feat: Add support for GitHub
This doesn't include GitHub Enterprise Closes kemitix/git-next#86
This commit is contained in:
parent
206e64cd5b
commit
46b6d8680c
49 changed files with 1253 additions and 539 deletions
|
@ -7,6 +7,7 @@ members = [
|
||||||
"crates/git",
|
"crates/git",
|
||||||
"crates/forge",
|
"crates/forge",
|
||||||
"crates/forge-forgejo",
|
"crates/forge-forgejo",
|
||||||
|
"crates/forge-github",
|
||||||
"crates/repo-actor",
|
"crates/repo-actor",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
@ -26,6 +27,7 @@ git-next-config = { path = "crates/config" }
|
||||||
git-next-git = { path = "crates/git" }
|
git-next-git = { path = "crates/git" }
|
||||||
git-next-forge = { path = "crates/forge" }
|
git-next-forge = { path = "crates/forge" }
|
||||||
git-next-forge-forgejo = { path = "crates/forge-forgejo" }
|
git-next-forge-forgejo = { path = "crates/forge-forgejo" }
|
||||||
|
git-next-forge-github = { path = "crates/forge-github" }
|
||||||
git-next-repo-actor = { path = "crates/repo-actor" }
|
git-next-repo-actor = { path = "crates/repo-actor" }
|
||||||
|
|
||||||
# CLI parsing
|
# CLI parsing
|
||||||
|
@ -39,6 +41,11 @@ tracing-subscriber = "0.3"
|
||||||
# base64 decoding
|
# base64 decoding
|
||||||
base64 = "0.22"
|
base64 = "0.22"
|
||||||
|
|
||||||
|
# sha256 encoding (e.g. verify github webhooks)
|
||||||
|
hmac = "0.12"
|
||||||
|
sha2 = "0.10"
|
||||||
|
hex = "0.4"
|
||||||
|
|
||||||
# git
|
# git
|
||||||
# gix = "0.62"
|
# gix = "0.62"
|
||||||
gix = { version = "0.63", features = [
|
gix = { version = "0.63", features = [
|
||||||
|
|
46
README.md
46
README.md
|
@ -172,6 +172,46 @@ In the directory with your `git-next-server.toml` file, run the command:
|
||||||
git next server start
|
git next server start
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Forges
|
||||||
|
|
||||||
|
The following forges are supported: [ForgeJo](https://forgejo.org) and [GitHub](https://github.com/).
|
||||||
|
|
||||||
|
#### ForgeJo
|
||||||
|
|
||||||
|
Configure the forge in `git-next-server.toml` like:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[forge.jo]
|
||||||
|
forge_type = "ForgeJo"
|
||||||
|
hostname = "git.myforgejo.com"
|
||||||
|
user = "bob"
|
||||||
|
token = "..."
|
||||||
|
|
||||||
|
[forge.jo.repos]
|
||||||
|
hello = { repo = "user/hello", branch = "main", gitdir = "/opt/git/projects/user/hello.git" } # maps to https://git.example.net/user/hello on the branch 'main'
|
||||||
|
world = { repo = "user/world", branch = "master", main = "master", next = "upcoming", "dev" = "develop" } # maps to the 'master' branch
|
||||||
|
```
|
||||||
|
|
||||||
|
The token is created `/user/settings/applications` and requires the `write:repository` permission.
|
||||||
|
|
||||||
|
#### GitHub
|
||||||
|
|
||||||
|
Configure the forge in `git-next-server.toml` like:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[forge.gh]
|
||||||
|
forge_type = "GitHub"
|
||||||
|
hostname = "github.com"
|
||||||
|
user = "bob"
|
||||||
|
token = "..."
|
||||||
|
|
||||||
|
[forge.gh.repos]
|
||||||
|
hello = { repo = "user/hello", branch = "main", gitdir = "/opt/git/projects/user/hello.git" } # maps to https://github.com/user/hello on the branch 'main'
|
||||||
|
world = { repo = "user/world", branch = "master", main = "master", next = "upcoming", "dev" = "develop" } # maps to the 'master' branch
|
||||||
|
```
|
||||||
|
|
||||||
|
The token is created [here](https://github.com/settings/tokens/new) and requires the `repo` and `admin:repo_hook` permissions.
|
||||||
|
|
||||||
## Contributing
|
## Contributing
|
||||||
|
|
||||||
Contributions to `git-next` are welcome! If you find a bug or have a feature
|
Contributions to `git-next` are welcome! If you find a bug or have a feature
|
||||||
|
@ -201,15 +241,17 @@ stateDiagram-v2
|
||||||
forge --> config
|
forge --> config
|
||||||
forge --> git
|
forge --> git
|
||||||
forge --> forgejo
|
forge --> forgejo
|
||||||
|
forge --> github
|
||||||
|
|
||||||
forgejo --> config
|
forgejo --> config
|
||||||
forgejo --> git
|
forgejo --> git
|
||||||
|
|
||||||
|
github --> config
|
||||||
|
github --> git
|
||||||
|
|
||||||
repo_actor --> config
|
repo_actor --> config
|
||||||
repo_actor --> git
|
repo_actor --> git
|
||||||
repo_actor --> forge
|
repo_actor --> forge
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
|
@ -4,7 +4,7 @@ version = { workspace = true }
|
||||||
edition = { workspace = true }
|
edition = { workspace = true }
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
default = ["forgejo"]
|
default = ["forgejo", "github"]
|
||||||
forgejo = []
|
forgejo = []
|
||||||
github = []
|
github = []
|
||||||
|
|
||||||
|
@ -36,9 +36,9 @@ secrecy = { workspace = true }
|
||||||
# # Conventional Commit check
|
# # Conventional Commit check
|
||||||
# git-conventional = { workspace = true }
|
# git-conventional = { workspace = true }
|
||||||
#
|
#
|
||||||
# # Webhooks
|
# Webhooks
|
||||||
# bytes = { workspace = true }
|
# bytes = { workspace = true }
|
||||||
# ulid = { workspace = true }
|
ulid = { workspace = true }
|
||||||
# warp = { workspace = true }
|
# warp = { workspace = true }
|
||||||
|
|
||||||
# boilerplate
|
# boilerplate
|
||||||
|
|
|
@ -4,7 +4,8 @@ pub enum ForgeType {
|
||||||
#[cfg(feature = "forgejo")]
|
#[cfg(feature = "forgejo")]
|
||||||
ForgeJo,
|
ForgeJo,
|
||||||
// Gitea,
|
// Gitea,
|
||||||
// GitHub,
|
#[cfg(feature = "github")]
|
||||||
|
GitHub,
|
||||||
// GitLab,
|
// GitLab,
|
||||||
// BitBucket,
|
// BitBucket,
|
||||||
#[default]
|
#[default]
|
||||||
|
|
|
@ -8,6 +8,7 @@ mod forge_name;
|
||||||
mod forge_type;
|
mod forge_type;
|
||||||
pub mod git_dir;
|
pub mod git_dir;
|
||||||
mod host_name;
|
mod host_name;
|
||||||
|
mod registered_webhook;
|
||||||
mod repo_alias;
|
mod repo_alias;
|
||||||
mod repo_branches;
|
mod repo_branches;
|
||||||
mod repo_config;
|
mod repo_config;
|
||||||
|
@ -16,6 +17,7 @@ mod repo_path;
|
||||||
pub mod server;
|
pub mod server;
|
||||||
mod server_repo_config;
|
mod server_repo_config;
|
||||||
mod user;
|
mod user;
|
||||||
|
pub mod webhook;
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests;
|
mod tests;
|
||||||
|
@ -28,6 +30,7 @@ pub use forge_name::ForgeAlias;
|
||||||
pub use forge_type::ForgeType;
|
pub use forge_type::ForgeType;
|
||||||
pub use git_dir::GitDir;
|
pub use git_dir::GitDir;
|
||||||
pub use host_name::Hostname;
|
pub use host_name::Hostname;
|
||||||
|
pub use registered_webhook::RegisteredWebhook;
|
||||||
pub use repo_alias::RepoAlias;
|
pub use repo_alias::RepoAlias;
|
||||||
pub use repo_branches::RepoBranches;
|
pub use repo_branches::RepoBranches;
|
||||||
pub use repo_config::RepoConfig;
|
pub use repo_config::RepoConfig;
|
||||||
|
@ -35,3 +38,6 @@ pub use repo_config_source::RepoConfigSource;
|
||||||
pub use repo_path::RepoPath;
|
pub use repo_path::RepoPath;
|
||||||
pub use server_repo_config::ServerRepoConfig;
|
pub use server_repo_config::ServerRepoConfig;
|
||||||
pub use user::User;
|
pub use user::User;
|
||||||
|
pub use webhook::auth::WebhookAuth;
|
||||||
|
pub use webhook::id::WebhookId;
|
||||||
|
pub use webhook::message::WebhookMessage;
|
||||||
|
|
16
crates/config/src/registered_webhook.rs
Normal file
16
crates/config/src/registered_webhook.rs
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
//
|
||||||
|
use crate as config;
|
||||||
|
|
||||||
|
#[derive(Debug, derive_more::Constructor)]
|
||||||
|
pub struct RegisteredWebhook {
|
||||||
|
id: config::WebhookId,
|
||||||
|
auth: config::WebhookAuth,
|
||||||
|
}
|
||||||
|
impl RegisteredWebhook {
|
||||||
|
pub const fn id(&self) -> &config::WebhookId {
|
||||||
|
&self.id
|
||||||
|
}
|
||||||
|
pub const fn auth(&self) -> &config::WebhookAuth {
|
||||||
|
&self.auth
|
||||||
|
}
|
||||||
|
}
|
50
crates/config/src/webhook/auth.rs
Normal file
50
crates/config/src/webhook/auth.rs
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
use std::str::FromStr as _;
|
||||||
|
|
||||||
|
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Deref, derive_more::Display)]
|
||||||
|
pub struct WebhookAuth(ulid::Ulid);
|
||||||
|
impl WebhookAuth {
|
||||||
|
pub fn new(authorisation: &str) -> Result<Self, ulid::DecodeError> {
|
||||||
|
let id = ulid::Ulid::from_str(authorisation)?;
|
||||||
|
tracing::info!("Parse auth token: {}", id);
|
||||||
|
Ok(Self(id))
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn generate() -> Self {
|
||||||
|
Self(ulid::Ulid::new())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn header_value(&self) -> String {
|
||||||
|
format!("Basic {}", self)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub const fn to_bytes(&self) -> [u8; 16] {
|
||||||
|
self.0.to_bytes()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
mod tests {
|
||||||
|
use crate::WebhookAuth;
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn bytes() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
|
let ulid = ulid::Ulid::new();
|
||||||
|
|
||||||
|
let wa = WebhookAuth::new(ulid.to_string().as_str())?;
|
||||||
|
|
||||||
|
assert_eq!(ulid.to_bytes(), wa.to_bytes());
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn string() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
|
let ulid = ulid::Ulid::new();
|
||||||
|
|
||||||
|
let wa = WebhookAuth::new(ulid.to_string().as_str())?;
|
||||||
|
|
||||||
|
assert_eq!(ulid.to_string(), wa.to_string());
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
4
crates/config/src/webhook/id.rs
Normal file
4
crates/config/src/webhook/id.rs
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
use derive_more::{Constructor, Deref, Display};
|
||||||
|
|
||||||
|
#[derive(Clone, Debug, PartialEq, Eq, Constructor, Deref, Display)]
|
||||||
|
pub struct WebhookId(String);
|
45
crates/config/src/webhook/message.rs
Normal file
45
crates/config/src/webhook/message.rs
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
//
|
||||||
|
use actix::prelude::*;
|
||||||
|
|
||||||
|
use crate as config;
|
||||||
|
|
||||||
|
use std::collections::HashMap;
|
||||||
|
|
||||||
|
#[derive(Message, Debug, Clone, derive_more::Constructor)]
|
||||||
|
#[rtype(result = "()")]
|
||||||
|
pub struct WebhookMessage {
|
||||||
|
forge_alias: config::ForgeAlias,
|
||||||
|
repo_alias: config::RepoAlias,
|
||||||
|
headers: HashMap<String, String>,
|
||||||
|
body: Body,
|
||||||
|
}
|
||||||
|
impl WebhookMessage {
|
||||||
|
