From 7f90ab62ceb8addab9f42db178f4cc07571b6b4d Mon Sep 17 00:00:00 2001 From: Daniel Smith Date: Thu, 5 Jun 2025 11:42:15 +0200 Subject: Force posting of security hashtag even if no comments should be posted If a user with privileged access removes the security hashtag from a change, the bot will now re-add the hashtag to the change, even if all file comments are ignored due to having previously been posted. Task-number: QTQAINFRA-7233 Change-Id: I19db6b6cf1a1aafc9b452af098be51a4df496a90 Reviewed-by: Daniel Smith --- src/main.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/main.py b/src/main.py index 98287db..7cc7362 100644 --- a/src/main.py +++ b/src/main.py @@ -579,6 +579,7 @@ async def handle(request): await clone_repo(data) await checkout_patch(data) comments = await run_security_header_check(data) + initially_had_comments = bool(comments) # Filter comments if this is not the first patchset and there are comments # Default patchset number to 1 if not present in data @@ -609,15 +610,17 @@ async def handle(request): semaphore.release() # create a review with the comments if any python files were reviewed - if comments: + if comments: # 'comments' is the filtered list here review = generate_review(comments) await post_review(data, review) - await post_hashtag(data) # Post a message to Teams about the Security relevant change. # Re-enable this line to post to Teams about security Changes # It is currently disabled to prevent spamming users. # await post_teams_message(data) - else: + + if initially_had_comments: # Check if there were any security findings initially + await post_hashtag(data) + else: # Only log "not security relevant" if no findings initially log.info("%s: Change not security relevant", data['change']['number']) -- cgit v1.2.3