2024-02-26 19:00:21 +02:00
|
|
|
import base64
|
2023-08-24 18:35:41 +03:00
|
|
|
import copy
|
2023-08-24 16:33:51 +03:00
|
|
|
import hashlib
|
2023-08-24 12:10:13 +03:00
|
|
|
import json
|
|
|
|
|
import os
|
2024-09-07 10:34:57 +03:00
|
|
|
import re
|
2023-08-24 16:33:51 +03:00
|
|
|
import time
|
2023-08-24 12:10:13 +03:00
|
|
|
|
2023-08-24 16:33:51 +03:00
|
|
|
import jwt
|
|
|
|
|
import requests
|
2023-08-24 12:10:13 +03:00
|
|
|
import uvicorn
|
|
|
|
|
from fastapi import APIRouter, FastAPI, Request, Response
|
2023-08-24 18:35:41 +03:00
|
|
|
from starlette.background import BackgroundTasks
|
2023-08-24 12:10:13 +03:00
|
|
|
from starlette.middleware import Middleware
|
|
|
|
|
from starlette.responses import JSONResponse
|
2023-08-24 16:33:51 +03:00
|
|
|
from starlette_context import context
|
2023-08-24 12:10:13 +03:00
|
|
|
from starlette_context.middleware import RawContextMiddleware
|
|
|
|
|
|
2023-08-24 16:33:51 +03:00
|
|
|
from pr_agent.agent.pr_agent import PRAgent
|
2024-03-06 07:53:13 +02:00
|
|
|
from pr_agent.algo.utils import update_settings_from_args
|
2023-08-24 18:35:41 +03:00
|
|
|
from pr_agent.config_loader import get_settings, global_settings
|
2023-12-12 08:06:20 +02:00
|
|
|
from pr_agent.git_providers.utils import apply_repo_settings
|
2024-02-26 19:00:21 +02:00
|
|
|
from pr_agent.identity_providers import get_identity_provider
|
|
|
|
|
from pr_agent.identity_providers.identity_provider import Eligibility
|
2023-10-16 14:56:00 +03:00
|
|
|
from pr_agent.log import LoggingFormat, get_logger, setup_logger
|
2023-08-24 16:33:51 +03:00
|
|
|
from pr_agent.secret_providers import get_secret_provider
|
2023-12-12 08:06:20 +02:00
|
|
|
from pr_agent.servers.github_action_runner import get_setting_or_env, is_true
|
|
|
|
|
from pr_agent.tools.pr_code_suggestions import PRCodeSuggestions
|
|
|
|
|
from pr_agent.tools.pr_description import PRDescription
|
|
|
|
|
from pr_agent.tools.pr_reviewer import PRReviewer
|
2023-08-24 12:10:13 +03:00
|
|
|
|
2024-03-11 08:50:19 +02:00
|
|
|
setup_logger(fmt=LoggingFormat.JSON, level="DEBUG")
|
2023-08-24 12:10:13 +03:00
|
|
|
router = APIRouter()
|
2024-02-01 08:31:11 +02:00
|
|
|
secret_provider = get_secret_provider() if get_settings().get("CONFIG.SECRET_PROVIDER") else None
|
|
|
|
|
|
2023-08-24 12:10:13 +03:00
|
|
|
|
2023-08-24 16:33:51 +03:00
|
|
|
async def get_bearer_token(shared_secret: str, client_key: str):
|
|
|
|
|
try:
|
|
|
|
|
now = int(time.time())
|
|
|
|
|
url = "https://bitbucket.org/site/oauth2/access_token"
|
|
|
|
|
canonical_url = "GET&/site/oauth2/access_token&"
|
|
|
|
|
qsh = hashlib.sha256(canonical_url.encode("utf-8")).hexdigest()
|
|
|
|
|
app_key = get_settings().bitbucket.app_key
|
|
|
|
|
|
|
|
|
|
payload = {
|
|
|
|
|
"iss": app_key,
|
|
|
|
|
"iat": now,
|
|
|
|
|
"exp": now + 240,
|
|
|
|
|
"qsh": qsh,
|
|
|
|
|
"sub": client_key,
|
|
|
|
|
}
|
|
|
|
|
token = jwt.encode(payload, shared_secret, algorithm="HS256")
|
|
|
|
|
payload = 'grant_type=urn%3Abitbucket%3Aoauth2%3Ajwt'
|
|
|
|
|
headers = {
|
|
|
|
|
'Authorization': f'JWT {token}',
|
|
|
|
|
'Content-Type': 'application/x-www-form-urlencoded'
|
|
|
|
|
}
|
|
|
|
|
response = requests.request("POST", url, headers=headers, data=payload)
|
|
|
|
|
bearer_token = response.json()["access_token"]
|
|
|
|
|
return bearer_token
|
|
|
|
|
except Exception as e:
|
2023-10-16 14:56:00 +03:00
|
|
|
get_logger().error(f"Failed to get bearer token: {e}")
|
2023-08-24 16:33:51 +03:00
|
|
|
raise e
|
2023-08-24 12:10:13 +03:00
|
|
|
|
|
|
|
|
@router.get("/")
|
|
|
|
|
async def handle_manifest(request: Request, response: Response):
|
2023-08-27 10:11:46 +03:00
|
|
|
cur_dir = os.path.dirname(os.path.abspath(__file__))
|
|
|
|
|
manifest = open(os.path.join(cur_dir, "atlassian-connect.json"), "rt").read()
|
2023-08-24 18:35:41 +03:00
|
|
|
try:
|
|
|
|
|
manifest = manifest.replace("app_key", get_settings().bitbucket.app_key)
|
2023-08-27 10:11:46 +03:00
|
|
|
manifest = manifest.replace("base_url", get_settings().bitbucket.base_url)
|
2023-08-24 18:35:41 +03:00
|
|
|
except:
|
2023-10-16 14:56:00 +03:00
|
|
|
get_logger().error("Failed to replace api_key in Bitbucket manifest, trying to continue")
|
2023-08-24 12:10:13 +03:00
|
|
|
manifest_obj = json.loads(manifest)
|
|
|
|
|
return JSONResponse(manifest_obj)
|
|
|
|
|
|
2024-03-06 07:53:13 +02:00
|
|
|
|
|
|
|
|
async def _perform_commands_bitbucket(commands_conf: str, agent: PRAgent, api_url: str, log_context: dict):
|
|
|
|
|
apply_repo_settings(api_url)
|
|
|
|
|
commands = get_settings().get(f"bitbucket_app.{commands_conf}", {})
|
2024-09-07 17:25:05 +03:00
|
|
|
get_settings().set("config.is_auto_command", True)
|
2024-03-06 07:53:13 +02:00
|
|
|
for command in commands:
|
|
|
|
|
try:
|
|
|
|
|
split_command = command.split(" ")
|
|
|
|
|
command = split_command[0]
|
|
|
|
|
args = split_command[1:]
|
|
|
|
|
other_args = update_settings_from_args(args)
|
|
|
|
|
new_command = ' '.join([command] + other_args)
|
|
|
|
|
get_logger().info(f"Performing command: {new_command}")
|
|
|
|
|
with get_logger().contextualize(**log_context):
|
|
|
|
|
await agent.handle_request(api_url, new_command)
|
|
|
|
|
except Exception as e:
|
|
|
|
|
get_logger().error(f"Failed to perform command {command}: {e}")
|
|
|
|
|
|
|
|
|
|
|
2024-09-07 10:34:57 +03:00
|
|
|
def is_bot_user(data) -> bool:
|
|
|
|
|
try:
|
|
|
|
|
if data["data"]["actor"]["type"] != "user":
|
|
|
|
|
get_logger().info(f"BitBucket actor type is not 'user': {data['data']['actor']['type']}")
|
|
|
|
|
return True
|
|
|
|
|
except Exception as e:
|
|
|
|
|
get_logger().error("Failed 'is_bot_user' logic: {e}")
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def should_process_pr_logic(data) -> bool:
|
|
|
|
|
try:
|
|
|
|
|
pr_data = data.get("data", {}).get("pullrequest", {})
|
|
|
|
|
title = pr_data.get("title", "")
|
|
|
|
|
source_branch = pr_data.get("source", {}).get("branch", {}).get("name", "")
|
|
|
|
|
target_branch = pr_data.get("destination", {}).get("branch", {}).get("name", "")
|
|
|
|
|
|
|
|
|
|
# logic to ignore PRs with specific titles
|
|
|
|
|
if title:
|
|
|
|
|
ignore_pr_title_re = get_settings().get("CONFIG.IGNORE_PR_TITLE", [])
|
|
|
|
|
if not isinstance(ignore_pr_title_re, list):
|
|
|
|
|
ignore_pr_title_re = [ignore_pr_title_re]
|
|
|
|
|
if ignore_pr_title_re and any(re.search(regex, title) for regex in ignore_pr_title_re):
|
|
|
|
|
get_logger().info(f"Ignoring PR with title '{title}' due to config.ignore_pr_title setting")
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
ignore_pr_source_branches = get_settings().get("CONFIG.IGNORE_PR_SOURCE_BRANCHES", [])
|
|
|
|
|
ignore_pr_target_branches = get_settings().get("CONFIG.IGNORE_PR_TARGET_BRANCHES", [])
|
|
|
|
|
if (ignore_pr_source_branches or ignore_pr_target_branches):
|
|
|
|
|
if any(re.search(regex, source_branch) for regex in ignore_pr_source_branches):
|
|
|
|
|
get_logger().info(
|
|
|
|
|
f"Ignoring PR with source branch '{source_branch}' due to config.ignore_pr_source_branches settings")
|
|
|
|
|
return False
|
|
|
|
|
if any(re.search(regex, target_branch) for regex in ignore_pr_target_branches):
|
|
|
|
|
get_logger().info(
|
|
|
|
|
f"Ignoring PR with target branch '{target_branch}' due to config.ignore_pr_target_branches settings")
|
|
|
|
|
return False
|
|
|
|
|
except Exception as e:
|
|
|
|
|
get_logger().error(f"Failed 'should_process_pr_logic': {e}")
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
|
2023-08-24 12:10:13 +03:00
|
|
|
@router.post("/webhook")
|
2023-08-24 18:35:41 +03:00
|
|
|
async def handle_github_webhooks(background_tasks: BackgroundTasks, request: Request):
|
2024-08-12 16:10:41 +03:00
|
|
|
app_name = get_settings().get("CONFIG.APP_NAME", "Unknown")
|
|
|
|
|
log_context = {"server_type": "bitbucket_app", "app_name": app_name}
|
2023-10-18 16:44:03 +03:00
|
|
|
get_logger().debug(request.headers)
|
2023-08-24 18:35:41 +03:00
|
|
|
jwt_header = request.headers.get("authorization", None)
|
|
|
|
|
if jwt_header:
|
|
|
|
|
input_jwt = jwt_header.split(" ")[1]
|
|
|
|
|
data = await request.json()
|
2023-10-18 16:44:03 +03:00
|
|
|
get_logger().debug(data)
|
2024-09-07 10:34:57 +03:00
|
|
|
|
2023-08-24 18:35:41 +03:00
|
|
|
async def inner():
|
|
|
|
|
try:
|
2024-09-07 10:34:57 +03:00
|
|
|
# ignore bot users
|
|
|
|
|
if is_bot_user(data):
|
|
|
|
|
return "OK"
|
|
|
|
|
|
|
|
|
|
# Check if the PR should be processed
|
|
|
|
|
if data.get("event", "") == "pullrequest:created":
|
|
|
|
|
if not should_process_pr_logic(data):
|
2024-02-26 19:00:21 +02:00
|
|
|
return "OK"
|
2024-08-13 11:33:19 +03:00
|
|
|
|
|
|
|
|
# Get the username of the sender
|
2024-02-26 19:00:21 +02:00
|
|
|
try:
|
2024-08-13 11:33:19 +03:00
|
|
|
username = data["data"]["actor"]["username"]
|
|
|
|
|
except KeyError:
|
|
|
|
|
try:
|
|
|
|
|
username = data["data"]["actor"]["display_name"]
|
|
|
|
|
except KeyError:
|
|
|
|
|
username = data["data"]["actor"]["nickname"]
|
|
|
|
|
log_context["sender"] = username
|
|
|
|
|
|
2024-02-26 19:00:21 +02:00
|
|
|
sender_id = data["data"]["actor"]["account_id"]
|
|
|
|
|
log_context["sender_id"] = sender_id
|
|
|
|
|
jwt_parts = input_jwt.split(".")
|
|
|
|
|
claim_part = jwt_parts[1]
|
|
|
|
|
claim_part += "=" * (-len(claim_part) % 4)
|
|
|
|
|
decoded_claims = base64.urlsafe_b64decode(claim_part)
|
|
|
|
|
claims = json.loads(decoded_claims)
|
|
|
|
|
client_key = claims["iss"]
|
|
|
|
|
secrets = json.loads(secret_provider.get_secret(client_key))
|
2023-08-24 18:35:41 +03:00
|
|
|
shared_secret = secrets["shared_secret"]
|
|
|
|
|
jwt.decode(input_jwt, shared_secret, audience=client_key, algorithms=["HS256"])
|
|
|
|
|
bearer_token = await get_bearer_token(shared_secret, client_key)
|
|
|
|
|
context['bitbucket_bearer_token'] = bearer_token
|
|
|
|
|
context["settings"] = copy.deepcopy(global_settings)
|
|
|
|
|
event = data["event"]
|
|
|
|
|
agent = PRAgent()
|
|
|
|
|
if event == "pullrequest:created":
|
|
|
|
|
pr_url = data["data"]["pullrequest"]["links"]["html"]["href"]
|
2023-10-18 16:44:03 +03:00
|
|
|
log_context["api_url"] = pr_url
|
|
|
|
|
log_context["event"] = "pull_request"
|
2023-12-12 08:06:20 +02:00
|
|
|
if pr_url:
|
|
|
|
|
with get_logger().contextualize(**log_context):
|
|
|
|
|
apply_repo_settings(pr_url)
|
2024-02-26 19:00:21 +02:00
|
|
|
if get_identity_provider().verify_eligibility("bitbucket",
|
2024-03-06 07:53:13 +02:00
|
|
|
sender_id, pr_url) is not Eligibility.NOT_ELIGIBLE:
|
|
|
|
|
if get_settings().get("bitbucket_app.pr_commands"):
|
|
|
|
|
await _perform_commands_bitbucket("pr_commands", PRAgent(), pr_url, log_context)
|
2023-08-24 18:35:41 +03:00
|
|
|
elif event == "pullrequest:comment_created":
|
|
|
|
|
pr_url = data["data"]["pullrequest"]["links"]["html"]["href"]
|
2023-10-18 16:44:03 +03:00
|
|
|
log_context["api_url"] = pr_url
|
|
|
|
|
log_context["event"] = "comment"
|
2023-08-24 18:35:41 +03:00
|
|
|
comment_body = data["data"]["comment"]["content"]["raw"]
|
2023-10-18 16:44:03 +03:00
|
|
|
with get_logger().contextualize(**log_context):
|
2024-02-26 19:00:21 +02:00
|
|
|
if get_identity_provider().verify_eligibility("bitbucket",
|
|
|
|
|
sender_id, pr_url) is not Eligibility.NOT_ELIGIBLE:
|
|
|
|
|
await agent.handle_request(pr_url, comment_body)
|
2023-08-24 18:35:41 +03:00
|
|
|
except Exception as e:
|
2023-10-16 14:56:00 +03:00
|
|
|
get_logger().error(f"Failed to handle webhook: {e}")
|
2023-08-24 18:35:41 +03:00
|
|
|
background_tasks.add_task(inner)
|
|
|
|
|
return "OK"
|
2023-08-24 12:10:13 +03:00
|
|
|
|
|
|
|
|
@router.get("/webhook")
|
|
|
|
|
async def handle_github_webhooks(request: Request, response: Response):
|
|
|
|
|
return "Webhook server online!"
|
|
|
|
|
|
|
|
|
|
@router.post("/installed")
|
|
|
|
|
async def handle_installed_webhooks(request: Request, response: Response):
|
2023-08-24 16:33:51 +03:00
|
|
|
try:
|
2023-10-18 16:44:03 +03:00
|
|
|
get_logger().info("handle_installed_webhooks")
|
|
|
|
|
get_logger().info(request.headers)
|
2023-08-24 16:33:51 +03:00
|
|
|
data = await request.json()
|
2023-10-18 16:44:03 +03:00
|
|
|
get_logger().info(data)
|
2023-08-24 16:33:51 +03:00
|
|
|
shared_secret = data["sharedSecret"]
|
|
|
|
|
client_key = data["clientKey"]
|
|
|
|
|
username = data["principal"]["username"]
|
|
|
|
|
secrets = {
|
|
|
|
|
"shared_secret": shared_secret,
|
|
|
|
|
"client_key": client_key
|
|
|
|
|
}
|
|
|
|
|
secret_provider.store_secret(username, json.dumps(secrets))
|
|
|
|
|
except Exception as e:
|
2023-10-16 14:56:00 +03:00
|
|
|
get_logger().error(f"Failed to register user: {e}")
|
2023-08-24 16:33:51 +03:00
|
|
|
return JSONResponse({"error": "Unable to register user"}, status_code=500)
|
2023-08-24 12:10:13 +03:00
|
|
|
|
|
|
|
|
@router.post("/uninstalled")
|
|
|
|
|
async def handle_uninstalled_webhooks(request: Request, response: Response):
|
2023-10-18 16:44:03 +03:00
|
|
|
get_logger().info("handle_uninstalled_webhooks")
|
|
|
|
|
|
2023-08-24 12:10:13 +03:00
|
|
|
data = await request.json()
|
2023-10-18 16:44:03 +03:00
|
|
|
get_logger().info(data)
|
2023-08-24 12:10:13 +03:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def start():
|
|
|
|
|
get_settings().set("CONFIG.PUBLISH_OUTPUT_PROGRESS", False)
|
2023-08-24 16:33:51 +03:00
|
|
|
get_settings().set("CONFIG.GIT_PROVIDER", "bitbucket")
|
2023-12-12 10:19:17 +02:00
|
|
|
get_settings().set("PR_DESCRIPTION.PUBLISH_DESCRIPTION_AS_COMMENT", True)
|
2023-08-24 12:10:13 +03:00
|
|
|
middleware = [Middleware(RawContextMiddleware)]
|
|
|
|
|
app = FastAPI(middleware=middleware)
|
|
|
|
|
app.include_router(router)
|
|
|
|
|
|
|
|
|
|
uvicorn.run(app, host="0.0.0.0", port=int(os.getenv("PORT", "3000")))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
|
start()
|
