Skip to content

Commit

Permalink
fix: move netrc defaults into github implementation
Browse files Browse the repository at this point in the history
  • Loading branch information
@plyr4
plyr4 committed Oct 29, 2024
1 parent 9d62db7 commit 618152d
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 20 deletions.
14 changes: 1 addition & 13 deletions compiler/native/compile.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,20 +48,8 @@ func (c *client) Compile(ctx context.Context, v interface{}) (*pipeline.Build, *
// this has to occur after Parse because the scm configurations might be set in yaml
// netrc can be provided directly using WithNetrc for situations like local exec
if c.netrc == nil && c.scm != nil {
// ensure restrictive defaults for the netrc for scms that support granular permissions
if p.Git.Repositories == nil {
p.Git.Repositories = []string{c.repo.GetName()}
}

if p.Git.Permissions == nil {
p.Git.Permissions = map[string]string{
constants.AppInstallResourceContents: constants.AppInstallPermissionRead,
constants.AppInstallResourceChecks: constants.AppInstallPermissionWrite,
}
}

// get the netrc password from the scm
netrc, err := c.scm.GetNetrcPassword(ctx, c.repo, c.user, p.Git.Repositories, p.Git.Permissions)
netrc, err := c.scm.GetNetrcPassword(ctx, c.repo, c.user, p.Git)
if err != nil {
return nil, nil, err
}
Expand Down
19 changes: 13 additions & 6 deletions scm/github/repo.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"github.com/sirupsen/logrus"

api "github.com/go-vela/server/api/types"
"github.com/go-vela/server/compiler/types/yaml"
"github.com/go-vela/server/constants"
)

Expand Down Expand Up @@ -679,7 +680,7 @@ func (c *client) GetBranch(ctx context.Context, r *api.Repo, branch string) (str

// GetNetrcPassword returns a clone token using the repo's github app installation if it exists.
// If not, it defaults to the user OAuth token.
func (c *client) GetNetrcPassword(ctx context.Context, r *api.Repo, u *api.User, repos []string, perms map[string]string) (string, error) {
func (c *client) GetNetrcPassword(ctx context.Context, r *api.Repo, u *api.User, g yaml.Git) (string, error) {
l := c.Logger.WithFields(logrus.Fields{
"org": r.GetOrg(),
"repo": r.GetName(),
Expand All @@ -692,10 +693,11 @@ func (c *client) GetNetrcPassword(ctx context.Context, r *api.Repo, u *api.User,
// repos that the token has access to
// providing no repos, nil, or empty slice will default the token permissions to the list
// of repos added to the installation
//
// the compiler will set restrictive defaults with access to the triggering repo
repos := g.Repositories

// use triggering repo as a restrictive default
if repos == nil {
repos = []string{}
repos = []string{r.GetName()}
}

// convert repo fullname org/name to just name for usability
Expand All @@ -719,7 +721,12 @@ func (c *client) GetNetrcPassword(ctx context.Context, r *api.Repo, u *api.User,
Checks: github.String(constants.AppInstallPermissionWrite),
}

for resource, perm := range perms {
permissions := g.Permissions
if permissions == nil {
permissions = map[string]string{}
}

for resource, perm := range permissions {
ghPerms, err = applyGitHubInstallationPermission(ghPerms, resource, perm)
if err != nil {
l.Errorf("unable to create github app installation token with permission %s:%s: %v", resource, perm, err)
Expand All @@ -735,7 +742,7 @@ func (c *client) GetNetrcPassword(ctx context.Context, r *api.Repo, u *api.User,
// maybe take an optional list of repos and permission set that is driven by yaml
t, err := c.newGithubAppInstallationRepoToken(ctx, r, repos, ghPerms)
if err != nil {
l.Errorf("unable to create github app installation token for repos %v with permissions %v: %v", repos, perms, err)
l.Errorf("unable to create github app installation token for repos %v with permissions %v: %v", repos, permissions, err)

// return the legacy token along with no error for backwards compatibility
// todo: return an error based based on app installation requirements
Expand Down
3 changes: 2 additions & 1 deletion scm/service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"net/http"

api "github.com/go-vela/server/api/types"
"github.com/go-vela/server/compiler/types/yaml"
"github.com/go-vela/server/database"
"github.com/go-vela/server/internal"
)
Expand Down Expand Up @@ -143,7 +144,7 @@ type Service interface {
GetHTMLURL(context.Context, *api.User, string, string, string, string) (string, error)
// GetNetrc defines a function that returns the netrc
// password injected into build steps.
GetNetrcPassword(context.Context, *api.Repo, *api.User, []string, map[string]string) (string, error)
GetNetrcPassword(context.Context, *api.Repo, *api.User, yaml.Git) (string, error)
// SyncRepoWithInstallation defines a function that syncs
// a repo with the installation, if it exists.
SyncRepoWithInstallation(context.Context, *api.Repo) (*api.Repo, error)
Expand Down

0 comments on commit 618152d

Please sign in to comment.