From 158f7d289ab7f2d18f82755084ec858fde45eb36 Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Mon, 24 Jun 2019 08:25:33 -0700 Subject: [PATCH 01/16] update release destination --- .github/security.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/security.md b/.github/security.md index bb7915590..806927737 100644 --- a/.github/security.md +++ b/.github/security.md @@ -16,8 +16,8 @@ your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. -Report security bugs in third-party packages to the person or team maintaining -the module. +Report security bugs in third-party software to the person or team maintaining +that software. ## Disclosure Policy @@ -28,7 +28,7 @@ involving the following steps: * Confirm the problem and determine the affected versions. * Audit code to find any potential similar problems. * Prepare fixes for all releases still under maintenance. These fixes will be - released as fast as possible to npm. + released as fast as possible to DockerHub. ## Comments on this Policy From 8ba0430a8219269c43759c2110c575c30e532b03 Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Thu, 18 Jul 2019 14:55:48 -0700 Subject: [PATCH 02/16] pass url to 0.8 conversion --- operator/runner/env.go | 2 ++ trigger/trigger.go | 1 + 2 files changed, 3 insertions(+) diff --git a/operator/runner/env.go b/operator/runner/env.go index 02d54bea1..2b3770ba2 100644 --- a/operator/runner/env.go +++ b/operator/runner/env.go @@ -96,6 +96,8 @@ func buildEnviron(build *core.Build) map[string]string { "DRONE_BUILD_STARTED": fmt.Sprint(build.Started), "DRONE_BUILD_FINISHED": fmt.Sprint(build.Finished), "DRONE_DEPLOY_TO": build.Deploy, + // legacy + "CI_COMMIT_SHA": build.After, } if strings.HasPrefix(build.Ref, "refs/tags/") { env["DRONE_TAG"] = strings.TrimPrefix(build.Ref, "refs/tags/") diff --git a/trigger/trigger.go b/trigger/trigger.go index c6b2acab3..4fe88f060 100644 --- a/trigger/trigger.go +++ b/trigger/trigger.go @@ -198,6 +198,7 @@ func (t *triggerer) Trigger(ctx context.Context, repo *core.Repository, base *co // the legacy yaml configuration file to the new format. raw.Data, err = converter.ConvertString(raw.Data, converter.Metadata{ Filename: repo.Config, + URL: repo.Link, Ref: base.Ref, }) if err != nil { From 2a36e7dda7099bd5d5241e21481ec59ed0e8c10f Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Thu, 18 Jul 2019 14:56:18 -0700 Subject: [PATCH 03/16] bump drone-yaml --- go.mod | 4 ++-- go.sum | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 57bc17621..611a69174 100644 --- a/go.mod +++ b/go.mod @@ -19,11 +19,11 @@ require ( github.com/drone/drone-go v1.0.5-0.20190427184118-618e4496482e github.com/drone/drone-runtime v1.0.6 github.com/drone/drone-ui v0.0.0-20190530175131-92ba3df1e0a9 - github.com/drone/drone-yaml v1.1.4-0.20190614011118-4889634ea9ae + github.com/drone/drone-yaml v1.2.1-0.20190717150947-d14ac477f983 github.com/drone/envsubst v1.0.1 github.com/drone/go-license v1.0.2 github.com/drone/go-login v1.0.4-0.20190311170324-2a4df4f242a2 - github.com/drone/go-scm v1.5.0 + github.com/drone/go-scm v1.5.1-0.20190714160251-dee92a80f783 github.com/drone/signal v1.0.0 github.com/dustin/go-humanize v1.0.0 github.com/ghodss/yaml v1.0.0 diff --git a/go.sum b/go.sum index 46481fa89..5c8caf252 100644 --- a/go.sum +++ b/go.sum @@ -85,6 +85,8 @@ github.com/drone/drone-yaml v1.1.4-0.20190610220437-a338c245d7d7 h1:xpnCbq/pHAYL github.com/drone/drone-yaml v1.1.4-0.20190610220437-a338c245d7d7/go.mod h1:l/ehbHx9TGs4jgzhRnP5d+M9tmRsAmWyBHWAFEOXrk4= github.com/drone/drone-yaml v1.1.4-0.20190614011118-4889634ea9ae h1:CzpY1F9Ju46gw4lbXwXrZCGyiAuP8QAlYtMcwYTVtW8= github.com/drone/drone-yaml v1.1.4-0.20190614011118-4889634ea9ae/go.mod h1:l/ehbHx9TGs4jgzhRnP5d+M9tmRsAmWyBHWAFEOXrk4= +github.com/drone/drone-yaml v1.2.1-0.20190717150947-d14ac477f983 h1:J59SqAC/DA1FuOXUvtGfYlhZSHegJL+AF9PnhXsxbKA= +github.com/drone/drone-yaml v1.2.1-0.20190717150947-d14ac477f983/go.mod h1:l/ehbHx9TGs4jgzhRnP5d+M9tmRsAmWyBHWAFEOXrk4= github.com/drone/envsubst v1.0.1 h1:NOOStingM2sbBwsIUeQkKUz8ShwCUzmqMxWrpXItfPE= github.com/drone/envsubst v1.0.1/go.mod h1:bkZbnc/2vh1M12Ecn7EYScpI4YGYU0etwLJICOWi8Z0= github.com/drone/go-license v1.0.2 h1:7OwndfYk+Lp/cGHkxe4HUn/Ysrrw3WYH2pnd99yrkok= @@ -105,6 +107,8 @@ github.com/drone/go-scm v1.4.1-0.20190418181654-1e77204716f6 h1:xQ0riJTnWFLZcpXr github.com/drone/go-scm v1.4.1-0.20190418181654-1e77204716f6/go.mod h1:YT4FxQ3U/ltdCrBJR9B0tRpJ1bYA/PM3NyaLE/rYIvw= github.com/drone/go-scm v1.5.0 h1:Hn3bFYsUgOEUCx2wt2II9CxkTfev2h+tPheuYHp7ehg= github.com/drone/go-scm v1.5.0/go.mod h1:YT4FxQ3U/ltdCrBJR9B0tRpJ1bYA/PM3NyaLE/rYIvw= +github.com/drone/go-scm v1.5.1-0.20190714160251-dee92a80f783 h1:dA3FngN241oZKI+PAjMdKX22nT8giYMlOY0JIt/qH/Y= +github.com/drone/go-scm v1.5.1-0.20190714160251-dee92a80f783/go.mod h1:YT4FxQ3U/ltdCrBJR9B0tRpJ1bYA/PM3NyaLE/rYIvw= github.com/drone/signal v1.0.0 h1:NrnM2M/4yAuU/tXs6RP1a1ZfxnaHwYkd0kJurA1p6uI= github.com/drone/signal v1.0.0/go.mod h1:S8t92eFT0g4WUgEc/LxG+LCuiskpMNsG0ajAMGnyZpc= github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= @@ -156,6 +160,8 @@ github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uP github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-retryablehttp v0.0.0-20180718195005-e651d75abec6 h1:qCv4319q2q7XKn0MQbi8p37hsJ+9Xo8e6yojA73JVxk= github.com/hashicorp/go-retryablehttp v0.0.0-20180718195005-e651d75abec6/go.mod h1:fXcdFsQoipQa7mwORhKad5jmDCeSy/RCGzWA08PO0lM= +github.com/hashicorp/go-rootcerts