1
0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-12-12 08:23:48 +02:00
woodpecker/server/api/hook.go
Anbraten 58838f225c
Rewrite of WebUI (#245)
Rewrite of the UI using Typescript, Vue3, Windicss and Vite. The design should  be close to the current one with some changes:
- latest pipeline in a sidebar on the right
- secrets and registry as part of the repo-settings (secrets and registry entries shouldn't be used as much so they can be "hidden" under settings IMO)
- start page shows list of active repositories with button to enable / add new ones (currently you see all repositories and in most cases you only add new repositories once in a while)
2021-11-03 17:40:31 +01:00

432 lines
12 KiB
Go

// Copyright 2018 Drone.IO Inc.
// Copyright 2021 Informatyka Boguslawski sp. z o.o. sp.k., http://www.ib.pl/
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// This file has been modified by Informatyka Boguslawski sp. z o.o. sp.k.
package api
import (
"context"
"crypto/sha256"
"encoding/json"
"fmt"
"math/rand"
"net/http"
"regexp"
"strconv"
"time"
"github.com/gin-gonic/gin"
"github.com/rs/zerolog/log"
"github.com/woodpecker-ci/woodpecker/pipeline/frontend/yaml"
"github.com/woodpecker-ci/woodpecker/pipeline/rpc"
"github.com/woodpecker-ci/woodpecker/server"
"github.com/woodpecker-ci/woodpecker/server/model"
"github.com/woodpecker-ci/woodpecker/server/pubsub"
"github.com/woodpecker-ci/woodpecker/server/queue"
"github.com/woodpecker-ci/woodpecker/server/remote"
"github.com/woodpecker-ci/woodpecker/server/shared"
"github.com/woodpecker-ci/woodpecker/server/store"
"github.com/woodpecker-ci/woodpecker/shared/token"
)
var skipRe = regexp.MustCompile(`\[(?i:ci *skip|skip *ci)\]`)
func init() {
rand.Seed(time.Now().UnixNano())
}
func GetQueueInfo(c *gin.Context) {
c.IndentedJSON(200,
server.Config.Services.Queue.Info(c),
)
}
func PauseQueue(c *gin.Context) {
server.Config.Services.Queue.Pause()
c.Status(http.StatusOK)
}
func ResumeQueue(c *gin.Context) {
server.Config.Services.Queue.Resume()
c.Status(http.StatusOK)
}
func BlockTilQueueHasRunningItem(c *gin.Context) {
for {
info := server.Config.Services.Queue.Info(c)
if info.Stats.Running == 0 {
break
}
}
c.Status(http.StatusOK)
}
func PostHook(c *gin.Context) {
remote_ := remote.FromContext(c)
store_ := store.FromContext(c)
tmpRepo, build, err := remote_.Hook(c.Request)
if err != nil {
log.Error().Msgf("failure to parse hook. %s", err)
c.AbortWithError(400, err)
return
}
if build == nil {
c.Writer.WriteHeader(200)
return
}
if tmpRepo == nil {
log.Error().Msgf("failure to ascertain repo from hook.")
c.Writer.WriteHeader(400)
return
}
// skip the build if any case-insensitive combination of the words "skip" and "ci"
// wrapped in square brackets appear in the commit message
skipMatch := skipRe.FindString(build.Message)
if len(skipMatch) > 0 {
log.Info().Msgf("ignoring hook. %s found in %s", skipMatch, build.Commit)
c.Writer.WriteHeader(204)
return
}
repo, err := store_.GetRepoName(tmpRepo.Owner + "/" + tmpRepo.Name)
if err != nil {
log.Error().Msgf("failure to find repo %s/%s from hook. %s", tmpRepo.Owner, tmpRepo.Name, err)
c.AbortWithError(404, err)
return
}
if !repo.IsActive {
log.Error().Msgf("ignoring hook. %s/%s is inactive.", tmpRepo.Owner, tmpRepo.Name)
c.AbortWithError(204, err)
return
}
// get the token and verify the hook is authorized
parsed, err := token.ParseRequest(c.Request, func(t *token.Token) (string, error) {
return repo.Hash, nil
})
if err != nil {
log.Error().Msgf("failure to parse token from hook for %s. %s", repo.FullName, err)
c.AbortWithError(400, err)
return
}
if parsed.Text != repo.FullName {
log.Error().Msgf("failure to verify token from hook. Expected %s, got %s", repo.FullName, parsed.Text)
c.AbortWithStatus(403)
return
}
if repo.UserID == 0 {
log.Warn().Msgf("ignoring hook. repo %s has no owner.", repo.FullName)
c.Writer.WriteHeader(204)
return
}
if build.Event == model.EventPull && !repo.AllowPull {
log.Info().Msgf("ignoring hook. repo %s is disabled for pull requests.", repo.FullName)
c.Writer.Write([]byte("pulls are disabled on woodpecker for this repo"))
c.Writer.WriteHeader(204)
return
}
user, err := store_.GetUser(repo.UserID)
if err != nil {
log.Error().Msgf("failure to find repo owner %s. %s", repo.FullName, err)
c.AbortWithError(500, err)
return
}
// if the remote has a refresh token, the current access token
// may be stale. Therefore, we should refresh prior to dispatching
// the build.
