perf(github): cache getPullRequest result in Provider

Cache the GitHub API response for PR lookups to avoid repeated
calls within the same event lifecycle. ACL checks now read from
already-populated runevent fields instead of fetching independently.

Fixes #2378

Signed-off-by: Akshay Pant <akpant@redhat.com>

Author: theakshaypant

pkg/provider/github/acl.go

@@ -209,11 +209,8 @@ func (v *Provider) aclCheckAll(ctx context.Context, rev *info.Event) (bool, erro
 	// This can only happen with GithubApp and Bots.
 	// Ex: dependabot, bots
 	if rev.PullRequestNumber != 0 {
-		isSameCloneURL, err := v.checkPullRequestForSameURL(ctx, rev)
-		if err != nil {
-			return false, err
-		}
-		if isSameCloneURL {
+		isFromSameRepo := v.checkPullRequestForSameURL(ctx, rev)
+		if isFromSameRepo {
 			return true, nil
 		}
 	}
@@ -241,26 +238,18 @@ func (v *Provider) aclCheckAll(ctx context.Context, rev *info.Event) (bool, erro
 	return v.IsAllowedOwnersFile(ctx, rev)
 }
 
-// checkPullRequestForSameURL checks If PullRequests are for same clone URL and different branches
-// means if the user has access to create a branch in the repository without forking or having any permissions then PAC should allow to run CI.
+// checkPullRequestForSameURL checks if a pull request's head and base branches are from the same repository.
+// means if the user has access to create a branch in the repository without forking or having any
+// permissions then PAC should allow to run CI.
 //
 //	ex: dependabot, *[bot] etc...
-func (v *Provider) checkPullRequestForSameURL(ctx context.Context, runevent *info.Event) (bool, error) {
-	pr, resp, err := wrapAPI(v, "get_pull_request", func() (*github.PullRequest, *github.Response, error) {
-		return v.Client().PullRequests.Get(ctx, runevent.Organization, runevent.Repository, runevent.PullRequestNumber)
-	})
-	if err != nil {
-		return false, err
-	}
-	if resp != nil && resp.StatusCode == http.StatusNotFound {
-		return false, nil
-	}
-
-	if pr.GetHead().GetRepo().GetCloneURL() == pr.GetBase().GetRepo().GetCloneURL() && pr.GetHead().GetRef() != pr.GetBase().GetRef() {
-		return true, nil
+//
+// HeadURL is set by getPullRequest() before aclCheckAll; if missing, fall through to other ACL checks.
+func (v *Provider) checkPullRequestForSameURL(_ context.Context, runevent *info.Event) bool {
+	if runevent.HeadURL == "" {
+		return false
 	}
-
-	return false, nil
+	return runevent.HeadURL == runevent.BaseURL && runevent.HeadBranch != runevent.BaseBranch
 }
 
 // checkSenderOrgMembership Get sender user's organization. We can

pkg/provider/github/acl_test.go

@@ -2,7 +2,6 @@ package github
 
 import (
 	"encoding/base64"
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"testing"
@@ -690,12 +689,10 @@ func TestAclCheckAll(t *testing.T) {
 }
 
