Merge pull request '[v7.0/forgejo] fix: hook post-receive for sha256 repos' (#3788) from bp-v7.0/forgejo-5e73c67-2ac3dcb into v7.0/forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3788
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
This commit is contained in:
Earl Warren 2024-05-16 06:59:56 +00:00
commit 40b639d2a0
12 changed files with 202 additions and 158 deletions

View file

@ -316,12 +316,12 @@ func runHookUpdate(c *cli.Context) error {
return nil
}
// Deletion of the ref means that the new commit ID is only composed of '0'.
if strings.ContainsFunc(newCommitID, func(e rune) bool { return e != '0' }) {
return nil
// Empty new commit ID means deletion.
if git.IsEmptyCommitID(newCommitID, nil) {
return fail(ctx, fmt.Sprintf("The deletion of %s is skipped as it's an internal reference.", refFullName), "")
}
return fail(ctx, fmt.Sprintf("The deletion of %s is skipped as it's an internal reference.", refFullName), "")
return nil
}
func runHookPostReceive(c *cli.Context) error {
@ -402,8 +402,7 @@ Forgejo or set your environment appropriately.`, "")
newCommitIDs[count] = string(fields[1])
refFullNames[count] = git.RefName(fields[2])
commitID, _ := git.NewIDFromString(newCommitIDs[count])
if refFullNames[count] == git.BranchPrefix+"master" && !commitID.IsZero() && count == total {
if refFullNames[count] == git.BranchPrefix+"master" && !git.IsEmptyCommitID(newCommitIDs[count], nil) && count == total {
masterPushed = true
}
count++
@ -694,8 +693,7 @@ Forgejo or set your environment appropriately.`, "")
if err != nil {
return err
}
commitID, _ := git.NewIDFromString(rs.OldOID)
if !commitID.IsZero() {
if !git.IsEmptyCommitID(rs.OldOID, nil) {
err = writeDataPktLine(ctx, os.Stdout, []byte("option old-oid "+rs.OldOID))
if err != nil {
return err

View file

@ -329,7 +329,7 @@ func (repo *Repository) HTMLURL() string {
// CommitLink make link to by commit full ID
// note: won't check whether it's an right id
func (repo *Repository) CommitLink(commitID string) (result string) {
if git.IsEmptyCommitID(commitID) {
if git.IsEmptyCommitID(commitID, nil) {
result = ""
} else {
result = repo.Link() + "/commit/" + url.PathEscape(commitID)

View file

@ -122,6 +122,7 @@ func (h Sha256ObjectFormatImpl) ComputeHash(t ObjectType, content []byte) Object
var (
Sha1ObjectFormat ObjectFormat = Sha1ObjectFormatImpl{}
Sha256ObjectFormat ObjectFormat = Sha256ObjectFormatImpl{}
// any addition must be reflected in IsEmptyCommitID
)
var SupportedObjectFormats = []ObjectFormat{

View file

@ -79,17 +79,25 @@ func NewIDFromString(hexHash string) (ObjectID, error) {
return theObjectFormat.MustID(b), nil
}
func IsEmptyCommitID(commitID string) bool {
// IsEmptyCommitID checks if an hexadecimal string represents an empty commit according to git (only '0').
// If objectFormat is not nil, the length will be checked as well (otherwise the lenght must match the sha1 or sha256 length).
func IsEmptyCommitID(commitID string, objectFormat ObjectFormat) bool {
if commitID == "" {
return true
}
id, err := NewIDFromString(commitID)
if err != nil {
if objectFormat == nil {
if Sha1ObjectFormat.FullLength() != len(commitID) && Sha256ObjectFormat.FullLength() != len(commitID) {
return false
}
} else if objectFormat.FullLength() != len(commitID) {
return false
}
return id.IsZero()
for _, c := range commitID {
if c != '0' {
return false
}
}
return true
}
// ComputeBlobHash compute the hash for a given blob content