v1.0.0 h1:ueI78wUjYExhCvMLow4icJnayNNFRgy0d9EGs/a1T44= +github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/golang-lru v0.5.0 h1:CL2msUPvZTLb5O648aiLNJw3hnBxN2+1Jq8rCOH9wdo= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/nomad v0.0.0-20190125003214-134391155854 h1:L7WhLZt2ory/kQWxqkMwOiBpIoa4BWoadN7yx8LHEtk= From 4b1972b22a8a183e1a4974a45b2291d0d3f7daf6 Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Thu, 18 Jul 2019 17:56:06 -0700 Subject: [PATCH 04/16] support for github pr base sha --- go.mod | 2 +- go.sum | 4 ++-- service/hook/hook.go | 1 + service/hook/hook_test.go | 3 ++- service/hook/parser/parse.go | 1 + 5 files changed, 7 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 611a69174..a416af7f5 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/drone/envsubst v1.0.1 github.com/drone/go-license v1.0.2 github.com/drone/go-login v1.0.4-0.20190311170324-2a4df4f242a2 - github.com/drone/go-scm v1.5.1-0.20190714160251-dee92a80f783 + github.com/drone/go-scm v1.5.1-0.20190718235211-75d6480d5332 github.com/drone/signal v1.0.0 github.com/dustin/go-humanize v1.0.0 github.com/ghodss/yaml v1.0.0 diff --git a/go.sum b/go.sum index 5c8caf252..91aa4a0bd 100644 --- a/go.sum +++ b/go.sum @@ -109,6 +109,8 @@ github.com/drone/go-scm v1.5.0 h1:Hn3bFYsUgOEUCx2wt2II9CxkTfev2h+tPheuYHp7ehg= github.com/drone/go-scm v1.5.0/go.mod h1:YT4FxQ3U/ltdCrBJR9B0tRpJ1bYA/PM3NyaLE/rYIvw= github.com/drone/go-scm v1.5.1-0.20190714160251-dee92a80f783 h1:dA3FngN241oZKI+PAjMdKX22nT8giYMlOY0JIt/qH/Y= github.com/drone/go-scm v1.5.1-0.20190714160251-dee92a80f783/go.mod h1:YT4FxQ3U/ltdCrBJR9B0tRpJ1bYA/PM3NyaLE/rYIvw= +github.com/drone/go-scm v1.5.1-0.20190718235211-75d6480d5332 h1:QdYrRquj9e0sidvgjwYGdK4OB0WyQY6j5msjZ9sLUX8= +github.com/drone/go-scm v1.5.1-0.20190718235211-75d6480d5332/go.mod h1:YT4FxQ3U/ltdCrBJR9B0tRpJ1bYA/PM3NyaLE/rYIvw= github.com/drone/signal v1.0.0 h1:NrnM2M/4yAuU/tXs6RP1a1ZfxnaHwYkd0kJurA1p6uI= github.com/drone/signal v1.0.0/go.mod h1:S8t92eFT0g4WUgEc/LxG+LCuiskpMNsG0ajAMGnyZpc= github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= @@ -160,8 +162,6 @@ github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uP github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-retryablehttp v0.0.0-20180718195005-e651d75abec6 h1:qCv4319q2q7XKn0MQbi8p37hsJ+9Xo8e6yojA73JVxk= github.com/hashicorp/go-retryablehttp v0.0.0-20180718195005-e651d75abec6/go.mod h1:fXcdFsQoipQa7mwORhKad5jmDCeSy/RCGzWA08PO0lM= -github.com/hashicorp/go-rootcerts v1.0.0 h1:ueI78wUjYExhCvMLow4icJnayNNFRgy0d9EGs/a1T44= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/golang-lru v0.5.0 h1:CL2msUPvZTLb5O648aiLNJw3hnBxN2+1Jq8rCOH9wdo= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/nomad v0.0.0-20190125003214-134391155854 h1:L7WhLZt2ory/kQWxqkMwOiBpIoa4BWoadN7yx8LHEtk= diff --git a/service/hook/hook.go b/service/hook/hook.go index 176aaa013..eb4641916 100644 --- a/service/hook/hook.go +++ b/service/hook/hook.go @@ -49,6 +49,7 @@ func (s *service) Create(ctx context.Context, user *core.User, repo *core.Reposi Secret: repo.Signer, Events: scm.HookEvents{ Branch: true, + Deployment: true, PullRequest: true, Push: true, Tag: true, diff --git a/service/hook/hook_test.go b/service/hook/hook_test.go index f92fb4038..10bf069be 100644 --- a/service/hook/hook_test.go +++ b/service/hook/hook_test.go @@ -8,9 +8,9 @@ import ( "context" "testing" + "github.com/drone/drone/core" "github.com/drone/drone/mock" "github.com/drone/drone/mock/mockscm" - "github.com/drone/drone/core" "github.com/drone/go-scm/scm" "github.com/golang/mock/gomock" @@ -37,6 +37,7 @@ func TestCreate(t *testing.T) { Secret: "abc123", Events: scm.HookEvents{ Branch: true, + Deployment: true, PullRequest: true, Push: true, Tag: true, diff --git a/service/hook/parser/parse.go b/service/hook/parser/parse.go index 7bc67c2aa..dcaf04cfd 100644 --- a/service/hook/parser/parse.go +++ b/service/hook/parser/parse.go @@ -251,6 +251,7 @@ func (p *parser) Parse(req *http.Request, secretFunc func(string) string) (*core Timestamp: v.PullRequest.Created.Unix(), Title: v.PullRequest.Title, Message: v.PullRequest.Body, + Before: v.PullRequest.Base.Sha, After: v.PullRequest.Sha, Ref: v.PullRequest.Ref, Fork: v.PullRequest.Fork, From e2c3ffc7653ab92bfab2a6e416ba4dad36c4646b Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Thu, 18 Jul 2019 17:56:19 -0700 Subject: [PATCH 05/16] support for legacy environment variables --- operator/runner/env.go | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/operator/runner/env.go b/operator/runner/env.go index 2b3770ba2..03c05b226 100644 --- a/operator/runner/env.go +++ b/operator/runner/env.go @@ -56,6 +56,17 @@ func repoEnviron(repo *core.Repository) map[string]string { "DRONE_GIT_SSH_URL": repo.SSHURL, "DRONE_REPO_VISIBILITY": repo.Visibility, "DRONE_REPO_PRIVATE": fmt.Sprint(repo.Private), + + // + // these are legacy configuration parameters for backward + // compatibilty with drone 0.8. + // + "CI_REPO": repo.Slug, + "CI_REPO_NAME": repo.Slug, + "CI_REPO_LINK": repo.Link, + "CI_REPO_REMOTE": repo.HTTPURL, + "CI_REMOTE_URL": repo.HTTPURL, + "CI_REPO_PRIVATE": fmt.Sprint(repo.Private), } } @@ -96,8 +107,28 @@ func buildEnviron(build *core.Build) map[string]string { "DRONE_BUILD_STARTED": fmt.Sprint(build.Started), "DRONE_BUILD_FINISHED": fmt.Sprint(build.Finished), "DRONE_DEPLOY_TO": build.Deploy, - // legacy - "CI_COMMIT_SHA": build.After, + + // + // these are legacy configuration parameters