if refresher, ok := remote_.(remote.Refresher); ok {
ok, err := refresher.Refresh(c, user)
if err != nil {
log.Error().Msgf("failed to refresh oauth2 token: %s", err)
} else if ok {
if err := store_.UpdateUser(user); err != nil {
log.Error().Msgf("error while updating user: %s", err)
// move forward
}
}
}
// fetch the build file from the remote
configFetcher := shared.NewConfigFetcher(remote_, user, repo, build)
remoteYamlConfigs, err := configFetcher.Fetch(c)
if err != nil {
log.Error().Msgf("error: %s: cannot find %s in %s: %s", repo.FullName, repo.Config, build.Ref, err)
c.AbortWithError(404, err)
return
}
filtered, err := branchFiltered(build, remoteYamlConfigs)
if err != nil {
log.Error().Msgf("failure to parse yaml from hook for %s. %s", repo.FullName, err)
c.AbortWithError(400, err)
}
if filtered {
c.String(200, "Branch does not match restrictions defined in yaml")
return
}
if zeroSteps(build, remoteYamlConfigs) {
c.String(200, "Step conditions yield zero runnable steps")
return
}
// update some build fields
build.RepoID = repo.ID
build.Verified = true
build.Status = model.StatusPending
if repo.IsGated && build.Sender != user.Login {
build.Status = model.StatusBlocked
}
err = store_.CreateBuild(build, build.Procs...)
if err != nil {
log.Error().Msgf("failure to save commit for %s. %s", repo.FullName, err)
c.AbortWithError(500, err)
return
}
// persist the build config for historical correctness, restarts, etc
for _, remoteYamlConfig := range remoteYamlConfigs {
_, err := findOrPersistPipelineConfig(repo, build, remoteYamlConfig)
if err != nil {
log.Error().Msgf("failure to find or persist build config for %s. %s", repo.FullName, err)
c.AbortWithError(500, err)
return
}
}
c.JSON(200, build)
if build.Status == model.StatusBlocked {
return
}
netrc, err := remote_.Netrc(user, repo)
if err != nil {
c.String(500, "Failed to generate netrc file. %s", err)
return
}
envs := map[string]string{}
if server.Config.Services.Environ != nil {
globals, _ := server.Config.Services.Environ.EnvironList(repo)
for _, global := range globals {
envs[global.Name] = global.Value
}
}
secs, err := server.Config.Services.Secrets.SecretListBuild(repo, build)
if err != nil {
log.Debug().Msgf("Error getting secrets for %s#%d. %s", repo.FullName, build.Number, err)
}
regs, err := server.Config.Services.Registries.RegistryList(repo)
if err != nil {
log.Debug().Msgf("Error getting registry credentials for %s#%d. %s", repo.FullName, build.Number, err)
}
// get the previous build so that we can send status change notifications
last, _ := store_.GetBuildLastBefore(repo, build.Branch, build.ID)
b := shared.ProcBuilder{
Repo: repo,
Curr: build,
Last: last,
Netrc: netrc,
Secs: secs,
Regs: regs,
Envs: envs,
Link: server.Config.Server.Host,
Yamls: remoteYamlConfigs,
}
buildItems, err := b.Build()
if err != nil {
if _, err = shared.UpdateToStatusError(store_, *build, err); err != nil {
log.Error().Msgf("Error setting error status of build for %s#%d. %s", repo.FullName, build.Number, err)
}
return
}
build = shared.SetBuildStepsOnBuild(b.Curr, buildItems)
err = store_.ProcCreate(build.Procs)
if err != nil {
log.Error().Msgf("error persisting procs %s/%d: %s", repo.FullName, build.Number, err)
}
defer func() {
for _, item := range buildItems {
uri := fmt.Sprintf("%s/%s/build/%d", server.Config.Server.Host, repo.FullName, build.Number)
if len(buildItems) > 1 {
err = remote_.Status(c, user, repo, build, uri, item.Proc)
} else {
err = remote_.Status(c, user, repo, build, uri, nil)
}
if err != nil {
log.Error().Msgf("error setting commit status for %s/%d: %v", repo.FullName, build.Number, err)
}
}
}()
publishToTopic(c, build, repo, model.Enqueued)
queueBuild(build, repo, buildItems)
