[CLI] implement forgejo-cli actions
(cherry picked from commit08be2b226e
) (cherry picked from commitb6cfa88c6e
) (cherry picked from commit59704200de
) [CLI] implement forgejo-cli actions generate-secret (cherry picked from commit6f7905c8ec
) (cherry picked from commite085d6d273
) [CLI] implement forgejo-cli actions generate-secret (squash) NoInit (cherry picked from commit962c944eb2
) [CLI] implement forgejo-cli actions register (cherry picked from commit2f95143000
) (cherry picked from commit42f2f8731e
) [CLI] implement forgejo-cli actions register (squash) no private Do not go through the private API, directly modify the database (cherry picked from commit1ba7c0d39d
) [CLI] implement forgejo-cli actions (cherry picked from commit6f7905c8ec
) (cherry picked from commite085d6d273
) [CLI] implement forgejo-cli actions generate-secret (squash) NoInit (cherry picked from commit962c944eb2
) (cherry picked from commit4c121ef022
) Conflicts: cmd/forgejo/actions.go tests/integration/cmd_forgejo_actions_test.go (cherry picked from commit36997a48e3
) [CLI] implement forgejo-cli actions (squash) restore --version Refs: https://codeberg.org/forgejo/forgejo/issues/1134 (cherry picked from commit9739eb52d8
)
This commit is contained in:
parent
af9e7d8e9e
commit
302c4e30ac
10 changed files with 632 additions and 24 deletions
243
cmd/forgejo/actions.go
Normal file
243
cmd/forgejo/actions.go
Normal file
|
@ -0,0 +1,243 @@
|
||||||
|
// Copyright The Forgejo Authors.
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
package forgejo
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/hex"
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"os"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
actions_model "code.gitea.io/gitea/models/actions"
|
||||||
|
"code.gitea.io/gitea/modules/private"
|
||||||
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
private_routers "code.gitea.io/gitea/routers/private"
|
||||||
|
|
||||||
|
"github.com/urfave/cli/v2"
|
||||||
|
)
|
||||||
|
|
||||||
|
func CmdActions(ctx context.Context) *cli.Command {
|
||||||
|
return &cli.Command{
|
||||||
|
Name: "actions",
|
||||||
|
Usage: "Commands for managing Forgejo Actions",
|
||||||
|
Subcommands: []*cli.Command{
|
||||||
|
SubcmdActionsGenerateRunnerToken(ctx),
|
||||||
|
SubcmdActionsGenerateRunnerSecret(ctx),
|
||||||
|
SubcmdActionsRegister(ctx),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func SubcmdActionsGenerateRunnerToken(ctx context.Context) *cli.Command {
|
||||||
|
return &cli.Command{
|
||||||
|
Name: "generate-runner-token",
|
||||||
|
Usage: "Generate a new token for a runner to use to register with the server",
|
||||||
|
Action: prepareWorkPathAndCustomConf(ctx, func(cliCtx *cli.Context) error { return RunGenerateActionsRunnerToken(ctx, cliCtx) }),
|
||||||
|
Flags: []cli.Flag{
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "scope",
|
||||||
|
Aliases: []string{"s"},
|
||||||
|
Value: "",
|
||||||
|
Usage: "{owner}[/{repo}] - leave empty for a global runner",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func SubcmdActionsGenerateRunnerSecret(ctx context.Context) *cli.Command {
|
||||||
|
return &cli.Command{
|
||||||
|
Name: "generate-secret",
|
||||||
|
Usage: "Generate a secret suitable for input to the register subcommand",
|
||||||
|
Action: func(cliCtx *cli.Context) error { return RunGenerateSecret(ctx, cliCtx) },
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func SubcmdActionsRegister(ctx context.Context) *cli.Command {
|
||||||
|
return &cli.Command{
|
||||||
|
Name: "register",
|
||||||
|
Usage: "Idempotent registration of a runner using a shared secret",
|
||||||
|
Action: prepareWorkPathAndCustomConf(ctx, func(cliCtx *cli.Context) error { return RunRegister(ctx, cliCtx) }),
|
||||||
|
Flags: []cli.Flag{
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "secret",
|
||||||
|