for backward + // compatibilty with drone 0.8. + // + "CI_BUILD_NUMBER": fmt.Sprint(build.Number), + "CI_PARENT_BUILD_NUMBER": fmt.Sprint(build.Parent), + "CI_BUILD_CREATED": fmt.Sprint(build.Created), + "CI_BUILD_STARTED": fmt.Sprint(build.Started), + "CI_BUILD_FINISHED": fmt.Sprint(build.Finished), + "CI_BUILD_STATUS": build.Status, + "CI_BUILD_EVENT": build.Event, + "CI_BUILD_LINK": build.Link, + "CI_BUILD_TARGET": build.Deploy, + "CI_COMMIT_SHA": build.After, + "CI_COMMIT_REF": build.Ref, + "CI_COMMIT_BRANCH": build.Target, + "CI_COMMIT_MESSAGE": build.Message, + "CI_COMMIT_AUTHOR": build.Author, + "CI_COMMIT_AUTHOR_NAME": build.AuthorName, + "CI_COMMIT_AUTHOR_EMAIL": build.AuthorEmail, + "CI_COMMIT_AUTHOR_AVATAR": build.AuthorAvatar, } if strings.HasPrefix(build.Ref, "refs/tags/") { env["DRONE_TAG"] = strings.TrimPrefix(build.Ref, "refs/tags/") From 2730e336d2537a4ea9a974e6d15c9a43608644c6 Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Thu, 18 Jul 2019 18:31:10 -0700 Subject: [PATCH 06/16] support legacy yaml conversion --- CHANGELOG.md | 5 +++++ go.mod | 2 +- go.sum | 4 ++++ operator/runner/runner.go | 1 + scheduler/queue/queue.go | 37 ++++++++++++++++++++----------------- 5 files changed, 31 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1cc59edff..6defed4ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased +### Added +- support for legacy environment variables +- support for legacy workspace based on repository name +- support for github deployment hooks +- provide base sha for github pull requests ## [1.2.1] - 2019-06-11 ### Added diff --git a/go.mod b/go.mod index a416af7f5..08dc752ed 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/drone/drone-go v1.0.5-0.20190427184118-618e4496482e github.com/drone/drone-runtime v1.0.6 github.com/drone/drone-ui v0.0.0-20190530175131-92ba3df1e0a9 - github.com/drone/drone-yaml v1.2.1-0.20190717150947-d14ac477f983 + github.com/drone/drone-yaml v1.2.2-0.20190719012529-c50000a465ee github.com/drone/envsubst v1.0.1 github.com/drone/go-license v1.0.2 github.com/drone/go-login v1.0.4-0.20190311170324-2a4df4f242a2 diff --git a/go.sum b/go.sum index 91aa4a0bd..65d81d368 100644 --- a/go.sum +++ b/go.sum @@ -87,6 +87,10 @@ github.com/drone/drone-yaml v1.1.4-0.20190614011118-4889634ea9ae h1:CzpY1F9Ju46g github.com/drone/drone-yaml v1.1.4-0.20190614011118-4889634ea9ae/go.mod h1:l/ehbHx9TGs4jgzhRnP5d+M9tmRsAmWyBHWAFEOXrk4= github.com/drone/drone-yaml v1.2.1-0.20190717150947-d14ac477f983 h1:J59SqAC/DA1FuOXUvtGfYlhZSHegJL+AF9PnhXsxbKA= github.com/drone/drone-yaml v1.2.1-0.20190717150947-d14ac477f983/go.mod h1:l/ehbHx9TGs4jgzhRnP5d+M9tmRsAmWyBHWAFEOXrk4= +github.com/drone/drone-yaml v1.2.2-0.20190719011530-e8b24d482cda h1:vPXJLgkyScZ0WnjzATIUcQbSRUjcP9BtnC+CMA1sSOk= +github.com/drone/drone-yaml v1.2.2-0.20190719011530-e8b24d482cda/go.mod h1:l/ehbHx9TGs4jgzhRnP5d+M9tmRsAmWyBHWAFEOXrk4= +github.com/drone/drone-yaml v1.2.2-0.20190719012529-c50000a465ee h1:/zyEkv56+T6JxLkYgYYwZAMLKBgEnHA3fwZXiVI9nuE= +github.com/drone/drone-yaml v1.2.2-0.20190719012529-c50000a465ee/go.mod h1:l/ehbHx9TGs4jgzhRnP5d+M9tmRsAmWyBHWAFEOXrk4= github.com/drone/envsubst v1.0.1 h1:NOOStingM2sbBwsIUeQkKUz8ShwCUzmqMxWrpXItfPE= github.com/drone/envsubst v1.0.1/go.mod h1:bkZbnc/2vh1M12Ecn7EYScpI4YGYU0etwLJICOWi8Z0= github.com/drone/go-license v1.0.2 h1:7OwndfYk+Lp/cGHkxe4HUn/Ysrrw3WYH2pnd99yrkok= diff --git a/operator/runner/runner.go b/operator/runner/runner.go index 123ce24fb..eb85e99b9 100644 --- a/operator/runner/runner.go +++ b/operator/runner/runner.go @@ -188,6 +188,7 @@ func (r *Runner) Run(ctx context.Context, id int64) error { // the legacy yaml configuration file to the new format. y, err := converter.ConvertString(string(m.Config.Data), converter.Metadata{ Filename: m.Repo.Config, + URL: m.Repo.Link, Ref: m.Build.Ref, }) diff --git a/scheduler/queue/queue.go b/scheduler/queue/queue.go index bce12f0e9..a849b4c86 100644 --- a/scheduler/queue/queue.go +++ b/scheduler/queue/queue.go @@ -151,24 +151,27 @@ func (q *queue) signal(ctx context.Context) error { continue } - // the worker is platform-specific. check to ensure - // the queue item matches the worker platform. - if w.os != item.OS { - continue - } - if w.arch != item.Arch { - continue - } - // if the pipeline defines a variant it must match - // the worker variant (e.g. arm6, arm7, etc). - if item.Variant != "" && item.Variant != w.variant { - continue - } - // if the pipeline defines a kernel version it must match - // the worker kernel version (e.g. 1709, 1803). - if item.Kernel != "" && item.Kernel != w.kernel { - continue + if w.os != "" || w.arch != "" || w.variant != "" || w.kernel != "" { + // the worker is platform-specific. check to ensure + // the queue item matches the worker platform. + if w.os != item.OS { + continue + } + if w.arch != item.Arch { + continue + } + // if the pipeline defines a variant it must match + // the worker variant (e.g. arm6, arm7, etc). + if item.Variant != "" && item.Variant != w.variant { + continue + } + // if the pipeline defines a kernel version it must match + // the worker kernel version (e.g. 1709, 1803). + if item.Kernel != "" && item.Kernel != w.kernel { + continue + } } + if len(item.Labels) > 0 || len(w.labels) > 0 { if !checkLabels(item.Labels, w.labels) { continue From 443b369b911fdfa70732d1c88edd89a10e2e69a0 Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Sun, 28 Jul 2019 12:22:16 -0700 Subject: [PATCH 07/16] ability to limit