run_cmd
+from tools import config, run_cmd, pr_comments
 
 JOBS_BASE_DIR = "jobs_base_dir"
 DEPLOYCFG = "deploycfg"
@@ -407,14 +407,10 @@ def deploy_built_artefacts(pr, event_info):
     if labeler not in deploy_permission.split():
         log(f"{funcname}(): GH account '{labeler}' is not authorized to deploy")
         no_deploy_permission_comment = deploy_cfg.get(NO_DEPLOY_PERMISSION_COMMENT)
-        gh = github.get_instance()
         repo_name = event_info["raw_request_body"]["repository"]["full_name"]
-        repo = gh.get_repo(repo_name)
-        pull_request = repo.get_pull(pr.number)
-        pull_request.create_issue_comment(
-            no_deploy_permission_comment.format(deploy_labeler=labeler,
-                                                deploy_permission_users=", ".join(deploy_permission.split()))
-        )
+        pr_comments.create_comment(repo_name,
+                                   pr.number,
+                                   no_deploy_permission_comment.format(deploy_labeler=labeler))
         return
     else:
         log(f"{funcname}(): GH account '{labeler}' is authorized to deploy")
diff --git a/tools/pr_comments.py b/tools/pr_comments.py
index 86cf30a9..4cf767a9 100644
--- a/tools/pr_comments.py
+++ b/tools/pr_comments.py
@@ -13,6 +13,7 @@
 #
 import re
 
+from connections import github
 from pyghee.utils import log
 from retry import retry
 from retry.api import retry_call
@@ -77,3 +78,17 @@ def update_comment(cmnt_id, pr, update, log_file=None):
     else:
         log(f"no comment with id {cmnt_id}, skipping update '{update}'",
             log_file=log_file)
+
+
+def create_comment(repo_name, pr_number, comment):
+    """create a comment on a pr
+    
+    Args: 
+        repo_name (str): name of the repo with the pr
+        pr_number (int): number of the pr within the repo
+        comment (string): new comment
+    """
+    gh = github.get_instance()
+    repo = gh.get_repo(repo_name)
+    pull_request = repo.get_pull(pr_number)
+    pull_request.create_issue_comment(comment)
\ No newline at end of file

From c616f42adb05c1d4aa72a4d7ed522e94e5d3536e Mon Sep 17 00:00:00 2001
From: Jonas Qvigstad <jonas.lund.qvigstad@gmail.com>
Date: Tue, 11 Apr 2023 14:07:28 +0200
Subject: [PATCH 4/6] Fixed hound issues

---
 tools/pr_comments.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/pr_comments.py b/tools/pr_comments.py
index 4cf767a9..660236d0 100644
--- a/tools/pr_comments.py
+++ b/tools/pr_comments.py
@@ -82,8 +82,8 @@ def update_comment(cmnt_id, pr, update, log_file=None):
 
 def create_comment(repo_name, pr_number, comment):
     """create a comment on a pr
-    
-    Args: 
+
+    Args:
         repo_name (str): name of the repo with the pr
         pr_number (int): number of the pr within the repo
         comment (string): new comment
@@ -91,4 +91,4 @@ def create_comment(repo_name, pr_number, comment):
     gh = github.get_instance()
     repo = gh.get_repo(repo_name)
     pull_request = repo.get_pull(pr_number)
-    pull_request.create_issue_comment(comment)
\ No newline at end of file
+    pull_request.create_issue_comment(comment)

From 3cc384cd64429fc774065b5bd269ee898eb3f3d1 Mon Sep 17 00:00:00 2001
From: jonas-lq <81230989+jonas-lq@users.noreply.github.com>
Date: Fri, 28 Apr 2023 12:35:32 +0200
Subject: [PATCH 5/6] Added author to deploy.py

---
 tasks/deploy.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tasks/deploy.py b/tasks/deploy.py
index 6c8d85e7..120ae306 100644
--- a/tasks/deploy.py
+++ b/tasks/deploy.py
@@ -5,6 +5,7 @@
 # EESSI software layer, see https://github.com/EESSI/software-layer
 #
 # author: Thomas Roeblitz (@trz42)
+# author: Jonas Qvigstad (@jonas-lq)
 #
 # license: GPLv2
 #

From da28cfa71df1b9e398ee0b8c30f74047d2ee623b Mon Sep 17 00:00:00 2001
From: jonas-lq <81230989+jonas-lq@users.noreply.github.com>
Date: Fri, 28 Apr 2023 12:36:24 +0200
Subject: [PATCH 6/6] Added author to pr_comments.py

---
 tools/pr_comments.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/pr_comments.py b/tools/pr_comments.py
index 660236d0..a95eb3ba 100644
--- a/tools/pr_comments.py
+++ b/tools/pr_comments.py
@@ -8,6 +8,7 @@
 # author: Bob Droege (@bedroge)
 # author: Hafsa Naeem (@hafsa-naeem)
 # author: Thomas Roeblitz (@trz42)
+# author: Jonas Qvigstad (@jonas-lq)
 #
 # license: GPLv2
 #