package jenkins.scm.impl;

import hudson.Extension;
import hudson.model.Cause;
import hudson.model.Item;
import hudson.model.Run;
import hudson.model.User;
import hudson.security.Permission;
import jenkins.scm.api.TrustworthyBuild;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:WEB-INF/lib/scm-api.jar:jenkins/scm/impl/TrustworthyBuilds.class */
public class TrustworthyBuilds {
    @Extension
    public static TrustworthyBuild byUserId() {
        return (run, taskListener) -> {
            Cause.UserIdCause cause = run.getCause(Cause.UserIdCause.class);
            if (cause == null) {
                return false;
            }
            String userId = cause.getUserId();
            if (userId == null) {
                taskListener.getLogger().println("Not trusting build since no user name was recorded");
                return false;
            }
            User byId = User.getById(userId, false);
            if (byId == null) {
                taskListener.getLogger().printf("Not trusting build since no user ‘%s’ is known%n", userId);
                return false;
            }
            try {
                Permission find = Run.PERMISSIONS.find("Replay");
                if (find == null) {
                    find = Item.CONFIGURE;
                }
                if (run.hasPermission2(byId.impersonate2(), find)) {
                    taskListener.getLogger().printf("Trusting build since it was started by user ‘%s’%n", userId);
                    return true;
                }
                taskListener.getLogger().printf("Not trusting build since user ‘%s’ lacks %s/%s permission%n", userId, find.group.title, find.name);
                return false;
            } catch (UsernameNotFoundException e) {
                taskListener.getLogger().printf("Not trusting build since user ‘%s’ is invalid%n", userId);
                return false;
            }
        };
    }

    @Extension
    public static TrustworthyBuild byGitHubChecks() {
        return (run, taskListener) -> {
            return run.getCauses().stream().anyMatch(cause -> {
                return cause.getClass().getName().equals("io.jenkins.plugins.checks.github.CheckRunGHEventSubscriber$GitHubChecksRerunActionCause");
            });
        };
    }

    private TrustworthyBuilds() {
    }
}
