mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-18 22:46:33 +00:00
376 lines
10 KiB
Go
376 lines
10 KiB
Go
package gitlab
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"net/url"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"github.com/drone/drone/Godeps/_workspace/src/github.com/Bugagazavr/go-gitlab-client"
|
|
"github.com/drone/drone/Godeps/_workspace/src/github.com/hashicorp/golang-lru"
|
|
"github.com/drone/drone/pkg/oauth2"
|
|
"github.com/drone/drone/pkg/remote"
|
|
"github.com/drone/drone/pkg/token"
|
|
common "github.com/drone/drone/pkg/types"
|
|
"github.com/drone/drone/pkg/utils/httputil"
|
|
)
|
|
|
|
const (
|
|
DefaultScope = "api"
|
|
)
|
|
|
|
type Gitlab struct {
|
|
URL string
|
|
Client string
|
|
Secret string
|
|
AllowedOrgs []string
|
|
CloneMode string
|
|
Open bool
|
|
PrivateMode bool
|
|
SkipVerify bool
|
|
Search bool
|
|
|
|
cache *lru.Cache
|
|
}
|
|
|
|
func init() {
|
|
remote.Register("gitlab", NewDriver)
|
|
}
|
|
|
|
func NewDriver(config string) (remote.Remote, error) {
|
|
url_, err := url.Parse(config)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
params := url_.Query()
|
|
url_.RawQuery = ""
|
|
|
|
gitlab := Gitlab{}
|
|
gitlab.URL = url_.String()
|
|
gitlab.Client = params.Get("client_id")
|
|
gitlab.Secret = params.Get("client_secret")
|
|
gitlab.AllowedOrgs = params["orgs"]
|
|
gitlab.SkipVerify, _ = strconv.ParseBool(params.Get("skip_verify"))
|
|
gitlab.Open, _ = strconv.ParseBool(params.Get("open"))
|
|
|
|
switch params.Get("clone_mode") {
|
|
case "oauth":
|
|
gitlab.CloneMode = "oauth"
|
|
default:
|
|
gitlab.CloneMode = "token"
|
|
}
|
|
|
|
// this is a temp workaround
|
|
gitlab.Search, _ = strconv.ParseBool(params.Get("search"))
|
|
|
|
// here we cache permissions to avoid too many api
|
|
// calls. this should really be moved outise the
|
|
// remote plugin into the app
|
|
gitlab.cache, err = lru.New(1028)
|
|
return &gitlab, err
|
|
}
|
|
|
|
func (g *Gitlab) Login(token, secret string) (*common.User, error) {
|
|
client := NewClient(g.URL, token, g.SkipVerify)
|
|
var login, err = client.CurrentUser()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
user := common.User{}
|
|
user.Login = login.Username
|
|
user.Email = login.Email
|
|
user.Token = token
|
|
user.Secret = secret
|
|
|
|
if strings.HasPrefix(login.AvatarUrl, "http") {
|
|
user.Avatar = login.AvatarUrl
|
|
} else {
|
|
user.Avatar = g.URL + "/" + login.AvatarUrl
|
|
}
|
|
return &user, nil
|
|
}
|
|
|
|
// Orgs fetches the organizations for the given user.
|
|
func (g *Gitlab) Orgs(u *common.User) ([]string, error) {
|
|
return nil, nil
|
|
}
|
|
|
|
// Repo fetches the named repository from the remote system.
|
|
func (g *Gitlab) Repo(u *common.User, owner, name string) (*common.Repo, error) {
|
|
client := NewClient(g.URL, u.Token, g.SkipVerify)
|
|
id, err := GetProjectId(g, client, owner, name)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
repo_, err := client.Project(id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
repo := &common.Repo{}
|
|
repo.Owner = owner
|
|
repo.Name = name
|
|
repo.FullName = repo_.PathWithNamespace
|
|
repo.Link = repo_.Url
|
|
repo.Clone = repo_.HttpRepoUrl
|
|
repo.Branch = "master"
|
|
|
|
if repo_.DefaultBranch != "" {
|
|
repo.Branch = repo_.DefaultBranch
|
|
}
|
|
|
|
if g.PrivateMode {
|
|
repo.Private = true
|
|
} else {
|
|
repo.Private = !repo_.Public
|
|
}
|
|
|
|
return repo, err
|
|
}
|
|
|
|
// Perm fetches the named repository from the remote system.
|
|
func (g *Gitlab) Perm(u *common.User, owner, name string) (*common.Perm, error) {
|
|
key := fmt.Sprintf("%s/%s/%s", u.Login, owner, name)
|
|
val, ok := g.cache.Get(key)
|
|
if ok {
|
|
return val.(*common.Perm), nil
|
|
}
|
|
|
|
client := NewClient(g.URL, u.Token, g.SkipVerify)
|
|
id, err := GetProjectId(g, client, owner, name)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
repo, err := client.Project(id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
m := &common.Perm{}
|
|
m.Admin = IsAdmin(repo)
|
|
m.Pull = IsRead(repo)
|
|
m.Push = IsWrite(repo)
|
|
g.cache.Add(key, m)
|
|
return m, nil
|
|
}
|
|
|
|
// GetScript fetches the build script (.drone.yml) from the remote
|
|
// repository and returns in string format.