 func TestIfPullRequestIsForSameRepoWithoutFork(t *testing.T) {
-	iddd := int64(1234)
 	tests := []struct {
 		name              string
 		event             *info.Event
 		commitFiles       []*github.CommitFile
-		pullRequest       *github.PullRequest
 		pullRequestNumber int
 		allowed           bool
 		wantError         bool
@@ -707,76 +704,36 @@ func TestIfPullRequestIsForSameRepoWithoutFork(t *testing.T) {
 				Sender:            "nonowner",
 				Repository:        "repo",
 				PullRequestNumber: 1,
-			},
-			pullRequest: &github.PullRequest{
-				ID:     &iddd,
-				Number: github.Ptr(1),
-				Head: &github.PullRequestBranch{
-					Ref: github.Ptr("main"),
-					Repo: &github.Repository{
-						CloneURL: github.Ptr("http://org.com/owner/repo"),
-					},
-				},
-				Base: &github.PullRequestBranch{
-					Ref: github.Ptr("dependabot"),
-					Repo: &github.Repository{
-						CloneURL: github.Ptr("http://org.com/owner/repo"),
-					},
-				},
+				HeadURL:           "http://org.com/owner/repo",
+				BaseURL:           "http://org.com/owner/repo",
+				HeadBranch:        "main",
+				BaseBranch:        "dependabot",
 			},
 			pullRequestNumber: 1,
 			allowed:           true,
 			wantError:         false,
 		}, {
-			name: "failed to get Pull Request",
+			name: "when HeadURL is not populated on the event",
 			event: &info.Event{
 				Organization:      "owner",
 				Sender:            "nonowner",
 				Repository:        "repo",
-				PullRequestNumber: 2,
-			},
-			pullRequest: &github.PullRequest{
-				ID:     &iddd,
-				Number: github.Ptr(1),
-				Head: &github.PullRequestBranch{
-					Ref: github.Ptr("main"),
-					Repo: &github.Repository{
-						CloneURL: github.Ptr("http://org.com/owner/repo"),
-					},
-				},
-				Base: &github.PullRequestBranch{
-					Ref: github.Ptr("dependabot"),
-					Repo: &github.Repository{
-						CloneURL: github.Ptr("http://org.com/owner/repo"),
-					},
-				},
+				PullRequestNumber: 1,
 			},
 			pullRequestNumber: 1,
 			allowed:           false,
-			wantError:         true,
+			wantError:         false,
 		}, {
 			name: "when pull request raised by non owner to the repository where non owner don't have any permissions",
 			event: &info.Event{
 				Organization:      "owner",
 				Sender:            "nonowner",
 				Repository:        "repo",
 				PullRequestNumber: 1,
-			},
-			pullRequest: &github.PullRequest{
-				ID:     &iddd,
-				Number: github.Ptr(1),
-				Head: &github.PullRequestBranch{
-					Ref: github.Ptr("main"),
-					Repo: &github.Repository{
-						CloneURL: github.Ptr("http://org.com/owner/repo"),
-					},
-				},
-				Base: &github.PullRequestBranch{
-					Ref: github.Ptr("dependabot"),
-					Repo: &github.Repository{
-						CloneURL: github.Ptr("http://org.com/owner/repo1"),
-					},
-				},
+				HeadURL:           "http://org.com/owner/repo",
+				BaseURL:           "http://org.com/owner/repo1",
+				HeadBranch:        "main",
+				BaseBranch:        "dependabot",
 			},
 			pullRequestNumber: 1,
 			allowed:           false,
@@ -785,14 +742,9 @@ func TestIfPullRequestIsForSameRepoWithoutFork(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			fakeclient, mux, _, teardown := ghtesthelper.SetupGH()
+			fakeclient, _, _, teardown := ghtesthelper.SetupGH()
 			defer teardown()
 			ctx, _ := rtesting.SetupFakeContext(t)
-			mux.HandleFunc(fmt.Sprintf("/repos/%s/%s/pulls/%d",
-				tt.event.Organization, tt.event.Repository, tt.pullRequestNumber), func(rw http.ResponseWriter, _ *http.Request) {
-				b, _ := json.Marshal(tt.pullRequest)
-				fmt.Fprint(rw, string(b))
-			})
 
 			repo := &v1alpha1.Repository{Spec: v1alpha1.RepositorySpec{
 				Settings: &v1alpha1.Settings{},

pkg/provider/github/github.go

@@ -63,6 +63,7 @@ type Provider struct {
 	triggerEvent       string
 	cachedChangedFiles *changedfiles.ChangedFiles
 	commitInfo         *github.Commit
+	cachedPullRequest  *github.PullRequest
 	pacUserLogin       string // user/bot login used by PAC
 	clock              clockwork.Clock
 	graphQLClient      *graphQLClient
@@ -547,14 +548,19 @@ func (v *Provider) concatAllYamlFiles(ctx context.Context, objects []*github.Tre
 	return buf.String(), nil
 }
 
-// getPullRequest get a pull request details.
+// getPullRequest get a pull request details, caching the result for the lifetime of the event.
 func (v *Provider) getPullRequest(ctx context.Context, runevent *info.Event) (*info.Event, error) {
+	if v.cachedPullRequest != nil {
+		return runevent, nil
+	}
 	pr, _, err := wrapAPI(v, "get_pull_request", func() (*github.PullRequest, *github.Response, error) {
 		return v.Client().PullRequests.Get(ctx, runevent.Organization, runevent.Repository, runevent.PullRequestNumber)
 	})
 	if err != nil {
 		return runevent, err
 	}
+	v.cachedPullRequest = pr
+
 	// Make sure to use the Base for Default BaseBranch or there would be a potential hijack
 	runevent.DefaultBranch = pr.GetBase().GetRepo().GetDefaultBranch()
 	runevent.URL = pr.GetBase().GetRepo().GetHTMLURL()

