Check if container is allowed to execute against private repository

Author: atodorov

app/requirements.txt

@@ -2,3 +2,4 @@ PyGithub==2.3.0
 click==8.1.7
 requests==2.32.3
 sentry-sdk==2.5.1
+tcms-api==13.3

app/vendors/__init__.py

@@ -15,6 +15,16 @@
 
 import click
 from app.utils import strtobool
+from tcms_api.xmlrpc import TCMSXmlrpc
+
+
+class AnonymousRpc(TCMSXmlrpc):  # pylint: disable=too-few-public-methods
+    def _do_login(self):
+        pass
+
+
+def anonymous_rpc_client(url):
+    return AnonymousRpc(None, None, url).server
 
 
 class TriggerEvent:
@@ -31,6 +41,7 @@ class TriggerEvent:
         "end-success": "+1",
         "end-failure": "-1",
     }
+    rpc = anonymous_rpc_client("https://public.tenant.kiwitcms.org/xml-rpc/")
     stdout = []
 
     def __init__(self, file_path):
@@ -65,3 +76,6 @@ def __exit__(self, exc_type, exc_value, tb):
             self.create_reaction(self.reactions["end-failure"])
         else:
             self.create_reaction(self.reactions["end-success"])
+
+    def can_run(self, repository_url):
+        return self.rpc.GitOps.allow(repository_url)

app/vendors/github.py

@@ -26,7 +26,10 @@ def __init__(self, file_path):
             base_url=os.environ["GITHUB_API_URL"],
         )
 
-        if self.private:
+        if (
+            os.environ.get("GITHUB_SERVER_URL", "") != "https://github.com"
+            or self.private
+        ) and not self.can_run(self.payload["repository"]["html_url"]):
             raise RuntimeError(
                 "See https://kiwitcms.org/#subscriptions for running against private repositories!"
             )