Implement Forgejo event handling in Packit Service.

Author: mynk8

packit_service/events/forgejo/__init__.py

@@ -3,4 +3,4 @@
 
 from . import abstract, issue, pr, push
 
-__all__ = [abstract.__name__, push.__name__, issue.__name__, pr.__name__]
+__all__ = [abstract.__name__, issue.__name__, pr.__name__, push.__name__]

packit_service/events/forgejo/issue.py

@@ -1,8 +1,6 @@
 # Copyright Contributors to the Packit project.
 # SPDX-License-Identifier: MIT
 
-# SPDX-License-Identifier: MIT
-
 from typing import Optional
 
 from ogr.abstract import Comment as OgrComment

packit_service/events/forgejo/pr.py

@@ -29,14 +29,17 @@ def __init__(
         actor: str,
         body: str,
     ):
-        super().__init__(project_url=project_url, pr_id=pr_id, actor=actor)
+        super().__init__(project_url=project_url, pr_id=pr_id)
         self.action = action
         self.base_repo_namespace = base_repo_namespace
         self.base_repo_name = base_repo_name
         self.base_ref = base_ref
         self.target_repo_namespace = target_repo_namespace
         self.target_repo_name = target_repo_name
+        self.actor = actor
+        self.identifier = str(pr_id)
         self.commit_sha = commit_sha
+        self.commit_sha_before = commit_sha_before
         self.body = body
 
     def get_dict(self, default_dict: Optional[dict] = None) -> dict:

packit_service/service/api/webhooks.py

@@ -373,6 +373,9 @@ class ForgejoWebhook(Resource):
     @ns.response(HTTPStatus.UNAUTHORIZED.value, "X-Forgejo-Signature validation failed")
     @ns.expect(ping_payload_forgejo)
     def post(self):
+        """
+        A webhook used by Packit-as-a-Service Forgejo hook.
+        """
         msg = request.json
 
         if not msg:
@@ -385,17 +388,17 @@ def post(self):
             logger.debug(f"/webhooks/forgejo received ping event: {msg['hook']}")
             forgejo_webhook_calls.labels(result="pong", process_id=os.getpid()).inc()
             return "Pong!", HTTPStatus.OK
-        # TODO
-        # try:
-        #     self.validate_token()
-        # except ValidationFailed as exc:
-        #     logger.info(f"/webhooks/forgejo {exc}")
-        #     forgejo_webhook_calls.labels(
-        #         result="invalid_signature",
-        #         process_id=os.getpid(),
-        #     ).inc()
-        #     return str(exc), HTTPStatus.UNAUTHORIZED
-        #
+
+        try:
+            self.validate_token()
+        except ValidationFailed as exc:
+            logger.info(f"/webhooks/forgejo {exc}")
+            forgejo_webhook_calls.labels(
+                result="invalid_signature",
+                process_id=os.getpid(),
+            ).inc()
+            return str(exc), HTTPStatus.UNAUTHORIZED
+
         if not self.interested(msg):
             forgejo_webhook_calls.labels(
                 result="not_interested",
@@ -419,39 +422,44 @@ def validate_token(self):
         """
         Validate the Forgejo webhook signature.
         The signature is a direct SHA256 HMAC hex digest of the raw request body
-        using the webhook secret as the key, in a similar fashion to Github.
-
+        using the webhook secret as the key, in a similar fashion to GitHub.
         """
         if "X-Forgejo-Signature" not in request.headers:
+            if config.validate_webhooks:
+                msg = "X-Forgejo-Signature not in request.headers"
+                logger.warning(msg)
+                raise ValidationFailed(msg)
+
+            # don't validate signatures when testing locally
             logger.debug("Ain't validating signatures.")
             return
 
-        if not (webhook_secret := getenv("WEBHOOK_SECRET")):
+        if not (webhook_secret := config.webhook_secret):
             msg = "'webhook_secret' not specified in the config."
             logger.error(msg)
             raise ValidationFailed(msg)
 
-        # Get raw payload
-
         payload = request.get_data()
         if not payload:
             msg = "No payload received."
             logger.error(msg)
             raise ValidationFailed(msg)
 
+        # Calculate payload signature using HMAC-SHA256
         data_hmac = hmac.new(webhook_secret.encode(), msg=payload, digestmod=sha256)
         payload_signature = data_hmac.hexdigest()
-        header_sig = request.headers["X-Forgejo-Signature"]
+        header_signature = request.headers["X-Forgejo-Signature"]
 
-        if header_sig != payload_signature:
+        if not hmac.compare_digest(header_signature, payload_signature):
             msg = "Payload signature validation failed."
-
             logger.warning(msg)
             logger.debug(
-                f"X-Forgejo-Signature: {header_sig!r} != computed: {payload_signature}",
+                f"X-Forgejo-Signature: {header_signature!r} != computed: {payload_signature}",
             )
             raise ValidationFailed(msg)
 
