gitsrht-update-hook: Submit builds under the pusher's account

If you give a user read/write access to a repository, in theory he would
be able to leak the repo owner's secrets by adding them to the build
manifest. Instead submit the build under the account of the one who
initiated the push.

gitsrht-update-hook/post-update.go

@@ -317,6 +317,7 @@ func postUpdate() {
 				GitOrigin:   origin,
 				OwnerName:   dbinfo.OwnerUsername,
 				OwnerToken:  dbinfo.OwnerToken,
+				PusherName:  pcontext.User.Name,
 				RepoName:    dbinfo.RepoName,
 				Repository:  repo,
 				Visibility:  dbinfo.Visibility,

gitsrht-update-hook/submitter.go

@@ -67,6 +67,7 @@ type GitBuildSubmitter struct {
 	GitOrigin   string
 	OwnerName   string
 	OwnerToken  *string
+	PusherName  string
 	RepoName    string
 	Repository  *git.Repository
 	Visibility  string
@@ -261,6 +262,10 @@ func (submitter GitBuildSubmitter) GetOwnerName() string {
 	return submitter.OwnerName
 }
 
+func (submitter GitBuildSubmitter) GetPusherName() string {
+	return submitter.PusherName
+}
+
 type BuildSubmission struct {
 	// TODO: Move errors into this struct and set up per-submission error
 	// tracking
@@ -361,7 +366,7 @@ func SubmitBuild(ctx context.Context, submitter *GitBuildSubmitter) ([]BuildSubm
 			Errors gqlerror.List `json:"errors"`
 		}{}
 
-		err = client.Execute(ctx, submitter.GetOwnerName(), "builds.sr.ht", query, &resp)
+		err = client.Execute(ctx, submitter.GetPusherName(), "builds.sr.ht", query, &resp)
 		if err != nil {
 			return nil, err
 		} else if len(resp.Errors) > 0 {
@@ -375,7 +380,7 @@ func SubmitBuild(ctx context.Context, submitter *GitBuildSubmitter) ([]BuildSubm
 			Name: name,
 			Url: fmt.Sprintf("%s/~%s/job/%d",
 				submitter.GetBuildsOrigin(),
-				submitter.GetOwnerName(),
+				submitter.GetPusherName(),
 				resp.Data.Submit.ID),
 		})
 	}