Check pull/merge request actions before initializing dependencies

Co-authored-by: Dany Marcoux <dmarcoux@suse.com>

src/api/app/controllers/trigger_workflow_controller.rb

@@ -1,14 +1,15 @@
 class TriggerWorkflowController < TriggerController
   # We don't need to validate that the body of the request is XML. We receive JSON
   skip_before_action :validate_xml_request, :set_project_name, :set_package_name, :set_project, :set_package, :set_object_to_authorize, :set_multibuild_flavor
-  before_action :create_workflow_run
   before_action :set_scm_event
+  before_action :abort_trigger_if_ignored_pull_request_action
+  before_action :create_workflow_run
   before_action :validate_scm_event
 
   def create
     authorize @token, :trigger?
     @token.user.run_as do
-      validation_errors = @token.call(scm: scm, event: event, payload: payload, workflow_run: @workflow_run)
+      validation_errors = @token.call(workflow_run: @workflow_run, scm_webhook: @scm_webhook)
 
       if validation_errors.none?
         @workflow_run.update(status: 'success', response_body: render_ok)
@@ -60,4 +61,10 @@ def create_workflow_run
     request_headers = request.headers.to_h.keys.map { |k| "#{k}: #{request.headers[k]}" if k.match?(/^HTTP_/) }.compact.join("\n")
     @workflow_run = @token.workflow_runs.create(request_headers: request_headers, request_payload: request.body.read)
   end
+
+  def abort_trigger_if_ignored_pull_request_action
+    @scm_webhook = TriggerControllerService::ScmExtractor.new(scm, event, payload).call
+
+    render_ok if @scm_webhook && @scm_webhook.ignored_pull_request_action?
+  end
 end

src/api/app/models/scm_webhook.rb

@@ -6,6 +6,11 @@ class ScmWebhook
 
   validates_with ScmWebhookEventValidator
 
+  IGNORED_PULL_REQUEST_ACTIONS = ['assigned', 'auto_merge_disabled', 'auto_merge_enabled', 'converted_to_draft',
+                                  'edited', 'labeled', 'locked', 'ready_for_review', 'review_request_removed',
+                                  'review_requested', 'unassigned', 'unlabeled', 'unlocked'].freeze
+  IGNORED_MERGE_REQUEST_ACTIONS = ['approved', 'unapproved'].freeze
+
   def initialize(attributes = {})
     super
     # To safely navigate the hash and compare keys
@@ -44,6 +49,10 @@ def pull_request_event?
     github_pull_request? || gitlab_merge_request?
   end
 
+  def ignored_pull_request_action?
+    ignored_github_pull_request_action? || ignored_gitlab_merge_request_action?
+  end
+
   private
 
   def github_push_event?
@@ -69,4 +78,12 @@ def github_pull_request?
   def gitlab_merge_request?
     @payload[:scm] == 'gitlab' && @payload[:event] == 'Merge Request Hook'
   end
+
+  def ignored_github_pull_request_action?
+    github_pull_request? && IGNORED_PULL_REQUEST_ACTIONS.include?(@payload[:action])
+  end
+
+  def ignored_gitlab_merge_request_action?
+    gitlab_merge_request? && IGNORED_MERGE_REQUEST_ACTIONS.include?(@payload[:action])
+  end
 end

src/api/app/models/token/workflow.rb

@@ -9,10 +9,10 @@ def self.token_name
 
   def call(options)
     set_triggered_at
+    @scm_webhook = options[:scm_webhook]
 
-    raise Token::Errors::MissingPayload, 'A payload is required' if options[:payload].nil?
+    raise Token::Errors::MissingPayload, 'A payload is required' if @scm_webhook.payload.blank?
 
-    @scm_webhook = TriggerControllerService::ScmExtractor.new(options[:scm], options[:event], options[:payload]).call
     options[:workflow_run].update(response_url: @scm_webhook.payload[:api_endpoint])
     yaml_file = Workflows::YAMLDownloader.new(@scm_webhook.payload, token: self).call
     @workflows = Workflows::YAMLToWorkflowsService.new(yaml_file: yaml_file, scm_webhook: @scm_webhook, token: self).call