[BUGFIX] Don't create gitlab ci runs for merged security patches
Merging patches are done in the main repository. Each merge emits
a gerrit merge webhook request, which is used to send proper merge
message to the slack core dev channel, and also pushes the merged
commits to corresponding branches in main
and security
gitlab
repositories and to the gerrit internal repository for the security
project.
For security patches, which resides in the gerrit security project, gerrit adds the pushed merged commits to the corresponding changes as new patchset and marking them as merged. Gerrit does't distinguish between these merged pushes and normal change patchset pushes and thus emits a patch webhook event. This lead to creating patchset branches in the security gitlab repository and starting superflous pipeline runs, which had to be manually cancelled.
Gladly gerrit provides the uploader name, email and gerrit name of the account which created a change patchset. In case of the merged patch uploades this matches the security-ci account.
This change extends the GerritGitlabJob of the uploader and change
owner informations along with a isUploadedBySecurityCI
flag.
In case of security repository patch events from security-ci
as
uploader, this will be handled as merged push events and thus
gracefully skipped with a corresponding log entry.