mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-04-26 13:34:45 +00:00
Code Issues Projects Releases Wiki Activity

Fix pr secret event names (#592)

Browse source 
* Fix pr secret event names
* Add validation for secret events
This commit is contained in:
Anbraten 2021-12-11 02:37:40 +01:00 committed by GitHub
parent f1e2f3dcad
commit cb97b39c82
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 129 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
server/api/build.go
View file

@ -500,12 +500,10 @@ func PostBuild(c *gin.Context) {
build.Error = "" build.Error = ""
build.Deploy = c.DefaultQuery("deploy_to", build.Deploy) build.Deploy = c.DefaultQuery("deploy_to", build.Deploy)
event := c.DefaultQuery("event", build.Event) if event, ok := c.GetQuery("event"); ok {
if event == model.EventPush || if event := model.WebhookEvent(event); model.ValidateWebhookEvent(event) {
event == model.EventPull || build.Event = event
event == model.EventTag || }
event == model.EventDeploy {
build.Event = event
} }
err = _store.CreateBuild(build) err = _store.CreateBuild(build)

66
server/model/build.go
View file

@ -17,39 +17,39 @@ package model
// swagger:model build // swagger:model build
type Build struct { type Build struct {
ID int64 `json:"id" xorm:"pk autoincr 'build_id'"` ID int64 `json:"id" xorm:"pk autoincr 'build_id'"`
RepoID int64 `json:"-" xorm:"UNIQUE(s) INDEX 'build_repo_id'"` RepoID int64 `json:"-" xorm:"UNIQUE(s) INDEX 'build_repo_id'"`
Number int64 `json:"number" xorm:"UNIQUE(s) 'build_number'"` Number int64 `json:"number" xorm:"UNIQUE(s) 'build_number'"`
Author string `json:"author" xorm:"INDEX 'build_author'"` Author string `json:"author" xorm:"INDEX 'build_author'"`
ConfigID int64 `json:"-" xorm:"build_config_id"` ConfigID int64 `json:"-" xorm:"build_config_id"`
Parent int64 `json:"parent" xorm:"build_parent"` Parent int64 `json:"parent" xorm:"build_parent"`
Event string `json:"event" xorm:"build_event"` Event WebhookEvent `json:"event" xorm:"build_event"`
Status StatusValue `json:"status" xorm:"INDEX 'build_status'"` Status StatusValue `json:"status" xorm:"INDEX 'build_status'"`
Error string `json:"error" xorm:"build_error"` Error string `json:"error" xorm:"build_error"`
Enqueued int64 `json:"enqueued_at" xorm:"build_enqueued"` Enqueued int64 `json:"enqueued_at" xorm:"build_enqueued"`
Created int64 `json:"created_at" xorm:"build_created"` Created int64 `json:"created_at" xorm:"build_created"`
Started int64 `json:"started_at" xorm:"build_started"` Started int64 `json:"started_at" xorm:"build_started"`
Finished int64 `json:"finished_at" xorm:"build_finished"` Finished int64 `json:"finished_at" xorm:"build_finished"`
Deploy string `json:"deploy_to" xorm:"build_deploy"` Deploy string `json:"deploy_to" xorm:"build_deploy"`
Commit string `json:"commit" xorm:"build_commit"` Commit string `json:"commit" xorm:"build_commit"`
Branch string `json:"branch" xorm:"build_branch"` Branch string `json:"branch" xorm:"build_branch"`
Ref string `json:"ref" xorm:"build_ref"` Ref string `json:"ref" xorm:"build_ref"`
Refspec string `json:"refspec" xorm:"build_refspec"` Refspec string `json:"refspec" xorm:"build_refspec"`
Remote string `json:"remote" xorm:"build_remote"` Remote string `json:"remote" xorm:"build_remote"`
Title string `json:"title" xorm:"build_title"` Title string `json:"title" xorm:"build_title"`
Message string `json:"message" xorm:"build_message"` Message string `json:"message" xorm:"build_message"`
Timestamp int64 `json:"timestamp" xorm:"build_timestamp"` Timestamp int64 `json:"timestamp" xorm:"build_timestamp"`
Sender string `json:"sender" xorm:"build_sender"` Sender string `json:"sender" xorm:"build_sender"`
Avatar string `json:"author_avatar" xorm:"build_avatar"` Avatar string `json:"author_avatar" xorm:"build_avatar"`
Email string `json:"author_email" xorm:"build_email"` Email string `json:"author_email" xorm:"build_email"`
Link string `json:"link_url" xorm:"build_link"` Link string `json:"link_url" xorm:"build_link"`
Signed bool `json:"signed" xorm:"build_signed"` // deprecate Signed bool `json:"signed" xorm:"build_signed"` // deprecate
Verified bool `json:"verified" xorm:"build_verified"` // deprecate Verified bool `json:"verified" xorm:"build_verified"` // deprecate
Reviewer string `json:"reviewed_by" xorm:"build_reviewer"` Reviewer string `json:"reviewed_by" xorm:"build_reviewer"`
Reviewed int64 `json:"reviewed_at" xorm:"build_reviewed"` Reviewed int64 `json:"reviewed_at" xorm:"build_reviewed"`
Procs []*Proc `json:"procs,omitempty" xorm:"-"` Procs []*Proc `json:"procs,omitempty" xorm:"-"`
Files []*File `json:"files,omitempty" xorm:"-"` Files []*File `json:"files,omitempty" xorm:"-"`
ChangedFiles []string `json:"changed_files,omitempty" xorm:"json 'changed_files'"` ChangedFiles []string `json:"changed_files,omitempty" xorm:"json 'changed_files'"`
} }
// TableName return database table name for xorm // TableName return database table name for xorm