+        logger.debug("Payload signature is OK.")
+
     @staticmethod
     def interested(msg):
         """
@@ -475,7 +483,7 @@ def interested(msg):
             "release": action == "published",
             "issues": action in {"opened", "edited", "closed", "reopened"},
             "issue_comment": action in {"created", "edited"},
-            "pull_request": action in {"opened", "edited", "closed", "reopened", "synchronize"},
+            "pull_request": action in {"opened", "reopened", "synchronize"},
         }
 
         _interested = interests.get(event or "", False)

packit_service/worker/parser.py

@@ -101,6 +101,48 @@ class Parser:
     we need to have method inside the `Parser` class to create objects defined in `event.py`.
     """
 
+    @staticmethod
+    def is_forgejo_event(event: dict) -> bool:
+        """
+        Detect if an event is from Forgejo based on platform-specific fields.
+        Forgejo events have additional fields that GitHub events don't have.
+        """
+
+        # Check for Forgejo-specific fields in user objects
+        def has_forgejo_user_fields(user_obj):
+            if not isinstance(user_obj, dict):
+                return False
+            forgejo_fields = {
+                "login_name",
+                "source_id",
+                "full_name",
+                "is_admin",
+                "last_login",
+                "created",
+                "restricted",
+                "active",
+                "prohibit_login",
+                "location",
+                "pronouns",
+                "website",
+                "description",
+                "visibility",
+                "followers_count",
+                "following_count",
+                "starred_repos_count",
+                "username",
+            }
+            return any(field in user_obj for field in forgejo_fields)
+
+        return (
+            has_forgejo_user_fields(event.get("user"))
+            or has_forgejo_user_fields(nested_get(event, "pull_request", "user"))
+            or has_forgejo_user_fields(nested_get(event, "comment", "user"))
+            or has_forgejo_user_fields(nested_get(event, "issue", "user"))
+            or has_forgejo_user_fields(event.get("pusher"))
+            or has_forgejo_user_fields(event.get("sender"))
+        )
+
     @staticmethod
     def parse_event(
         event: dict,
@@ -159,6 +201,23 @@ def parse_event(
             logger.warning("No event to process!")
             return None
 
+        # Check if this is a Forgejo event and prioritize Forgejo parsers
+        # We have to prioritize Forgejo events as they are similar in structure
+        # to github event payloads and hence can accidentally be parsed as
+        # Github objects.
+        is_forgejo = Parser.is_forgejo_event(event)
+
+        if is_forgejo:
+            forgejo_parsers = (
+                Parser.parse_forgejo_push_event,
+                Parser.parse_forgejo_pr_event,
+                Parser.parse_forgejo_comment_event,
+            )
+            for parser in forgejo_parsers:
+                forgejo_response = parser(event)
+                if forgejo_response:
+                    return forgejo_response
+
         for response in (
             parser(event)
             for parser in (
@@ -191,9 +250,6 @@ def parse_event(
                 Parser.parse_openscanhub_task_started_event,
                 Parser.parse_commit_comment_event,
                 Parser.parse_pagure_pull_request_event,
-                Parser.parse_forgejo_push_event,
-                Parser.parse_forgejo_pr_event,
-                Parser.parse_forgejo_comment_event,
             )
         ):
             if response:
@@ -290,11 +346,6 @@ def parse_pr_event(event) -> Optional[github.pr.Action]:
         """Look into the provided event and see if it's one for a new github PR."""
         if not event.get("pull_request"):
             return None
-        
-        # Skip Forgejo events - they should be handled by parse_forgejo_pr_event
-        repository_url = nested_get(event, "repository", "html_url") or ""
-        if "forgejo.org" in repository_url:
-            return None
 
         pr_id = event.get("number")
         action = event.get("action")
@@ -535,11 +586,6 @@ def parse_github_push_event(event) -> Optional[github.push.Commit]:
         """
         Look into the provided event and see if it's one for a new push to the github branch.
         """
-        # Skip Forgejo events - they should be handled by parse_forgejo_push_event
-        repository_url = nested_get(event, "repository", "html_url") or ""
-        if "forgejo.org" in repository_url:
-            return None
-            
         raw_ref = event.get("ref")
         before = event.get("before")
         pusher = nested_get(event, "pusher", "name")
@@ -608,11 +654,6 @@ def parse_pull_request_comment_event(
         # but it's needed when called from parse_event().
         if not nested_get(event, "issue", "pull_request"):
             return None
-        
-        # Skip Forgejo events - they should be handled by parse_forgejo_comment_event
-        repository_url = nested_get(event, "repository", "html_url") or ""
-        if "forgejo.org" in repository_url:
-            return None
 
