Bot comments when labels are set without permission

app.cfg.example

@@ -76,6 +76,7 @@ submit_command = /usr/bin/sbatch
 # if value is left/empty everyone can trigger the build
 # value can be a space delimited list of GH accounts
 build_permission = Hafsa-Naeem
+no_build_permission_comment = Label `bot:build` has been set by user `{build_labeler}`, but this person does not have permission to trigger builds
 
 [deploycfg]
 # script for uploading built software packages
@@ -108,6 +109,7 @@ upload_policy = once
 # if value is left/empty everyone can trigger the deployment
 # value can be a space delimited list of GH accounts
 deploy_permission = trz42
+no_deploy_permission_comment = Label `bot:deploy` has been set by user `{deploy_labeler}`, but this person does not have permission to trigger deployments
 
 
 [architecturetargets]
@@ -158,4 +160,4 @@ slurm_out = Found slurm output `{slurm_out}` in job dir
 missing_modules = Slurm output lacks message "No missing modules!". 
 no_tarball_message = Slurm output lacks message about created tarball. 
 no_matching_tarball = No tarball matching `{tarball_pattern}` found in job dir. 
-multiple_tarballs = Found {num_tarballs} tarballs in job dir - only 1 matching `{tarball_pattern}` expected. 
+multiple_tarballs = Found {num_tarballs} tarballs in job dir - only 1 matching `{tarball_pattern}` expected. 

eessi_bot_event_handler.py

@@ -16,6 +16,7 @@
 import waitress
 import sys
 import tasks.build as build
+import tasks.deploy as deploy
 
 from connections import github
 from tools import config
@@ -164,7 +165,9 @@ def main():
     opts = event_handler_parse()
 
     required_config = {
-        build.SUBMITTED_JOB_COMMENTS: [build.INITIAL_COMMENT, build.AWAITS_RELEASE]
+        build.SUBMITTED_JOB_COMMENTS: [build.INITIAL_COMMENT, build.AWAITS_RELEASE],
+        build.BUILDENV: [build.NO_BUILD_PERMISSION_COMMENT],
+        deploy.DEPLOYCFG: [deploy.NO_DEPLOY_PERMISSION_COMMENT]
     }
     # config is read and checked for settings to raise an exception early when the event_handler starts.
     config.check_required_cfg_settings(required_config)

tasks/build.py

@@ -22,7 +22,7 @@
 from datetime import datetime, timezone
 from pyghee.utils import log, error
 from retry.api import retry_call
-from tools import config, run_cmd
+from tools import config, run_cmd, pr_comments
 
 AWAITS_RELEASE = "awaits_release"
 BUILDENV = "buildenv"
@@ -40,6 +40,7 @@
 SUBMITTED_JOB_COMMENTS = "submitted_job_comments"
 SUBMIT_COMMAND = "submit_command"
 BUILD_PERMISSION = "build_permission"
+NO_BUILD_PERMISSION_COMMENT = "no_build_permission_comment"
 ARCHITECTURE_TARGETS = "architecturetargets"
 REPO_TARGETS = "repo_targets"
 REPO_TARGET_MAP = "repo_target_map"
@@ -654,7 +655,11 @@ def check_build_permission(pr, event_info):
     build_labeler = event_info['raw_request_body']['sender']['login']
     if build_labeler not in build_permission.split():
         log(f"{funcname}(): GH account '{build_labeler}' is not authorized to build")
-        # TODO update PR comments for this bot instance?
+        no_build_permission_comment = buildenv.get(NO_BUILD_PERMISSION_COMMENT)
+        repo_name = event_info["raw_request_body"]["repository"]["full_name"]
+        pr_comments.create_comment(repo_name,
+                                   pr.number,
+                                   no_build_permission_comment.format(build_labeler=build_labeler))
         return False
     else:
         log(f"{funcname}(): GH account '{build_labeler}' is authorized to build")

tasks/deploy.py

@@ -5,6 +5,7 @@
 # EESSI software layer, see https://github.com/EESSI/software-layer
 #
 # author: Thomas Roeblitz (@trz42)
+# author: Jonas Qvigstad (@jonas-lq)
 #
 # license: GPLv2
 #
@@ -17,7 +18,7 @@
 from datetime import datetime, timezone
 from pyghee.utils import log
 from tasks.build import get_build_env_cfg
-from tools import config, run_cmd
+from tools import config, run_cmd, pr_comments
 
 JOBS_BASE_DIR = "jobs_base_dir"
 DEPLOYCFG = "deploycfg"
@@ -26,6 +27,7 @@
 BUCKET_NAME = "bucket_name"
 UPLOAD_POLICY = "upload_policy"
 DEPLOY_PERMISSION = "deploy_permission"
+NO_DEPLOY_PERMISSION_COMMENT = "no_deploy_permission_comment"
 
 
 def determine_job_dirs(pr_number):
@@ -405,7 +407,11 @@ def deploy_built_artefacts(pr, event_info):
     # permission to trigger the deployment
     if labeler not in deploy_permission.split():
         log(f"{funcname}(): GH account '{labeler}' is not authorized to deploy")
-        # TODO update PR comments for this bot instance?
+        no_deploy_permission_comment = deploy_cfg.get(NO_DEPLOY_PERMISSION_COMMENT)
+        repo_name = event_info["raw_request_body"]["repository"]["full_name"]
+        pr_comments.create_comment(repo_name,
+                                   pr.number,
+                                   no_deploy_permission_comment.format(deploy_labeler=labeler))
         return
     else:
         log(f"{funcname}(): GH account '{labeler}' is authorized to deploy")

tools/pr_comments.py

@@ -8,11 +8,13 @@
 # author: Bob Droege (@bedroge)
 # author: Hafsa Naeem (@hafsa-naeem)
 # author: Thomas Roeblitz (@trz42)
+# author: Jonas Qvigstad (@jonas-lq)
 #
 # license: GPLv2
 #
 import re
 
+from connections import github
 from pyghee.utils import log
 from retry import retry
 from retry.api import retry_call
@@ -77,3 +79,17 @@ def update_comment(cmnt_id, pr, update, log_file=None):
     else:
         log(f"no comment with id {cmnt_id}, skipping update '{update}'",
             log_file=log_file)
+
+
+def create_comment(repo_name, pr_number, comment):
+    """create a comment on a pr
+
+    Args:
+        repo_name (str): name of the repo with the pr
+        pr_number (int): number of the pr within the repo
+        comment (string): new comment
+    """
+    gh = github.get_instance()
+    repo = gh.get_repo(repo_name)
+    pull_request = repo.get_pull(pr_number)
+    pull_request.create_issue_comment(comment)