mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2025-03-28 15:15:32 +00:00
Fix pr secret event names (#592)
* Fix pr secret event names * Add validation for secret events
This commit is contained in:
Anbraten
GitHub
parent
f1e2f3dcad
commit
cb97b39c82
9 changed files with 129 additions and 57 deletions
|
|
@ -500,12 +500,10 @@ func PostBuild(c *gin.Context) {
|
|||
build.Error = ""
|
||||
build.Deploy = c.DefaultQuery("deploy_to", build.Deploy)
|
||||
|
||||
event := c.DefaultQuery("event", build.Event)
|
||||
if event == model.EventPush ||
|
||||
event == model.EventPull ||
|
||||
event == model.EventTag ||
|
||||
event == model.EventDeploy {
|
||||
build.Event = event
|
||||
if event, ok := c.GetQuery("event"); ok {
|
||||
if event := model.WebhookEvent(event); model.ValidateWebhookEvent(event) {
|
||||
build.Event = event
|
||||
}
|
||||
}
|
||||
|
||||
err = _store.CreateBuild(build)
|
||||
|
|
|
|||
|
|
@ -17,39 +17,39 @@ package model
|
|||
|
||||
// swagger:model build
|
||||
type Build struct {
|
||||
ID int64 `json:"id" xorm:"pk autoincr 'build_id'"`
|
||||
RepoID int64 `json:"-" xorm:"UNIQUE(s) INDEX 'build_repo_id'"`
|
||||
Number int64 `json:"number" xorm:"UNIQUE(s) 'build_number'"`
|
||||
Author string `json:"author" xorm:"INDEX 'build_author'"`
|
||||
ConfigID int64 `json:"-" xorm:"build_config_id"`
|
||||
Parent int64 `json:"parent" xorm:"build_parent"`
|
||||
Event string `json:"event" xorm:"build_event"`
|
||||
Status StatusValue `json:"status" xorm:"INDEX 'build_status'"`
|
||||
Error string `json:"error" xorm:"build_error"`
|
||||
Enqueued int64 `json:"enqueued_at" xorm:"build_enqueued"`
|
||||
Created int64 `json:"created_at" xorm:"build_created"`
|
||||
Started int64 `json:"started_at" xorm:"build_started"`
|
||||
Finished int64 `json:"finished_at" xorm:"build_finished"`
|
||||
Deploy string `json:"deploy_to" xorm:"build_deploy"`
|
||||
Commit string `json:"commit" xorm:"build_commit"`
|
||||
Branch string `json:"branch" xorm:"build_branch"`
|
||||
Ref string `json:"ref" xorm:"build_ref"`
|
||||
Refspec string `json:"refspec" xorm:"build_refspec"`
|
||||
Remote string `json:"remote" xorm:"build_remote"`
|
||||
Title string `json:"title" xorm:"build_title"`
|
||||
Message string `json:"message" xorm:"build_message"`
|
||||
Timestamp int64 `json:"timestamp" xorm:"build_timestamp"`
|
||||
Sender string `json:"sender" xorm:"build_sender"`
|
||||
Avatar string `json:"author_avatar" xorm:"build_avatar"`
|
||||
Email string `json:"author_email" xorm:"build_email"`
|
||||
Link string `json:"link_url" xorm:"build_link"`
|
||||
Signed bool `json:"signed" xorm:"build_signed"` // deprecate
|
||||
Verified bool `json:"verified" xorm:"build_verified"` // deprecate
|
||||
Reviewer string `json:"reviewed_by" xorm:"build_reviewer"`
|
||||
Reviewed int64 `json:"reviewed_at" xorm:"build_reviewed"`
|
||||
Procs []*Proc `json:"procs,omitempty" xorm:"-"`
|
||||
Files []*File `json:"files,omitempty" xorm:"-"`
|
||||
ChangedFiles []string `json:"changed_files,omitempty" xorm:"json 'changed_files'"`
|
||||
ID int64 `json:"id" xorm:"pk autoincr 'build_id'"`
|
||||
RepoID int64 `json:"-" xorm:"UNIQUE(s) INDEX 'build_repo_id'"`
|
||||
Number int64 `json:"number" xorm:"UNIQUE(s) 'build_number'"`
|
||||
Author string `json:"author" xorm:"INDEX 'build_author'"`
|
||||
ConfigID int64 `json:"-" xorm:"build_config_id"`
|
||||
Parent int64 `json:"parent" xorm:"build_parent"`
|
||||
Event WebhookEvent `json:"event" xorm:"build_event"`
|
||||
Status StatusValue `json:"status" xorm:"INDEX 'build_status'"`
|
||||
Error string `json:"error" xorm:"build_error"`
|
||||
Enqueued int64 `json:"enqueued_at" xorm:"build_enqueued"`
|
||||
Created int64 `json:"created_at" xorm:"build_created"`
|
||||
Started int64 `json:"started_at" xorm:"build_started"`
|
||||
Finished int64 `json:"finished_at" xorm:"build_finished"`