webhook delivery by event and action --- CHANGELOG.md | 1 + cmd/drone-server/config/config.go | 1 + cmd/drone-server/inject_plugin.go | 1 + core/webhook.go | 2 +- go.mod | 8 ++-- go.sum | 6 +++ plugin/webhook/config.go | 1 + plugin/webhook/webhook.go | 25 +++++++++++ plugin/webhook/webhook_test.go | 70 +++++++++++++++++++++++++++++++ 9 files changed, 111 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6defed4ef..0a60f2900 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - support for legacy workspace based on repository name - support for github deployment hooks - provide base sha for github pull requests +- option to filter webhooks by event and type ## [1.2.1] - 2019-06-11 ### Added diff --git a/cmd/drone-server/config/config.go b/cmd/drone-server/config/config.go index 18a0ef629..78650d714 100644 --- a/cmd/drone-server/config/config.go +++ b/cmd/drone-server/config/config.go @@ -280,6 +280,7 @@ type ( // Webhook provides the webhook configuration. Webhook struct { + Events []string `envconfig:"DRONE_WEBHOOK_EVENTS"` Endpoint []string `envconfig:"DRONE_WEBHOOK_ENDPOINT"` Secret string `envconfig:"DRONE_WEBHOOK_SECRET"` SkipVerify bool `envconfig:"DRONE_WEBHOOK_SKIP_VERIFY"` diff --git a/cmd/drone-server/inject_plugin.go b/cmd/drone-server/inject_plugin.go index 7a7510e7d..7e3cd50e8 100644 --- a/cmd/drone-server/inject_plugin.go +++ b/cmd/drone-server/inject_plugin.go @@ -97,6 +97,7 @@ func provideSecretPlugin(config spec.Config) core.SecretService { // a webhook plugin based on the environment configuration. func provideWebhookPlugin(config spec.Config, system *core.System) core.WebhookSender { return webhook.New(webhook.Config{ + Events: config.Webhook.Events, Endpoint: config.Webhook.Endpoint, Secret: config.Webhook.Secret, System: system, diff --git a/core/webhook.go b/core/webhook.go index 1befa0c0d..d4a87b3fd 100644 --- a/core/webhook.go +++ b/core/webhook.go @@ -44,7 +44,7 @@ type ( // WebhookData provides the webhook data. WebhookData struct { - Event string `json:"-"` + Event string `json:"event"` Action string `json:"action"` User *User `json:"user,omitempty"` Repo *Repository `json:"repo,omitempty"` diff --git a/go.mod b/go.mod index 08dc752ed..73e158068 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/docker/distribution v2.7.1+incompatible github.com/docker/go-connections v0.3.0 github.com/docker/go-units v0.3.3 - github.com/drone/drone-go v1.0.5-0.20190427184118-618e4496482e + github.com/drone/drone-go v1.0.5 github.com/drone/drone-runtime v1.0.6 github.com/drone/drone-ui v0.0.0-20190530175131-92ba3df1e0a9 github.com/drone/drone-yaml v1.2.2-0.20190719012529-c50000a465ee @@ -35,7 +35,7 @@ require ( github.com/golang/mock v1.1.1 github.com/golang/protobuf v1.2.0 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c - github.com/google/go-cmp v0.2.0 + github.com/google/go-cmp v0.3.0 github.com/google/go-jsonnet v0.12.1 github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf github.com/google/wire v0.2.1 @@ -43,7 +43,7 @@ require ( github.com/gorhill/cronexpr v0.0.0-20140423231348-a557574d6c02 github.com/gosimple/slug v1.3.0 github.com/gregjones/httpcache v0.0.0-20181110185634-c63ab54fda8f - github.com/h2non/gock v1.0.10 + github.com/h2non/gock v1.0.15 github.com/hashicorp/errwrap v1.0.0 github.com/hashicorp/go-cleanhttp v0.5.0 github.com/hashicorp/go-multierror v1.0.0 @@ -97,3 +97,5 @@ require ( k8s.io/klog v0.1.0 sigs.k8s.io/yaml v1.1.0 ) + +replace github.com/h2non/gock => gopkg.in/h2non/gock.v1 v1.0.14 diff --git a/go.sum b/go.sum index 65d81d368..43bde9d67 100644 --- a/go.sum +++ b/go.sum @@ -40,6 +40,8 @@ github.com/drone/drone-go v0.0.0-20190217024616-3e8b71333e59/go.mod h1:qVb1k1w9X github.com/drone/drone-go v1.0.4 h1:Yom1lix1Lmk3KmKIsBSQJF1bw0YR2lDGaFQrXxqHMko= github.com/drone/drone-go v1.0.5-0.20190427184118-618e4496482e h1:Z9dJNcs1IpyS52xsf5vjXMq7vSuBt48Il2dJgOzyCFM= github.com/drone/drone-go v1.0.5-0.20190427184118-618e4496482e/go.mod h1:GxyeGClYohaKNYJv/ZpsmVHtMJ7WhoT+uDaJNcDIrk4= +github.com/drone/drone-go v1.0.5 h1:KCDzcPoz5yo5DC4sGcLl+6FsUYbCXjBj9d//b5WP5J0= +github.com/drone/drone-go v1.0.5/go.mod h1:GxyeGClYohaKNYJv/ZpsmVHtMJ7WhoT+uDaJNcDIrk4= github.com/drone/drone-runtime v0.0.0-20190210191445-ad403a0ca24e h1:Eq0QI9lKe6T5pziU/Kes1xX6QKAA6ZfnYvaZZeyY5TU= github.com/drone/drone-runtime v0.0.0-20190210191445-ad403a0ca24e/go.mod h1:I+wJO4yvngCUAro6wKjkMbuPPDI/jRynqU0LTW+8J44= github.com/drone/drone-runtime v1.0.3 h1:0p7ASt0WXbLZRzMOw20e1ahV3YkamRhtZFkm8UvM+JA= @@ -141,6 +143,7 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c h1:964Od4U6p2jUkFxvCy github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-jsonnet v0.12.1 h1:v0iUm/b4SBz7lR/diMoz9tLAz8lqtnNRKIwMrmU2HEU= github.com/google/go-jsonnet v0.12.1/go.mod h1:gVu3UVSfOt5fRFq+dh9duBqXa5905QY8S1QvMNcEIVs= github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf h1:+RRA9JqSOZFfKrOeqr2z77+8R2RKyh8PG66dcu1V0ck= @@ -158,6 +161,7 @@ github.com/gregjones/httpcache v0.0.0-20181110185634-c63ab54fda8f/go.mod h1:Fecb github.com/h2non/gock v1.0.9/go.mod h1:CZMcB0Lg5IWnr9bF79pPMg9WeV6WumxQiUJ1UvdO1iE= github.com/h2non/gock v1.0.10 h1:EzHYzKKSLN4xk0w193uAy3tp8I3+L1jmaI2Mjg4lCgU= github.com/h2non/gock v1.0.10/go.mod h1:CZMcB0Lg5IWnr9bF79pPMg9WeV6WumxQiUJ1UvdO1iE= +github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.0 h1:wvCrVc9TjDls6+YGAF2hAifE1E5U1+b4tH6KdvN3Gig= @@ -202,6 +206,7 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 h1:Esafd1046DLD