New features
* If package does exist in SLE, decline the submission
Note: release manager can override it by commenting on reviewbot and reopen the request
* Decline the submission if package does not exist in devel-baseproject and the
source project does not exist in check-source-valid-source-origins attribute
* check_source adding a review-team group review if source project does not exist in check-source-valid-source-origins attribute
* If submitter is not maintainer adding an additional devel project review
New added attributes
* check-source-ensure-source-exist-in-baseproject: bool
* check-source-devel-baseproject: str
* check-source-allow-source-in-sle: bool
* check-source-sle-project: str
* check-source-allow-valid-source-origin: bool
* check-source-valid-source-origins: strlist
* check-source-add-devel-project-review: bool
The URLs might suffer from flaky networks, so just block the request
from accepted for now (and extend the review comment to make it
discoverable why factory-auto didn't approve)
Fixes#2666
* It introduces a new configuration parameter 'required-source-maintainer'.
* If defined, it is expected to be a maintainer of the devel project.
* If that's not the case, the request is declined and an add_role
request is created.
Co-authored-by: Ancor Gonzalez Sosa <ancor@suse.de>
Co-authored-by: Knut Alejandro Anderssen González <kanderssen@suse.com>
If the package name as reported by OBS does not match the one
we're expecting, then loop through all repositories and check
if we find one there.
This is weakening the policy a little as this will open the
door for false negatives - e.g. that got the right package name
only for another repository. But as we do submission between
code streams all the time, I can't limit the package parsing
to repositories building against the target. So the opened
hole is to be closed by sanity check on review-team - as a
matter of fact the policy is not to catch people playing
macro games around Name, but for people that use completely
different names in source and target.
Fixes#2274
The check for bcntsynctag can be very misleading - just because we align
the build counters between 2 packages doesn't make them invalid submission
targets. Better rely on the link check which is already implemented as
fallback
And set a verbose decline reason for this case
if package_kind() returned None then the submission can be a new package
submission, check_source should continue the process instead of
decline the request.