19
server/model/const.go
View file

@ -14,13 +14,24 @@
package model package model
type WebhookEvent string
const ( const (
EventPush = "push" EventPush WebhookEvent = "push"
EventPull = "pull_request" EventPull WebhookEvent = "pull_request"
EventTag = "tag" EventTag WebhookEvent = "tag"
EventDeploy = "deployment" EventDeploy WebhookEvent = "deployment"
) )
func ValidateWebhookEvent(s WebhookEvent) bool {
switch s {
case EventPush, EventPull, EventTag, EventDeploy:
return true
default:
return false
}
}
// StatusValue represent pipeline states woodpecker know // StatusValue represent pipeline states woodpecker know
type StatusValue string type StatusValue string

27
server/model/secret.go
View file

@ -23,6 +23,7 @@ import (
var ( var (
errSecretNameInvalid = errors.New("Invalid Secret Name") errSecretNameInvalid = errors.New("Invalid Secret Name")
errSecretValueInvalid = errors.New("Invalid Secret Value") errSecretValueInvalid = errors.New("Invalid Secret Value")
errSecretEventInvalid = errors.New("Invalid Secret Event")
) )
// SecretService defines a service for managing secrets. // SecretService defines a service for managing secrets.
@ -47,14 +48,14 @@ type SecretStore interface {
// Secret represents a secret variable, such as a password or token. // Secret represents a secret variable, such as a password or token.
// swagger:model registry // swagger:model registry
type Secret struct { type Secret struct {
ID int64 `json:"id" xorm:"pk autoincr 'secret_id'"` ID int64 `json:"id" xorm:"pk autoincr 'secret_id'"`
RepoID int64 `json:"-" xorm:"UNIQUE(s) INDEX 'secret_repo_id'"` RepoID int64 `json:"-" xorm:"UNIQUE(s) INDEX 'secret_repo_id'"`
Name string `json:"name" xorm:"UNIQUE(s) INDEX 'secret_name'"` Name string `json:"name" xorm:"UNIQUE(s) INDEX 'secret_name'"`
Value string `json:"value,omitempty" xorm:"TEXT 'secret_value'"` Value string `json:"value,omitempty" xorm:"TEXT 'secret_value'"`
Images []string `json:"image" xorm:"json 'secret_images'"` Images []string `json:"image" xorm:"json 'secret_images'"`
Events []string `json:"event" xorm:"json 'secret_events'"` Events []WebhookEvent `json:"event" xorm:"json 'secret_events'"`
SkipVerify bool `json:"-" xorm:"secret_skip_verify"` SkipVerify bool `json:"-" xorm:"secret_skip_verify"`
Conceal bool `json:"-" xorm:"secret_conceal"` Conceal bool `json:"-" xorm:"secret_conceal"`
} }
// TableName return database table name for xorm // TableName return database table name for xorm
@ -63,12 +64,12 @@ func (Secret) TableName() string {
} }
// Match returns true if an image and event match the restricted list. // Match returns true if an image and event match the restricted list.
func (s *Secret) Match(event string) bool { func (s *Secret) Match(event WebhookEvent) bool {
if len(s.Events) == 0 { if len(s.Events) == 0 {
return true return true
} }
for _, pattern := range s.Events { for _, pattern := range s.Events {
if match, _ := filepath.Match(pattern, event); match { if match, _ := filepath.Match(string(pattern), string(event)); match {
return true return true
} }
} }
@ -77,6 +78,12 @@ func (s *Secret) Match(event string) bool {
// Validate validates the required fields and formats. // Validate validates the required fields and formats.
func (s *Secret) Validate() error { func (s *Secret) Validate() error {
for _, event := range s.Events {
if !ValidateWebhookEvent(event) {
return errSecretEventInvalid
}
}
switch { switch {
case len(s.Name) == 0: case len(s.Name) == 0:
return errSecretNameInvalid return errSecretNameInvalid