View file

@ -23,3 +23,27 @@ func TestIsValidSHAPattern(t *testing.T) {
assert.Equal(t, "d5c6407415d85df49592672aa421aed39b9db5e3", ComputeBlobHash(Sha1ObjectFormat, []byte("same length blob")).String())
assert.Equal(t, "df0b5174ed06ae65aea40d43316bcbc21d82c9e3158ce2661df2ad28d7931dd6", ComputeBlobHash(Sha256ObjectFormat, []byte("some random blob")).String())
}
func TestIsEmptyCommitID(t *testing.T) {
assert.True(t, IsEmptyCommitID("", nil))
assert.True(t, IsEmptyCommitID("", Sha1ObjectFormat))
assert.True(t, IsEmptyCommitID("", Sha256ObjectFormat))
assert.False(t, IsEmptyCommitID("79ee38a6416c1ede423ec7ee0a8639ceea4aad20", Sha1ObjectFormat))
assert.True(t, IsEmptyCommitID("0000000000000000000000000000000000000000", nil))
assert.True(t, IsEmptyCommitID("0000000000000000000000000000000000000000", Sha1ObjectFormat))
assert.False(t, IsEmptyCommitID("0000000000000000000000000000000000000000", Sha256ObjectFormat))
assert.False(t, IsEmptyCommitID("00000000000000000000000000000000000000000", nil))
assert.False(t, IsEmptyCommitID("0f0b5174ed06ae65aea40d43316bcbc21d82c9e3158ce2661df2ad28d7931dd6", nil))
assert.True(t, IsEmptyCommitID("0000000000000000000000000000000000000000000000000000000000000000", nil))
assert.False(t, IsEmptyCommitID("0000000000000000000000000000000000000000000000000000000000000000", Sha1ObjectFormat))
assert.True(t, IsEmptyCommitID("0000000000000000000000000000000000000000000000000000000000000000", Sha256ObjectFormat))
assert.False(t, IsEmptyCommitID("1", nil))
assert.False(t, IsEmptyCommitID("0", nil))
assert.False(t, IsEmptyCommitID("010", nil))
assert.False(t, IsEmptyCommitID("0 0", nil))
}

View file

@ -21,14 +21,12 @@ type PushUpdateOptions struct {
// IsNewRef return true if it's a first-time push to a branch, tag or etc.
func (opts *PushUpdateOptions) IsNewRef() bool {
commitID, err := git.NewIDFromString(opts.OldCommitID)
return err == nil && commitID.IsZero()
return git.IsEmptyCommitID(opts.OldCommitID, nil)
}
// IsDelRef return true if it's a deletion to a branch or tag
func (opts *PushUpdateOptions) IsDelRef() bool {
commitID, err := git.NewIDFromString(opts.NewCommitID)
return err == nil && commitID.IsZero()
return git.IsEmptyCommitID(opts.NewCommitID, nil)
}
// IsUpdateRef return true if it's an update operation

View file

@ -227,7 +227,7 @@ func HookPostReceive(ctx *gitea_context.PrivateContext) {
}
// If we've pushed a branch (and not deleted it)
if !git.IsEmptyCommitID(newCommitID) && refFullName.IsBranch() {
if !git.IsEmptyCommitID(newCommitID, nil) && refFullName.IsBranch() {
// First ensure we have the repository loaded, we're allowed pulls requests and we can get the base repo
if repo == nil {
repo = loadRepository(ctx, ownerName, repoName)

View file

@ -515,8 +515,7 @@ func (*actionsNotifier) MergePullRequest(ctx context.Context, doer *user_model.U
}
func (n *actionsNotifier) PushCommits(ctx context.Context, pusher *user_model.User, repo *repo_model.Repository, opts *repository.PushUpdateOptions, commits *repository.PushCommits) {
commitID, _ := git.NewIDFromString(opts.NewCommitID)
if commitID.IsZero() {
if git.IsEmptyCommitID(opts.NewCommitID, nil) {
log.Trace("new commitID is empty")
return
}

View file

@ -117,10 +117,10 @@ func doGitCloneFail(u *url.URL) func(*testing.T) {
}
}
func doGitInitTestRepository(dstPath string) func(*testing.T) {
func doGitInitTestRepository(dstPath string, objectFormat git.ObjectFormat) func(*testing.T) {
return func(t *testing.T) {
// Init repository in dstPath
assert.NoError(t, git.InitRepository(git.DefaultContext, dstPath, false, git.Sha1ObjectFormat.Name()))
assert.NoError(t, git.InitRepository(git.DefaultContext, dstPath, false, objectFormat.Name()))
// forcibly set default branch to master
_, _, err := git.NewCommand(git.DefaultContext, "symbolic-ref", "HEAD", git.BranchPrefix+"master").RunStdString(&git.RunOpts{Dir: dstPath})
assert.NoError(t, err)
@ -148,6 +148,7 @@ func doGitAddRemote(dstPath, remoteName string, u *url.URL) func(*testing.T) {
func doGitPushTestRepository(dstPath string, args ...string) func(*testing.T) {
return func(t *testing.T) {
t.Helper()
_, _, err := git.NewCommand(git.DefaultContext, "push", "-u").AddArguments(git.ToTrustedCmdArgs(args)...).RunStdString(&git.RunOpts{Dir: dstPath})
assert.NoError(t, err)
}