pkg/provider/github/github_test.go

@@ -1646,6 +1646,164 @@ func TestCreateToken(t *testing.T) {
 	}
 }
 
+func TestGetPullRequest(t *testing.T) {
+	const (
+		org   = "owner"
+		repo  = "repo"
+		prNum = 42
+	)
+	prJSON := `{
+		"number": 42,
+		"title": "very cool feature pr",
+		"html_url": "https://github.com/owner/repo/pull/42",
+		"user": {"login": "author"},
+		"head": {
+			"sha": "headsha123",
+			"ref": "feature-branch",
+			"repo": {"html_url": "https://github.com/author/repo"}
+		},
+		"base": {
+			"ref": "main",
+			"repo": {
+				"html_url": "https://github.com/owner/repo",
+				"default_branch": "main",
+				"id": 9876
+			}
+		},
+		"labels": [{"name": "bug"}, {"name": "enhancement"}]
+	}`
+
+	tests := []struct {
+		name              string
+		event             *info.Event
+		apiReturn         string
+		wantErr           bool
+		wantErrStr        string
+		wantSHA           string
+		wantSHAURL        string
+		wantURL           string
+		wantDefaultBranch string
+		wantHeadBranch    string
+		wantBaseBranch    string
+		wantHeadURL       string
+		wantBaseURL       string
+		wantTitle         string
+		wantSender        string
+		wantEventType     string
+		wantLabels        []string
+		wantRepoID        int64
+	}{
+		{
+			name: "populates all event fields from PR response",
+			event: &info.Event{
+				Organization:      org,
+				Repository:        repo,
+				PullRequestNumber: prNum,
+			},
+			apiReturn:         prJSON,
+			wantSHA:           "headsha123",
+			wantSHAURL:        "https://github.com/owner/repo/pull/42/commit/headsha123",
+			wantURL:           "https://github.com/owner/repo",
+			wantDefaultBranch: "main",
+			wantHeadBranch:    "feature-branch",
+			wantBaseBranch:    "main",
+			wantHeadURL:       "https://github.com/author/repo",
+			wantBaseURL:       "https://github.com/owner/repo",
+			wantTitle:         "very cool feature pr",
+			wantSender:        "author",
+			wantEventType:     triggertype.PullRequest.String(),
+			wantLabels:        []string{"bug", "enhancement"},
+			wantRepoID:        9876,
+		},
+		{
+			name: "returns error on API failure",
+			event: &info.Event{
+				Organization:      org,
+				Repository:        repo,
+				PullRequestNumber: prNum,
+			},
+			wantErr:    true,
+			wantErrStr: "404",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctx, _ := rtesting.SetupFakeContext(t)
+			fakeclient, mux, _, teardown := ghtesthelper.SetupGH()
+			defer teardown()
+
+			if tt.apiReturn != "" {
+				mux.HandleFunc(fmt.Sprintf("/repos/%s/%s/pulls/%d", org, repo, prNum),
+					func(rw http.ResponseWriter, _ *http.Request) {
+						fmt.Fprint(rw, tt.apiReturn)
+					})
+			}
+
+			provider := &Provider{ghClient: fakeclient}
+			got, err := provider.getPullRequest(ctx, tt.event)
+			if tt.wantErr {
+				assert.Assert(t, err != nil)
+				if tt.wantErrStr != "" {
+					assert.ErrorContains(t, err, tt.wantErrStr)
+				}
+				return
+			}
+			assert.NilError(t, err)
+
+			assert.Equal(t, tt.wantSHA, got.SHA)
+			assert.Equal(t, tt.wantSHAURL, got.SHAURL)
+			assert.Equal(t, tt.wantURL, got.URL)
+			assert.Equal(t, tt.wantDefaultBranch, got.DefaultBranch)
+			assert.Equal(t, tt.wantHeadBranch, got.HeadBranch)
+			assert.Equal(t, tt.wantBaseBranch, got.BaseBranch)
+			assert.Equal(t, tt.wantHeadURL, got.HeadURL)
+			assert.Equal(t, tt.wantBaseURL, got.BaseURL)
+			assert.Equal(t, tt.wantTitle, got.PullRequestTitle)
+			assert.Equal(t, tt.wantSender, got.Sender)
+			assert.Equal(t, tt.wantEventType, got.EventType)
+			assert.DeepEqual(t, tt.wantLabels, got.PullRequestLabel)
+			assert.Equal(t, 1, len(provider.RepositoryIDs))
+			assert.Equal(t, tt.wantRepoID, provider.RepositoryIDs[0])
+		})
+	}
+}
+
+func TestGetPullRequestCaching(t *testing.T) {
+	ctx, _ := rtesting.SetupFakeContext(t)
+	fakeclient, mux, _, teardown := ghtesthelper.SetupGH()
+	defer teardown()
+
+	callCount := 0
+	mux.HandleFunc("/repos/owner/repo/pulls/1", func(rw http.ResponseWriter, _ *http.Request) {
+		callCount++
+		fmt.Fprint(rw, `{
+			"number": 1,
+			"title": "cached pr",
+			"html_url": "https://github.com/owner/repo/pull/1",
+			"user": {"login": "author"},
+			"head": {"sha": "abc", "ref": "head", "repo": {"html_url": "https://github.com/author/repo"}},
+			"base": {"ref": "main", "repo": {"html_url": "https://github.com/owner/repo", "default_branch": "main", "id": 1}},
+			"labels": [{"name": "bug"}, {"name": "enhancement"}]
+		}`)
+	})
+
+	event := &info.Event{
+		Organization:      "owner",
+		Repository:        "repo",
+		PullRequestNumber: 1,
+	}
+	provider := &Provider{ghClient: fakeclient}
+
+	_, err := provider.getPullRequest(ctx, event)
+	assert.NilError(t, err)
+	assert.Equal(t, 1, callCount, "expected exactly one API call on first invocation")
+
+	_, err = provider.getPullRequest(ctx, event)
+	assert.NilError(t, err)
+	assert.Equal(t, 1, callCount, "expected no additional API call on second invocation (cache hit)")
+}
+
 func TestIsHeadCommitOfBranch(t *testing.T) {
 	tests := []struct {
 		name       string