2
server/remote/github/github.go
View file

@ -440,7 +440,7 @@ func repoStatus(c context.Context, client *github.Client, r *model.Repo, b *mode
ctx += "/pr" ctx += "/pr"
default: default:
if len(b.Event) > 0 { if len(b.Event) > 0 {
ctx += "/" + b.Event ctx += "/" + string(b.Event)
} }
} }

4
server/shared/procBuilder.go
View file

@ -305,7 +305,7 @@ func metadataFromStruct(repo *model.Repo, build, last *model.Build, proc *model.
Started: build.Started, Started: build.Started,
Finished: build.Finished, Finished: build.Finished,
Status: string(build.Status), Status: string(build.Status),
Event: build.Event, Event: string(build.Event),
Link: build.Link, Link: build.Link,
Target: build.Deploy, Target: build.Deploy,
Commit: frontend.Commit{ Commit: frontend.Commit{
@ -328,7 +328,7 @@ func metadataFromStruct(repo *model.Repo, build, last *model.Build, proc *model.
Started: last.Started, Started: last.Started,
Finished: last.Finished, Finished: last.Finished,
Status: string(last.Status), Status: string(last.Status),
Event: last.Event, Event: string(last.Event),
Link: last.Link, Link: last.Link,
Target: last.Deploy, Target: last.Deploy,
Commit: frontend.Commit{ Commit: frontend.Commit{

55
server/store/datastore/migration/003_fix_pr_secret_event_name.go Normal file
View file

@ -0,0 +1,55 @@
// Copyright 2021 Woodpecker Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package migration
import (
"xorm.io/xorm"
"github.com/woodpecker-ci/woodpecker/server/model"
)
var fixPRSecretEventName = task{
name: "fix-pr-secret-event-name",
fn: func(sess *xorm.Session) error {
const batchSize = 100
for start := 0; ; start += batchSize {
secrets := make([]*model.Secret, 0, batchSize)
if err := sess.Limit(batchSize, start).Table("secrets").Cols("secret_id", "secret_events").Where("secret_events LIKE '%pull-request%'").Find(&secrets); err != nil {
return err
}
if len(secrets) == 0 {
break
}
for _, secret := range secrets {
for i, event := range secret.Events {
if event == "pull-request" {
secret.Events[i] = "pull_request"
}
}
if _, err := sess.ID(secret.ID).Cols("secret_events").Update(secret); err != nil {
return err
}
}
}
if err := sess.Begin(); err != nil {
return err
}
return sess.Commit()
},
}

1
server/store/datastore/migration/migration.go
View file

@ -30,6 +30,7 @@ var migrationTasks = []task{
legacy2Xorm, legacy2Xorm,
alterTableReposDropFallback, alterTableReposDropFallback,
alterTableReposDropAllowDeploysAllowTags, alterTableReposDropAllowDeploysAllowTags,
fixPRSecretEventName,
} }
type migrations struct { type migrations struct {

2
web/src/lib/api/types/webhook.ts
View file

@ -1,6 +1,6 @@
export enum WebhookEvents { export enum WebhookEvents {
Push = 'push', Push = 'push',
Tag = 'tag', Tag = 'tag',
PullRequest = 'pull-request', PullRequest = 'pull_request',
Deploy = 'deploy', Deploy = 'deploy',
} }