|
|
func (g *Gitlab) Script(user *common.User, repo *common.Repo, build *common.Build) ([]byte, []byte, error) {
|
|
var client = NewClient(g.URL, user.Token, g.SkipVerify)
|
|
id, err := GetProjectId(g, client, repo.Owner, repo.Name)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
cfg, err := client.RepoRawFile(id, build.Commit.Sha, ".drone.yml")
|
|
enc, _ := client.RepoRawFile(id, build.Commit.Sha, ".drone.sec")
|
|
return cfg, enc, err
|
|
}
|
|
|
|
// NOTE Currently gitlab doesn't support status for commits and events,
|
|
// also if we want get MR status in gitlab we need implement a special plugin for gitlab,
|
|
// gitlab uses API to fetch build status on client side. But for now we skip this.
|
|
func (g *Gitlab) Status(u *common.User, repo *common.Repo, b *common.Build) error {
|
|
return nil
|
|
}
|
|
|
|
// Netrc returns a .netrc file that can be used to clone
|
|
// private repositories from a remote system.
|
|
func (g *Gitlab) Netrc(u *common.User, r *common.Repo) (*common.Netrc, error) {
|
|
url_, err := url.Parse(g.URL)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
netrc := &common.Netrc{}
|
|
netrc.Machine = url_.Host
|
|
|
|
switch g.CloneMode {
|
|
case "oauth":
|
|
netrc.Login = "oauth2"
|
|
netrc.Password = u.Token
|
|
case "token":
|
|
t := token.New(token.HookToken, r.FullName)
|
|
netrc.Login = "drone-ci-token"
|
|
netrc.Password, err = t.Sign(r.Hash)
|
|
}
|
|
return netrc, err
|
|
}
|
|
|
|
// Activate activates a repository by adding a Post-commit hook and
|
|
// a Public Deploy key, if applicable.
|
|
func (g *Gitlab) Activate(user *common.User, repo *common.Repo, k *common.Keypair, link string) error {
|
|
var client = NewClient(g.URL, user.Token, g.SkipVerify)
|
|
id, err := GetProjectId(g, client, repo.Owner, repo.Name)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
uri, err := url.Parse(link)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
droneUrl := fmt.Sprintf("%s://%s", uri.Scheme, uri.Host)
|
|
droneToken := uri.Query().Get("access_token")
|
|
ssl_verify := strconv.FormatBool(!g.SkipVerify)
|
|
|
|
return client.AddDroneService(id, map[string]string{
|
|
"token": droneToken,
|
|
"drone_url": droneUrl,
|
|
"enable_ssl_verification": ssl_verify,
|
|
})
|
|
}
|
|
|
|
// Deactivate removes a repository by removing all the post-commit hooks
|
|
// which are equal to link and removing the SSH deploy key.
|
|
func (g *Gitlab) Deactivate(user *common.User, repo *common.Repo, link string) error {
|
|
var client = NewClient(g.URL, user.Token, g.SkipVerify)
|
|
id, err := GetProjectId(g, client, repo.Owner, repo.Name)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return client.DeleteDroneService(id)
|
|
}
|
|
|
|
// ParseHook parses the post-commit hook from the Request body
|
|
// and returns the required data in a standard format.
