-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lgtm plugin should use trigger.TrustedUser #13740
Comments
This is mainly concerning because doing a |
related: #12785 |
I just.. I really dislike the whole "trusted org" logic set. That the "trust" is somehow tied to not the org the actual repo is in. If that logic wasn't there, I wouldn't even have a second thought on this. |
ref: test-infra/prow/plugins/trigger/trigger.go Lines 153 to 185 in 5022463
|
Thats a fair point but IMHO an orthogonal issue. The issue we have here is that we have code to determine if a user is trusted and the LGTM plugin does something that requires trust (starting tests) without calling into that code but instead using a different check. Independently of what |
/area prow |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle rotten |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
I think this is somethings we still need to fix. There is no good reason to have different codepaths to determine "trust" in different places. Using/Not using the "trusted org" concept is completely orthogonal to this. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/reopen |
@alvaroaleman: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/remove-lifecycle rotten |
@cblecker: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-contributor-experience at kubernetes/community. |
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
The lgtm plugin currently does a
IsCollaborator()
check to determine if a user can lgtm a PR or not. Which means that even ifonly_org_members: true
is defined in thetrigger
config, outside collaborators are able to lgtm PRs.To fix this, we should use
trigger.TrustedUser()
to determine whether a user is trusted or not.Additionally, if
skip_collaborators: true
is configured, we can then skip thetrigger.TrustedUser()
check./sig contributor-experience
/cc @cblecker @spiffxp @alvaroaleman @stevekuznetsov
related: #13002
Happy to work on this if this makes sense.
The text was updated successfully, but these errors were encountered: