launchpad-reviewers team mailing list archive

[Ines Almeida <mp+447652@xxxxxxxxxxxxxxxxxx>]

Ines Almeida has proposed merging ~ines-almeida/launchpad:update-branchscanner-db-permissions into launchpad:master.

Commit message:
Add update permission to branchscanner dbuser

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~ines-almeida/launchpad/+git/launchpad/+merge/447652

The branchscanner dbuser now needs this UPDATE permission for CIBuilds table because we want to update the `git_refs` of a build in the specific case where a build already exists
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~ines-almeida/launchpad:update-branchscanner-db-permissions into launchpad:master.

diff --git a/database/schema/security.cfg b/database/schema/security.cfg
index c882f43..86bec58 100644
--- a/database/schema/security.cfg
+++ b/database/schema/security.cfg
@@ -729,7 +729,7 @@ public.bugsubscriptionfiltertag           = SELECT
 public.bugtag                             = SELECT
 public.charmrecipe                        = SELECT, UPDATE
 public.charmrecipebuild                   = SELECT
-public.cibuild                            = SELECT, INSERT
+public.cibuild                            = SELECT, INSERT, UPDATE
 public.codeimport                         = SELECT
 public.codereviewmessage                  = SELECT
 public.codereviewvote                     = SELECT
diff --git a/lib/lp/code/model/tests/test_gitjob.py b/lib/lp/code/model/tests/test_gitjob.py
index 36b26a2..221e7e5 100644
--- a/lib/lp/code/model/tests/test_gitjob.py
+++ b/lib/lp/code/model/tests/test_gitjob.py
@@ -17,11 +17,13 @@ from testtools.matchers import (
     MatchesSetwise,
     MatchesStructure,
 )
+from zope.component import getUtility
 from zope.interface import providedBy
 from zope.security.proxy import removeSecurityProxy
 
 from lp.code.adapters.gitrepository import GitRepositoryDelta
 from lp.code.enums import GitGranteeType, GitObjectType
+from lp.code.interfaces.cibuild import CIBuildAlreadyRequested, ICIBuildSet
 from lp.code.interfaces.gitjob import (
     IGitJob,
     IGitRefScanJob,
@@ -38,6 +40,7 @@ from lp.code.model.gitjob import (
 from lp.code.tests.helpers import GitHostingFixture
 from lp.services.config import config
 from lp.services.database.constants import UTC_NOW
+from lp.services.database.interfaces import IStore
 from lp.services.job.runner import JobRunner
 from lp.services.utils import seconds_since_epoch
 from lp.services.webapp import canonical_url
@@ -457,6 +460,36 @@ class TestGitRefScanJob(TestCaseWithFactory):
             payload,
         )
 
+    def test_branchscanner_job_can_requestBuild(self):
+        # During GitRefScanJobs, CIBuilds might be triggered by dbuser
+        # `branchscanner`. Ensure dbuser can create and update CIBuilds
+        repository = self.factory.makeGitRepository()
+        commit_sha1 = hashlib.sha1(self.factory.getUniqueBytes()).hexdigest()
+        das = self.factory.makeBuildableDistroArchSeries()
+
+        with dbuser("branchscanner"):
+            build = getUtility(ICIBuildSet).requestBuild(
+                repository,
+                commit_sha1,
+                das,
+                [[("test", 0)]],
+            )
+            IStore(repository).flush()
+
+            # Create duplicated build
+            self.assertRaises(
+                CIBuildAlreadyRequested,
+                getUtility(ICIBuildSet).requestBuild,
+                repository,
+                commit_sha1,
+                das,
+                [[("test", 0)]],
+                git_refs=["refs/heads/test"],
+            )
+            IStore(repository).flush()
+
+        self.assertEqual(["refs/heads/test"], build.git_refs)
+
 
 class TestReclaimGitRepositorySpaceJob(TestCaseWithFactory):
     """Tests for `ReclaimGitRepositorySpaceJob`."""