diff --git a/DESCRIPTION b/DESCRIPTION index 7ff10bc..8a82876 100644 --- a/DESCRIPTION +++ b/DESCRIPTION @@ -2,7 +2,7 @@ Package: multiverse.internals Title: Internal Infrastructure for R-multiverse Description: R-multiverse requires this internal internal infrastructure package to automate contribution reviews and populate universes. -Version: 0.2.5 +Version: 0.2.7 License: MIT + file LICENSE URL: https://github.com/r-multiverse/multiverse.internals BugReports: https://github.com/r-multiverse/multiverse.internals/issues @@ -42,4 +42,4 @@ Encoding: UTF-8 Language: en-US Config/testthat/edition: 3 Roxygen: list(markdown = TRUE) -RoxygenNote: 7.3.1 +RoxygenNote: 7.3.2 diff --git a/NEWS.md b/NEWS.md index 42ffa15..883d88e 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,4 +1,9 @@ -# multiverse.internals 0.2.5 +# multiverse.internals 0.2.7 + +* Exclude superfluous fields from `update_production()` `packages.json`. +* Require verified commits in contributions. + +# multiverse.internals 0.2.6 * Add `update_production()`. diff --git a/R/review_pull_request.R b/R/review_pull_request.R index bdbc003..04e9436 100644 --- a/R/review_pull_request.R +++ b/R/review_pull_request.R @@ -23,6 +23,57 @@ review_pull_request <- function( assert_character_scalar(repo) assert_positive_scalar(number) message("Reviewing pull request ", number) + merge <- review_pull_request_integrity(owner, repo, number) && + review_pull_request_content(owner, repo, number) + if (isTRUE(merge)) { + pull_request_merge( + owner = owner, + repo = repo, + number = number + ) + } + invisible() +} + +review_pull_request_integrity <- function(owner, repo, number) { + pull <- gh::gh( + "/repos/:owner/:repo/pulls/:number", + owner = owner, + repo = repo, + number = number + ) + commit <- gh::gh( + "GET /repos/:owner/:repo/git/commits/:sha", + owner = owner, + repo = repo, + sha = pull$head$sha + ) + if (!isTRUE(commit$verification$verified)) { + pull_request_defer( + owner = owner, + repo = repo, + number = number, + message = paste0( + "The latest commit (", + pull$head$sha, + ") of pull request ", + number, + " is unverified. For security reasons, ", + "R-multiverse only merges pull requests with ", + "verified commits. You can create a verified commit ", + "by contributing through the point-and-click web interface ", + "as described at https://r-multiverse.org/contributors.html. ", + "For more information on commit signature verification, please see ", + "https://docs.github.com/en/authentication/", + "managing-commit-signature-verification" + ) + ) + return(FALSE) + } + TRUE +} + +review_pull_request_content <- function(owner, repo, number) { response <- gh::gh( "/repos/:owner/:repo/pulls/:number/files", owner = owner, @@ -46,7 +97,7 @@ review_pull_request <- function( "more text files directly inside 'packages/' with package URLs." ) ) - return(invisible()) + return(FALSE) } if (!identical(file$status, "added")) { pull_request_defer( @@ -60,7 +111,7 @@ review_pull_request <- function( "folder." ) ) - return(invisible()) + return(FALSE) } name <- basename(file$filename) if (file$additions != 1L) { @@ -79,7 +130,7 @@ review_pull_request <- function( "unless it contains custom JSON (which is uncommon)." ) ) - return(invisible()) + return(FALSE) } if (!is_character_scalar(file$patch)) { pull_request_defer( @@ -94,7 +145,7 @@ review_pull_request <- function( "." ) ) - return(invisible()) + return(FALSE) } url <- gsub(pattern = "^.*\\+", replacement = "", x = file$patch) url <- gsub(pattern = "\\s.*$", replacement = "", x = url) @@ -111,15 +162,10 @@ review_pull_request <- function( result ) ) - return(invisible()) + return(FALSE) } } - pull_request_merge( - owner = owner, - repo = repo, - number = number - ) - invisible() + TRUE } pull_request_close <- function(owner, repo, number, message) { diff --git a/R/update_production.R b/R/update_production.R index ed47b9c..8374bef 100644 --- a/R/update_production.R +++ b/R/update_production.R @@ -52,8 +52,8 @@ #' update_production( #' repo_production = "https://production.r-multiverse.org", #' repo_community = "https://community.r-multiverse.org", -#' path_production = tempfile(), -#' path_community = tempfile(), +#' path_production = path_production, +#' path_community = path_community, #' days_notice = 28L #' ) #' } @@ -120,6 +120,7 @@ promote_packages <- function( ) json_community <- jsonlite::read_json(file_community, simplifyVector = TRUE) promote <- json_community[json_community$package %in% packages,, drop = FALSE] # nolint + meta_community <- meta_community[, c("package", "remotesha")] promote <- merge(promote, meta_community, all.x = TRUE, all.y = FALSE) promote$branch <- promote$remotesha promote$remotesha <- NULL @@ -167,5 +168,5 @@ get_removing <- function(path_production) { if (!file.exists(file)) { return(character(0L)) } - jsonlite::read_json(file, simplifyVector = TRUE) + as.character(jsonlite::read_json(file, simplifyVector = TRUE)) } diff --git a/man/update_production.Rd b/man/update_production.Rd index a112501..ce41c28 100644 --- a/man/update_production.Rd +++ b/man/update_production.Rd @@ -83,8 +83,8 @@ gert::git_clone(url = url_community, path = path_community) update_production( repo_production = "https://production.r-multiverse.org", repo_community = "https://community.r-multiverse.org", - path_production = tempfile(), - path_community = tempfile(), + path_production = path_production, + path_community = path_community, days_notice = 28L ) }