Skip to content

fix: /retest does not support security-committer-identity and security-suspicious-paths #1122

Description

@myakove

Problem

/retest security-committer-identity and /retest security-suspicious-paths return "No security-committer-identity configured for this repository" even when security checks are enabled and working.

Example: RedHatQE/mtv-api-tests#549

Root Cause

_current_pull_request_supported_retest in webhook_server/libs/github_api.py (line 1391) builds the list of retestable checks but does not include security check names (security-committer-identity, security-suspicious-paths).

When a user types /retest security-committer-identity, the name is not in the supported list, so it falls into _not_supported_retests and the user gets the error message.

Additionally, run_retests in webhook_server/libs/handlers/runner_handler.py (line 1947) does not have security check functions in its dispatch map.

Fix

  1. _current_pull_request_supported_retest — add security checks when enabled:

    • security_committer_identity_check is True → append SECURITY_COMMITTER_IDENTITY_STR
    • security_suspicious_paths is non-empty → append SECURITY_SUSPICIOUS_PATHS_STR
  2. run_retests function map — add security runners with lambda wrappers (security methods don't take pull_request param)

Done

  • Add security checks to _current_pull_request_supported_retest
  • Add security runners to run_retests dispatch map
  • Add tests for retesting security checks
  • Update welcome message to show security checks as retestable

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions