diff options
| author | Dan Albert <danalbert@google.com> | 2015-04-09 17:18:53 -0700 |
|---|---|---|
| committer | Dan Albert <danalbert@google.com> | 2015-04-09 17:18:53 -0700 |
| commit | d032378790c787b8e03cebff92619b41ab0dffe4 (patch) | |
| tree | f9d46343b4e30398d633eef281d0c305b2b38e66 /tools | |
| parent | 0a92ac884891b167d6393592fbf9ecf26218f9aa (diff) | |
| download | bionic-d032378790c787b8e03cebff92619b41ab0dffe4.zip bionic-d032378790c787b8e03cebff92619b41ab0dffe4.tar.gz bionic-d032378790c787b8e03cebff92619b41ab0dffe4.tar.bz2 | |
Don't build any changes that touch bionicbb.
Right now any changes in here would be innocuous because I manually
update bionicbb, but I'd like to check in the various job
configurations. Once I have we don't want anyone to be able to make
the buildbot run any untrusted code.
Change-Id: Ic050859cd5017615f71c75f995ba21bb45407b05
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/bionicbb/gmail_listener.py | 6 | ||||
| -rw-r--r-- | tools/bionicbb/test_gmail_listener.py | 19 |
2 files changed, 25 insertions, 0 deletions
diff --git a/tools/bionicbb/gmail_listener.py b/tools/bionicbb/gmail_listener.py index 3e501cc..632426b 100644 --- a/tools/bionicbb/gmail_listener.py +++ b/tools/bionicbb/gmail_listener.py @@ -64,6 +64,11 @@ def contains_cleanspec(change_id, patch_set): return 'CleanSpec.mk' in [os.path.basename(f) for f in files] +def contains_bionicbb(change_id, patch_set): + files = gerrit.get_files_for_revision(change_id, patch_set) + return any('tools/bionicbb' in f for f in files) + + def should_skip_build(info): if info['MessageType'] not in ('newchange', 'newpatchset', 'comment'): raise ValueError('should_skip_build() is only valid for new ' @@ -75,6 +80,7 @@ def should_skip_build(info): checks = [ is_untrusted_committer, contains_cleanspec, + contains_bionicbb, ] for check in checks: if check(change_id, patch_set): diff --git a/tools/bionicbb/test_gmail_listener.py b/tools/bionicbb/test_gmail_listener.py index af9eda0..f8b9ab6 100644 --- a/tools/bionicbb/test_gmail_listener.py +++ b/tools/bionicbb/test_gmail_listener.py @@ -4,6 +4,7 @@ import unittest class TestShouldSkipBuild(unittest.TestCase): + @mock.patch('gmail_listener.contains_bionicbb') @mock.patch('gmail_listener.contains_cleanspec') @mock.patch('gerrit.get_commit') def test_accepts_googlers(self, mock_commit, *other_checks): @@ -21,6 +22,7 @@ class TestShouldSkipBuild(unittest.TestCase): 'PatchSet': '', })) + @mock.patch('gmail_listener.contains_bionicbb') @mock.patch('gmail_listener.contains_cleanspec') @mock.patch('gerrit.get_commit') def test_rejects_googlish_domains(self, mock_commit, *other_checks): @@ -38,6 +40,7 @@ class TestShouldSkipBuild(unittest.TestCase): 'PatchSet': '', })) + @mock.patch('gmail_listener.contains_bionicbb') @mock.patch('gmail_listener.contains_cleanspec') @mock.patch('gerrit.get_commit') def test_rejects_non_googlers(self, mock_commit, *other_checks): @@ -55,6 +58,7 @@ class TestShouldSkipBuild(unittest.TestCase): 'PatchSet': '', })) + @mock.patch('gmail_listener.contains_bionicbb') @mock.patch('gmail_listener.is_untrusted_committer') @mock.patch('gerrit.get_files_for_revision') def test_skips_cleanspecs(self, mock_files, *other_checks): @@ -69,6 +73,21 @@ class TestShouldSkipBuild(unittest.TestCase): 'PatchSet': '', })) + @mock.patch('gmail_listener.contains_cleanspec') + @mock.patch('gmail_listener.is_untrusted_committer') + @mock.patch('gerrit.get_files_for_revision') + def test_skips_bionicbb(self, mock_files, *other_checks): + mock_files.return_value = ['tools/bionicbb/common.sh'] + for other_check in other_checks: + other_check.return_value = False + + for message_type in ('newchange', 'newpatchset', 'comment'): + self.assertTrue(gmail_listener.should_skip_build({ + 'MessageType': message_type, + 'Change-Id': '', + 'PatchSet': '', + })) + if __name__ == '__main__': unittest.main() |