View file

@ -24,90 +24,101 @@ import (
"github.com/stretchr/testify/require"
)
func forEachObjectFormat(t *testing.T, f func(t *testing.T, objectFormat git.ObjectFormat)) {
for _, objectFormat := range []git.ObjectFormat{git.Sha256ObjectFormat, git.Sha1ObjectFormat} {
t.Run(objectFormat.Name(), func(t *testing.T) {
f(t, objectFormat)
})
}
}
func TestGitPush(t *testing.T) {
onGiteaRun(t, testGitPush)
}
func testGitPush(t *testing.T, u *url.URL) {
t.Run("Push branches at once", func(t *testing.T) {
runTestGitPush(t, u, func(t *testing.T, gitPath string) (pushed, deleted []string) {
for i := 0; i < 100; i++ {
branchName := fmt.Sprintf("branch-%d", i)
pushed = append(pushed, branchName)
doGitCreateBranch(gitPath, branchName)(t)
}
pushed = append(pushed, "master")
doGitPushTestRepository(gitPath, "origin", "--all")(t)
return pushed, deleted
forEachObjectFormat(t, func(t *testing.T, objectFormat git.ObjectFormat) {
t.Run("Push branches at once", func(t *testing.T) {
runTestGitPush(t, u, objectFormat, func(t *testing.T, gitPath string) (pushed, deleted []string) {
for i := 0; i < 100; i++ {
branchName := fmt.Sprintf("branch-%d", i)
pushed = append(pushed, branchName)
doGitCreateBranch(gitPath, branchName)(t)
}
pushed = append(pushed, "master")
doGitPushTestRepository(gitPath, "origin", "--all")(t)
return pushed, deleted
})
})
})
t.Run("Push branches one by one", func(t *testing.T) {
runTestGitPush(t, u, func(t *testing.T, gitPath string) (pushed, deleted []string) {
for i := 0; i < 100; i++ {
branchName := fmt.Sprintf("branch-%d", i)
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepository(gitPath, "origin", branchName)(t)
pushed = append(pushed, branchName)
}
return pushed, deleted
t.Run("Push branches one by one", func(t *testing.T) {
runTestGitPush(t, u, objectFormat, func(t *testing.T, gitPath string) (pushed, deleted []string) {
for i := 0; i < 100; i++ {
branchName := fmt.Sprintf("branch-%d", i)
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepository(gitPath, "origin", branchName)(t)
pushed = append(pushed, branchName)
}
return pushed, deleted
})
})
})
t.Run("Delete branches", func(t *testing.T) {
runTestGitPush(t, u, func(t *testing.T, gitPath string) (pushed, deleted []string) {
doGitPushTestRepository(gitPath, "origin", "master")(t) // make sure master is the default branch instead of a branch we are going to delete
pushed = append(pushed, "master")
t.Run("Delete branches", func(t *testing.T) {
runTestGitPush(t, u, objectFormat, func(t *testing.T, gitPath string) (pushed, deleted []string) {
doGitPushTestRepository(gitPath, "origin", "master")(t) // make sure master is the default branch instead of a branch we are going to delete
pushed = append(pushed, "master")
for i := 0; i < 100; i++ {
branchName := fmt.Sprintf("branch-%d", i)
pushed = append(pushed, branchName)
doGitCreateBranch(gitPath, branchName)(t)
}
doGitPushTestRepository(gitPath, "origin", "--all")(t)
for i := 0; i < 100; i++ {
branchName := fmt.Sprintf("branch-%d", i)
pushed = append(pushed, branchName)
doGitCreateBranch(gitPath, branchName)(t)
}
doGitPushTestRepository(gitPath, "origin", "--all")(t)
for i := 0; i < 10; i++ {
branchName := fmt.Sprintf("branch-%d", i)
doGitPushTestRepository(gitPath, "origin", "--delete", branchName)(t)
deleted = append(deleted, branchName)
}
return pushed, deleted
for i := 0; i < 10; i++ {
branchName := fmt.Sprintf("branch-%d", i)
doGitPushTestRepository(gitPath, "origin", "--delete", branchName)(t)
deleted = append(deleted, branchName)
}
return pushed, deleted
})
})
})
t.Run("Push to deleted branch", func(t *testing.T) {
runTestGitPush(t, u, func(t *testing.T, gitPath string) (pushed, deleted []string) {
doGitPushTestRepository(gitPath, "origin", "master")(t) // make sure master is the default branch instead of a branch we are going to delete
pushed = append(pushed, "master")
t.Run("Push to deleted branch", func(t *testing.T) {
runTestGitPush(t, u, objectFormat, func(t *testing.T, gitPath string) (pushed, deleted []string) {
doGitPushTestRepository(gitPath, "origin", "master")(t) // make sure master is the default branch instead of a branch we are going to delete
pushed = append(pushed, "master")
doGitCreateBranch(gitPath, "branch-1")(t)
doGitPushTestRepository(gitPath, "origin", "branch-1")(t)