Usage: "the secret the runner will use to connect as a 40 character hexadecimal string",
|
||||||
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "secret-stdin",
|
||||||
|
Usage: "the secret the runner will use to connect as a 40 character hexadecimal string, read from stdin",
|
||||||
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "secret-file",
|
||||||
|
Usage: "path to the file containing the secret the runner will use to connect as a 40 character hexadecimal string",
|
||||||
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "scope",
|
||||||
|
Aliases: []string{"s"},
|
||||||
|
Value: "",
|
||||||
|
Usage: "{owner}[/{repo}] - leave empty for a global runner",
|
||||||
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "labels",
|
||||||
|
Value: "",
|
||||||
|
Usage: "comma separated list of labels supported by the runner (e.g. docker,ubuntu-latest,self-hosted) (not required since v1.21)",
|
||||||
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "name",
|
||||||
|
Value: "runner",
|
||||||
|
Usage: "name of the runner (default runner)",
|
||||||
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "version",
|
||||||
|
Value: "",
|
||||||
|
Usage: "version of the runner (not required since v1.21)",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func readSecret(ctx context.Context, cliCtx *cli.Context) (string, error) {
|
||||||
|
if cliCtx.IsSet("secret") {
|
||||||
|
return cliCtx.String("secret"), nil
|
||||||
|
}
|
||||||
|
if cliCtx.IsSet("secret-stdin") {
|
||||||
|
buf, err := io.ReadAll(ContextGetStdin(ctx))
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
return string(buf), nil
|
||||||
|
}
|
||||||
|
if cliCtx.IsSet("secret-file") {
|
||||||
|
path := cliCtx.String("secret-file")
|
||||||
|
buf, err := os.ReadFile(path)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
return string(buf), nil
|
||||||
|
}
|
||||||
|
return "", fmt.Errorf("at least one of the --secret, --secret-stdin, --secret-file options is required")
|
||||||
|
}
|
||||||
|
|
||||||
|
func validateSecret(secret string) error {
|
||||||
|
secretLen := len(secret)
|
||||||
|
if secretLen != 40 {
|
||||||
|
return fmt.Errorf("the secret must be exactly 40 characters long, not %d: generate-secret can provide a secret matching the requirements", secretLen)
|
||||||
|
}
|
||||||
|
if _, err := hex.DecodeString(secret); err != nil {
|
||||||
|
return fmt.Errorf("the secret must be an hexadecimal string: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func RunRegister(ctx context.Context, cliCtx *cli.Context) error {
|
||||||
|
if !ContextGetNoInit(ctx) {
|
||||||
|
var cancel context.CancelFunc
|
||||||
|
ctx, cancel = installSignals(ctx)
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
|
if err := initDB(ctx); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
setting.MustInstalled()
|
||||||
|
|
||||||
|
secret, err := readSecret(ctx, cliCtx)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := validateSecret(secret); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
scope := cliCtx.String("scope")
|
||||||
|
labels := cliCtx.String("labels")
|
||||||
|
name := cliCtx.String("name")
|
||||||
|
version := cliCtx.String("version")
|
||||||
|
|
||||||
|
//
|
||||||
|
// There are two kinds of tokens
|
||||||
|
//
|
||||||
|
// - "registration token" only used when a runner interacts to
|
||||||
|
// register
|
||||||
|
//
|
||||||
|
// - "token" obtained after a successful registration and stored by
|
||||||
|
// the runner to authenticate
|
||||||
|
//
|
||||||
|
// The register subcommand does not need a "registration token", it
|
||||||
|
// needs a "token". Using the same name is confusing and secret is
|
||||||
|
// preferred for this reason in the cli.
|
||||||
|
//
|
||||||
|
// The ActionsRunnerRegister argument is token to be consistent with
|
||||||
|
// the internal naming. It is still confusing to the developer but
|
||||||
|
// not to the user.
|
||||||
|
//
|
||||||
|
owner, repo, err := private_routers.ParseScope(ctx, scope)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
runner, err := actions_model.RegisterRunner(ctx, owner, repo, secret, strings.Split(labels, ","), name, version)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("error while registering runner: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if _, err := fmt.Fprintf(ContextGetStdout(ctx), "%s", runner.UUID); err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func RunGenerateSecret(ctx context.Context, cliCtx *cli.Context) error {
|
||||||
|
runner := actions_model.ActionRunner{}
|
||||||
|
if err := runner.GenerateToken(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if _, err := fmt.Fprintf(ContextGetStdout(ctx), "%s", runner.Token); err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func RunGenerateActionsRunnerToken(ctx context.Context, cliCtx *cli.Context) error {
|
||||||
|
if !ContextGetNoInit(ctx) {
|
||||||
|
var cancel context.CancelFunc
|
||||||
|
ctx, cancel = installSignals(ctx)
|
||||||
|
defer cancel()
|
||||||
|
}
|
||||||
|
|
||||||
|
setting.MustInstalled()
|
||||||
|
|
||||||
|
scope := cliCtx.String("scope")
|
||||||
|
|
||||||
|
respText, extra := private.GenerateActionsRunnerToken(ctx, scope)
|
||||||
|
if extra.HasError() {
|
||||||
|
return handleCliResponseExtra(ctx, extra)
|
||||||
|
}
|
||||||
|
if _, err := fmt.Fprintf(ContextGetStdout(ctx), "%s", respText); err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func prepareWorkPathAndCustomConf(ctx context.Context, action cli.ActionFunc) func(cliCtx *cli.Context) error {
|
||||||
|
return func(cliCtx *cli.Context) error {
|
||||||
|
if !ContextGetNoInit(ctx) {
|
||||||
|
var args setting.ArgWorkPathAndCustomConf
|
||||||
|
// from children to parent, check the global flags
|
||||||
|
for _, curCtx := range cliCtx.Lineage() {
|
||||||
|
if curCtx.IsSet("work-path") && args.WorkPath == "" {
|
||||||
|
args.WorkPath = curCtx.String("work-path")
|
||||||
|
}
|
||||||
|
if curCtx.IsSet("custom-path") && args.CustomPath == "" {
|
||||||
|
args.CustomPath = curCtx.String("custom-path")
|
||||||
|
}
|
||||||
|
if curCtx.IsSet("config") && args.CustomConf == "" {
|
||||||
|
args.CustomConf = curCtx.String("config")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
setting.InitWorkPathAndCommonConfig(os.Getenv, args)
|
||||||
|
}
|
||||||
|
return action(cliCtx)
|
||||||
|
}
|
||||||
|
}
|
|
@ -34,7 +34,9 @@ func CmdForgejo(ctx context.Context) *cli.Command {
|
||||||
Name: "forgejo-cli",
|
Name: "forgejo-cli",
|
||||||
Usage: "Forgejo CLI",
|
Usage: "Forgejo CLI",
|
||||||
Flags: []cli.Flag{},
|
Flags: []cli.Flag{},
|
||||||
Subcommands: []*cli.Command{},
|
Subcommands: []*cli.Command{
|
||||||
|
CmdActions(ctx),
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -61,8 +61,7 @@ func appGlobalFlags() []cli.Flag {
|
||||||
return []cli.Flag{
|
return []cli.Flag{
|
||||||
// make the builtin flags at the top
|
// make the builtin flags at the top
|
||||||
helpFlag,
|
helpFlag,
|
||||||
// Forgejo: commented out because it would conflict at runtime with the --version
|
cli.VersionFlag,
|
||||||
// cli.VersionFlag,
|
|
||||||
|
|
||||||
// shared configuration flags, they are for global and for each sub-command at the same time
|
// shared configuration flags, they are for global and for each sub-command at the same time
|
||||||
// eg: such command is valid: "./gitea --config /tmp/app.ini web --config /tmp/app.ini", while it's discouraged indeed
|
// eg: such command is valid: "./gitea --config /tmp/app.ini web --config /tmp/app.ini", while it's discouraged indeed
|
||||||
|
@ -168,7 +167,9 @@ func NewMainApp() *cli.App {
|
||||||
// that is NOT compatible with Gitea.