}
// TODO: parse yaml once and not for each filter function
func branchFiltered(build *model.Build, remoteYamlConfigs []*remote.FileMeta) (bool, error) {
log.Trace().Msgf("hook.branchFiltered(): build branch: '%s' build event: '%s' config count: %d", build.Branch, build.Event, len(remoteYamlConfigs))
for _, remoteYamlConfig := range remoteYamlConfigs {
parsedPipelineConfig, err := yaml.ParseString(string(remoteYamlConfig.Data))
if err != nil {
log.Trace().Msgf("parse config '%s': %s", remoteYamlConfig.Name, err)
return false, err
}
log.Trace().Msgf("config '%s': %#v", remoteYamlConfig.Name, parsedPipelineConfig)
if !parsedPipelineConfig.Branches.Match(build.Branch) && build.Event != model.EventTag && build.Event != model.EventDeploy {
} else {
return false, nil
}
}
return true, nil
}
func zeroSteps(build *model.Build, remoteYamlConfigs []*remote.FileMeta) bool {
b := shared.ProcBuilder{
Repo: &model.Repo{},
Curr: build,
Last: &model.Build{},
Netrc: &model.Netrc{},
Secs: []*model.Secret{},
Regs: []*model.Registry{},
Link: "",
Yamls: remoteYamlConfigs,
}
buildItems, err := b.Build()
if err != nil {
return false
}
if len(buildItems) == 0 {
return true
}
return false
}
func findOrPersistPipelineConfig(repo *model.Repo, build *model.Build, remoteYamlConfig *remote.FileMeta) (*model.Config, error) {
sha := shasum(remoteYamlConfig.Data)
conf, err := server.Config.Storage.Config.ConfigFindIdentical(build.RepoID, sha)
if err != nil {
conf = &model.Config{
RepoID: build.RepoID,
Data: string(remoteYamlConfig.Data),
Hash: sha,
Name: shared.SanitizePath(remoteYamlConfig.Name),
}
err = server.Config.Storage.Config.ConfigCreate(conf)
if err != nil {
// retry in case we receive two hooks at the same time
conf, err = server.Config.Storage.Config.ConfigFindIdentical(build.RepoID, sha)
if err != nil {
return nil, err
}
}
}
buildConfig := &model.BuildConfig{
ConfigID: conf.ID,
BuildID: build.ID,
}
err = server.Config.Storage.Config.BuildConfigCreate(buildConfig)
if err != nil {
return nil, err
}
return conf, nil
}
// publishes message to UI clients
func publishToTopic(c *gin.Context, build *model.Build, repo *model.Repo, event model.EventType) {
message := pubsub.Message{
Labels: map[string]string{
"repo": repo.FullName,
"private": strconv.FormatBool(repo.IsPrivate),
},
}
buildCopy := *build
buildCopy.Procs = model.Tree(buildCopy.Procs)
message.Data, _ = json.Marshal(model.Event{
Type: model.Enqueued,
Repo: *repo,
Build: buildCopy,
})
server.Config.Services.Pubsub.Publish(c, "topic/events", message)
}
func queueBuild(build *model.Build, repo *model.Repo, buildItems []*shared.BuildItem) {
var tasks []*queue.Task
for _, item := range buildItems {
if item.Proc.State == model.StatusSkipped {
continue
}
task := new(queue.Task)
task.ID = fmt.Sprint(item.Proc.ID)
task.Labels = map[string]string{}
for k, v := range item.Labels {
task.Labels[k] = v
}
task.Labels["platform"] = item.Platform
task.Labels["repo"] = repo.FullName
task.Dependencies = taskIds(item.DependsOn, buildItems)
task.RunOn = item.RunsOn
task.DepStatus = make(map[string]string)
task.Data, _ = json.Marshal(rpc.Pipeline{
ID: fmt.Sprint(item.Proc.ID),
Config: item.Config,
Timeout: repo.Timeout,
})
server.Config.Services.Logs.Open(context.Background(), task.ID)
tasks = append(tasks, task)
}
server.Config.Services.Queue.PushAtOnce(context.Background(), tasks)
}
func taskIds(dependsOn []string, buildItems []*shared.BuildItem) (taskIds []string) {
for _, dep := range dependsOn {
for _, buildItem := range buildItems {
if buildItem.Proc.Name == dep {
taskIds = append(taskIds, fmt.Sprint(buildItem.Proc.ID))
}
}
}
return
}
func shasum(raw []byte) string {
sum := sha256.Sum256(raw)
return fmt.Sprintf("%x", sum)
}