@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Support a wider range of "Audit" rules for Owners packages
Summary:
Depends on D20124. Ref T13244. See PHI1055. Add a few more builtin audit behaviors to make Owners more flexible.
(At the upper end of flexibility you can trigger audits in a very granular way with Herald, but you tend to need to write one rule per Owners package, and providing a middle ground here has worked reasonably well for "review" rules so far.)
Test Plan:
- Edited a package to select the various different audit rules.
- Used `bin/repository reparse --force --owners <commit>` to trigger package audits under varied conditions.
Reviewers: amckinley
Reviewed By: amckinley
Maniphest Tasks: T13244
Differential Revision: https://secure.phabricator.com/D20126
+100
-24
+19
-3
src/applications/owners/constants/PhabricatorOwnersAuditRule.php
+19
-3
src/applications/owners/constants/PhabricatorOwnersAuditRule.php
···
4
4
extends Phobject {
5
5
6
6
const AUDITING_NONE = 'none';
7
-
const AUDITING_AUDIT = 'audit';
7
+
const AUDITING_NO_OWNER = 'audit';
8
+
const AUDITING_UNREVIEWED = 'unreviewed';
9
+
const AUDITING_NO_OWNER_AND_UNREVIEWED = 'uninvolved-unreviewed';
10
+
const AUDITING_ALL = 'all';
8
11
9
12
private $key;
10
13
private $spec;
···
86
89
'0' => '"0"',
87
90
),
88
91
),
89
-
self::AUDITING_AUDIT => array(
90
-
'name' => pht('Audit Commits'),
92
+
self::AUDITING_UNREVIEWED => array(
93
+
'name' => pht('Audit Unreviewed Commits'),
94
+
'icon.icon' => 'fa-check',
95
+
),
96
+
self::AUDITING_NO_OWNER => array(
97
+
'name' => pht('Audit Commits With No Owner Involvement'),
91
98
'icon.icon' => 'fa-check',
92
99
'deprecated' => array(
93
100
'1' => '"1"',
94
101
),
102
+
),
103
+
self::AUDITING_NO_OWNER_AND_UNREVIEWED => array(
104
+
'name' => pht(
105
+
'Audit Unreviewed Commits and Commits With No Owner Involvement'),
106
+
'icon.icon' => 'fa-check',
107
+
),
108
+
self::AUDITING_ALL => array(
109
+
'name' => pht('Audit All Commits'),
110
+
'icon.icon' => 'fa-check',
95
111
),
96
112
);
97
113
}
+70
-16
src/applications/repository/worker/PhabricatorRepositoryCommitOwnersWorker.php
+70
-16
src/applications/repository/worker/PhabricatorRepositoryCommitOwnersWorker.php
···
132
132
$author_phid,
133
133
$revision) {
134
134
135
-
// Don't trigger an audit if auditing isn't enabled for the package.
135
+
$audit_uninvolved = false;
136
+
$audit_unreviewed = false;
137
+
136
138
$rule = $package->newAuditingRule();
137
-
if ($rule->getKey() === PhabricatorOwnersAuditRule::AUDITING_NONE) {
138
-
return false;
139
+
switch ($rule->getKey()) {
140
+
case PhabricatorOwnersAuditRule::AUDITING_NONE:
141
+
return false;
142
+
case PhabricatorOwnersAuditRule::AUDITING_ALL:
143
+
return true;
144
+
case PhabricatorOwnersAuditRule::AUDITING_NO_OWNER:
145
+
$audit_uninvolved = true;
146
+
break;
147
+
case PhabricatorOwnersAuditRule::AUDITING_UNREVIEWED:
148
+
$audit_unreviewed = true;
149
+
break;
150
+
case PhabricatorOwnersAuditRule::AUDITING_NO_OWNER_AND_UNREVIEWED:
151
+
$audit_uninvolved = true;
152
+
$audit_unreviewed = true;
153
+
break;
139
154
}
140
155
141
-
// Trigger an audit if we don't recognize the commit's author.
142
-
if (!$author_phid) {
143
-
return true;
156
+
// If auditing is configured to trigger on unreviewed changes, check if
157
+
// the revision was "Accepted" when it landed. If not, trigger an audit.
158
+
if ($audit_unreviewed) {
159
+
$commit_unreviewed = true;
160
+
if ($revision) {
161
+
$was_accepted = DifferentialRevision::PROPERTY_CLOSED_FROM_ACCEPTED;
162
+
if ($revision->isPublished()) {
163
+
if ($revision->getProperty($was_accepted)) {
164
+
$commit_unreviewed = false;
165
+
}
166
+
}
167
+
}
168
+
169
+
if ($commit_unreviewed) {
170
+
return true;
171
+
}
144
172
}
145
173
174
+
// If auditing is configured to trigger on changes with no involved owner,
175
+
// check for an owner. If we don't find one, trigger an audit.
176
+
if ($audit_uninvolved) {
177
+
$commit_uninvolved = $this->isOwnerInvolved(
178
+
$commit,
179
+
$package,
180
+
$author_phid,
181
+
$revision);
182
+
if ($commit_uninvolved) {
183
+
return true;
184
+
}
185
+
}
186
+
187
+
// We can't find any reason to trigger an audit for this commit.
188
+
return false;
189
+
}
190
+
191
+
private function isOwnerInvolved(
192
+
PhabricatorRepositoryCommit $commit,
193
+
PhabricatorOwnersPackage $package,
194
+
$author_phid,
195
+
$revision) {
196
+
146
197
$owner_phids = PhabricatorOwnersOwner::loadAffiliatedUserPHIDs(
147
198
array(
148
199
$package->getID(),
149
200
));
150
201
$owner_phids = array_fuse($owner_phids);
151
202
152
-
// Don't trigger an audit if the author is a package owner.
153
-
if (isset($owner_phids[$author_phid])) {
154
-
return false;
203
+
// If the commit author is identifiable and a package owner, they're
204
+
// involved.
205
+
if ($author_phid) {
206
+
if (isset($owner_phids[$author_phid])) {
207
+
return true;
208
+
}
155
209
}
156
210
157
-
// Trigger an audit of there is no corresponding revision.
211
+
// Otherwise, we need to find an owner as a reviewer.
212
+
213
+
// If we don't have a revision, this is hopeless: no owners are involved.
158
214
if (!$revision) {
159
215
return true;
160
216
}
···
174
230
continue;
175
231
}
176
232
177
-
// If this reviewer accepted the revision and owns the package, we're
178
-
// all clear and do not need to trigger an audit.
233
+
// If this reviewer accepted the revision and owns the package, we've
234
+
// found an involved owner.
179
235
if (isset($accepted_statuses[$reviewer->getReviewerStatus()])) {
180
236
$found_accept = true;
181
237
break;
182
238
}
183
239
}
184
240
185
-
// Don't trigger an audit if a package owner already reviewed the
186
-
// revision.
187
241
if ($found_accept) {
188
-
return false;
242
+
return true;
189
243
}
190
244
191
-
return true;
245
+
return false;
192
246
}
193
247
194
248
}
+11
-5
src/docs/user/userguide/owners.diviner
+11
-5
src/docs/user/userguide/owners.diviner
···
114
114
========
115
115
116
116
You can automatically trigger audits on unreviewed code by configuring
117
-
**Auditing**. The available settings are:
117
+
**Auditing**. The available settings allow you to select behavior based on
118
+
these conditions:
118
119
119
-
- **Disabled**: Do not trigger audits.
120
-
- **Enabled**: Trigger audits.
120
+
- **No Owner Involvement**: Triggers an audit when the commit author is not
121
+
a package owner, and no package owner reviewed an associated revision in
122
+
Differential.
123
+
- **Unreviewed Commits**: Triggers an audit when a commit has no associated
124
+
revision in Differential, or the associated revision in Differential landed
125
+
without being "Accepted".
121
126
122
-
When enabled, audits are triggered for commits which:
127
+
For example, the **Audit Commits With No Owner Involvement** option triggers
128
+
audits for commits which:
123
129
124
130
- affect code owned by the package;
125
131
- were not authored by a package owner; and
126
-
- were not accepted by a package owner.
132
+
- were not accepted (in Differential) by a package owner.
127
133
128
134
Audits do not trigger if the package has been archived.
129
135