|
// that is NOT compatible with Gitea.
|
||||||
//
|
//
|
||||||
if executable == "forgejo-cli" {
|
if executable == "forgejo-cli" {
|
||||||
subCmds = []*cli.Command{}
|
subCmds = []*cli.Command{
|
||||||
|
forgejo.CmdActions(context.Background()),
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
//
|
//
|
||||||
// Otherwise provide a Gitea compatible CLI which includes Forgejo
|
// Otherwise provide a Gitea compatible CLI which includes Forgejo
|
||||||
|
@ -210,7 +211,6 @@ func newMainApp(subCmds ...*cli.Command) *cli.App {
|
||||||
cmdConvert := util.ToPointer(*cmdDoctorConvert)
|
cmdConvert := util.ToPointer(*cmdDoctorConvert)
|
||||||
cmdConvert.Hidden = true // still support the legacy "./gitea doctor" by the hidden sub-command, remove it in next release
|
cmdConvert.Hidden = true // still support the legacy "./gitea doctor" by the hidden sub-command, remove it in next release
|
||||||
subCmdWithConfig = append(subCmdWithConfig, cmdConvert)
|
subCmdWithConfig = append(subCmdWithConfig, cmdConvert)
|
||||||
subCmdWithConfig = append(subCmdWithConfig, subCmds...)
|
|
||||||
|
|
||||||
// these sub-commands do not need the config file, and they do not depend on any path or environment variable.
|
// these sub-commands do not need the config file, and they do not depend on any path or environment variable.
|
||||||
subCmdStandalone := []*cli.Command{
|
subCmdStandalone := []*cli.Command{
|
||||||
|
@ -230,6 +230,7 @@ func newMainApp(subCmds ...*cli.Command) *cli.App {
|
||||||
}
|
}
|
||||||
app.Commands = append(app.Commands, subCmdWithConfig...)
|
app.Commands = append(app.Commands, subCmdWithConfig...)
|
||||||
app.Commands = append(app.Commands, subCmdStandalone...)
|
app.Commands = append(app.Commands, subCmdStandalone...)
|
||||||
|
app.Commands = append(app.Commands, subCmds...)
|
||||||
|
|
||||||
if !checkCommandFlags(app) {
|
if !checkCommandFlags(app) {
|
||||||
panic("some flags are incorrect") // this is a runtime check to help developers
|
panic("some flags are incorrect") // this is a runtime check to help developers
|
||||||
|
|
68
models/actions/forgejo.go
Normal file
68
models/actions/forgejo.go
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
package actions
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/hex"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
auth_model "code.gitea.io/gitea/models/auth"
|
||||||
|
"code.gitea.io/gitea/models/db"
|
||||||
|
"code.gitea.io/gitea/modules/util"
|
||||||
|
|
||||||
|
gouuid "github.com/google/uuid"
|
||||||
|
)
|
||||||
|
|
||||||
|
func RegisterRunner(ctx context.Context, ownerID, repoID int64, token string, labels []string, name, version string) (*ActionRunner, error) {
|
||||||
|
uuid, err := gouuid.FromBytes([]byte(token[:16]))
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("gouuid.FromBytes %v", err)
|
||||||
|
}
|
||||||
|
uuidString := uuid.String()
|
||||||
|
|
||||||
|
var runner ActionRunner
|
||||||
|
|
||||||
|
has, err := db.GetEngine(ctx).Where("uuid=?", uuidString).Get(&runner)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("GetRunner %v", err)
|
||||||
|
} else if !has {
|
||||||
|
//
|
||||||
|
// The runner does not exist yet, create it
|
||||||
|
//
|
||||||
|
saltBytes, err := util.CryptoRandomBytes(16)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("CryptoRandomBytes %v", err)
|
||||||
|
}
|
||||||
|
salt := hex.EncodeToString(saltBytes)
|
||||||
|
|
||||||
|
hash := auth_model.HashToken(token, salt)
|
||||||
|
|
||||||
|
runner = ActionRunner{
|
||||||
|
UUID: uuidString,
|
||||||
|
TokenHash: hash,
|
||||||