|
||||
Deploy string `json:"deploy_to" xorm:"build_deploy"`
|
||||
Commit string `json:"commit" xorm:"build_commit"`
|
||||
Branch string `json:"branch" xorm:"build_branch"`
|
||||
Ref string `json:"ref" xorm:"build_ref"`
|
||||
Refspec string `json:"refspec" xorm:"build_refspec"`
|
||||
Remote string `json:"remote" xorm:"build_remote"`
|
||||
Title string `json:"title" xorm:"build_title"`
|
||||
Message string `json:"message" xorm:"build_message"`
|
||||
Timestamp int64 `json:"timestamp" xorm:"build_timestamp"`
|
||||
Sender string `json:"sender" xorm:"build_sender"`
|
||||
Avatar string `json:"author_avatar" xorm:"build_avatar"`
|
||||
Email string `json:"author_email" xorm:"build_email"`
|
||||
Link string `json:"link_url" xorm:"build_link"`
|
||||
Signed bool `json:"signed" xorm:"build_signed"` // deprecate
|
||||
Verified bool `json:"verified" xorm:"build_verified"` // deprecate
|
||||
Reviewer string `json:"reviewed_by" xorm:"build_reviewer"`
|
||||
Reviewed int64 `json:"reviewed_at" xorm:"build_reviewed"`
|
||||
Procs []*Proc `json:"procs,omitempty" xorm:"-"`
|
||||
Files []*File `json:"files,omitempty" xorm:"-"`
|
||||
ChangedFiles []string `json:"changed_files,omitempty" xorm:"json 'changed_files'"`
|
||||
}
|
||||
|
||||
// TableName return database table name for xorm
|
||||
|
|
|
|||
|
|
@ -14,13 +14,24 @@
|
|||
|
||||
package model
|
||||
|
||||
type WebhookEvent string
|
||||
|
||||
const (
|
||||
EventPush = "push"
|
||||
EventPull = "pull_request"
|
||||
EventTag = "tag"
|
||||
EventDeploy = "deployment"
|
||||
EventPush WebhookEvent = "push"
|
||||
EventPull WebhookEvent = "pull_request"
|
||||
EventTag WebhookEvent = "tag"
|
||||
EventDeploy WebhookEvent = "deployment"
|
||||
)
|
||||
|
||||
func ValidateWebhookEvent(s WebhookEvent) bool {
|
||||
switch s {
|
||||
case EventPush, EventPull, EventTag, EventDeploy:
|
||||
return true
|
||||
default:
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
// StatusValue represent pipeline states woodpecker know
|
||||
type StatusValue string
|
||||
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ import (
|
|||
var (
|
||||
errSecretNameInvalid = errors.New("Invalid Secret Name")
|
||||
errSecretValueInvalid = errors.New("Invalid Secret Value")
|
||||
errSecretEventInvalid = errors.New("Invalid Secret Event")
|
||||
)
|
||||
|
||||
// SecretService defines a service for managing secrets.
|
||||
|
|
@ -47,14 +48,14 @@ type SecretStore interface {
|
|||
// Secret represents a secret variable, such as a password or token.
|
||||
// swagger:model registry
|
||||
type Secret struct {
|
||||
ID int64 `json:"id" xorm:"pk autoincr 'secret_id'"`
|
||||
RepoID int64 `json:"-" xorm:"UNIQUE(s) INDEX 'secret_repo_id'"`
|
||||
Name string `json:"name" xorm:"UNIQUE(s) INDEX 'secret_name'"`
|
||||
Value string `json:"value,omitempty" xorm:"TEXT 'secret_value'"`
|
||||
Images []string `json:"image" xorm:"json 'secret_images'"`
|
||||
Events []string `json:"event" xorm:"json 'secret_events'"`
|
||||
SkipVerify bool `json:"-" xorm:"secret_skip_verify"`
|
||||
Conceal bool `json:"-" xorm:"secret_conceal"`
|
||||
ID int64 `json:"id" xorm:"pk autoincr 'secret_id'"`
|
||||
RepoID int64 `json:"-" xorm:"UNIQUE(s) INDEX 'secret_repo_id'"`
|
||||
Name string `json:"name" xorm:"UNIQUE(s) INDEX 'secret_name'"`
|
||||
Value string `json:"value,omitempty" xorm:"TEXT 'secret_value'"`
|
||||
Images []string `json:"image" xorm:"json 'secret_images'"`
|
||||
Events []WebhookEvent `json:"event" xorm:"json 'secret_events'"`
|
||||
SkipVerify bool `json:"-" xorm:"secret_skip_verify"`
|
||||
Conceal bool `json:"-" xorm:"secret_conceal"`
|
||||
}
|
||||
|
||||
// TableName return database table name for xorm
|
||||
|
|
@ -63,12 +64,12 @@ func (Secret) TableName() string {
|
|||
}
|
||||
|
||||
// Match returns true if an image and event match the restricted list.