|
|
func (g *Gitlab) Hook(req *http.Request) (*common.Hook, error) {
|
|
defer req.Body.Close()
|
|
var payload, _ = ioutil.ReadAll(req.Body)
|
|
var parsed, err = gogitlab.ParseHook(payload)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
switch parsed.ObjectKind {
|
|
case "merge_request":
|
|
return mergeRequest(parsed, req)
|
|
case "tag_push", "push":
|
|
return push(parsed, req)
|
|
default:
|
|
return nil, nil
|
|
}
|
|
}
|
|
|
|
func mergeRequest(parsed *gogitlab.HookPayload, req *http.Request) (*common.Hook, error) {
|
|
var hook = new(common.Hook)
|
|
hook.Event = "pull_request"
|
|
hook.Repo = &common.Repo{}
|
|
hook.Repo.Owner = req.FormValue("owner")
|
|
hook.Repo.Name = req.FormValue("name")
|
|
hook.Repo.FullName = fmt.Sprintf("%s/%s", hook.Repo.Owner, hook.Repo.Name)
|
|
hook.Repo.Link = parsed.ObjectAttributes.Target.WebUrl
|
|
hook.Repo.Clone = parsed.ObjectAttributes.Target.HttpUrl
|
|
hook.Repo.Branch = "master"
|
|
|
|
hook.Commit = &common.Commit{}
|
|
hook.Commit.Message = parsed.ObjectAttributes.LastCommit.Message
|
|
hook.Commit.Sha = parsed.ObjectAttributes.LastCommit.Id
|
|
hook.Commit.Remote = parsed.ObjectAttributes.Source.HttpUrl
|
|
|
|
if parsed.ObjectAttributes.SourceProjectId == parsed.ObjectAttributes.TargetProjectId {
|
|
hook.Commit.Ref = fmt.Sprintf("refs/heads/%s", parsed.ObjectAttributes.SourceBranch)
|
|
} else {
|
|
hook.Commit.Ref = fmt.Sprintf("refs/merge-requests/%d/head", parsed.ObjectAttributes.IId)
|
|
}
|
|
|
|
hook.Commit.Branch = parsed.ObjectAttributes.SourceBranch
|
|
hook.Commit.Timestamp = parsed.ObjectAttributes.LastCommit.Timestamp
|
|
|
|
hook.Commit.Author = &common.Author{}
|
|
hook.Commit.Author.Login = parsed.ObjectAttributes.LastCommit.Author.Name
|
|
hook.Commit.Author.Email = parsed.ObjectAttributes.LastCommit.Author.Email
|
|
|
|
hook.PullRequest = &common.PullRequest{}
|
|
hook.PullRequest.Number = parsed.ObjectAttributes.IId
|
|
hook.PullRequest.Title = parsed.ObjectAttributes.Title
|
|
hook.PullRequest.Link = parsed.ObjectAttributes.Url
|
|
|
|
return hook, nil
|
|
}
|
|
|
|
func push(parsed *gogitlab.HookPayload, req *http.Request) (*common.Hook, error) {
|
|
var cloneUrl = parsed.Repository.GitHttpUrl
|
|
|
|
var hook = new(common.Hook)
|
|
hook.Event = "push"
|
|
hook.Repo = &common.Repo{}
|
|
hook.Repo.Owner = req.FormValue("owner")
|
|
hook.Repo.Name = req.FormValue("name")
|
|
hook.Repo.Link = parsed.Repository.URL
|
|
hook.Repo.Clone = cloneUrl
|
|
hook.Repo.Branch = "master"
|
|
|
|
switch parsed.Repository.VisibilityLevel {
|
|
case 0:
|
|
hook.Repo.Private = true
|
|
case 10:
|
|
hook.Repo.Private = true
|
|
case 20:
|
|
hook.Repo.Private = false
|
|
}
|
|
|
|
hook.Repo.FullName = fmt.Sprintf("%s/%s", req.FormValue("owner"), req.FormValue("name"))
|
|
|
|
hook.Commit = &common.Commit{}
|
|
hook.Commit.Sha = parsed.After
|
|
hook.Commit.Branch = parsed.Branch()
|
|
hook.Commit.Ref = parsed.Ref
|
|
hook.Commit.Remote = cloneUrl
|
|
|
|
var head = parsed.Head()
|
|
hook.Commit.Message = head.Message
|
|
hook.Commit.Timestamp = head.Timestamp
|
|
hook.Commit.Author = &common.Author{}
|
|
|
|
// extracts the commit author (ideally email)
|
|
// from the post-commit hook
|
|
switch {
|
|
case head.Author != nil:
|
|
hook.Commit.Author.Email = head.Author.Email
|
|
hook.Commit.Author.Login = parsed.UserName
|
|
case head.Author == nil:
|
|
hook.Commit.Author.Login = parsed.UserName
|
|
}
|
|
|
|
return hook, nil
|
|
}
|
|
|
|
// ¯\_(ツ)_/¯
|
|
func (g *Gitlab) Oauth2Transport(r *http.Request) *oauth2.Transport {
|
|
return &oauth2.Transport{
|
|
Config: &oauth2.Config{
|
|
ClientId: g.Client,
|
|
ClientSecret: g.Secret,
|
|
Scope: DefaultScope,
|
|
AuthURL: fmt.Sprintf("%s/oauth/authorize", g.URL),
|
|
TokenURL: fmt.Sprintf("%s/oauth/token", g.URL),
|
|
RedirectURL: fmt.Sprintf("%s/authorize", httputil.GetURL(r)),
|
|
//settings.Server.Scheme, settings.Server.Hostname),
|
|
},
|
|
Transport: &http.Transport{
|
|
Proxy: http.ProxyFromEnvironment,
|
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: g.SkipVerify},
|
|
},
|
|
}
|
|
}
|
|
|
|
// Accessor method, to allowed remote organizations field.
|
|
func (g *Gitlab) GetOrgs() []string {
|
|
return g.AllowedOrgs
|
|
}
|
|
|
|
// Accessor method, to open field.
|
|
func (g *Gitlab) GetOpen() bool {
|
|
return g.Open
|
|
}
|
|
|
|
// return default scope for GitHub
|
|
func (g *Gitlab) Scope() string {
|
|
return DefaultScope
|
|
}
|