|
TokenSalt: salt,
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := CreateRunner(ctx, &runner); err != nil {
|
||||||
|
return &runner, fmt.Errorf("can't create new runner %w", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// Update the existing runner
|
||||||
|
//
|
||||||
|
name, _ = util.SplitStringAtByteN(name, 255)
|
||||||
|
|
||||||
|
runner.Name = name
|
||||||
|
runner.OwnerID = ownerID
|
||||||
|
runner.RepoID = repoID
|
||||||
|
runner.Version = version
|
||||||
|
runner.AgentLabels = labels
|
||||||
|
|
||||||
|
if err := UpdateRunner(ctx, &runner, "name", "owner_id", "repo_id", "version", "agent_labels"); err != nil {
|
||||||
|
return &runner, fmt.Errorf("can't update the runner %+v %w", runner, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return &runner, nil
|
||||||
|
}
|
29
models/actions/forgejo_test.go
Normal file
29
models/actions/forgejo_test.go
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
package actions
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/subtle"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
auth_model "code.gitea.io/gitea/models/auth"
|
||||||
|
"code.gitea.io/gitea/models/db"
|
||||||
|
"code.gitea.io/gitea/models/unittest"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestActions_RegisterRunner(t *testing.T) {
|
||||||
|
assert.NoError(t, unittest.PrepareTestDatabase())
|
||||||
|
ownerID := int64(0)
|
||||||
|
repoID := int64(0)
|
||||||
|
token := "0123456789012345678901234567890123456789"
|
||||||
|
labels := []string{}
|
||||||
|
name := "runner"
|
||||||
|
version := "v1.2.3"
|
||||||
|
runner, err := RegisterRunner(db.DefaultContext, ownerID, repoID, token, labels, name, version)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.EqualValues(t, name, runner.Name)
|
||||||
|
|
||||||
|
assert.EqualValues(t, 1, subtle.ConstantTimeCompare([]byte(runner.TokenHash), []byte(auth_model.HashToken(token, runner.TokenSalt))), "the token cannot be verified with the same method as routers/api/actions/runner/interceptor.go as of 8228751c55d6a4263f0fec2932ca16181c09c97d")
|
||||||
|
}
|
18
models/actions/main_test.go
Normal file
18
models/actions/main_test.go
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
package actions_test
|
||||||
|
|
||||||
|
import (
|
||||||
|
"path/filepath"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/models/unittest"
|
||||||
|
|
||||||
|
_ "code.gitea.io/gitea/models"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestMain(m *testing.M) {
|
||||||
|
unittest.MainTest(m, &unittest.TestOptions{
|
||||||
|
GiteaRootPath: filepath.Join("..", ".."),
|
||||||
|
})
|
||||||
|
}
|
32
modules/private/forgejo_actions.go
Normal file
32
modules/private/forgejo_actions.go
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
package private
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
)
|
||||||
|
|
||||||
|
type ActionsRunnerRegisterRequest struct {
|
||||||
|
Token string
|
||||||
|
Scope string
|
||||||
|
Labels []string
|
||||||
|
Name string
|
||||||
|
Version string
|
||||||
|
}
|
||||||
|
|
||||||
|
func ActionsRunnerRegister(ctx context.Context, token, scope string, labels []string, name, version string) (string, ResponseExtra) {
|
||||||
|
reqURL := setting.LocalURL + "api/internal/actions/register"
|
||||||
|
|
||||||
|
req := newInternalRequest(ctx, reqURL, "POST", ActionsRunnerRegisterRequest{
|
||||||
|
Token: token,
|
||||||
|
Scope: scope,
|
||||||
|
Labels: labels,
|
||||||
|
Name: name,
|
||||||
|
Version: version,
|
||||||
|
})
|
||||||
|
|
||||||
|
resp, extra := requestJSONResp(req, &responseText{})