pub const fn forge_alias(&self) -> &config::ForgeAlias {
|
||||||
|
&self.forge_alias
|
||||||
|
}
|
||||||
|
pub const fn repo_alias(&self) -> &config::RepoAlias {
|
||||||
|
&self.repo_alias
|
||||||
|
}
|
||||||
|
pub const fn body(&self) -> &Body {
|
||||||
|
&self.body
|
||||||
|
}
|
||||||
|
#[deprecated]
|
||||||
|
pub const fn authorisation(&self) -> &config::WebhookAuth {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
pub fn header(&self, header: &str) -> Option<String> {
|
||||||
|
self.headers.get(header).map(|value| value.to_string())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Clone, Debug, derive_more::Constructor)]
|
||||||
|
pub struct Body(String);
|
||||||
|
impl Body {
|
||||||
|
pub fn as_str(&self) -> &str {
|
||||||
|
self.0.as_str()
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn as_bytes(&self) -> &[u8] {
|
||||||
|
self.0.as_bytes()
|
||||||
|
}
|
||||||
|
}
|
6
crates/config/src/webhook/mod.rs
Normal file
6
crates/config/src/webhook/mod.rs
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
pub mod auth;
|
||||||
|
pub mod id;
|
||||||
|
pub mod message;
|
||||||
|
pub mod push;
|
||||||
|
|
||||||
|
pub use push::Push;
|
39
crates/config/src/webhook/push.rs
Normal file
39
crates/config/src/webhook/push.rs
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
//
|
||||||
|
use crate as config;
|
||||||
|
|
||||||
|
use derive_more::Constructor;
|
||||||
|
|
||||||
|
#[derive(Debug, Constructor)]
|
||||||
|
pub struct Push {
|
||||||
|
branch: config::BranchName,
|
||||||
|
sha: String,
|
||||||
|
message: String,
|
||||||
|
}
|
||||||
|
impl Push {
|
||||||
|
pub fn branch(&self, repo_branches: &crate::RepoBranches) -> Option<Branch> {
|
||||||
|
if self.branch == repo_branches.main() {
|
||||||
|
return Some(Branch::Main);
|
||||||
|
}
|
||||||
|
if self.branch == repo_branches.next() {
|
||||||
|
return Some(Branch::Next);
|
||||||
|
}
|
||||||
|
if self.branch == repo_branches.dev() {
|
||||||
|
return Some(Branch::Dev);
|
||||||
|
}
|
||||||
|
tracing::warn!(branch = %self.branch, "Unexpected branch");
|
||||||
|
None
|
||||||
|
}
|
||||||
|
pub fn sha(&self) -> &str {
|
||||||
|
&self.sha
|
||||||
|
}
|
||||||
|
pub fn message(&self) -> &str {
|
||||||
|
&self.message
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
|
pub enum Branch {
|
||||||
|
Main,
|
||||||
|
Next,
|
||||||
|
Dev,
|
||||||
|
}
|
|
@ -1,7 +1,12 @@
|
||||||
|
//
|
||||||
|
mod webhook;
|
||||||
|
|
||||||
|
use git::forge::commit::Status;
|
||||||
|
use git_next_config as config;
|
||||||
use git_next_git as git;
|
use git_next_git as git;
|
||||||
|
|
||||||
use kxio::network::{self, Network};
|
use kxio::network::{self, Network};
|
||||||
use tracing::{error, warn};
|
use tracing::warn;
|
||||||
|
|
||||||
#[derive(Clone, Debug)]
|
#[derive(Clone, Debug)]
|
||||||
pub struct ForgeJo {
|
pub struct ForgeJo {
|
||||||
|
@ -15,11 +20,32 @@ impl ForgeJo {
|
||||||
}
|
}
|
||||||
#[async_trait::async_trait]
|
#[async_trait::async_trait]
|
||||||
impl git::ForgeLike for ForgeJo {
|
impl git::ForgeLike for ForgeJo {
|
||||||
fn forge_alias(&self) -> String {
|
fn name(&self) -> String {
|
||||||
"forgejo".to_string()
|
"forgejo".to_string()
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn commit_status(&self, commit: &git::Commit) -> git::commit::Status {
|
fn is_message_authorised(
|
||||||
|
&self,
|
||||||
|
msg: &config::WebhookMessage,
|
||||||
|
expected: &config::WebhookAuth,
|
||||||
|
) -> bool {
|
||||||
|
let authorization = msg.header("authorization");
|
||||||
|
tracing::info!(?authorization, %expected, "is message authorised?");
|
||||||
|
authorization
|
||||||
|
.and_then(|header| header.strip_prefix("Basic ").map(|v| v.to_owned()))
|
||||||
|
.and_then(|value| config::WebhookAuth::new(value.as_str()).ok())
|
||||||
|
.map(|auth| &auth == expected)
|
||||||
|
.unwrap_or(false)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn parse_webhook_body(
|
||||||
|
&self,
|
||||||
|
body: &config::webhook::message::Body,
|
||||||
|
) -> git::forge::webhook::Result<config::webhook::Push> {
|
||||||
|
webhook::parse_body(body)
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn commit_status(&self, commit: &git::Commit) -> Status {
|
||||||
let repo_details = &self.repo_details;
|
let repo_details = &self.repo_details;
|
||||||
let hostname = &repo_details.forge.hostname();
|
let hostname = &repo_details.forge.hostname();
|
||||||
let repo_path = &repo_details.repo_path;
|
let repo_path = &repo_details.repo_path;
|
||||||
|
@ -44,33 +70,54 @@ impl git::ForgeLike for ForgeJo {
|
||||||
Ok(response) => {
|
Ok(response) => {
|
||||||
match response.response_body() {
|
match response.response_body() {
|
||||||
Some(status) => match status.state {
|
Some(status) => match status.state {
|
||||||
CommitStatusState::Success => git::commit::Status::Pass,
|
ForgejoState::Success => Status::Pass,
|
||||||
CommitStatusState::Pending => git::commit::Status::Pending,
|
ForgejoState::Pending => Status::Pending,
|
||||||
CommitStatusState::Failure => git::commit::Status::Fail,
|
ForgejoState::Failure => Status::Fail,
|
||||||
CommitStatusState::Error => git::commit::Status::Fail,
|
ForgejoState::Error => Status::Fail,
|
||||||
CommitStatusState::Blank => git::commit::Status::Pending,
|
ForgejoState::Blank => Status::Pending,
|
||||||
},
|
},
|
||||||
None => {
|
None => {
|
||||||
warn!("No status found for commit");
|
warn!("No status found for commit");
|
||||||
git::commit::Status::Pending // assume issue is transient and allow retry
|
Status::Pending // assume issue is transient and allow retry
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
error!(?e, "Failed to get commit status");
|
warn!(?e, "Failed to get commit status");
|
||||||
git::commit::Status::Pending // assume issue is transient and allow retry
|
Status::Pending // assume issue is transient and allow retry
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, serde::Deserialize)]
|
async fn list_webhooks(
|
||||||
pub struct CombinedStatus {
|
&self,
|
||||||
pub state: CommitStatusState,
|
webhook_url: &config::server::WebhookUrl,
|
||||||
|
) -> git::forge::webhook::Result<Vec<config::WebhookId>> {
|
||||||
|
webhook::list(&self.repo_details, webhook_url, &self.net).await
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn unregister_webhook(
|
||||||
|
&self,
|
||||||
|
webhook_id: &config::WebhookId,
|
||||||
|
) -> git::forge::webhook::Result<()> {
|
||||||
|
webhook::unregister(webhook_id, &self.repo_details, &self.net).await
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn register_webhook(
|
||||||
|
&self,
|
||||||
|
webhook_url: &config::server::WebhookUrl,
|
||||||
|
) -> git::forge::webhook::Result<config::RegisteredWebhook> {
|
||||||
|
webhook::register(&self.repo_details, webhook_url, &self.net).await
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, serde::Deserialize)]
|
#[derive(Debug, serde::Deserialize)]
|
||||||
pub enum CommitStatusState {
|
struct CombinedStatus {
|
||||||
|
pub state: ForgejoState,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug, serde::Deserialize)]
|
||||||
|
enum ForgejoState {
|
||||||
#[serde(rename = "success")]
|
#[serde(rename = "success")]
|
||||||
Success,
|
Success,
|
||||||
#[serde(rename = "pending")]
|
#[serde(rename = "pending")]
|
||||||
|
|
54
crates/forge-forgejo/src/webhook/list.rs
Normal file
54
crates/forge-forgejo/src/webhook/list.rs
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
//
|
||||||
|
use git_next_config as config;
|
||||||
|
use git_next_git as git;
|
||||||
|
use kxio::network;
|
||||||
|
|
||||||
|
use crate::webhook::Hook;
|
||||||
|
|
||||||
|
pub async fn list(
|
||||||
|
repo_details: &git::RepoDetails,
|
||||||
|
webhook_url: &config::server::WebhookUrl,
|
||||||
|
net: &network::Network,
|
||||||
|
) -> git::forge::webhook::Result<Vec<config::WebhookId>> {
|
||||||
|
let mut ids: Vec<config::WebhookId> = vec![];
|
||||||
|
let hostname = &repo_details.forge.hostname();
|
||||||
|
let repo_path = &repo_details.repo_path;
|
||||||
|
let mut page = 1;
|
||||||
|
loop {
|
||||||
|
use secrecy::ExposeSecret;
|
||||||
|
let token = &repo_details.forge.token().expose_secret();
|
||||||
|
let url =
|
||||||
|
format!("https://{hostname}/api/v1/repos/{repo_path}/hooks?page={page}&token={token}");
|
||||||
|
let net_url = network::NetUrl::new(url);
|
||||||
|
let request = network::NetRequest::new(
|
||||||
|
network::RequestMethod::Get,
|
||||||
|
net_url,
|
||||||
|
network::NetRequestHeaders::new(),
|
||||||
|
network::RequestBody::None,
|
||||||
|
network::ResponseType::Json,
|
||||||
|
None,
|
||||||
|
network::NetRequestLogging::None,
|
||||||
|
);
|
||||||
|
let result = net.get::<Vec<Hook>>(request).await;
|
||||||
|
match result {
|
||||||
|
Ok(response) => {
|
||||||
|
if let Some(list) = response.response_body() {
|
||||||
|
if list.is_empty() {
|
||||||
|
return Ok(ids);
|
||||||
|
}
|
||||||
|
for hook in list {
|
||||||
|
if let Some(existing_url) = hook.config.get("url") {
|
||||||
|
if existing_url.starts_with(webhook_url.as_ref()) {
|
||||||
|
ids.push(hook.id());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
page += 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Err(e) => {
|
||||||
|
return Err(git::forge::webhook::Error::Network(e));
|
||||||
|
}
|
||||||
|
};
|
||||||
|
}
|
||||||
|
}
|
52
crates/forge-forgejo/src/webhook/mod.rs
Normal file
52
crates/forge-forgejo/src/webhook/mod.rs
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
//
|
||||||
|
use git_next_config as config;
|
||||||
|
use git_next_git as git;
|
||||||
|
//
|
||||||
|
use std::collections::HashMap;
|
||||||
|
|
||||||
|
mod list;
|
||||||
|
mod parse;
|
||||||
|
mod register;
|
||||||
|
mod unregister;
|
||||||
|
|
||||||
|
pub use list::list;
|
||||||
|
pub use parse::parse_body;
|
||||||
|
pub use register::register;
|
||||||
|
pub use unregister::unregister;
|
||||||
|
|
||||||
|
#[derive(Debug, serde::Deserialize)]
|
||||||
|
struct Hook {
|
||||||
|
id: i64,
|
||||||
|
config: HashMap<String, String>,
|
||||||
|
}
|
||||||
|
impl Hook {
|
||||||
|
fn id(&self) -> config::WebhookId {
|
||||||
|
config::WebhookId::new(format!("{}", self.id))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug, serde::Deserialize)]
|
||||||
|
pub struct Push {
|
||||||
|
#[serde(rename = "ref")]
|
||||||
|
reference: String,
|
||||||
|
after: String,
|
||||||
|
head_commit: HeadCommit,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl TryFrom<Push> for config::webhook::Push {
|
||||||
|
type Error = git::forge::webhook::Error;
|
||||||
|
fn try_from(push: Push) -> Result<Self, Self::Error> {
|
||||||
|
let branch = push
|
||||||
|
.reference
|
||||||
|
.splitn(3, '/') // should be of the form 'refs/heads/branchname'
|
||||||
|
.nth(2)
|
||||||
|
.map(config::BranchName::new)
|
||||||
|
.ok_or(git::forge::webhook::Error::UnknownBranch(push.reference))?;
|
||||||
|
Ok(Self::new(branch, push.after, push.head_commit.message))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug, serde::Deserialize)]
|
||||||
|
struct HeadCommit {
|
||||||
|
message: String,
|
||||||
|
}
|
10
crates/forge-forgejo/src/webhook/parse.rs
Normal file
10
crates/forge-forgejo/src/webhook/parse.rs
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
//
|
||||||
|
use crate as forgejo;
|
||||||
|
use git_next_config as config;
|
||||||
|
use git_next_git as git;
|
||||||
|
|
||||||
|
pub fn parse_body(
|
||||||
|
body: &config::webhook::message::Body,
|
||||||
|
) -> git::forge::webhook::Result<config::webhook::Push> {
|
||||||
|
serde_json::from_str::<forgejo::webhook::Push>(body.as_str())?.try_into()
|
||||||
|
}
|
75
crates/forge-forgejo/src/webhook/register.rs
Normal file
75
crates/forge-forgejo/src/webhook/register.rs
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
//
|
||||||
|
|
||||||
|
use git_next_config as config;
|
||||||
|
use git_next_git as git;
|
||||||
|
|
||||||
|
use kxio::network;
|
||||||
|
use tracing::{info, warn};
|
||||||
|
|
||||||
|
use crate::webhook;
|
||||||
|
use crate::webhook::Hook;
|
||||||
|
|
||||||
|
#[tracing::instrument(skip_all)]
|
||||||
|
pub async fn register(
|
||||||
|
repo_details: &git::RepoDetails,
|
||||||
|
webhook_url: &config::server::WebhookUrl,
|
||||||
|
net: &network::Network,
|
||||||
|
) -> git::forge::webhook::Result<config::RegisteredWebhook> {
|
||||||
|
let Some(repo_config) = repo_details.repo_config.clone() else {
|
||||||
|
return Err(git::forge::webhook::Error::NoRepoConfig);
|
||||||
|
};
|
||||||
|
|
||||||
|
// remove any lingering webhooks for the same URL
|
||||||
|
let existing_webhook_ids = webhook::list(repo_details, webhook_url, net).await?;
|
||||||
|
for webhook_id in existing_webhook_ids {
|
||||||
|
webhook::unregister(&webhook_id, repo_details, net).await?;
|
||||||
|
}
|
||||||
|
|
||||||
|
let hostname = &repo_details.forge.hostname();
|
||||||
|
let repo_path = &repo_details.repo_path;
|
||||||
|
use secrecy::ExposeSecret;
|
||||||
|
let token = repo_details.forge.token().expose_secret();
|
||||||
|
let url = network::NetUrl::new(format!(
|
||||||
|
"https://{hostname}/api/v1/repos/{repo_path}/hooks?token={token}"
|
||||||
|
));
|
||||||
|
let repo_alias = &repo_details.repo_alias;
|
||||||
|
let headers = network::NetRequestHeaders::new().with("Content-Type", "application/json");
|
||||||
|
let authorisation = config::WebhookAuth::generate();
|
||||||
|
let body = network::json!({
|
||||||
|
"active": true,
|
||||||
|
"authorization_header": authorisation.header_value(),
|
||||||
|
"branch_filter": format!("{{{},{},{}}}", repo_config.branches().main(), repo_config.branches().next(), repo_config.branches().dev()),
|
||||||
|
"config": {
|
||||||
|
"content_type": "json",
|
||||||
|
"url": format!("{}/{}", webhook_url.as_ref(), repo_alias),
|
||||||
|
},
|
||||||
|
"events": [ "push" ],
|
||||||
|
"type": "forgejo"
|
||||||
|
});
|
||||||
|
let request = network::NetRequest::new(
|
||||||
|
network::RequestMethod::Post,
|
||||||
|
url,
|
||||||
|
headers,
|
||||||
|
network::RequestBody::Json(body),
|
||||||
|
network::ResponseType::Json,
|
||||||
|
None,
|
||||||
|
network::NetRequestLogging::None,
|
||||||
|
);
|
||||||
|
let result = net.post_json::<Hook>(request).await;
|
||||||
|
match result {
|
||||||
|
Ok(response) => {
|
||||||
|
let Some(hook) = response.response_body() else {
|
||||||
|
return Err(git::forge::webhook::Error::NetworkResponseEmpty);
|
||||||
|
};
|
||||||
|
info!(webhook_id = %hook.id, "Webhook registered");
|
||||||
|
Ok(config::RegisteredWebhook::new(
|
||||||
|
config::WebhookId::new(format!("{}", hook.id)),
|
||||||
|
authorisation,
|
||||||
|
))
|
||||||
|
}
|
||||||
|
Err(e) => {
|
||||||
|
warn!("Failed to register webhook");
|
||||||
|
Err(git::forge::webhook::Error::FailedToRegister(e.to_string()))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
30
crates/forge-forgejo/src/webhook/unregister.rs
Normal file
30
crates/forge-forgejo/src/webhook/unregister.rs
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
//
|
||||||
|
use git_next_config as config;
|
||||||
|
use git_next_git as git;
|
||||||
|
|
||||||
|
use kxio::network;
|
||||||
|
|
||||||
|
pub async fn unregister(
|
||||||
|
webhook_id: &config::WebhookId,
|
||||||
|
repo_details: &git::RepoDetails,
|
||||||
|
net: &network::Network,
|
||||||
|
) -> git::forge::webhook::Result<()> {
|
||||||
|
let hostname = &repo_details.forge.hostname();
|
||||||
|
let repo_path = &repo_details.repo_path;
|
||||||
|
use secrecy::ExposeSecret;
|
||||||
|
let token = repo_details.forge.token().expose_secret();
|
||||||
|
let url = network::NetUrl::new(format!(
|
||||||
|
"https://{hostname}/api/v1/repos/{repo_path}/hooks/{webhook_id}?token={token}"
|
||||||
|
));
|
||||||
|
let request = network::NetRequest::new(
|
||||||
|
network::RequestMethod::Delete,
|
||||||
|
url,
|
||||||
|
network::NetRequestHeaders::new(),
|
||||||
|
network::RequestBody::None,
|
||||||
|
network::ResponseType::None,
|
||||||
|
None,
|
||||||
|
network::NetRequestLogging::None,
|
||||||
|
);
|
||||||
|
let result = net.delete(request).await;
|
||||||
|
Ok(result.map(|_| ())?)
|
||||||
|
}
|
67
crates/forge-github/Cargo.toml
Normal file
67
crates/forge-github/Cargo.toml
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
[package]
|
||||||
|
name = "git-next-forge-github"
|
||||||
|
version = { workspace = true }
|
||||||
|
edition = { workspace = true }
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
git-next-config = { workspace = true }
|
||||||
|
git-next-git = { workspace = true }
|
||||||
|
|
||||||
|
# own version
|
||||||
|
clap = { workspace = true }
|
||||||
|
|
||||||
|
# logging
|
||||||
|
console-subscriber = { workspace = true }
|
||||||
|
tracing = { workspace = true }
|
||||||
|
tracing-subscriber = { workspace = true }
|
||||||
|
|
||||||
|
# sha256 encoding (e.g. verify github webhooks)
|
||||||
|
hmac = { workspace = true }
|
||||||
|
sha2 = { workspace = true }
|
||||||
|
hex = { workspace = true }
|
||||||
|
|
||||||
|
# base64 decoding
|
||||||
|
base64 = { workspace = true }
|
||||||
|
|
||||||
|
# git
|
||||||
|
async-trait = { workspace = true }
|
||||||
|
|
||||||
|
# fs/network
|
||||||
|
kxio = { workspace = true }
|
||||||
|
|
||||||
|
# TOML parsing
|
||||||
|
serde = { workspace = true }
|
||||||
|
serde_json = { workspace = true }
|
||||||
|
toml = { workspace = true }
|
||||||
|
|
||||||
|
# Secrets and Password
|
||||||
|
secrecy = { workspace = true }
|
||||||
|
|
||||||
|
# Conventional Commit check
|
||||||
|
git-conventional = { workspace = true }
|
||||||
|
|
||||||
|
# Webhooks
|
||||||
|
bytes = { workspace = true }
|
||||||
|
ulid = { workspace = true }
|
||||||
|
warp = { workspace = true }
|
||||||
|
|
||||||
|
# boilerplate
|
||||||
|
derive_more = { workspace = true }
|
||||||
|
|
||||||
|
# file watcher
|
||||||
|
inotify = { workspace = true }
|
||||||
|
|
||||||
|
# # Actors
|
||||||
|
# actix = { workspace = true }
|
||||||
|
# actix-rt = { workspace = true }
|
||||||
|
tokio = { workspace = true }
|
||||||
|
|
||||||
|
[dev-dependencies]
|
||||||
|
# Testing
|
||||||
|
assert2 = { workspace = true }
|
||||||
|
|
||||||
|
[lints.clippy]
|
||||||
|
nursery = { level = "warn", priority = -1 }
|
||||||
|
# pedantic = "warn"
|
||||||
|
unwrap_used = "warn"
|
||||||
|
expect_used = "warn"
|
1
crates/forge-github/message.json
Normal file
1
crates/forge-github/message.json
Normal file
File diff suppressed because one or more lines are too long
253
crates/forge-github/src/lib.rs
Normal file
253
crates/forge-github/src/lib.rs
Normal file
|
@ -0,0 +1,253 @@
|
||||||
|
//
|
||||||
|
#[cfg(test)]
|
||||||
|
mod tests;
|
||||||
|
|
||||||
|
mod webhook;
|
||||||
|
|
||||||
|
use crate as github;
|
||||||
|
use git::forge::commit::Status;
|
||||||
|
use git_next_config as config;
|
||||||
|
use git_next_git as git;
|
||||||
|
|
||||||
|
use derive_more::Constructor;
|
||||||
|
use kxio::network::{self, Network};
|
||||||
|
use tracing::{error, info, warn};
|
||||||
|
|
||||||
|
#[derive(Clone, Debug, Constructor)]
|
||||||
|
pub struct Github {
|
||||||
|
repo_details: git::RepoDetails,
|
||||||
|
net: Network,
|
||||||
|
}
|
||||||
|
#[async_trait::async_trait]
|
||||||
|
impl git::ForgeLike for Github {
|
||||||
|
fn name(&self) -> String {
|
||||||
|
"github".to_string()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn is_message_authorised(
|
||||||
|
&self,
|
||||||
|
msg: &config::WebhookMessage,
|
||||||
|
webhook_auth: &config::WebhookAuth,
|
||||||
|
) -> bool {
|
||||||
|
let Some(github_signature) = msg
|
||||||
|
.header("x-hub-signature-256")
|
||||||
|
.map(|x| x.trim_matches('"').to_string())
|
||||||
|
.and_then(|sha| sha.strip_prefix("sha256=").map(|k| k.to_string()))
|
||||||
|
else {
|
||||||
|
warn!("no signature header found");
|
||||||
|
return false;
|
||||||
|
};
|
||||||
|
let Ok(gh_sig) = hex::decode(github_signature) else {
|
||||||
|
eprintln!("can't decode github signature");
|
||||||
|
return false;
|
||||||
|
};
|
||||||
|
let payload = msg.body().as_str();
|
||||||
|
use hmac::Mac;
|
||||||
|
type HmacSha256 = hmac::Hmac<sha2::Sha256>;
|
||||||
|
let Ok(mut hmac) = HmacSha256::new_from_slice(webhook_auth.to_string().as_bytes()) else {
|
||||||
|
error!("failed to parse webhook auth token");
|
||||||
|
return false;
|
||||||
|
};
|
||||||
|
hmac::Mac::update(&mut hmac, payload.as_ref());
|
||||||
|
hmac::Mac::verify_slice(hmac, gh_sig.as_ref()).is_ok()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn parse_webhook_body(
|
||||||
|
&self,
|
||||||
|
body: &config::webhook::message::Body,
|
||||||
|
) -> git::forge::webhook::Result<config::webhook::push::Push> {
|
||||||
|
serde_json::from_str::<github::webhook::Push>(body.as_str())?.try_into()
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Checks the results of any (e.g. CI) status checks for the commit.