github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/natessilva/dag v0.0.0-20180124060714-7194b8dcc5c4 h1:dnMxwus89s86tI8rcGVp2HwZzlz7c5o92VOy7dSckBQ= github.com/natessilva/dag v0.0.0-20180124060714-7194b8dcc5c4/go.mod h1:cojhOHk1gbMeklOyDP2oKKLftefXoJreOQGOrXk+Z38= +github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms= github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI= @@ -270,6 +275,7 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/h2non/gock.v1 v1.0.14/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= diff --git a/plugin/webhook/config.go b/plugin/webhook/config.go index d50315a6d..b712a041d 100644 --- a/plugin/webhook/config.go +++ b/plugin/webhook/config.go @@ -18,6 +18,7 @@ import "github.com/drone/drone/core" // Config provides the webhook configuration. type Config struct { + Events []string Endpoint []string Secret string System *core.System diff --git a/plugin/webhook/webhook.go b/plugin/webhook/webhook.go index d2e7dba64..b5f2fc512 100644 --- a/plugin/webhook/webhook.go +++ b/plugin/webhook/webhook.go @@ -13,6 +13,7 @@ import ( "encoding/base64" "encoding/json" "net/http" + "path/filepath" "time" "github.com/drone/drone/core" @@ -34,6 +35,7 @@ var signer = httpsignatures.NewSigner( // New returns a new Webhook sender. func New(config Config) core.WebhookSender { return &sender{ + Events: config.Events, Endpoints: config.Endpoint, Secret: config.Secret, System: config.System, @@ -47,6 +49,7 @@ type payload struct { type sender struct { Client *http.Client + Events []string Endpoints []string Secret string System *core.System @@ -58,6 +61,9 @@ func (s *sender) Send(ctx context.Context, in *core.WebhookData) error { if len(s.Endpoints) == 0 { return nil } + if s.match(in.Event, in.Action) == false { + return nil + } wrapper := payload{ WebhookData: in, System: s.System, @@ -96,6 +102,25 @@ func (s *sender) send(endpoint, secret, event string, data []byte) error { return err } +func (s *sender) match(event, action string) bool { + if len(s.Events) == 0 { + return true + } + var name string + switch { + case action == "": + name = event + case action != "": + name = event + ":" + action + } + for _, pattern := range s.Events { + if ok, _ := filepath.Match(pattern, name); ok { + return true + } + } + return false +} + func (s *sender) client() *http.Client { if s.Client == nil { return http.DefaultClient diff --git a/plugin/webhook/webhook_test.go b/plugin/webhook/webhook_test.go index f08219aad..46b64047b 100644 --- a/plugin/webhook/webhook_test.go +++ b/plugin/webhook/webhook_test.go @@ -91,3 +91,73 @@ func TestWebhook_NoEndpoints(t *testing.T) { t.Error(err) } } + +func TestWebhook_NoMatch(t *testing.T) { + webhook := &core.WebhookData{ + Event: core.WebhookEventUser, + Action: core.WebhookActionCreated, + User: &core.User{Login: "octocat"}, + } + + config := Config{ + Events: []string{"repo:disabled"}, + Endpoint: []string{"https://localhost:1234"}, + Secret: "correct-horse-battery-staple", + } + sender := New(config) + err := sender.Send(noContext, webhook) + if err != nil { + t.Error(err) + } +} + +func TestWebhook_Match(t *testing.T) { + tests := []struct { + events []string + event string + action string + matched bool + }{ + { + event: "repo", + action: "enabled", + matched: true, + }, + { + events: []string{"user", "repo"}, + event: "repo", + matched: true, + }, + { + events: []string{"repo:disabled", "repo:enabled"}, + event: "repo", + action: "enabled", + matched: true, + }, + { + events: []string{"repo:disabled", "repo:*"}, + event: "repo", + action: "enabled", + matched: true, + }, + { + events: []string{"repo:disabled", "user:created"}, + event: "repo", + action: "enabled", + matched: false, + }, + { + events: []string{"repo", "user"}, + event: "repo", + action: "enabled", + matched: false, + }, + } + for i, test := range tests { + s := new(sender) + s.Events = test.events + if s.match(test.event, test.action) != test.matched { + t.Errorf("Expect matched %v at index %d", test.matched, i) + } + } +} From ba82e411a5d2d9464cb5e1973c7c3bfbb7975385 Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Sun, 28 Jul 2019 12:30:48 -0700 Subject: [PATCH 08/16] fix failing webhook test --- go.sum | 2 ++ plugin/webhook/webhook_test.go | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.sum b/go.sum index 43bde9d67..6d47f7699 100644 --- a/go.sum +++ b/go.sum @@ -161,6 +161,7 @@ github.com/gregjones/httpcache v0.0.0-20181110185634-c63ab54fda8f/go.mod h1:Fecb github.com/h2non/gock v1.0.9/go.mod h1:CZMcB0Lg5IWnr9bF79pPMg9WeV6WumxQiUJ1UvdO1iE= github.com/h2non/gock v1.0.10 h1:EzHYzKKSLN4xk0w193uAy3tp8I3+L1jmaI2Mjg4lCgU= github.com/h2non/gock v1.0.10/go.mod h1:CZMcB0Lg5IWnr9bF79pPMg9WeV6WumxQiUJ1UvdO1iE= +github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw= github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -275,6 +276,7 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/h2non/gock.v1 v1.0.14 h1:fTeu9fcUvSnLNacYvYI54h+1/XEteDyHvrVCZEEEYNM= gopkg.in/h2non/gock.v1 v1.0.14/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= diff --git a/plugin/webhook/webhook_test.go b/plugin/webhook/webhook_test.go index 46b64047b..4e4b7d7fc 100644 --- a/plugin/webhook/webhook_test.go +++ b/plugin/webhook/webhook_test.go @@ -41,7 +41,7 @@ func TestWebhook(t *testing.T) { AddMatcher(matchSignature). MatchHeader("X-Drone-Event", "user"). MatchHeader("Content-Type", "application/json"). - MatchHeader("Digest", "SHA-256=Rro8edtwJUjLl6e\\/xB9m1ykaymiaC9YxFGb\\/XNuXzO4="). + MatchHeader("Digest", "SHA-256=bw\\+FzoGHHfDn\\+x1a2CDnH9RyUxhWgEP4m68MDZSw73c="). JSON(webhook). Reply(200). Type("application/json") From c78f55cc2f4e7f95cef483433c3a315b50dc1884 Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Mon, 29 Jul 2019 13:41:28 -0700 Subject: [PATCH 09/16] do not allow creating empty user account --- CHANGELOG.md | 5 +++++ handler/api/users/create.go | 12 +++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a60f2900..e35c39351 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,12 +6,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Added + - support for legacy environment variables - support for legacy workspace based on repository name - support for github deployment hooks - provide base sha for github pull requests - option to filter webhooks by event and type +### Fixed + +- error when manually creating an empty user, by [@bradrydzewski](https://github.com/bradrydzewski). [#2738](https://github.com/drone/drone/issues/2738). + ## [1.2.1] - 2019-06-11 ### Added diff --git a/handler/api/users/create.go b/handler/api/users/create.go index b10f4291b..c48bc7240 100644 --- a/handler/api/users/create.go +++ b/handler/api/users/create.go @@ -55,9 +55,15 @@ func HandleCreate(users core.UserStore, sender core.WebhookSender) http.HandlerF if user.Hash == "" { user.Hash = uniuri.NewLen(32) } - // - // TODO(bradrydzewski) validate the user.Login with a user.Validate() function - // + + err = user.Validate() + if err != nil { + render.ErrorCode(w, err, 400) + logger.FromRequest(r).WithError(err). + Errorln("api: invlid username") + return + } + err = users.Create(r.Context(), user) if err == core.ErrUserLimit { render.ErrorCode(w, err, 402) From 27bc816a01c0ce1a457996a4f100d76751246b75 Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Mon, 29 Jul 2019 13:58:32 -0700 Subject: [PATCH 10/16] inactive accounts cannot activate a repository --- go.mod | 4 ++-- go.sum | 5 ++++ handler/api/acl/acl_test.go | 16 +++++++++---- handler/api/acl/check.go | 3 +++ handler/api/acl/check_test.go | 45 +++++++++++++++++++++++++++++++++-- 5 files changed, 65 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 73e158068..bd66f9b5d 100644 --- a/go.mod +++ b/go.mod @@ -17,9 +17,9 @@ require ( github.com/docker/go-connections v0.3.0 github.com/docker/go-units v0.3.3 github.com/drone/drone-go v1.0.5 - github.com/drone/drone-runtime v1.0.6 + github.com/drone/drone-runtime v1.0.7 github.com/drone/drone-ui v0.0.0-20190530175131-92ba3df1e0a9 - github.com/drone/drone-yaml v1.2.2-0.20190719012529-c50000a465ee + github.com/drone/drone-yaml v1.2.2 github.com/drone/envsubst v1.0.1 github.com/drone/go-license v1.0.2 github.com/drone/go-login v1.0.4-0.20190311170324-2a4df4f242a2 diff --git a/go.sum b/go.sum index 6d47f7699..19b20dc61 100644 --- a/go.sum +++ b/go.sum @@ -52,6 +52,9 @@ github.com/drone/drone-runtime v1.0.5 h1:fEdUvKd5+l8BQaPXntjUtSIVLvGWo3Blgb/zrXL github.com/drone/drone-runtime v1.0.5/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs= github.com/drone/drone-runtime v1.0.6 h1:7aPvPCZI2uqt3IEmx/BZg+ml10+I5lE74lZ17Y7xy40= github.com/drone/drone-runtime v1.0.6/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs= +github.com/drone/drone-runtime v1.0.7-0.20190729202838-87c84080f4a1/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs= +github.com/drone/drone-runtime v1.0.7 h1:qviHrNmEdT3aYfQW3NYOuClHw2IU6CECSOfrXe8QLvY= +github.com/drone/drone-runtime v1.0.7/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs= github.com/drone/drone-ui v0.0.0-20190318170755-1ca48466a158 h1:u80WYtaGkKWVmxj1BMX9SukAqTxILzGFIKvY5as9zAc= github.com/drone/drone-ui v0.0.0-20190318170755-1ca48466a158/go.mod h1:NBtVWW7NNJpD9+huMD/5TAE1db2nrEh0i35/9Rf1MPI= github.com/drone/drone-ui v0.0.0-20190318215801-d6c3d11a1c3f h1:yMdZ/2BZFKrfMbWlc0cNH2TCXdC8MsSR0pnu3Dq4UH4= @@ -93,6 +96,8 @@ github.com/drone/drone-yaml v1.2.2-0.20190719011530-e8b24d482cda h1:vPXJLgkyScZ0 github.com/drone/drone-yaml v1.2.2-0.20190719011530-e8b24d482cda/go.mod h1:l/ehbHx9TGs4jgzhRnP5d+M9tmRsAmWyBHWAFEOXrk4= github.com/drone/drone-yaml v1.2.2-0.20190719012529-c50000a465ee h1:/zyEkv56+T6JxLkYgYYwZAMLKBgEnHA3fwZXiVI9nuE= github.com/drone/drone-yaml v1.2.2-0.20190719012529-c50000a465ee/go.mod h1:l/ehbHx9TGs4jgzhRnP5d+M9tmRsAmWyBHWAFEOXrk4= +github.com/drone/drone-yaml v1.2.2 h1:Srf8OlAHhR7SXX5Ax01dP5tpZENsrEKyg35E2nNkIew= +github.com/drone/drone-yaml v1.2.2/go.mod h1:QsqliFK8nG04AHFN9tTn9XJomRBQHD4wcejWW1uz/10= github.com/drone/envsubst v1.0.1 h1:NOOStingM2sbBwsIUeQkKUz8ShwCUzmqMxWrpXItfPE= github.com/drone/envsubst v1.0.1/go.mod h1:bkZbnc/2vh1M12Ecn7EYScpI4YGYU0etwLJICOWi8Z0= github.com/drone/go-license v1.0.2 h1:7OwndfYk+Lp/cGHkxe4HUn/Ysrrw3WYH2pnd99yrkok= diff --git a/handler/api/acl/acl_test.go b/handler/api/acl/acl_test.go index 3bb61115b..2b7eb04cd 100644 --- a/handler/api/acl/acl_test.go +++ b/handler/api/acl/acl_test.go @@ -10,8 +10,8 @@ import ( "net/http/httptest" "testing" - "github.com/drone/drone/handler/api/request" "github.com/drone/drone/core" + "github.com/drone/drone/handler/api/request" "github.com/sirupsen/logrus" ) @@ -22,9 +22,17 @@ func init() { var ( mockUser = &core.User{ - ID: 1, - Login: "octocat", - Admin: false, + ID: 1, + Login: "octocat", + Admin: false, + Active: true, + } + + mockUserInactive = &core.User{ + ID: 1, + Login: "octocat", + Admin: false, + Active: false, } mockRepo = &core.Repository{ diff --git a/handler/api/acl/check.go b/handler/api/acl/check.go index ecaad538b..2eaf6f7ed 100644 --- a/handler/api/acl/check.go +++ b/handler/api/acl/check.go @@ -123,6 +123,9 @@ func CheckAccess(read, write, admin bool) func(http.Handler) http.Handler { ) switch { + case user.Active == false: + render.Forbidden(w, errors.ErrForbidden) + log.Debugln("api: active account required") case read == true && perm.Read == false: render.NotFound(w, errors.ErrNotFound) log.Debugln("api: read access required") diff --git a/handler/api/acl/check_test.go b/handler/api/acl/check_test.go index 6adef6f6e..3221641ce 100644 --- a/handler/api/acl/check_test.go +++ b/handler/api/acl/check_test.go @@ -12,9 +12,9 @@ import ( "testing" "time" + "github.com/drone/drone/core" "github.com/drone/drone/handler/api/errors" "github.com/drone/drone/handler/api/request" - "github.com/drone/drone/core" "github.com/google/go-cmp/cmp" "github.com/go-chi/chi" @@ -380,6 +380,47 @@ func TestCheckWriteAccess(t *testing.T) { } } +// this test verifies the the next handler in the middleware +// chain is not processed if the user has write access BUT +// has been inactivated (e.g. blocked). +func TestCheckWriteAccess_InactiveUser(t *testing.T) { + controller := gomock.NewController(t) + defer controller.Finish() + + writeAccess := &core.Perm{ + Synced: time.Now().Unix(), + Read: true, + Write: true, + Admin: false, + } + + w := httptest.NewRecorder() + r := httptest.NewRequest("GET", "/api/repos/octocat/hello-world", nil) + r = r.WithContext( + request.WithPerm( + request.WithUser( + request.WithRepo(noContext, mockRepo), + mockUserInactive, + ), + writeAccess, + ), + ) + + router := chi.NewRouter() + router.Route("/api/repos/{owner}/{name}", func(router chi.Router) { + router.Use(CheckWriteAccess()) + router.Get("/", func(w http.ResponseWriter, r *http.Request) { + t.Error("should not invoke hanlder") + }) + }) + + router.ServeHTTP(w, r) + + if got, want := w.Code, http.StatusForbidden; got != want { + t.Errorf("Want status code %d, got %d", want, got) + } +} + // this test verifies that a 404 not found error is written to // the response if the user lacks write access to the repository. // @@ -526,7 +567,7 @@ func TestCheckAdminAccess_SystemAdmin(t *testing.T) { controller := gomock.NewController(t) defer controller.Finish() - user := &core.User{ID: 1, Admin: true} + user := &core.User{ID: 1, Admin: true, Active: true} w := httptest.NewRecorder() r := httptest.NewRequest("GET", "/api/repos/octocat/hello-world", nil) From ce1ba916325ecf981bbfab8be4fd0afe28008b5d Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Mon, 29 Jul 2019 14:06:46 -0700 Subject: [PATCH 11/16] bump version to prep for 1.2.2 minor release --- version/version.go | 2 +- version/version_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/version/version.go b/version/version.go index 24ac097d7..e92c6a1c4 100644 --- a/version/version.go +++ b/version/version.go @@ -27,7 +27,7 @@ var ( // VersionMinor is for functionality in a backwards-compatible manner. VersionMinor int64 = 2 // VersionPatch is for backwards-compatible bug fixes. - VersionPatch int64 = 1 + VersionPatch int64 = 2 // VersionPre indicates prerelease. VersionPre = "" // VersionDev indicates development branch. Releases will be empty string. diff --git a/version/version_test.go b/version/version_test.go index 34c130a6a..d7e2ea7a5 100644 --- a/version/version_test.go +++ b/version/version_test.go @@ -9,7 +9,7 @@ package version import "testing" func TestVersion(t *testing.T) { - if got, want := Version.String(), "1.2.1"; got != want { + if got, want := Version.String(), "1.2.2"; got != want { t.Errorf("Want version %s, got %s", want, got) } } From d06e688e8aac6ae41f5b2105cd085105300b24d6 Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Mon, 29 Jul 2019 15:47:53 -0700 Subject: [PATCH 12/16] update changelog for v1.2.2 [ci skip] --- CHANGELOG.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e35c39351..c726d8568 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## Unreleased +## [1.2.2] - 2019-07-29 ### Added - support for legacy environment variables @@ -12,6 +12,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - support for github deployment hooks - provide base sha for github pull requests - option to filter webhooks by event and type +- upgrade drone-yaml to v1.2.2 +- upgrade drone-runtime to v1.0.7 ### Fixed From 1e4774af4db2a4b51665f094cc9d9e75ffa53521 Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Mon, 29 Jul 2019 19:18:25 -0700 Subject: [PATCH 13/16] disable commit status API for cron jobs --- CHANGELOG.md | 5 +++++ service/status/status.go | 2 +- service/status/status_test.go | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c726d8568..0fba17bee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## Unreleased +### Added + +- disable github status for cron jobs + ## [1.2.2] - 2019-07-29 ### Added diff --git a/service/status/status.go b/service/status/status.go index 215fcb49f..64c15a335 100644 --- a/service/status/status.go +++ b/service/status/status.go @@ -49,7 +49,7 @@ type service struct { } func (s *service) Send(ctx context.Context, user *core.User, req *core.StatusInput) error { - if s.disabled { + if s.disabled || req.Build.Trigger == core.TriggerCron { return nil } diff --git a/service/status/status_test.go b/service/status/status_test.go index e57a0c1c8..89d68551e 100644 --- a/service/status/status_test.go +++ b/service/status/status_test.go @@ -102,7 +102,7 @@ func TestStatus_RenewalError(t *testing.T) { mockRenewer.EXPECT().Renew(gomock.Any(), mockUser, false).Return(scm.ErrNotAuthorized) service := New(nil, mockRenewer, Config{Base: "https://drone.company.com"}) - err := service.Send(noContext, mockUser, nil) + err := service.Send(noContext, mockUser, &core.StatusInput{Build: &core.Build{}}) if err == nil { t.Errorf("Expect error refreshing token") } From c7788c45872bde1ec9476d113c5bb07babf29ce9 Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Mon, 29 Jul 2019 19:20:14 -0700 Subject: [PATCH 14/16] copy parameters from parent build when promoting --- CHANGELOG.md | 4 ++++ handler/api/repos/builds/promote.go | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fba17bee..ec6f204d3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - disable github status for cron jobs +### Fixed + +- copy parameters from parent build when promoting, by [@bradrydzewski](https://github.com/bradrydzewski). [#2748](https://github.com/drone/drone/issues/2748), + ## [1.2.2] - 2019-07-29 ### Added diff --git a/handler/api/repos/builds/promote.go b/handler/api/repos/builds/promote.go index 9b36d5cb5..6b5a6362e 100644 --- a/handler/api/repos/builds/promote.go +++ b/handler/api/repos/builds/promote.go @@ -75,6 +75,10 @@ func HandlePromote( Params: map[string]string{}, } + for k, v := range prev.Params { + hook.Params[k] = v + } + for key, value := range r.URL.Query() { if key == "access_token" { continue From 801212a923f29ce0fce1d68b3f922e27bceac79e Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Mon, 29 Jul 2019 19:55:25 -0700 Subject: [PATCH 15/16] improve error when malformed port --- CHANGELOG.md | 3 ++- cmd/drone-server/config/config.go | 11 +++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ec6f204d3..a31970236 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed -- copy parameters from parent build when promoting, by [@bradrydzewski](https://github.com/bradrydzewski). [#2748](https://github.com/drone/drone/issues/2748), +- improve error when kubernetes malforms the port configuration, by [@bradrydzewski](https://github.com/bradrydzewski). [#2742](https://github.com/drone/drone/issues/2742). +- copy parameters from parent build when promoting, by [@bradrydzewski](https://github.com/bradrydzewski). [#2748](https://github.com/drone/drone/issues/2748). ## [1.2.2] - 2019-07-29 ### Added diff --git a/cmd/drone-server/config/config.go b/cmd/drone-server/config/config.go index 78650d714..9d4906998 100644 --- a/cmd/drone-server/config/config.go +++ b/cmd/drone-server/config/config.go @@ -15,6 +15,7 @@ package config import ( + "errors" "fmt" "os" "strings" @@ -391,6 +392,9 @@ func Environ() (Config, error) { defaultSession(&cfg) defaultCallback(&cfg) configureGithub(&cfg) + if err := kubernetesServiceConflict(&cfg); err != nil { + return cfg, err + } return cfg, err } @@ -499,6 +503,13 @@ func configureGithub(c *Config) { } } +func kubernetesServiceConflict(c *Config) error { + if strings.HasPrefix(c.Server.Port, "tcp://") { + return errors.New("Invalid port configuration. See https://discourse.drone.io/t/drone-server-changing-ports-protocol/4144") + } + return nil +} + // Bytes stores number bytes (e.g. megabytes) type Bytes int64 From e1a16634b6e6306f43ae9f07da8d7f8e55ff8a2e Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Mon, 29 Jul 2019 20:37:04 -0700 Subject: [PATCH 16/16] added action to conditionals --- CHANGELOG.md | 1 + operator/runner/runner.go | 1 + trigger/skip.go | 4 ++++ trigger/trigger.go | 3 +++ 4 files changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a31970236..d7966c016 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - disable github status for cron jobs +- support for action in conditionals, by [@bradrydzewski](https://github.com/bradrydzewski). [#2685](https://github.com/drone/drone/issues/2685). ### Fixed diff --git a/operator/runner/runner.go b/operator/runner/runner.go index eb85e99b9..a247e8194 100644 --- a/operator/runner/runner.go +++ b/operator/runner/runner.go @@ -260,6 +260,7 @@ func (r *Runner) Run(ctx context.Context, id int64) error { ) comp.SkipFunc = compiler.SkipFunc( compiler.SkipData{ + Action: m.Build.Action, Branch: m.Build.Target, Cron: m.Build.Cron, Event: m.Build.Event, diff --git a/trigger/skip.go b/trigger/skip.go index f211acb0f..eedd8e246 100644 --- a/trigger/skip.go +++ b/trigger/skip.go @@ -33,6 +33,10 @@ func skipEvent(document *yaml.Pipeline, event string) bool { return !document.Trigger.Event.Match(event) } +func skipAction(document *yaml.Pipeline, action string) bool { + return !document.Trigger.Action.Match(action) +} + func skipInstance(document *yaml.Pipeline, instance string) bool { return !document.Trigger.Instance.Match(instance) } diff --git a/trigger/trigger.go b/trigger/trigger.go index 4fe88f060..1fe55c7e4 100644 --- a/trigger/trigger.go +++ b/trigger/trigger.go @@ -259,6 +259,9 @@ func (t *triggerer) Trigger(ctx context.Context, repo *core.Repository, base *co } else if skipEvent(pipeline, base.Event) { logger = logger.WithField("pipeline", pipeline.Name) logger.Infoln("trigger: skipping pipeline, does not match event") + } else if skipAction(pipeline, base.Action) { + logger = logger.WithField("pipeline", pipeline.Name) + logger.Infoln("trigger: skipping pipeline, does not match action") } else if skipRef(pipeline, base.Ref) { logger = logger.WithField("pipeline", pipeline.Name) logger.Infoln("trigger: skipping pipeline, does not match ref")