|
||||||
|
return resp.Text, extra
|
||||||
|
}
|
|
@ -4,6 +4,7 @@
|
||||||
package private
|
package private
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
gocontext "context"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -64,7 +65,11 @@ func GenerateActionsRunnerToken(ctx *context.PrivateContext) {
|
||||||
ctx.PlainText(http.StatusOK, token.Token)
|
ctx.PlainText(http.StatusOK, token.Token)
|
||||||
}
|
}
|
||||||
|
|
||||||
func parseScope(ctx *context.PrivateContext, scope string) (ownerID, repoID int64, err error) {
|
func ParseScope(ctx gocontext.Context, scope string) (ownerID, repoID int64, err error) {
|
||||||
|
return parseScope(ctx, scope)
|
||||||
|
}
|
||||||
|
|
||||||
|
func parseScope(ctx gocontext.Context, scope string) (ownerID, repoID int64, err error) {
|
||||||
ownerID = 0
|
ownerID = 0
|
||||||
repoID = 0
|
repoID = 0
|
||||||
if scope == "" {
|
if scope == "" {
|
||||||
|
|
213
tests/integration/cmd_forgejo_actions_test.go
Normal file
213
tests/integration/cmd_forgejo_actions_test.go
Normal file
|
@ -0,0 +1,213 @@
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
package integration
|
||||||
|
|
||||||
|
import (
|
||||||
|
gocontext "context"
|
||||||
|
"net/url"
|
||||||
|
"os"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
actions_model "code.gitea.io/gitea/models/actions"
|
||||||
|
repo_model "code.gitea.io/gitea/models/repo"
|
||||||
|
"code.gitea.io/gitea/models/unittest"
|
||||||
|
user_model "code.gitea.io/gitea/models/user"
|
||||||
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
"code.gitea.io/gitea/modules/test"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func Test_CmdForgejo_Actions(t *testing.T) {
|
||||||
|
onGiteaRun(t, func(*testing.T, *url.URL) {
|
||||||
|
defer test.MockVariable(&setting.Actions.Enabled, true)()
|
||||||
|
|
||||||
|
token, err := cmdForgejoCaptureOutput(t, []string{"forgejo", "forgejo-cli", "actions", "generate-runner-token"})
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.EqualValues(t, 40, len(token))
|
||||||
|
|
||||||
|
secret, err := cmdForgejoCaptureOutput(t, []string{"forgejo", "forgejo-cli", "actions", "generate-secret"})
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.EqualValues(t, 40, len(secret))
|
||||||
|
|
||||||
|
_, err = cmdForgejoCaptureOutput(t, []string{"forgejo", "forgejo-cli", "actions", "register"})
|
||||||
|
assert.ErrorContains(t, err, "at least one of the --secret")
|
||||||
|
|
||||||
|
for _, testCase := range []struct {
|
||||||
|
testName string
|
||||||
|
scope string
|
||||||
|
secret string
|
||||||
|
errorMessage string
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
testName: "bad user",
|
||||||
|
scope: "baduser",
|
||||||
|
secret: "0123456789012345678901234567890123456789",
|
||||||
|
errorMessage: "user does not exist",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
testName: "bad repo",
|
||||||
|
scope: "org25/badrepo",
|
||||||
|
secret: "0123456789012345678901234567890123456789",
|
||||||
|
errorMessage: "repository does not exist",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
testName: "secret length != 40",
|
||||||
|
scope: "org25",
|
||||||
|
secret: "0123456789",
|
||||||
|
errorMessage: "40 characters long",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
testName: "secret is not a hexadecimal string",
|
||||||
|
scope: "org25",
|
||||||
|
secret: "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
|
||||||
|
errorMessage: "must be an hexadecimal string",
|
||||||
|
},
|
||||||
|
} {
|
||||||
|
t.Run(testCase.testName, func(t *testing.T) {
|
||||||
|
cmd := []string{"forgejo", "forgejo-cli", "actions", "register", "--secret", testCase.secret, "--scope", testCase.scope}
|
||||||
|
output, err := cmdForgejoCaptureOutput(t, cmd)
|
||||||
|
assert.ErrorContains(t, err, testCase.errorMessage)
|
||||||
|
assert.EqualValues(t, "", output)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
secret = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"
|
||||||
|
expecteduuid := "44444444-4444-4444-4444-444444444444"
|
||||||
|
|
||||||
|
for _, testCase := range []struct {
|
||||||
|
testName string
|
||||||
|
secretOption func() string
|
||||||
|
stdin []string
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
testName: "secret from argument",
|
||||||
|
secretOption: func() string {
|
||||||
|
return "--secret=" + secret
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
testName: "secret from stdin",
|
||||||
|
secretOption: func() string {
|
||||||
|
return "--secret-stdin"
|
||||||
|
},
|
||||||
|
stdin: []string{secret},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
testName: "secret from file",
|
||||||
|
secretOption: func() string {
|
||||||
|
secretFile := t.TempDir() + "/secret"
|
||||||
|
assert.NoError(t, os.WriteFile(secretFile, []byte(secret), 0o644))
|
||||||
|
return "--secret-file=" + secretFile
|
||||||
|
},
|
||||||
|
},
|
||||||
|
} {
|
||||||
|
t.Run(testCase.testName, func(t *testing.T) {
|
||||||
|
cmd := []string{"forgejo", "forgejo-cli", "actions", "register", testCase.secretOption(), "--scope=org26"}
|
||||||
|
uuid, err := cmdForgejoCaptureOutput(t, cmd, testCase.stdin...)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.EqualValues(t, expecteduuid, uuid)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
secret = "0123456789012345678901234567890123456789"
|
||||||
|
expecteduuid = "30313233-3435-3637-3839-303132333435"
|
||||||
|
|
||||||
|
for _, testCase := range []struct {
|
||||||
|
testName string
|
||||||
|
scope string
|
||||||
|
secret string
|
||||||
|
name string
|
||||||
|
labels string
|
||||||
|
version string
|
||||||
|
uuid string
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
testName: "org",
|
||||||
|
scope: "org25",
|
||||||
|
secret: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
|
||||||
|
uuid: "41414141-4141-4141-4141-414141414141",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
testName: "user and repo",
|
||||||
|
scope: "user2/repo2",
|
||||||
|
secret: "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
|
||||||
|
uuid: "42424242-4242-4242-4242-424242424242",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
testName: "labels",
|
||||||
|
scope: "org25",
|
||||||
|
name: "runnerName",
|
||||||
|
labels: "label1,label2,label3",
|
||||||
|
version: "v1.2.3",
|
||||||
|
secret: "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC",
|
||||||
|
uuid: "43434343-4343-4343-4343-434343434343",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
testName: "insert a runner",
|
||||||
|
scope: "user3/repo5",
|
||||||
|
name: "runnerName",
|
||||||
|
labels: "label1,label2,label3",
|
||||||
|
version: "v1.2.3",
|
||||||
|
secret: secret,
|
||||||
|
uuid: expecteduuid,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
testName: "update an existing runner",
|
||||||
|
scope: "user5/repo4",
|
||||||
|
name: "runnerNameChanged",
|
||||||
|
labels: "label1,label2,label3,more,label",
|
||||||
|
version: "v1.2.3-suffix",
|
||||||
|
secret: secret,
|
||||||
|
uuid: expecteduuid,
|
||||||
|
},
|
||||||
|
} {
|
||||||
|
t.Run(testCase.testName, func(t *testing.T) {
|
||||||
|