|
||||||
|
///
|
||||||
|
/// GitHub: https://docs.github.com/en/rest/commits/statuses?apiVersion=2022-11-28#list-commit-statuses-for-a-reference
|
||||||
|
async fn commit_status(&self, commit: &git::Commit) -> Status {
|
||||||
|
let repo_details = &self.repo_details;
|
||||||
|
let repo_path = &repo_details.repo_path;
|
||||||
|
let api_token = &repo_details.forge.token();
|
||||||
|
use secrecy::ExposeSecret;
|
||||||
|
let token = api_token.expose_secret();
|
||||||
|
let url = network::NetUrl::new(format!(
|
||||||
|
"https://api.github.com/repos/${repo_path}/commits/{commit}/check-runs"
|
||||||
|
));
|
||||||
|
|
||||||
|
let headers = network::NetRequestHeaders::new()
|
||||||
|
.with("X-GitHub-Api-Version", "2022-11-28")
|
||||||
|
.with("Authorization", format!("Bearer: {token}").as_str());
|
||||||
|
|
||||||
|
let request = network::NetRequest::new(
|
||||||
|
network::RequestMethod::Get,
|
||||||
|
url,
|
||||||
|
headers,
|
||||||
|
network::RequestBody::None,
|
||||||
|
network::ResponseType::Json,
|
||||||
|
None,
|
||||||
|
network::NetRequestLogging::None,
|
||||||
|
);
|
||||||
|
let result = self.net.get::<Vec<GitHubStatus>>(request).await;
|
||||||
|
match result {
|
||||||
|
Ok(response) => response.response_body().map_or_else(
|
||||||
|
|| {
|
||||||
|
warn!("No status found for commit");
|
||||||
|
Status::Pending // assume issue is transient and allow retry
|
||||||
|
},
|
||||||
|
|statuses| {
|
||||||
|
statuses
|
||||||
|
.into_iter()
|
||||||
|
.map(|status| match status.state {
|
||||||
|
GithubState::Success => Status::Pass,
|
||||||
|
GithubState::Pending => Status::Pending,
|
||||||
|
GithubState::Failure => Status::Fail,
|
||||||
|
GithubState::Error => Status::Fail,
|
||||||
|
GithubState::Blank => Status::Pending,
|
||||||
|
})
|
||||||
|
.reduce(|l, r| match (l, r) {
|
||||||
|
(Status::Pass, Status::Pass) => Status::Pass,
|
||||||
|
(_, Status::Fail) => Status::Fail,
|
||||||
|
(_, Status::Pending) => Status::Pending,
|
||||||
|
(Status::Fail, _) => Status::Fail,
|
||||||
|
(Status::Pending, _) => Status::Pending,
|
||||||
|
})
|
||||||
|
.unwrap_or_else(|| {
|
||||||
|
warn!("No status checks configured for 'next' branch",);
|
||||||
|
Status::Pass
|
||||||
|
})
|
||||||
|
},
|
||||||
|
),
|
||||||
|
Err(e) => {
|
||||||
|
warn!(?e, "Failed to get commit status");
|
||||||
|
Status::Pending // assume issue is transient and allow retry
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// https://docs.github.com/en/rest/repos/webhooks?apiVersion=2022-11-28#list-repository-webhooks
|
||||||
|
async fn list_webhooks(
|
||||||
|
&self,
|
||||||
|
_webhook_url: &config::server::WebhookUrl,
|
||||||
|
) -> git::forge::webhook::Result<Vec<config::WebhookId>> {
|
||||||
|
todo!("list_webhooks")
|
||||||
|
}
|
||||||
|
|
||||||
|
// https://docs.github.com/en/rest/repos/webhooks?apiVersion=2022-11-28#delete-a-repository-webhook
|
||||||
|
async fn unregister_webhook(
|
||||||
|
&self,
|
||||||
|
webhook_id: &config::WebhookId,
|
||||||
|
) -> git::forge::webhook::Result<()> {
|
||||||
|
let net = &self.net;
|
||||||
|
let repo_details = &self.repo_details;
|
||||||
|
use secrecy::ExposeSecret;
|
||||||
|
let request = network::NetRequest::new(
|
||||||
|
network::RequestMethod::Delete,
|
||||||
|
network::NetUrl::new(format!(
|
||||||
|
"https://api.github.com/repos/{}/hooks/{}",
|
||||||
|
repo_details.repo_path, webhook_id
|
||||||
|
)),
|
||||||
|
network::NetRequestHeaders::default()
|
||||||
|
.with("Accept", "application/vnd.github+json")
|
||||||
|
.with(
|
||||||
|
"User-Agent",
|
||||||
|
format!("git-next/server/{}", clap::crate_version!()).as_str(),
|
||||||
|
)
|
||||||
|
.with(
|
||||||
|
"Authorization",
|
||||||
|
format!("Bearer {}", repo_details.forge.token().expose_secret()).as_str(),
|
||||||
|
)
|
||||||
|
.with("X-GitHub-Api-Version", "2022-11-28"),
|
||||||
|
network::RequestBody::None,
|
||||||
|
network::ResponseType::None,
|
||||||
|
None,
|
||||||
|
network::NetRequestLogging::None,
|
||||||
|
);
|
||||||
|
if let Err(e) = net.post_json::<GithubHook>(request).await {
|
||||||
|
warn!("Failed to register webhook");
|
||||||
|
return Err(git::forge::webhook::Error::FailedToRegister(e.to_string()));
|
||||||
|
}
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
// https://docs.github.com/en/rest/repos/webhooks?apiVersion=2022-11-28#create-a-repository-webhook
|
||||||
|
async fn register_webhook(
|
||||||
|
&self,
|
||||||
|
webhook_url: &config::server::WebhookUrl,
|
||||||
|
) -> git::forge::webhook::Result<config::RegisteredWebhook> {
|
||||||
|
let net = &self.net;
|
||||||
|
let repo_details = &self.repo_details;
|
||||||
|
let authorisation = config::WebhookAuth::generate();
|
||||||
|
use secrecy::ExposeSecret;
|
||||||
|
let request = network::NetRequest::new(
|
||||||
|
network::RequestMethod::Post,
|
||||||
|
network::NetUrl::new(format!(
|
||||||
|
"https://api.github.com/repos/{}/hooks",
|
||||||
|
repo_details.repo_path
|
||||||
|
)),
|
||||||
|
network::NetRequestHeaders::default()
|
||||||
|
.with("Accept", "application/vnd.github+json")
|
||||||
|
.with(
|
||||||
|
"User-Agent",
|
||||||
|
format!("git-next/server/{}", clap::crate_version!()).as_str(),
|
||||||
|
)
|
||||||
|
.with(
|
||||||
|
"Authorization",
|
||||||
|
format!("Bearer {}", repo_details.forge.token().expose_secret()).as_str(),
|
||||||
|
)
|
||||||
|
.with("X-GitHub-Api-Version", "2022-11-28"),
|
||||||
|
network::RequestBody::Json(network::json!({
|
||||||
|
"name": "web",
|
||||||
|
"active": true,
|
||||||
|
"events": ["push"],
|
||||||
|
"config": {
|
||||||
|
"url": webhook_url.as_ref(),
|
||||||
|
"content_type": "json",
|
||||||
|
"secret": authorisation.to_string(),
|
||||||
|
"insecure_ssl": "0",
|
||||||
|
}
|
||||||
|
})),
|
||||||
|
network::ResponseType::Json,
|
||||||
|
None,
|
||||||
|
network::NetRequestLogging::None,
|
||||||
|
);
|
||||||
|
let result = net.post_json::<GithubHook>(request).await;
|
||||||
|
match result {
|
||||||
|
Ok(response) => {
|
||||||
|
let Some(hook) = response.response_body() else {
|
||||||
|
return Err(git::forge::webhook::Error::NetworkResponseEmpty);
|
||||||
|
};
|
||||||
|
info!(webhook_id = %hook.id, "Webhook registered");
|
||||||
|
Ok(config::RegisteredWebhook::new(
|
||||||
|
config::WebhookId::new(format!("{}", hook.id)),
|
||||||
|
authorisation,
|
||||||
|
))
|
||||||
|
}
|
||||||
|
Err(e) => {
|
||||||
|
warn!("Failed to register webhook");
|
||||||
|
Err(git::forge::webhook::Error::FailedToRegister(e.to_string()))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug, serde::Deserialize)]
|
||||||
|
struct GitHubStatus {
|
||||||
|
pub state: GithubState,
|
||||||
|
// other fields that we ignore
|
||||||
|
}
|
||||||
|
#[derive(Debug, serde::Deserialize)]
|
||||||
|
enum GithubState {
|
||||||
|
#[serde(rename = "success")]
|
||||||
|
Success,
|
||||||
|
#[serde(rename = "pending")]
|
||||||
|
Pending,
|
||||||
|
#[serde(rename = "failure")]
|
||||||
|
Failure,
|
||||||
|
#[serde(rename = "error")]
|
||||||
|
Error,
|
||||||
|
#[serde(rename = "")]
|
||||||
|
Blank,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug, serde::Deserialize)]
|
||||||
|
struct GithubHook {
|
||||||
|
pub id: u64,
|
||||||
|
}
|
73
crates/forge-github/src/tests/mod.rs
Normal file
73
crates/forge-github/src/tests/mod.rs
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
//
|
||||||
|
|
||||||
|
use git::ForgeLike;
|
||||||
|
use git_next_config as config;
|
||||||
|
use git_next_git as git;
|
||||||
|
|
||||||
|
use std::collections::HashMap;
|
||||||
|
|
||||||
|
type TestResult = Result<(), Box<dyn std::error::Error>>;
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn accepts_valid_webhook_signature() -> TestResult {
|
||||||
|
//given
|
||||||
|
// we registered a webhook with this secret:
|
||||||
|
let webhook_auth = config::WebhookAuth::new("01HZ598CS1K9E0C193ND175XHJ")?;
|
||||||
|
// then recorded the following test message from github:
|
||||||
|
let headers = HashMap::from([(
|
||||||
|
"x-hub-signature-256".to_string(),
|
||||||
|
"sha256=6c801b0730b1ce06bf38f901de40206d3b0e93ef7b9bf09a5cf28ad9c4221bab".to_string(),
|
||||||
|
)]);
|
||||||
|
let payload = config::webhook::message::Body::new(include_str!("payload.json").to_string());
|
||||||
|
// this reproduces that message:
|
||||||
|
let message = message(headers, payload);
|
||||||
|
|
||||||
|
//when
|
||||||
|
// now, we attempt to recreate the signature in the header given the same message:
|
||||||
|
let result = forge().is_message_authorised(&message, &webhook_auth);
|
||||||
|
|
||||||
|
//then
|
||||||
|
// if we succeed: then result will be true:
|
||||||
|
assert!(result);
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
fn message(
|
||||||
|
headers: HashMap<String, String>,
|
||||||
|
payload: config::webhook::message::Body,
|
||||||
|
) -> config::WebhookMessage {
|
||||||
|
config::WebhookMessage::new(
|
||||||
|
config::ForgeAlias::new("".to_string()),
|
||||||
|
config::RepoAlias::new(""),
|
||||||
|
headers,
|
||||||
|
payload,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn forge() -> crate::Github {
|
||||||
|
crate::Github::new(
|
||||||
|
git::RepoDetails::new(
|
||||||
|
git::Generation::new(),
|
||||||
|
&config::RepoAlias::new(""),
|
||||||
|
&config::ServerRepoConfig::new(
|
||||||
|
"a".to_string(),
|
||||||
|
"b".to_string(),
|
||||||
|
None,
|
||||||
|
None,
|
||||||
|
None,
|
||||||
|
None,
|
||||||
|
),
|
||||||
|
&config::ForgeAlias::new("c".to_string()),
|
||||||
|
&config::ForgeConfig::new(
|
||||||
|
config::ForgeType::GitHub,
|
||||||
|
"d".to_string(),
|
||||||
|
"e".to_string(),
|
||||||
|
"f".to_string(),
|
||||||
|
std::collections::BTreeMap::default(),
|
||||||
|
),
|
||||||
|
config::GitDir::default(),
|
||||||
|
),
|
||||||
|
kxio::network::Network::new_mock(),
|
||||||
|
)
|
||||||
|
}
|
1
crates/forge-github/src/tests/payload.json
Normal file
1
crates/forge-github/src/tests/payload.json
Normal file
File diff suppressed because one or more lines are too long
28
crates/forge-github/src/webhook/mod.rs
Normal file
28
crates/forge-github/src/webhook/mod.rs
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
//
|
||||||
|
use git_next_config as config;
|
||||||
|
use git_next_git as git;
|
||||||
|
|
||||||
|
#[derive(Debug, serde::Deserialize)]
|
||||||
|
pub struct Push {
|
||||||
|
#[serde(rename = "ref")]
|
||||||
|
reference: String,
|
||||||
|
after: String,
|
||||||
|
head_commit: HeadCommit,
|
||||||
|
}
|
||||||
|
#[derive(Debug, serde::Deserialize)]
|
||||||
|
pub struct HeadCommit {
|
||||||
|
message: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl TryFrom<Push> for config::webhook::Push {
|
||||||
|
type Error = git::forge::webhook::Error;
|
||||||
|
fn try_from(push: Push) -> Result<Self, Self::Error> {
|
||||||
|
let branch = push
|
||||||
|
.reference
|
||||||
|
.splitn(3, '/') // should be of the form 'refs/heads/branchname'
|
||||||
|
.nth(2)
|
||||||
|
.map(config::BranchName::new)
|
||||||
|
.ok_or(git::forge::webhook::Error::UnknownBranch(push.reference))?;
|
||||||
|
Ok(Self::new(branch, push.after, push.head_commit.message))
|
||||||
|
}
|
||||||
|
}
|
|
@ -4,14 +4,15 @@ version = { workspace = true }
|
||||||
edition = { workspace = true }
|
edition = { workspace = true }
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
default = ["forgejo"]
|
default = ["forgejo", "github"]
|
||||||
forgejo = ["git-next-forge-forgejo"]
|
forgejo = ["git-next-forge-forgejo"]
|
||||||
github = []
|
github = ["git-next-forge-github"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
git-next-config = { workspace = true }
|
git-next-config = { workspace = true }
|
||||||
git-next-git = { workspace = true }
|
git-next-git = { workspace = true }
|
||||||
git-next-forge-forgejo = { workspace = true, optional = true }
|
git-next-forge-forgejo = { workspace = true, optional = true }
|
||||||
|
git-next-forge-github = { workspace = true, optional = true }
|
||||||
|
|
||||||
# logging
|
# logging
|
||||||
console-subscriber = { workspace = true }
|
console-subscriber = { workspace = true }
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
use crate::network::Network;
|
|
||||||
|
|
||||||
struct Github;
|
|
||||||
pub(super) struct GithubEnv {
|
|
||||||
net: Network,
|
|
||||||
}
|
|
||||||
impl GithubEnv {
|
|
||||||
pub(crate) const fn new(net: Network) -> GithubEnv {
|
|
||||||
Self { net }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#[async_trait::async_trait]
|
|
||||||
impl super::ForgeLike for GithubEnv {
|
|
||||||
fn name(&self) -> String {
|
|
||||||
"github".to_string()
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn branches_get_all(&self) -> Vec<super::Branch> {
|
|
||||||
todo!()
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,34 +1,34 @@
|
||||||
#![allow(dead_code)]
|
//
|
||||||
|
|
||||||
use git_next_forge_forgejo as forgejo;
|
use git_next_forge_forgejo as forgejo;
|
||||||
|
use git_next_forge_github as github;
|
||||||
use git_next_git as git;
|
use git_next_git as git;
|
||||||
use kxio::network::Network;
|
use kxio::network::Network;
|
||||||
|
|
||||||
#[cfg(feature = "github")]
|
|
||||||
mod github;
|
|
||||||
|
|
||||||
mod mock_forge;
|
mod mock_forge;
|
||||||
|
|
||||||
#[derive(Clone, Debug)]
|
#[derive(Clone, Debug)]
|
||||||
pub enum Forge {
|
pub enum Forge {
|
||||||
Mock(mock_forge::MockForgeEnv),
|
Mock(mock_forge::MockForge),
|
||||||
#[allow(clippy::enum_variant_names)]
|
|
||||||
#[cfg(feature = "forgejo")]
|
#[cfg(feature = "forgejo")]
|
||||||
ForgeJo(forgejo::ForgeJo),
|
ForgeJo(git_next_forge_forgejo::ForgeJo),
|
||||||
|
|
||||||
#[cfg(feature = "github")]
|
#[cfg(feature = "github")]
|
||||||
Github(github::GithubEnv),
|
Github(git_next_forge_github::Github),
|
||||||
}
|
}
|
||||||
impl Forge {
|
impl Forge {
|
||||||
pub const fn new_mock() -> Self {
|
pub const fn new_mock() -> Self {
|
||||||
Self::Mock(mock_forge::MockForgeEnv::new())
|
Self::Mock(mock_forge::MockForge::new())
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(feature = "forgejo")]
|
#[cfg(feature = "forgejo")]
|
||||||
pub const fn new_forgejo(repo_details: git::RepoDetails, net: Network) -> Self {
|
pub const fn new_forgejo(repo_details: git::RepoDetails, net: Network) -> Self {
|
||||||
Self::ForgeJo(forgejo::ForgeJo::new(repo_details, net))
|
Self::ForgeJo(forgejo::ForgeJo::new(repo_details, net))
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(feature = "github")]
|
#[cfg(feature = "github")]
|
||||||
pub const fn new_github(net: Network) -> Self {
|
pub const fn new_github(repo_details: git::RepoDetails, net: Network) -> Self {
|
||||||
Self::Github(github::GithubEnv::new(net))
|
Self::Github(github::Github::new(repo_details, net))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
impl std::ops::Deref for Forge {
|
impl std::ops::Deref for Forge {
|
||||||
|
@ -39,7 +39,7 @@ impl std::ops::Deref for Forge {
|
||||||
#[cfg(feature = "forgejo")]
|
#[cfg(feature = "forgejo")]
|
||||||
Self::ForgeJo(env) => env,
|
Self::ForgeJo(env) => env,
|
||||||
#[cfg(feature = "github")]
|
#[cfg(feature = "github")]
|
||||||
Forge::Github(env) => env,
|
Self::Github(env) => env,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,23 +1,56 @@
|
||||||
//
|
//
|
||||||
#![cfg(not(tarpaulin_include))]
|
#![cfg(not(tarpaulin_include))]
|
||||||
|
|
||||||
|
use derive_more::Constructor;
|
||||||
|
use git_next_config as config;
|
||||||
use git_next_git as git;
|
use git_next_git as git;
|
||||||
|
|
||||||
struct MockForge;
|
#[derive(Clone, Debug, Constructor)]
|
||||||
#[derive(Clone, Debug)]
|
pub struct MockForge;
|
||||||
pub struct MockForgeEnv;
|
|
||||||
impl MockForgeEnv {
|
|
||||||
pub(crate) const fn new() -> Self {
|
|
||||||
Self
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#[async_trait::async_trait]
|
#[async_trait::async_trait]
|
||||||
impl git::ForgeLike for MockForgeEnv {
|
impl git::ForgeLike for MockForge {
|
||||||
fn forge_alias(&self) -> String {
|
fn name(&self) -> String {
|
||||||
"mock".to_string()
|
"mock".to_string()
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn commit_status(&self, _commit: &git::Commit) -> git::commit::Status {
|
fn is_message_authorised(
|
||||||
|
&self,
|
||||||
|
_msg: &config::WebhookMessage,
|
||||||
|
_expected: &config::WebhookAuth,
|
||||||
|
) -> bool {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn parse_webhook_body(
|
||||||
|
&self,
|
||||||
|
_body: &config::webhook::message::Body,
|
||||||
|
) -> git::forge::webhook::Result<config::webhook::push::Push> {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn commit_status(&self, _commit: &git::Commit) -> git::forge::commit::Status {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn list_webhooks(
|
||||||
|
&self,
|
||||||
|
_webhook_url: &config::server::WebhookUrl,
|
||||||
|
) -> git::forge::webhook::Result<Vec<config::WebhookId>> {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn unregister_webhook(
|
||||||
|
&self,
|
||||||
|
_webhook_id: &config::WebhookId,
|
||||||
|
) -> git::forge::webhook::Result<()> {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn register_webhook(
|
||||||
|
&self,
|
||||||
|
_webhook_url: &config::server::WebhookUrl,
|
||||||
|
) -> git::forge::webhook::Result<config::RegisteredWebhook> {
|
||||||
todo!()
|
todo!()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
use super::*;
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn test_name() {
|
|
||||||
let net = Network::new_mock();
|
|
||||||
let forge = Forge::new_github(net);
|
|
||||||
assert_eq!(forge.name(), "github");
|
|
||||||
}
|
|
|
@ -4,13 +4,10 @@ use super::*;
|
||||||
use git_next_config as config;
|
use git_next_config as config;
|
||||||
use git_next_git as git;
|
use git_next_git as git;
|
||||||
|
|
||||||
#[cfg(feature = "github")]
|
|
||||||
mod github;
|
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_mock_name() {
|
fn test_mock_name() {
|
||||||
let forge = Forge::new_mock();
|
let forge = Forge::new_mock();
|
||||||
assert_eq!(forge.forge_alias(), "mock");
|
assert_eq!(forge.name(), "mock");
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
@ -30,5 +27,5 @@ fn test_forgejo_name() {
|
||||||
config::GitDir::new(fs.base()),
|
config::GitDir::new(fs.base()),
|
||||||
);
|
);
|
||||||
let forge = Forge::new_forgejo(repo_details, net);
|
let forge = Forge::new_forgejo(repo_details, net);
|
||||||
assert_eq!(forge.forge_alias(), "forgejo");
|
assert_eq!(forge.name(), "forgejo");
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,7 +24,7 @@ kxio = { workspace = true }
|
||||||
|
|
||||||
# # TOML parsing
|
# # TOML parsing
|
||||||
# serde = { workspace = true }
|
# serde = { workspace = true }
|
||||||
# # serde_json = { workspace = true }
|
serde_json = { workspace = true }
|
||||||
# toml = { workspace = true }
|
# toml = { workspace = true }
|
||||||
|
|
||||||
# Secrets and Password
|
# Secrets and Password
|
||||||
|
@ -44,9 +44,9 @@ derive-with = { workspace = true }
|
||||||
|
|
||||||
# # file watcher
|
# # file watcher
|
||||||
# inotify = { workspace = true }
|
# inotify = { workspace = true }
|
||||||
#
|
|
||||||
# # Actors
|
# Actors
|
||||||
# actix = { workspace = true }
|
actix = { workspace = true }
|
||||||
# actix-rt = { workspace = true }
|
# actix-rt = { workspace = true }
|
||||||
# tokio = { workspace = true }
|
# tokio = { workspace = true }
|
||||||
#
|
#
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
//
|
||||||
|
use git_next_config as config;
|
||||||
|
|
||||||
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
|
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
|
||||||
#[display("{}", sha)]
|
#[display("{}", sha)]
|
||||||
pub struct Commit {
|
pub struct Commit {
|
||||||
|
@ -13,19 +16,21 @@ impl Commit {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl From<config::webhook::Push> for Commit {
|
||||||
|
fn from(value: config::webhook::Push) -> Self {
|
||||||
|
Self::new(
|
||||||
|
Sha::new(value.sha().to_owned()),
|
||||||
|
Message::new(value.message().to_owned()),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
|
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
|
||||||
pub struct Sha(String);
|
pub struct Sha(String);
|
||||||
|
|
||||||
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
|
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
|
||||||
pub struct Message(String);
|
pub struct Message(String);
|
||||||
|
|
||||||
#[derive(Debug)]
|
|
||||||
pub enum Status {
|
|
||||||
Pass,
|
|
||||||
Fail,
|
|
||||||
Pending,
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(Clone, Debug)]
|
#[derive(Clone, Debug)]
|
||||||
pub struct Histories {
|
pub struct Histories {
|
||||||
pub main: Vec<Commit>,
|
pub main: Vec<Commit>,
|
||||||
|
|
6
crates/git/src/forge/commit.rs
Normal file
6
crates/git/src/forge/commit.rs
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
#[derive(Debug)]
|
||||||
|
pub enum Status {
|
||||||
|
Pass,
|
||||||
|
Fail,
|
||||||
|
Pending,
|
||||||
|
}
|
41
crates/git/src/forge/like.rs
Normal file
41
crates/git/src/forge/like.rs
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
use crate as git;
|
||||||
|
use git_next_config as config;
|
||||||
|
|
||||||
|
#[async_trait::async_trait]
|
||||||
|
pub trait ForgeLike {
|
||||||
|
fn name(&self) -> String;
|
||||||
|
|
||||||
|
/// Checks that the message has a valid authorisation
|
||||||
|
fn is_message_authorised(
|
||||||
|
&self,
|
||||||
|
message: &config::WebhookMessage,
|
||||||
|
expected: &config::WebhookAuth,
|
||||||
|
) -> bool;
|
||||||
|
|
||||||
|
/// Parses the webhook body into Some(Push) struct if appropriate, or None if not.
