prophet 1.9.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: afe7d79d028a1b2365986a403441c0c83ddd8833
-  data.tar.gz: 0819c0fd245bc51106ac93fda3a0f1669af8d8b0
+SHA256:
+  metadata.gz: 4e0cdb6d0ea731019023c33f2a0e6896aa558ff84eafc2a1fdae9547b8865f90
+  data.tar.gz: 5e1797d1ffab25d7501a9ab15a2f7ac1ae03a52664e472beecc18f27fae1f307
 SHA512:
-  metadata.gz: fa4ffda35c9052a9542259acf8fdb8508126ed0e523780faa604a39ee91c459b0da5978d994011a8be3503f10dcddb68b906206180772d9cbc93461b2c12f8a0
-  data.tar.gz: 96c4720864de08183fc6532903b3c5da54bec83dc29274c7ba305e70c367ff3018c61b4c49c72425f3b14297a9d9e318f1a4c4d08257711eed8a263fa8e59c34
+  metadata.gz: 6d6ee5b15f1a9da9fea75ba516d8f238e6119a0e03fc72998206f012cf536760858f7bca294832e1689eaa6053afba922209b046aa48a3f8c31d6df1bf463156
+  data.tar.gz: 8d6fadd5de8798e92781db62657dcbede972266d7d7ad64fcea86930cff660e0b6018ad1cb647ee009056a935df37ce662469590760f38689c8ed46624bc6da7

data/lib/prophet/prophet.rb

@@ -164,66 +164,70 @@ class Prophet
   # - the pull request hasn't been used for a run before.
   # - the pull request has been updated since the last run.
   # - the target (i.e. master) has been updated since the last run.
+  # - the pull request does not originate from a fork (to avoid malicious code execution on CI machines)
   def run_necessary?
     logger.info "Checking pull request ##{@request.id}: #{@request.content.title}"
-    # Compare current sha ids of target and source branch with those from the last test run.
-    @request.target_head_sha = @github.commits(@project).first.sha
-    comments = @github.issue_comments(@project, @request.id)
-    comments = comments.select { |c| [username, username_fail].include?(c.user.login) }.reverse
-    comments.each do |comment|
-      @request.comment = comment if /Merged ([\w]+) into ([\w]+)/.match(comment.body)
-    end
-
-    statuses = @github.status(@project, @request.head_sha).statuses.select { |s| s.context == self.status_context }
-    # Only run if it's mergeable.
-    if @request.content.mergeable
-      if statuses.empty?
-        # If there is no status yet, it has to be a new request.
-        logger.info 'New pull request detected, run needed.'
-        return true
-      elsif !self.disable_comments && !@request.comment
-        logger.info 'Rerun forced.'
-        return true
+    unless @request.from_fork
+      # Compare current sha ids of target and source branch with those from the last test run.
+      @request.target_head_sha = @github.commits(@project).first.sha
+      comments = @github.issue_comments(@project, @request.id)
+      comments = comments.select { |c| [username, username_fail].include?(c.user.login) }.reverse
+      comments.each do |comment|
+        @request.comment = comment if /Merged ([\w]+) into ([\w]+)/.match(comment.body)
       end
-    else
-      # Sometimes GitHub doesn't have a proper boolean value stored.
-      if @request.content.mergeable.nil? && switch_branch_to_merged_state
-        # Pull request is mergeable after all.
-        switch_branch_back
+
+      statuses = @github.status(@project, @request.head_sha).statuses.select { |s| s.context == self.status_context }
+      # Only run if it's mergeable.
+      if @request.content.mergeable
+        if statuses.empty?
+          # If there is no status yet, it has to be a new request.
+          logger.info 'New pull request detected, run needed.'
+          return true
+        elsif !self.disable_comments && !@request.comment
+          logger.info 'Rerun forced.'
+          return true
+        end
       else
-        logger.info 'Pull request not auto-mergeable. Not running.'
-        if @request.comment
-          logger.info 'Deleting existing comment.'
-          call_github(old_comment_success?).delete_comment(@project, @request.comment.id)
+        # Sometimes GitHub doesn't have a proper boolean value stored.
+        if @request.content.mergeable.nil? && switch_branch_to_merged_state
+          # Pull request is mergeable after all.
+          switch_branch_back
+        else
+          logger.info 'Pull request not auto-mergeable. Not running.'
+          if @request.comment
+            logger.info 'Deleting existing comment.'
+            call_github(old_comment_success?).delete_comment(@project, @request.comment.id)
+          end
+          create_status(:error, "Pull request not auto-mergeable. Not running.") if statuses.first && statuses.first.state != 'error'
+          return false
         end
-        create_status(:error, "Pull request not auto-mergeable. Not running.") if statuses.first && statuses.first.state != 'error'
-        return false
       end
-    end
 
-    # Initialize shas to ensure it will live on after the 'each' block.
-    shas = nil
-    statuses.each do |status|
-      shas = /Merged ([\w]+) into ([\w]+)/.match(status.description)
-      break if shas && shas[1] && shas[2]
-    end
+      # Initialize shas to ensure it will live on after the 'each' block.
+      shas = nil
+      statuses.each do |status|
+        shas = /Merged ([\w]+) into ([\w]+)/.match(status.description)
+        break if shas && shas[1] && shas[2]
+      end
 
-    if shas
-      logger.info "Current target sha: '#{@request.target_head_sha}', pull sha: '#{@request.head_sha}'."
-      logger.info "Last test run target sha: '#{shas[2]}', pull sha: '#{shas[1]}'."
-      if self.rerun_on_source_change && (shas[1] != @request.head_sha)
-        logger.info 'Re-running due to new commit in pull request.'
+      if shas
+        logger.info "Current target sha: '#{@request.target_head_sha}', pull sha: '#{@request.head_sha}'."
+        logger.info "Last test run target sha: '#{shas[2]}', pull sha: '#{shas[1]}'."
+        if self.rerun_on_source_change && (shas[1] != @request.head_sha)
+          logger.info 'Re-running due to new commit in pull request.'
+          return true
+        elsif self.rerun_on_target_change && (shas[2] != @request.target_head_sha)
+          logger.info 'Re-running due to new commit in target branch.'
+           return true
+        end
+      else
+        # If there are no SHAs yet, it has to be a new request.
+        logger.info 'New pull request detected, run needed.'
         return true
-      elsif self.rerun_on_target_change && (shas[2] != @request.target_head_sha)
-        logger.info 'Re-running due to new commit in target branch.'
-         return true
       end
-    else
-      # If there are no SHAs yet, it has to be a new request.
-      logger.info 'New pull request detected, run needed.'
-      return true
     end
 
+    logger.info "Pull request comes from a fork." if @request.from_fork
     logger.info "Not running for request ##{@request.id}."
     false
   end

data/lib/prophet/pull_request.rb

@@ -4,12 +4,14 @@ class PullRequest
                 :content,
                 :comment,
                 :head_sha,
-                :target_head_sha
+                :target_head_sha,
+                :from_fork
 
   def initialize(content)
     @content = content
     @id = content.number
     @head_sha = content.head.sha
+    @from_fork = content.head.repo.fork
   end
 
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: prophet
 version: !ruby/object:Gem::Version
-  version: 1.9.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Dominik Bamberger
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-06 00:00:00.000000000 Z
+date: 2018-05-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday_middleware
@@ -89,7 +89,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.7.3
 signing_key: 
 specification_version: 4
 summary: An easy way to loop through open pull requests and run code onthe merged