cmd := []string{
|
||||||
|
"forgejo", "forgejo-cli", "actions", "register",
|
||||||
|
"--secret", testCase.secret, "--scope", testCase.scope,
|
||||||
|
}
|
||||||
|
if testCase.name != "" {
|
||||||
|
cmd = append(cmd, "--name", testCase.name)
|
||||||
|
}
|
||||||
|
if testCase.labels != "" {
|
||||||
|
cmd = append(cmd, "--labels", testCase.labels)
|
||||||
|
}
|
||||||
|
if testCase.version != "" {
|
||||||
|
cmd = append(cmd, "--version", testCase.version)
|
||||||
|
}
|
||||||
|
//
|
||||||
|
// Run twice to verify it is idempotent
|
||||||
|
//
|
||||||
|
for i := 0; i < 2; i++ {
|
||||||
|
uuid, err := cmdForgejoCaptureOutput(t, cmd)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
if assert.EqualValues(t, testCase.uuid, uuid) {
|
||||||
|
ownerName, repoName, found := strings.Cut(testCase.scope, "/")
|
||||||
|
action, err := actions_model.GetRunnerByUUID(gocontext.Background(), uuid)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: action.OwnerID})
|
||||||
|
assert.Equal(t, ownerName, user.Name, action.OwnerID)
|
||||||
|
|
||||||
|
if found {
|
||||||
|
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: action.RepoID})
|
||||||
|
assert.Equal(t, repoName, repo.Name, action.RepoID)
|
||||||
|
}
|
||||||
|
if testCase.name != "" {
|
||||||
|
assert.EqualValues(t, testCase.name, action.Name)
|
||||||
|
}
|
||||||
|
if testCase.labels != "" {
|
||||||
|
labels := strings.Split(testCase.labels, ",")
|
||||||
|
assert.EqualValues(t, labels, action.AgentLabels)
|
||||||
|
}
|
||||||
|
if testCase.version != "" {
|
||||||
|
assert.EqualValues(t, testCase.version, action.Version)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
|
@ -5,35 +5,32 @@ package integration
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
"flag"
|
|
||||||
"io"
|
|
||||||
"os"
|
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"code.gitea.io/gitea/cmd/forgejo"
|
"code.gitea.io/gitea/cmd/forgejo"
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
|
||||||
"github.com/urfave/cli/v2"
|
"github.com/urfave/cli/v2"
|
||||||
)
|
)
|
||||||
|
|
||||||
func cmdForgejoCaptureOutput(t *testing.T, args []string, stdin ...string) (string, error) {
|
func cmdForgejoCaptureOutput(t *testing.T, args []string, stdin ...string) (string, error) {
|
||||||
r, w, err := os.Pipe()
|
buf := new(bytes.Buffer)
|
||||||
assert.NoError(t, err)
|
|
||||||
set := flag.NewFlagSet("forgejo-cli", 0)
|
app := cli.NewApp()
|
||||||
assert.NoError(t, set.Parse(args))
|
app.Writer = buf
|
||||||
cliContext := cli.NewContext(&cli.App{Writer: w, ErrWriter: w}, set, nil)
|
app.ErrWriter = buf
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
ctx = forgejo.ContextSetNoInit(ctx, true)
|
ctx = forgejo.ContextSetNoInit(ctx, true)
|
||||||
ctx = forgejo.ContextSetNoExit(ctx, true)
|
ctx = forgejo.ContextSetNoExit(ctx, true)
|
||||||
ctx = forgejo.ContextSetStdout(ctx, w)
|
ctx = forgejo.ContextSetStdout(ctx, buf)
|
||||||
ctx = forgejo.ContextSetStderr(ctx, w)
|
ctx = forgejo.ContextSetStderr(ctx, buf)
|
||||||
if len(stdin) > 0 {
|
if len(stdin) > 0 {
|
||||||
ctx = forgejo.ContextSetStdin(ctx, strings.NewReader(strings.Join(stdin, "")))
|
ctx = forgejo.ContextSetStdin(ctx, strings.NewReader(strings.Join(stdin, "")))
|
||||||
}
|
}
|
||||||
err = forgejo.CmdForgejo(ctx).Run(cliContext)
|
app.Commands = []*cli.Command{
|
||||||
w.Close()
|
forgejo.CmdForgejo(ctx),
|
||||||
var buf bytes.Buffer
|
}
|
||||||
io.Copy(&buf, r)
|
err := app.Run(args)
|
||||||
|
|
||||||
return buf.String(), err
|
return buf.String(), err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue