fix: close gitea_review_pr ungated bypass (#15)
This commit is contained in:
+34
-36
@@ -726,14 +726,18 @@ def gitea_review_pr(
|
||||
org: str | None = None,
|
||||
repo: str | None = None,
|
||||
) -> dict:
|
||||
"""Submit a review on a Gitea pull request and optionally merge it.
|
||||
"""Submit a review on a Gitea pull request (Legacy wrapper).
|
||||
|
||||
This tool is a compatibility wrapper around the safe `gitea_submit_pr_review`.
|
||||
It uses the same #14 eligibility gates.
|
||||
Merging via this tool is no longer supported and will fail closed (see #16).
|
||||
|
||||
Args:
|
||||
pr_number: The PR number to review.
|
||||
event: Review type — 'APPROVE', 'COMMENT', or 'REQUEST_CHANGES'.
|
||||
body: Review body text / comment.
|
||||
merge: If True and event is 'APPROVE', automatically merge the PR.
|
||||
merge_method: Merge style to use if merging — 'merge', 'squash', or 'rebase'.
|
||||
merge: Merging is disabled; if True, the tool fails closed.
|
||||
merge_method: Ignored.
|
||||
remote: Known instance — 'dadeschools' or 'prgs'.
|
||||
host: Override the Gitea host.
|
||||
org: Override the owner/organization.
|
||||
@@ -742,45 +746,39 @@ def gitea_review_pr(
|
||||
Returns:
|
||||
dict with success status and message.
|
||||
"""
|
||||
if merge:
|
||||
return {
|
||||
"success": False,
|
||||
"message": "merge=True is no longer supported in this tool (belongs to #16)."
|
||||
}
|
||||
|
||||
if event not in ["APPROVE", "COMMENT", "REQUEST_CHANGES"]:
|
||||
raise ValueError(f"Invalid review event: '{event}'. Choose from 'APPROVE', 'COMMENT', 'REQUEST_CHANGES'.")
|
||||
if merge_method not in ["merge", "squash", "rebase"]:
|
||||
raise ValueError(f"Invalid merge method: '{merge_method}'. Choose from 'merge', 'squash', 'rebase'.")
|
||||
|
||||
h, o, r = _resolve(remote, host, org, repo)
|
||||
auth = _auth(h)
|
||||
|
||||
# 1. Fetch PR to get the latest head commit SHA (required for review payload)
|
||||
pr_url = f"{repo_api_url(h, o, r)}/pulls/{pr_number}"
|
||||
pr_data = api_request("GET", pr_url, auth)
|
||||
commit_sha = pr_data.get("head", {}).get("sha")
|
||||
if not commit_sha:
|
||||
raise RuntimeError(f"Could not find head commit SHA for PR #{pr_number}.")
|
||||
|
||||
# 2. Submit the PR review
|
||||
review_url = f"{repo_api_url(h, o, r)}/pulls/{pr_number}/reviews"
|
||||
payload = {
|
||||
"body": body,
|
||||
"event": event,
|
||||
"commit_id": commit_sha
|
||||
# Map legacy event string to the action expected by gitea_submit_pr_review
|
||||
event_map = {
|
||||
"APPROVE": "approve",
|
||||
"COMMENT": "comment",
|
||||
"REQUEST_CHANGES": "request_changes"
|
||||
}
|
||||
api_request("POST", review_url, auth, payload)
|
||||
msg = f"Successfully submitted review for PR #{pr_number} with event '{event}'."
|
||||
action = event_map[event]
|
||||
|
||||
# 3. Merge PR if merge is True and event is APPROVE
|
||||
if merge:
|
||||
if event != "APPROVE":
|
||||
msg += " Warning: Skipping merge because review event is not 'APPROVE'."
|
||||
else:
|
||||
merge_url = f"{repo_api_url(h, o, r)}/pulls/{pr_number}/merge"
|
||||
merge_payload = {
|
||||
"Do": merge_method,
|
||||
"force_merge": False
|
||||
}
|
||||
api_request("POST", merge_url, auth, merge_payload)
|
||||
msg += f" Successfully merged PR #{pr_number} using '{merge_method}' method."
|
||||
result = gitea_submit_pr_review(
|
||||
pr_number=pr_number,
|
||||
action=action,
|
||||
body=body,
|
||||
expected_head_sha=None,
|
||||
remote=remote,
|
||||
host=host,
|
||||
org=org,
|
||||
repo=repo
|
||||
)
|
||||
|
||||
return {"success": True, "message": msg}
|
||||
if result.get("performed"):
|
||||
return {"success": True, "message": f"Successfully submitted review for PR #{pr_number} with event '{event}'."}
|
||||
else:
|
||||
reasons = result.get("reasons", [])
|
||||
return {"success": False, "message": f"Review submission failed eligibility gates: {reasons}"}
|
||||
|
||||
|
||||
@mcp.tool()
|
||||
|
||||
Reference in New Issue
Block a user