fix(gitlab): better handle CI_JOB_TOKEN and unavailable APIs (#4918)

refs #4900
2025-03-17 20:47:50 +02:00 · 2024-06-15 13:47:12 -03:00 · 2024-06-15 13:47:12 -03:00 · 50a6a96257
commit 50a6a96257
parent 34ba5b6a79
2 changed files with 63 additions and 7 deletions
--- a/internal/client/gitlab.go
+++ b/internal/client/gitlab.go
@ -25,7 +25,8 @@ var (
 )

 type gitlabClient struct {
-	client *gitlab.Client
+	client   *gitlab.Client
+	authType gitlab.AuthType
 }

 // newGitLab returns a gitlab client implementation.
@ -52,19 +53,35 @@ func newGitLab(ctx *context.Context, token string) (*gitlabClient, error) {
 	}

 	var client *gitlab.Client
+	var authType gitlab.AuthType
 	var err error
 	if checkUseJobToken(*ctx, token) {
 		client, err = gitlab.NewJobClient(token, options...)
+		authType = gitlab.JobToken
 	} else {
 		client, err = gitlab.NewClient(token, options...)
+		authType = gitlab.PrivateToken
 	}
 	if err != nil {
 		return &gitlabClient{}, err
 	}
-	return &gitlabClient{client: client}, nil
+	return &gitlabClient{
+		client:   client,
+		authType: authType,
+	}, nil
+}
+
+func (c *gitlabClient) checkIsPrivateToken() error {
+	if c.authType == gitlab.PrivateToken {
+		return nil
+	}
+	return fmt.Errorf("the necessary APIs are not available when using CI_JOB_TOKEN")
 }

 func (c *gitlabClient) Changelog(_ *context.Context, repo Repo, prev, current string) ([]ChangelogItem, error) {
+	if err := c.checkIsPrivateToken(); err != nil {
+		return nil, fmt.Errorf("changelog: %w", err)
+	}
 	cmpOpts := &gitlab.CompareOptions{
 		From: &prev,
 		To:   &current,
@ -88,6 +105,12 @@ func (c *gitlabClient) Changelog(_ *context.Context, repo Repo, prev, current st

 // getDefaultBranch get the default branch
 func (c *gitlabClient) getDefaultBranch(_ *context.Context, repo Repo) (string, error) {
+	if branch := os.Getenv("CI_DEFAULT_BRANCH"); branch != "" {
+		return branch, nil
+	}
+	if err := c.checkIsPrivateToken(); err != nil {
+		return "", fmt.Errorf("get default branch: %w", err)
+	}
 	projectID := repo.String()
 	p, res, err := c.client.Projects.GetProject(projectID, nil)
 	if err != nil {
@ -159,6 +182,10 @@ func (c *gitlabClient) CreateFile(
 	fileName, // the path to the formula.rb
 	message string, // the commit msg
 ) error {
+	if err := c.checkIsPrivateToken(); err != nil {
+		return fmt.Errorf("create file: %w", err)
+	}
+
 	projectID := repo.Name
 	if repo.Owner != "" {
 		projectID = repo.Owner + "/" + projectID
@ -227,7 +254,7 @@ func (c *gitlabClient) CreateFile(
 			log = log.WithField("statusCode", res.StatusCode)
 		}
 		log.WithError(err).
-			Error("error getting file for brew formula")
+			Error("could not get file")
 		return err
 	}

@ -270,7 +297,7 @@ func (c *gitlabClient) CreateFile(
 				log = log.WithField("statusCode", res.StatusCode)
 			}
 			log.WithError(err).
-				Error("error creating brew formula file")
+				Error("could not create file")
 			return err
 		}

@ -279,7 +306,7 @@ func (c *gitlabClient) CreateFile(
 			WithField("branch", branch).
 			WithField("projectID", projectID).
 			WithField("filePath", fileInfo.FilePath).
-			Debug("created brew formula file")
+			Debug("created file")
 		return nil
 	}

@ -455,7 +482,7 @@ func (c *gitlabClient) Upload(

 	var baseLinkURL string
 	var linkURL string
-	if ctx.Config.GitLabURLs.UsePackageRegistry {
+	if ctx.Config.GitLabURLs.UsePackageRegistry || c.authType == gitlab.JobToken {
 		log.WithField("file", file.Name()).Debug("uploading file as generic package")
 		if _, _, err := c.client.GenericPackages.PublishPackageFile(
 			projectID,
@ -562,7 +589,8 @@ func (c *gitlabClient) getMilestoneByTitle(repo Repo, title string) (*gitlab.Mil
 	return nil, nil
 }

-// checkUseJobToken examines the context and given token, and determines if We should use NewJobClient vs NewClient
+// checkUseJobToken examines the context and given token, and determines if we
+// should use NewJobClient vs NewClient
 func checkUseJobToken(ctx context.Context, token string) bool {
 	// The CI_JOB_TOKEN env var is set automatically in all GitLab runners.
 	// If this comes back as empty, we aren't in a functional GitLab runner
@ -589,6 +617,9 @@ func (c *gitlabClient) OpenPullRequest(
 	title string,
 	draft bool,
 ) error {
+	if err := c.checkIsPrivateToken(); err != nil {
+		return fmt.Errorf("open merge request: %w", err)
+	}
 	var targetProjectID int
 	if base.Owner != "" {
 		fullProjectPath := fmt.Sprintf("%s/%s", base.Owner, base.Name)
--- a/internal/client/gitlab_test.go
+++ b/internal/client/gitlab_test.go
@ -429,6 +429,31 @@ func TestGitLabGetDefaultBranch(t *testing.T) {
 	require.Equal(t, 1, totalRequests)
 }

+func TestGitLabGetDefaultBranchEnv(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(http.ResponseWriter, *http.Request) {
+		t.Error("shouldn't have made any calls to the API")
+	}))
+	defer srv.Close()
+
+	ctx := testctx.NewWithCfg(config.Project{
+		GitLabURLs: config.GitLabURLs{
+			API: srv.URL,
+		},
+	})
+	client, err := newGitLab(ctx, "test-token")
+	require.NoError(t, err)
+	repo := Repo{
+		Owner:  "someone",
+		Name:   "something",
+		Branch: "somebranch",
+	}
+
+	t.Setenv("CI_DEFAULT_BRANCH", "foo")
+	b, err := client.getDefaultBranch(ctx, repo)
+	require.NoError(t, err)
+	require.Equal(t, "foo", b)
+}
+
 func TestGitLabGetDefaultBranchErr(t *testing.T) {
 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		defer r.Body.Close()