pushed = append(pushed, "branch-1")
doGitCreateBranch(gitPath, "branch-1")(t)
doGitPushTestRepository(gitPath, "origin", "branch-1")(t)
pushed = append(pushed, "branch-1")
// delete and restore
doGitPushTestRepository(gitPath, "origin", "--delete", "branch-1")(t)
doGitPushTestRepository(gitPath, "origin", "branch-1")(t)
// delete and restore
doGitPushTestRepository(gitPath, "origin", "--delete", "branch-1")(t)
doGitPushTestRepository(gitPath, "origin", "branch-1")(t)
return pushed, deleted
return pushed, deleted
})
})
})
}
func runTestGitPush(t *testing.T, u *url.URL, gitOperation func(t *testing.T, gitPath string) (pushed, deleted []string)) {
func runTestGitPush(t *testing.T, u *url.URL, objectFormat git.ObjectFormat, gitOperation func(t *testing.T, gitPath string) (pushed, deleted []string)) {
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
repo, err := repo_service.CreateRepository(db.DefaultContext, user, user, repo_service.CreateRepoOptions{
Name: "repo-to-push",
Description: "test git push",
AutoInit: false,
DefaultBranch: "main",
IsPrivate: false,
Name: "repo-to-push",
Description: "test git push",
AutoInit: false,
DefaultBranch: "main",
IsPrivate: false,
ObjectFormatName: objectFormat.Name(),
})
require.NoError(t, err)
require.NotEmpty(t, repo)
gitPath := t.TempDir()
doGitInitTestRepository(gitPath)(t)
doGitInitTestRepository(gitPath, objectFormat)(t)
oldPath := u.Path
oldUser := u.User
@ -158,83 +169,87 @@ func TestOptionsGitPush(t *testing.T) {
func testOptionsGitPush(t *testing.T, u *url.URL) {
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
repo, err := repo_service.CreateRepository(db.DefaultContext, user, user, repo_service.CreateRepoOptions{
Name: "repo-to-push",
Description: "test git push",
AutoInit: false,
DefaultBranch: "main",
IsPrivate: false,
})
require.NoError(t, err)
require.NotEmpty(t, repo)
gitPath := t.TempDir()
doGitInitTestRepository(gitPath)(t)
u.Path = repo.FullName() + ".git"
u.User = url.UserPassword(user.LowerName, userPassword)
doGitAddRemote(gitPath, "origin", u)(t)
t.Run("Unknown push options are rejected", func(t *testing.T) {
logChecker, cleanup := test.NewLogChecker(log.DEFAULT, log.TRACE)
logChecker.Filter("unknown option").StopMark("Git push options validation")
defer cleanup()
branchName := "branch0"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepositoryFail(gitPath, "origin", branchName, "-o", "repo.template=false", "-o", "uknownoption=randomvalue")(t)
logFiltered, logStopped := logChecker.Check(5 * time.Second)
assert.True(t, logStopped)
assert.True(t, logFiltered[0])
})
t.Run("Owner sets private & template to true via push options", func(t *testing.T) {
branchName := "branch1"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepository(gitPath, "origin", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
forEachObjectFormat(t, func(t *testing.T, objectFormat git.ObjectFormat) {
repo, err := repo_service.CreateRepository(db.DefaultContext, user, user, repo_service.CreateRepoOptions{
Name: "repo-to-push",
Description: "test git push",
AutoInit: false,
DefaultBranch: "main",
IsPrivate: false,
ObjectFormatName: objectFormat.Name(),
})
require.NoError(t, err)
require.True(t, repo.IsPrivate)
require.True(t, repo.IsTemplate)
require.NotEmpty(t, repo)
gitPath := t.TempDir()
doGitInitTestRepository(gitPath, objectFormat)(t)
u.Path = repo.FullName() + ".git"
u.User = url.UserPassword(user.LowerName, userPassword)
doGitAddRemote(gitPath, "origin", u)(t)
t.Run("Unknown push options are rejected", func(t *testing.T) {
logChecker, cleanup := test.NewLogChecker(log.DEFAULT, log.TRACE)
logChecker.Filter("unknown option").StopMark("Git push options validation")
defer cleanup()
branchName := "branch0"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepositoryFail(gitPath, "origin", branchName, "-o", "repo.template=false", "-o", "uknownoption=randomvalue")(t)
logFiltered, logStopped := logChecker.Check(5 * time.Second)
assert.True(t, logStopped)
assert.True(t, logFiltered[0])
})
t.Run("Owner sets private & template to true via push options", func(t *testing.T) {
branchName := "branch1"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepository(gitPath, "origin", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