|
||||
func (s *Secret) Match(event string) bool {
|
||||
func (s *Secret) Match(event WebhookEvent) bool {
|
||||
if len(s.Events) == 0 {
|
||||
return true
|
||||
}
|
||||
for _, pattern := range s.Events {
|
||||
if match, _ := filepath.Match(pattern, event); match {
|
||||
if match, _ := filepath.Match(string(pattern), string(event)); match {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
|
@ -77,6 +78,12 @@ func (s *Secret) Match(event string) bool {
|
|||
|
||||
// Validate validates the required fields and formats.
|
||||
func (s *Secret) Validate() error {
|
||||
for _, event := range s.Events {
|
||||
if !ValidateWebhookEvent(event) {
|
||||
return errSecretEventInvalid
|
||||
}
|
||||
}
|
||||
|
||||
switch {
|
||||
case len(s.Name) == 0:
|
||||
return errSecretNameInvalid
|
||||
|
|
|
|||
|
|
@ -440,7 +440,7 @@ func repoStatus(c context.Context, client *github.Client, r *model.Repo, b *mode
|
|||
ctx += "/pr"
|
||||
default:
|
||||
if len(b.Event) > 0 {
|
||||
ctx += "/" + b.Event
|
||||
ctx += "/" + string(b.Event)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -305,7 +305,7 @@ func metadataFromStruct(repo *model.Repo, build, last *model.Build, proc *model.
|
|||
Started: build.Started,
|
||||
Finished: build.Finished,
|
||||
Status: string(build.Status),
|
||||
Event: build.Event,
|
||||
Event: string(build.Event),
|
||||
Link: build.Link,
|
||||
Target: build.Deploy,
|
||||
Commit: frontend.Commit{
|
||||
|
|
@ -328,7 +328,7 @@ func metadataFromStruct(repo *model.Repo, build, last *model.Build, proc *model.
|
|||
Started: last.Started,
|
||||
Finished: last.Finished,
|
||||
Status: string(last.Status),
|
||||
Event: last.Event,
|
||||
Event: string(last.Event),
|
||||
Link: last.Link,
|
||||
Target: last.Deploy,
|
||||
Commit: frontend.Commit{
|
||||
|
|
|
|||
|
|
@ -0,0 +1,55 @@
|
|||
// Copyright 2021 Woodpecker Authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package migration
|
||||
|
||||
import (
|
||||
"xorm.io/xorm"
|
||||
|
||||
"github.com/woodpecker-ci/woodpecker/server/model"
|
||||
)
|
||||
|
||||
var fixPRSecretEventName = task{
|
||||
name: "fix-pr-secret-event-name",
|
||||
fn: func(sess *xorm.Session) error {
|
||||
const batchSize = 100
|
||||
for start := 0; ; start += batchSize {
|
||||
secrets := make([]*model.Secret, 0, batchSize)
|
||||
if err := sess.Limit(batchSize, start).Table("secrets").Cols("secret_id", "secret_events").Where("secret_events LIKE '%pull-request%'").Find(&secrets); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if len(secrets) == 0 {
|
||||
break
|
||||
}
|
||||
|
||||
for _, secret := range secrets {
|
||||
for i, event := range secret.Events {
|
||||
if event == "pull-request" {
|
||||
secret.Events[i] = "pull_request"
|
||||
}
|
||||
}
|
||||
if _, err := sess.ID(secret.ID).Cols("secret_events").Update(secret); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if err := sess.Begin(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return sess.Commit()
|
||||
},
|
||||
}
|
||||
|
|
@ -30,6 +30,7 @@ var migrationTasks = []task{
|
|||
legacy2Xorm,
|
||||
alterTableReposDropFallback,
|
||||
alterTableReposDropAllowDeploysAllowTags,
|
||||
fixPRSecretEventName,
|
||||
}
|
||||
|
||||
type migrations struct {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
export enum WebhookEvents {
|
||||
Push = 'push',
|
||||
Tag = 'tag',
|
||||
PullRequest = 'pull-request',
|
||||
PullRequest = 'pull_request',
|
||||
Deploy = 'deploy',
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue