Force posting of security hashtag even if no comments should be postedHEADdev

If a user with privileged access removes the
security hashtag from a change, the bot will now
re-add the hashtag to the change, even if all file
comments are ignored due to having previously been
posted.

Task-number: QTQAINFRA-7233
Change-Id: I19db6b6cf1a1aafc9b452af098be51a4df496a90
Reviewed-by: Daniel Smith <[email protected]>

1 files changed, 6 insertions, 3 deletions

diff --git a/src/main.py b/src/main.py
index 98287db..7cc7362 100644
--- a/src/main.py
+++ b/src/main.py
@@ -579,6 +579,7 @@ async def handle(request):
             await clone_repo(data)
             await checkout_patch(data)
             comments = await run_security_header_check(data)
+            initially_had_comments = bool(comments)
 
             # Filter comments if this is not the first patchset and there are comments
             # Default patchset number to 1 if not present in data
@@ -609,15 +610,17 @@ async def handle(request):
             semaphore.release()
 
         # create a review with the comments if any python files were reviewed
-        if comments:
+        if comments: # 'comments' is the filtered list here
             review = generate_review(comments)
             await post_review(data, review)
-            await post_hashtag(data)
             # Post a message to Teams about the Security relevant change.
             # Re-enable this line to post to Teams about security Changes
             # It is currently disabled to prevent spamming users.
             # await post_teams_message(data)
-        else:
+
+        if initially_had_comments: # Check if there were any security findings initially
+            await post_hashtag(data)
+        else: # Only log "not security relevant" if no findings initially
             log.info("%s: Change not security relevant",
                      data['change']['number'])