require.NoError(t, err)
require.True(t, repo.IsPrivate)
require.True(t, repo.IsTemplate)
})
t.Run("Owner sets private & template to false via push options", func(t *testing.T) {
branchName := "branch2"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepository(gitPath, "origin", branchName, "-o", "repo.private=false", "-o", "repo.template=false")(t)
repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
require.NoError(t, err)
require.False(t, repo.IsPrivate)
require.False(t, repo.IsTemplate)
})
// create a collaborator with write access
collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
u.User = url.UserPassword(collaborator.LowerName, userPassword)
doGitAddRemote(gitPath, "collaborator", u)(t)
repo_module.AddCollaborator(db.DefaultContext, repo, collaborator)
t.Run("Collaborator with write access is allowed to push", func(t *testing.T) {
branchName := "branch3"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepository(gitPath, "collaborator", branchName)(t)
})
t.Run("Collaborator with write access fails to change private & template via push options", func(t *testing.T) {
logChecker, cleanup := test.NewLogChecker(log.DEFAULT, log.TRACE)
logChecker.Filter("permission denied for changing repo settings").StopMark("Git push options validation")
defer cleanup()
branchName := "branch4"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepositoryFail(gitPath, "collaborator", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
require.NoError(t, err)
require.False(t, repo.IsPrivate)
require.False(t, repo.IsTemplate)
logFiltered, logStopped := logChecker.Check(5 * time.Second)
assert.True(t, logStopped)
assert.True(t, logFiltered[0])
})
require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, repo.ID))
})
t.Run("Owner sets private & template to false via push options", func(t *testing.T) {
branchName := "branch2"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepository(gitPath, "origin", branchName, "-o", "repo.private=false", "-o", "repo.template=false")(t)
repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
require.NoError(t, err)
require.False(t, repo.IsPrivate)
require.False(t, repo.IsTemplate)
})
// create a collaborator with write access
collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
u.User = url.UserPassword(collaborator.LowerName, userPassword)
doGitAddRemote(gitPath, "collaborator", u)(t)
repo_module.AddCollaborator(db.DefaultContext, repo, collaborator)
t.Run("Collaborator with write access is allowed to push", func(t *testing.T) {
branchName := "branch3"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepository(gitPath, "collaborator", branchName)(t)
})
t.Run("Collaborator with write access fails to change private & template via push options", func(t *testing.T) {
logChecker, cleanup := test.NewLogChecker(log.DEFAULT, log.TRACE)
logChecker.Filter("permission denied for changing repo settings").StopMark("Git push options validation")
defer cleanup()
branchName := "branch4"
doGitCreateBranch(gitPath, branchName)(t)
doGitPushTestRepositoryFail(gitPath, "collaborator", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")
require.NoError(t, err)
require.False(t, repo.IsPrivate)
require.False(t, repo.IsTemplate)
logFiltered, logStopped := logChecker.Check(5 * time.Second)
assert.True(t, logStopped)
assert.True(t, logFiltered[0])
})
require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, repo.ID))
}

View file

@ -601,7 +601,7 @@ func doPushCreate(ctx APITestContext, u *url.URL) func(t *testing.T) {
tmpDir := t.TempDir()
// Now create local repository to push as our test and set its origin
t.Run("InitTestRepository", doGitInitTestRepository(tmpDir))
t.Run("InitTestRepository", doGitInitTestRepository(tmpDir, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
t.Run("AddRemote", doGitAddRemote(tmpDir, "origin", u))
// Disable "Push To Create" and attempt to push

View file

@ -64,7 +64,7 @@ func testPushDeployKeyOnEmptyRepo(t *testing.T, u *url.URL) {
// Setup the testing repository
dstPath := t.TempDir()
t.Run("InitTestRepository", doGitInitTestRepository(dstPath))
t.Run("InitTestRepository", doGitInitTestRepository(dstPath, git.Sha1ObjectFormat)) // FIXME: use forEachObjectFormat
// Setup remote link
sshURL := createSSHUrl(ctx.GitPath(), u)