         pr_id = nested_get(event, "issue", "number")
         action = event.get("action")
@@ -665,12 +706,6 @@ def parse_issue_comment_event(event) -> Optional[github.issue.Comment]:
         # but it's needed when called from parse_event().
         if nested_get(event, "issue", "pull_request"):
             return None
-        
-        # Skip Forgejo events - they should be handled by parse_forgejo_comment_event
-        repository_url = nested_get(event, "repository", "html_url") or ""
-        if "forgejo.org" in repository_url:
-            return None
-
         issue_id = nested_get(event, "issue", "number")
         action = event.get("action")
         if action != "created" or not issue_id:
@@ -1886,7 +1921,7 @@ def parse_forgejo_push_event(event: dict) -> Optional[forgejo.push.Commit]:
         raw_ref = event.get("ref")
         before = event.get("before")
         after = event.get("after")
-        pusher = nested_get(event, "pusher", "login") or nested_get(event, "pusher", "name")
+        pusher = nested_get(event, "pusher", "login")
 
         if not (raw_ref and after and before and pusher):
             return None
@@ -1898,7 +1933,6 @@ def parse_forgejo_push_event(event: dict) -> Optional[forgejo.push.Commit]:
             return None
 
         # Number of commits introduced by this push
-        commits = event.get("commits") or []
         num_commits = event.get("total_commits")
 
         # Strip the ref prefix to get the branch/tag name
@@ -1936,7 +1970,6 @@ def parse_forgejo_pr_event(event: dict) -> Optional[forgejo.pr.Action]:
         Parse Forgejo PR action events, only triggering for relevant actions.
         Supported actions: 'opened', 'reopened', 'synchronize'.
         Skips others like 'closed'.
-
         """
         action_str = event.get("action")
         # Only trigger for these actions
@@ -2011,9 +2044,13 @@ def parse_forgejo_comment_event(
 
         if is_pr:
             # For PR comments, extract repo info from pull_request section
-            base_repo_namespace = nested_get(event, "pull_request", "head", "repo", "owner", "login")
+            base_repo_namespace = nested_get(
+                event, "pull_request", "head", "repo", "owner", "login"
+            )
             base_repo_name = nested_get(event, "pull_request", "head", "repo", "name")
-            target_repo_namespace = nested_get(event, "pull_request", "base", "repo", "owner", "login")
+            target_repo_namespace = nested_get(
+                event, "pull_request", "base", "repo", "owner", "login"
+            )
         else:
             # For issue comments, extract from repository section
             base_repo_namespace = nested_get(event, "repository", "owner", "login")
@@ -2034,10 +2071,12 @@ def parse_forgejo_comment_event(
             return None
 
         if is_pr:
+            base_ref = nested_get(event, "pull_request", "head", "ref")
+            commit_sha = nested_get(event, "pull_request", "head", "sha")
             return forgejo.pr.Comment(
                 action=PullRequestCommentAction[action],
                 pr_id=issue_id,
-                base_ref="",
+                base_ref=base_ref,
                 base_repo_namespace=base_repo_namespace,
                 base_repo_name=base_repo_name,
                 target_repo_namespace=target_repo_namespace,
@@ -2046,11 +2085,11 @@ def parse_forgejo_comment_event(
                 actor=user_login,
                 comment=comment,
                 comment_id=comment_id,
-                commit_sha=None,
+                commit_sha=commit_sha,
             )
         # For issue comments, get the default branch
         default_branch = nested_get(event, "repository", "default_branch") or "main"
-        
+
         return forgejo.issue.Comment(
             action=IssueCommentAction[action],
             issue_id=issue_id,

tests/conftest.py

@@ -9,7 +9,7 @@
 import pytest
 from deepdiff import DeepDiff
 from flexmock import flexmock
-from ogr import GithubService, GitlabService, PagureService, ForgejoService
+from ogr import ForgejoService, GithubService, GitlabService, PagureService
 from packit.config import JobConfig, JobConfigTriggerType, PackageConfig
 from packit.config.common_package_config import Deployment
 
@@ -43,7 +43,7 @@ def global_service_config():
         GitlabService(token="token"),
         PagureService(instance_url="https://src.fedoraproject.org", token="token"),
         PagureService(instance_url="https://git.stg.centos.org", token="6789"),
-        ForgejoService(instance_url="https://codeberg.org", token="token")
+        ForgejoService(instance_url="https://codeberg.org", token="token"),
     }
     service_config.server_name = "localhost"
     service_config.github_requests_log_path = "/path"