|
||||||
|
fn parse_webhook_body(
|
||||||
|
&self,
|
||||||
|
body: &config::webhook::message::Body,
|
||||||
|
) -> git::forge::webhook::Result<config::webhook::push::Push>;
|
||||||
|
|
||||||
|
/// Checks the results of any (e.g. CI) status checks for the commit.
|
||||||
|
async fn commit_status(&self, commit: &git::Commit) -> git::forge::commit::Status;
|
||||||
|
|
||||||
|
// Lists all the webhooks
|
||||||
|
async fn list_webhooks(
|
||||||
|
&self,
|
||||||
|
url: &config::server::WebhookUrl,
|
||||||
|
) -> git::forge::webhook::Result<Vec<config::WebhookId>>;
|
||||||
|
|
||||||
|
// Unregisters a webhook
|
||||||
|
async fn unregister_webhook(
|
||||||
|
&self,
|
||||||
|
webhook: &config::WebhookId,
|
||||||
|
) -> git::forge::webhook::Result<()>;
|
||||||
|
|
||||||
|
// Registers a webhook
|
||||||
|
async fn register_webhook(
|
||||||
|
&self,
|
||||||
|
webhook_url: &config::server::WebhookUrl,
|
||||||
|
) -> git::forge::webhook::Result<config::RegisteredWebhook>;
|
||||||
|
}
|
3
crates/git/src/forge/mod.rs
Normal file
3
crates/git/src/forge/mod.rs
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
pub mod commit;
|
||||||
|
pub(super) mod like;
|
||||||
|
pub mod webhook;
|
34
crates/git/src/forge/webhook.rs
Normal file
34
crates/git/src/forge/webhook.rs
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
use derive_more::Display;
|
||||||
|
|
||||||
|
pub type Result<T> = core::result::Result<T, Error>;
|
||||||
|
|
||||||
|
#[derive(Debug, Display)]
|
||||||
|
pub enum Error {
|
||||||
|
#[display("network: {}", 0)]
|
||||||
|
Network(kxio::network::NetworkError),
|
||||||
|
|
||||||
|
FailedToRegister(String),
|
||||||
|
|
||||||
|
NetworkResponseEmpty,
|
||||||
|
|
||||||
|
NoRepoConfig,
|
||||||
|
|
||||||
|
FailedToNotifySelf(String),
|
||||||
|
|
||||||
|
Serde(serde_json::error::Error),
|
||||||
|
|
||||||
|
UnknownBranch(String),
|
||||||
|
}
|
||||||
|
impl std::error::Error for Error {}
|
||||||
|
|
||||||
|
impl From<kxio::network::NetworkError> for Error {
|
||||||
|
fn from(value: kxio::network::NetworkError) -> Self {
|
||||||
|
Self::Network(value)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<serde_json::error::Error> for Error {
|
||||||
|
fn from(value: serde_json::error::Error) -> Self {
|
||||||
|
Self::Serde(value)
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,9 +0,0 @@
|
||||||
use crate as git;
|
|
||||||
|
|
||||||
#[async_trait::async_trait]
|
|
||||||
pub trait ForgeLike {
|
|
||||||
fn forge_alias(&self) -> String;
|
|
||||||
|
|
||||||
/// Checks the results of any (e.g. CI) status checks for the commit.
|
|
||||||
async fn commit_status(&self, commit: &git::Commit) -> git::commit::Status;
|
|
||||||
}
|
|
|
@ -4,7 +4,7 @@ pub mod commit;
|
||||||
pub mod common;
|
pub mod common;
|
||||||
pub mod fetch;
|
pub mod fetch;
|
||||||
pub mod file;
|
pub mod file;
|
||||||
mod forge_like;
|
pub mod forge;
|
||||||
mod generation;
|
mod generation;
|
||||||
mod git_ref;
|
mod git_ref;
|
||||||
mod git_remote;
|
mod git_remote;
|
||||||
|
@ -17,7 +17,7 @@ pub mod validation;
|
||||||
mod tests;
|
mod tests;
|
||||||
|
|
||||||
pub use commit::Commit;
|
pub use commit::Commit;
|
||||||
pub use forge_like::ForgeLike;
|
pub use forge::like::ForgeLike;
|
||||||
pub use generation::Generation;
|
pub use generation::Generation;
|
||||||
pub use git_ref::GitRef;
|
pub use git_ref::GitRef;
|
||||||
pub use git_remote::GitRemote;
|
pub use git_remote::GitRemote;
|
||||||
|
|
|
@ -10,6 +10,7 @@ use git_next_config as config;
|
||||||
use git_next_config::GitDir;
|
use git_next_config::GitDir;
|
||||||
|
|
||||||
pub use open::OpenRepository;
|
pub use open::OpenRepository;
|
||||||
|
use tracing::info;
|
||||||
|
|
||||||
use crate::{repository::mock::MockRepository, validation::repo::validate_repo};
|
use crate::{repository::mock::MockRepository, validation::repo::validate_repo};
|
||||||
|
|
||||||
|
@ -29,18 +30,20 @@ pub fn mock() -> (Repository, MockRepository) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Opens a repository, cloning if necessary
|
/// Opens a repository, cloning if necessary
|
||||||
|
#[tracing::instrument(skip_all)]
|
||||||
pub fn open(
|
pub fn open(
|
||||||
repository: &Repository,
|
repository: &Repository,
|
||||||
repo_details: &RepoDetails,
|
repo_details: &RepoDetails,
|
||||||
gitdir: config::GitDir,
|
gitdir: config::GitDir,
|
||||||
) -> Result<OpenRepository> {
|
) -> Result<OpenRepository> {
|
||||||
let repository = if !gitdir.exists() {
|
let repository = if !gitdir.exists() {
|
||||||
// info!("Local copy not found - cloning...");
|
info!("Local copy not found - cloning...");
|
||||||
repository.git_clone(repo_details)?
|
repository.git_clone(repo_details)?
|
||||||
} else {
|
} else {
|
||||||
|
info!("Local copy found - opening...");
|
||||||
repository.open(&gitdir)?
|
repository.open(&gitdir)?
|
||||||
};
|
};
|
||||||
// info!("Validating...");
|
info!("Validating...");
|
||||||
validate_repo(&repository, repo_details).map_err(|e| Error::Validation(e.to_string()))?;
|
validate_repo(&repository, repo_details).map_err(|e| Error::Validation(e.to_string()))?;
|
||||||
Ok(repository)
|
Ok(repository)
|
||||||
}
|
}
|
||||||
|
|
|
@ -162,15 +162,12 @@ impl super::OpenRepositoryLike for RealOpenRepository {
|
||||||
git::commit::Sha::new(id),
|
git::commit::Sha::new(id),
|
||||||
git::commit::Message::new(message),
|
git::commit::Message::new(message),
|
||||||
);
|
);
|
||||||
info!(?commit, "found");
|
|
||||||
if find_commits.contains(&commit) {
|
if find_commits.contains(&commit) {
|
||||||
info!("Is in find_commits");
|
|
||||||
commits.push(commit);
|
commits.push(commit);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
commits.push(commit);
|
commits.push(commit);
|
||||||
}
|
}
|
||||||
info!("finished walkfing");
|
|
||||||
Ok(commits)
|
Ok(commits)
|
||||||
})?
|
})?
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,13 +15,16 @@ impl RepositoryLike for RealRepository {
|
||||||
Ok(OpenRepository::real(gix_repo))
|
Ok(OpenRepository::real(gix_repo))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[tracing::instrument(skip_all)]
|
||||||
fn git_clone(&self, repo_details: &RepoDetails) -> Result<OpenRepository, Error> {
|
fn git_clone(&self, repo_details: &RepoDetails) -> Result<OpenRepository, Error> {
|
||||||
|
tracing::info!("creating");
|
||||||
use secrecy::ExposeSecret;
|
use secrecy::ExposeSecret;
|
||||||
let (gix_repo, _outcome) = gix::prepare_clone_bare(
|
let (gix_repo, _outcome) = gix::prepare_clone_bare(
|
||||||
repo_details.origin().expose_secret().as_str(),
|
repo_details.origin().expose_secret().as_str(),
|
||||||
repo_details.gitdir.deref(),
|
repo_details.gitdir.deref(),
|
||||||
)?
|
)?
|
||||||
.fetch_only(gix::progress::Discard, &AtomicBool::new(false))?;
|
.fetch_only(gix::progress::Discard, &AtomicBool::new(false))?;
|
||||||
|
tracing::info!("created");
|
||||||
|
|
||||||
Ok(OpenRepository::real(gix_repo))
|
Ok(OpenRepository::real(gix_repo))
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,7 @@ version = { workspace = true }
|
||||||
edition = { workspace = true }
|
edition = { workspace = true }
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
default = ["forgejo"]
|
default = ["forgejo", "github"]
|
||||||
forgejo = []
|
forgejo = []
|
||||||
github = []
|
github = []
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,7 @@ mod tests;
|
||||||
use std::time::Duration;
|
use std::time::Duration;
|
||||||
|
|
||||||
use actix::prelude::*;
|
use actix::prelude::*;
|
||||||
|
use config::RegisteredWebhook;
|
||||||
use git::validation::positions::{validate_positions, Positions};
|
use git::validation::positions::{validate_positions, Positions};
|
||||||
|
|
||||||
use crate as repo_actor;
|
use crate as repo_actor;
|
||||||
|
@ -26,8 +27,8 @@ pub struct RepoActor {
|
||||||
message_token: MessageToken,
|
message_token: MessageToken,
|
||||||
repo_details: git::RepoDetails,
|
repo_details: git::RepoDetails,
|
||||||
webhook: config::server::Webhook,
|
webhook: config::server::Webhook,
|
||||||
webhook_id: Option<webhook::WebhookId>, // INFO: if [None] then no webhook is configured
|
webhook_id: Option<config::WebhookId>, // INFO: if [None] then no webhook is configured
|
||||||
webhook_auth: Option<webhook::WebhookAuth>, // INFO: if [None] then no webhook is configured
|
webhook_auth: Option<config::WebhookAuth>, // INFO: if [None] then no webhook is configured
|
||||||
last_main_commit: Option<git::Commit>,
|
last_main_commit: Option<git::Commit>,
|
||||||
last_next_commit: Option<git::Commit>,
|
last_next_commit: Option<git::Commit>,
|
||||||
last_dev_commit: Option<git::Commit>,
|
last_dev_commit: Option<git::Commit>,
|
||||||
|
@ -47,6 +48,7 @@ impl RepoActor {
|
||||||
let forge = match details.forge.forge_type() {
|
let forge = match details.forge.forge_type() {
|
||||||
#[cfg(feature = "forgejo")]
|
#[cfg(feature = "forgejo")]
|
||||||
config::ForgeType::ForgeJo => forge::Forge::new_forgejo(details.clone(), net.clone()),
|
config::ForgeType::ForgeJo => forge::Forge::new_forgejo(details.clone(), net.clone()),
|
||||||
|
config::ForgeType::GitHub => forge::Forge::new_github(details.clone(), net.clone()),
|
||||||
config::ForgeType::MockForge => forge::Forge::new_mock(),
|
config::ForgeType::MockForge => forge::Forge::new_mock(),
|
||||||
};
|
};
|
||||||
debug!(?forge, "new");
|
debug!(?forge, "new");
|
||||||
|
@ -74,10 +76,13 @@ impl Actor for RepoActor {
|
||||||
info!("Checking webhook");
|
info!("Checking webhook");
|
||||||
match self.webhook_id.take() {
|
match self.webhook_id.take() {
|
||||||
Some(webhook_id) => {
|
Some(webhook_id) => {
|
||||||
let repo_details = self.repo_details.clone();
|
|
||||||
let net = self.net.clone();
|
|
||||||
info!(%webhook_id, "Unregistring webhook");
|
info!(%webhook_id, "Unregistring webhook");
|
||||||
webhook::unregister(webhook_id, repo_details, net)
|
let forge = self.forge.clone();
|
||||||
|
async move {
|
||||||
|
if let Err(err) = forge.unregister_webhook(&webhook_id).await {
|
||||||
|
warn!("unregistering webhook: {err}");
|
||||||
|
}
|
||||||
|
}
|
||||||
.in_current_span()
|
.in_current_span()
|
||||||
.into_actor(self)
|
.into_actor(self)
|
||||||
.wait(ctx);
|
.wait(ctx);
|
||||||
|
@ -107,7 +112,7 @@ impl Handler<CloneRepo> for RepoActor {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Err(err) => warn!("Could not Clone repo: {err}"),
|
Err(err) => warn!("Could not open repo: {err}"),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -171,12 +176,26 @@ impl Handler<ValidateRepo> for RepoActor {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if self.webhook_id.is_none() {
|
if self.webhook_id.is_none() {
|
||||||
webhook::register(
|
let forge_alias = self.repo_details.forge.forge_alias();
|
||||||
self.repo_details.clone(),
|
let repo_alias = &self.repo_details.repo_alias;
|
||||||
self.webhook.clone(),
|
let webhook_url = self.webhook.url(forge_alias, repo_alias);
|
||||||
ctx.address(),
|
let forge = self.forge.clone();
|
||||||
self.net.clone(),
|
let addr = ctx.address();
|
||||||
)
|
async move {
|
||||||
|
if let Err(err) =
|
||||||
|
forge
|
||||||
|
.register_webhook(&webhook_url)
|
||||||
|
.await
|
||||||
|
.and_then(|registered_webhook| {
|
||||||
|
addr.try_send(WebhookRegistered::from(registered_webhook))
|
||||||
|
.map_err(|e| {
|
||||||
|
git::forge::webhook::Error::FailedToNotifySelf(e.to_string())
|
||||||
|
})
|
||||||
|
})
|
||||||
|
{
|
||||||
|
warn!("registering webhook: {err}");
|
||||||
|
}
|
||||||
|
}
|
||||||
.in_current_span()
|
.in_current_span()
|
||||||
.into_actor(self)
|
.into_actor(self)
|
||||||
.wait(ctx);
|
.wait(ctx);
|
||||||
|
@ -264,7 +283,12 @@ impl Handler<StartMonitoring> for RepoActor {
|
||||||
|
|
||||||
#[derive(Message)]
|
#[derive(Message)]
|
||||||
#[rtype(result = "()")]
|
#[rtype(result = "()")]
|
||||||
pub struct WebhookRegistered(webhook::WebhookId, webhook::WebhookAuth);
|
pub struct WebhookRegistered(config::WebhookId, config::WebhookAuth);
|
||||||
|
impl From<RegisteredWebhook> for WebhookRegistered {
|
||||||
|
fn from(value: RegisteredWebhook) -> Self {
|
||||||
|
Self(value.id().clone(), value.auth().clone())
|
||||||
|
}
|
||||||
|
}
|
||||||
impl Handler<WebhookRegistered> for RepoActor {
|
impl Handler<WebhookRegistered> for RepoActor {
|
||||||
type Result = ();
|
type Result = ();
|
||||||
#[tracing::instrument(name = "RepoActor::WebhookRegistered", skip_all, fields(repo = %self.repo_details, webhook_id = %msg.0))]
|
#[tracing::instrument(name = "RepoActor::WebhookRegistered", skip_all, fields(repo = %self.repo_details, webhook_id = %msg.0))]
|
||||||
|
|
|
@ -19,14 +19,14 @@ pub async fn check_next(
|
||||||
let status = forge.commit_status(&next).await;
|
let status = forge.commit_status(&next).await;
|
||||||
info!(?status, "Checking next branch");
|
info!(?status, "Checking next branch");
|
||||||
match status {
|
match status {
|
||||||
git::commit::Status::Pass => {
|
git::forge::commit::Status::Pass => {
|
||||||
addr.do_send(AdvanceMainTo(next));
|
addr.do_send(AdvanceMainTo(next));
|
||||||
}
|
}
|
||||||
git::commit::Status::Pending => {
|
git::forge::commit::Status::Pending => {
|
||||||
tokio::time::sleep(tokio::time::Duration::from_secs(10)).await;
|
tokio::time::sleep(tokio::time::Duration::from_secs(10)).await;
|
||||||
addr.do_send(ValidateRepo { message_token });
|
addr.do_send(ValidateRepo { message_token });
|
||||||
}
|
}
|
||||||
git::commit::Status::Fail => {
|
git::forge::commit::Status::Fail => {
|
||||||
warn!("Checks have failed");
|
warn!("Checks have failed");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,12 +32,3 @@ mod branch {
|
||||||
assert_eq!(next_commit, Some(expected), "Found the wrong commit");
|
assert_eq!(next_commit, Some(expected), "Found the wrong commit");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
mod webhook {
|
|
||||||
use super::super::webhook::*;
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn should_split_ref() {
|
|
||||||
assert_eq!(split_ref("refs/heads/next"), ("refs/heads/", "next"));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,195 +1,30 @@
|
||||||
|
//
|
||||||
use actix::prelude::*;
|
use actix::prelude::*;
|
||||||
use git_next_config::{
|
|
||||||
server::{Webhook, WebhookUrl},
|
use crate::{RepoActor, ValidateRepo};
|
||||||
BranchName, ForgeAlias, RepoAlias, RepoBranches,
|
use git_next_config as config;
|
||||||
};
|
|
||||||
use git_next_git as git;
|
use git_next_git as git;
|
||||||
use kxio::network::{self, json};
|
|
||||||
use tracing::{info, warn};
|
use tracing::{info, warn};
|
||||||
use ulid::DecodeError;
|
|
||||||
|
|
||||||
use std::{collections::HashMap, str::FromStr};
|
impl Handler<config::WebhookMessage> for RepoActor {
|
||||||
|
|
||||||
use crate::{RepoActor, ValidateRepo, WebhookRegistered};
|
|
||||||
|
|
||||||
#[derive(
|
|
||||||
Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Deref, derive_more::Display,
|
|
||||||
)]
|
|
||||||
pub struct WebhookId(String);
|
|
||||||
|
|
||||||
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Deref, derive_more::Display)]
|
|
||||||
pub struct WebhookAuth(ulid::Ulid);
|
|
||||||
impl WebhookAuth {
|
|
||||||
pub fn new(authorisation: &str) -> Result<Self, DecodeError> {
|
|
||||||
let id = ulid::Ulid::from_str(authorisation)?;
|
|
||||||
info!("Parse auth token: {}", id);
|
|
||||||
Ok(Self(id))
|
|
||||||
}
|
|
||||||
|
|
||||||
fn generate() -> Self {
|
|
||||||
Self(ulid::Ulid::new())
|
|
||||||
}
|
|
||||||
|
|
||||||
fn header_value(&self) -> String {
|
|
||||||
format!("Basic {}", self)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[tracing::instrument(skip_all, fields(%webhook_id))]
|
|
||||||
pub async fn unregister(
|
|
||||||
webhook_id: WebhookId,
|
|
||||||
repo_details: git::RepoDetails,
|
|
||||||
net: network::Network,
|
|
||||||
) {
|
|
||||||
let hostname = &repo_details.forge.hostname();
|
|
||||||
let repo_path = repo_details.repo_path;
|
|
||||||
use secrecy::ExposeSecret;
|
|
||||||
let token = repo_details.forge.token().expose_secret();
|
|
||||||
let url = network::NetUrl::new(format!(
|
|
||||||
"https://{hostname}/api/v1/repos/{repo_path}/hooks/{webhook_id}?token={token}"
|
|
||||||
));
|
|
||||||
let request = network::NetRequest::new(
|
|
||||||
network::RequestMethod::Delete,
|
|
||||||
url,
|
|
||||||
network::NetRequestHeaders::new(),
|
|
||||||
network::RequestBody::None,
|
|
||||||
network::ResponseType::None,
|
|
||||||
None,
|
|
||||||
network::NetRequestLogging::None,
|
|
||||||
);
|
|
||||||
let result = net.delete(request).await;
|
|
||||||
match result {
|
|
||||||
Ok(_) => info!("unregistered webhook"),
|
|
||||||
Err(err) => warn!(?err, "Failed to unregister webhook"),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[tracing::instrument(skip_all)]
|
|
||||||
pub async fn register(
|
|
||||||
repo_details: git::RepoDetails,
|
|
||||||
webhook: Webhook,
|
|
||||||
addr: actix::prelude::Addr<super::RepoActor>,
|
|
||||||
net: network::Network,
|
|
||||||
) {
|
|
||||||
let Some(repo_config) = repo_details.repo_config.clone() else {
|
|
||||||
return;
|
|
||||||
};
|
|
||||||
|
|
||||||
let forge_alias = repo_details.forge.forge_alias();
|
|
||||||
let repo_alias = &repo_details.repo_alias;
|
|
||||||
let webhook_url = webhook.url(forge_alias, repo_alias);
|
|
||||||
// remove any lingering webhooks for the same URL
|
|
||||||
let existing_webhook_ids = find_existing_webhooks(&repo_details, &webhook_url, &net).await;
|
|
||||||
for webhook_id in existing_webhook_ids {
|
|
||||||
unregister(webhook_id, repo_details.clone(), net.clone()).await;
|
|
||||||
}
|
|
||||||
|
|
||||||
let hostname = &repo_details.forge.hostname();
|
|
||||||
let repo_path = repo_details.repo_path;
|
|
||||||
use secrecy::ExposeSecret;
|
|
||||||
let token = repo_details.forge.token().expose_secret();
|
|
||||||
let url = network::NetUrl::new(format!(
|
|
||||||
"https://{hostname}/api/v1/repos/{repo_path}/hooks?token={token}"
|
|
||||||
));
|
|
||||||
let headers = network::NetRequestHeaders::new().with("Content-Type", "application/json");
|
|
||||||
let authorisation = WebhookAuth::generate();
|
|
||||||
let body = json!({
|
|
||||||
"active": true,
|
|
||||||
"authorization_header": authorisation.header_value(),
|
|
||||||
"branch_filter": format!("{{{},{},{}}}", repo_config.branches().main(), repo_config.branches().next(), repo_config.branches().dev()),
|
|
||||||
"config": {
|
|
||||||
"content_type": "json",
|
|
||||||
"url": webhook_url.as_ref(),
|
|
||||||
},
|
|
||||||
"events": [ "push" ],
|
|
||||||
"type": "forgejo"
|
|
||||||
});
|
|
||||||
let request = network::NetRequest::new(
|
|
||||||
network::RequestMethod::Post,
|
|
||||||
url,
|
|
||||||
headers,
|
|
||||||
network::RequestBody::Json(body),
|
|
||||||
network::ResponseType::Json,
|
|
||||||
None,
|
|
||||||
network::NetRequestLogging::None,
|
|
||||||
);
|
|
||||||
let result = net.post_json::<Hook>(request).await;
|
|
||||||
match result {
|
|
||||||
Ok(response) => {
|
|
||||||
if let Some(hook) = response.response_body() {
|
|
||||||
info!(webhook_id = %hook.id, "Webhook registered");
|
|
||||||
addr.do_send(WebhookRegistered(hook.id(), authorisation));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Err(_) => warn!("Failed to register webhook"),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn find_existing_webhooks(
|
|
||||||
repo_details: &git::RepoDetails,
|
|
||||||
webhook_url: &WebhookUrl,
|
|
||||||
net: &network::Network,
|
|
||||||
) -> Vec<WebhookId> {
|
|
||||||
let mut ids: Vec<WebhookId> = vec![];
|
|
||||||
let hostname = &repo_details.forge.hostname();
|
|
||||||
let repo_path = &repo_details.repo_path;
|
|
||||||
let mut page = 1;
|
|
||||||
loop {
|
|
||||||
use secrecy::ExposeSecret;
|
|
||||||
let token = &repo_details.forge.token().expose_secret();
|
|
||||||
let url =
|
|
||||||
format!("https://{hostname}/api/v1/repos/{repo_path}/hooks?page={page}&token={token}");
|
|
||||||
let net_url = network::NetUrl::new(url);
|
|
||||||
let request = network::NetRequest::new(
|
|
||||||
network::RequestMethod::Get,
|
|
||||||
net_url,
|
|
||||||
network::NetRequestHeaders::new(),
|
|
||||||
network::RequestBody::None,
|
|
||||||
network::ResponseType::Json,
|
|
||||||
None,
|
|
||||||
network::NetRequestLogging::None,
|
|
||||||
);
|
|
||||||
let result = net.get::<Vec<Hook>>(request).await;
|
|
||||||
if let Ok(response) = result {
|
|
||||||
if let Some(list) = response.response_body() {
|
|
||||||
if list.is_empty() {
|
|
||||||
return ids;
|
|
||||||
}
|
|
||||||
for hook in list {
|
|
||||||
if let Some(existing_url) = hook.config.get("url") {
|
|
||||||
if existing_url == webhook_url.as_ref() {
|
|
||||||
ids.push(hook.id());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
page += 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(Debug, serde::Deserialize)]
|
|
||||||
struct Hook {
|
|
||||||
id: i64,
|
|
||||||
config: HashMap<String, String>,
|
|
||||||
}
|
|
||||||
impl Hook {
|
|
||||||
fn id(&self) -> WebhookId {
|
|
||||||
WebhookId(format!("{}", self.id))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
impl Handler<WebhookMessage> for RepoActor {
|
|
||||||
type Result = ();
|
type Result = ();
|
||||||
|
|
||||||
#[allow(clippy::cognitive_complexity)] // TODO: (#49) reduce complexity
|
#[allow(clippy::cognitive_complexity)] // TODO: (#49) reduce complexity
|
||||||
#[tracing::instrument(name = "RepoActor::WebhookMessage", skip_all, fields(token = %self.message_token, repo = %self.repo_details))]
|
#[tracing::instrument(name = "RepoActor::WebhookMessage", skip_all, fields(token = %self.message_token, repo = %self.repo_details))]
|
||||||
fn handle(&mut self, msg: WebhookMessage, ctx: &mut Self::Context) -> Self::Result {
|
fn handle(&mut self, msg: config::WebhookMessage, ctx: &mut Self::Context) -> Self::Result {
|
||||||
let Some(expected_authorization) = &self.webhook_auth else {
|
let Some(expected_authorization) = &self.webhook_auth else {
|
||||||
warn!("Don't know what authorization to expect");
|
warn!("Don't know what authorization to expect");
|
||||||
return;
|
return;
|
||||||
};
|
};
|
||||||
if msg.authorisation() != expected_authorization {
|
let Some(config) = &self.repo_details.repo_config else {
|
||||||
|
warn!("No repo config");
|
||||||
|
return;
|
||||||
|
};
|
||||||
|
if !self
|
||||||
|
.forge
|
||||||
|
.is_message_authorised(&msg, expected_authorization)
|
||||||
|
{
|
||||||
warn!(
|
warn!(
|
||||||
"Invalid authorization - expected {}",
|
"Invalid authorization - expected {}",
|
||||||
expected_authorization
|
expected_authorization
|
||||||
|
@ -197,146 +32,62 @@ impl Handler<WebhookMessage> for RepoActor {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
let body = msg.body();
|
let body = msg.body();
|
||||||
match serde_json::from_str::<Push>(body.as_str()) {
|
match self.forge.parse_webhook_body(body) {
|
||||||
Err(err) => warn!(?err, ?body, "Not a 'push'"),
|
Err(err) => {
|
||||||
Ok(push) => {
|
warn!(?err, "Not a 'push'");
|
||||||
if let Some(config) = &self.repo_details.repo_config {
|
return;
|
||||||
match push.branch(config.branches()) {
|
}
|
||||||
None => warn!(
|
Ok(push) => match push.branch(config.branches()) {
|
||||||
|
None => {
|
||||||
|
warn!(
|
||||||
?push,
|
?push,
|
||||||
"Unrecognised branch, we should be filtering to only the ones we want"
|
"Unrecognised branch, we should be filtering to only the ones we want"
|
||||||
),
|
);
|
||||||
Some(branch) => {
|
return;
|
||||||
match branch {
|
}
|
||||||
Branch::Main => {
|
Some(config::webhook::push::Branch::Main) => {
|
||||||
if self.last_main_commit == Some(push.commit()) {
|
let commit = git::Commit::from(push);
|
||||||
|
if self.last_main_commit.as_ref() == Some(&commit) {
|
||||||
info!(
|
info!(
|
||||||
branch = %config.branches().main(),
|
branch = %config.branches().main(),
|
||||||
commit = %push.commit(),
|
%commit,
|
||||||
"Ignoring - already aware of branch at commit",
|
"Ignoring - already aware of branch at commit",
|
||||||
);
|
);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
self.last_main_commit.replace(push.commit())
|
self.last_main_commit.replace(commit);
|
||||||
}
|
}
|
||||||
Branch::Next => {
|
Some(config::webhook::push::Branch::Next) => {
|
||||||
if self.last_next_commit == Some(push.commit()) {
|
let commit = git::Commit::from(push);
|
||||||
|
if self.last_next_commit.as_ref() == Some(&commit) {
|
||||||
info!(
|
info!(
|
||||||
branch = %config.branches().next(),
|
branch = %config.branches().next(),
|
||||||
commit = %push.commit(),
|
%commit,
|
||||||
"Ignoring - already aware of branch at commit",
|
"Ignoring - already aware of branch at commit",
|
||||||
);
|
);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
self.last_next_commit.replace(push.commit())
|
self.last_next_commit.replace(commit);
|
||||||
}
|
}
|
||||||
Branch::Dev => {
|
Some(config::webhook::push::Branch::Dev) => {
|
||||||
if self.last_dev_commit == Some(push.commit()) {
|
let commit = git::Commit::from(push);
|
||||||
|
if self.last_dev_commit.as_ref() == Some(&commit) {
|
||||||
info!(
|
info!(
|
||||||
branch = %config.branches().dev(),
|
branch = %config.branches().dev(),
|
||||||
commit = %push.commit(),
|
%commit,
|
||||||
"Ignoring - already aware of branch at commit",
|
"Ignoring - already aware of branch at commit",
|
||||||
);
|
);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
self.last_dev_commit.replace(push.commit())
|
self.last_dev_commit.replace(commit);
|
||||||
|
}
|
||||||
|
},
|
||||||
}
|
}
|
||||||
};
|
|
||||||
let message_token = self.message_token.next();
|
let message_token = self.message_token.next();
|
||||||
info!(
|
info!(
|
||||||
token = %message_token,
|
token = %message_token,
|
||||||
?branch,
|
|
||||||
commit = %push.commit(),
|
|
||||||
"New commit"
|
"New commit"
|
||||||
);
|
);
|
||||||
ctx.address().do_send(ValidateRepo { message_token });
|
ctx.address().do_send(ValidateRepo { message_token });
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn split_ref(reference: &str) -> (&str, &str) {
|
|
||||||
reference.split_at(11)
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(Debug, serde::Deserialize)]
|
|
||||||
struct Push {
|
|
||||||
#[serde(rename = "ref")]
|
|
||||||
reference: String,
|
|
||||||
after: String,
|
|
||||||
head_commit: HeadCommit,
|
|
||||||
}
|
|
||||||
impl Push {
|
|
||||||
pub fn branch(&self, repo_branches: &RepoBranches) -> Option<Branch> {
|
|
||||||
if !self.reference.starts_with("refs/heads/") {
|
|
||||||
warn!(r#ref = self.reference, "Unexpected ref");
|
|
||||||
return None;
|
|
||||||
}
|
|
||||||
let (_, branch) = split_ref(&self.reference);
|
|
||||||
let branch = BranchName::new(branch);
|
|
||||||
if branch == repo_branches.main() {
|
|
||||||
return Some(Branch::Main);
|
|
||||||
}
|
|
||||||
if branch == repo_branches.next() {
|
|
||||||
return Some(Branch::Next);
|
|
||||||
}
|
|
||||||
if branch == repo_branches.dev() {
|
|
||||||
return Some(Branch::Dev);
|
|
||||||
}
|
|
||||||
warn!(%branch, "Unexpected branch");
|
|
||||||
None
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn commit(&self) -> git::Commit {
|
|
||||||
git::Commit::new(
|
|
||||||
git::commit::Sha::new(self.after.clone()),
|
|
||||||
git::commit::Message::new(self.head_commit.message.clone()),
|
|
||||||
)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(Debug)]
|
|
||||||
pub enum Branch {
|
|
||||||
Main,
|
|
||||||
Next,
|
|
||||||
Dev,
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(Debug, serde::Deserialize)]
|
|
||||||
struct HeadCommit {
|
|
||||||
message: String,
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(Message, Debug, Clone, derive_more::Constructor)]
|
|
||||||
#[rtype(result = "()")]
|
|
||||||
pub struct WebhookMessage {
|
|
||||||
forge_alias: ForgeAlias,
|
|
||||||
repo_alias: RepoAlias,
|
|
||||||
authorisation: WebhookAuth,
|
|
||||||
body: Body,
|
|
||||||
}
|
|
||||||
impl WebhookMessage {
|
|
||||||
pub const fn forge_alias(&self) -> &ForgeAlias {
|
|
||||||
&self.forge_alias
|
|
||||||
}
|
|
||||||
pub const fn repo_alias(&self) -> &RepoAlias {
|
|
||||||
&self.repo_alias
|
|
||||||
}
|
|
||||||
pub const fn body(&self) -> &Body {
|
|
||||||
&self.body
|
|
||||||
}
|
|
||||||
pub const fn authorisation(&self) -> &WebhookAuth {
|
|
||||||
&self.authorisation
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(Clone, Debug, derive_more::Constructor)]
|
|
||||||
pub struct Body(String);
|
|
||||||
impl Body {
|
|
||||||
pub fn as_str(&self) -> &str {
|
|
||||||
self.0.as_str()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -3,11 +3,6 @@ name = "git-next-server"
|
||||||
version = { workspace = true }
|
version = { workspace = true }
|
||||||
edition = { workspace = true }
|
edition = { workspace = true }
|
||||||
|
|
||||||
[features]
|
|
||||||
default = ["forgejo"]
|
|
||||||
forgejo = []
|
|
||||||
github = []
|
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
git-next-config = { workspace = true }
|
git-next-config = { workspace = true }
|
||||||
git-next-git = { workspace = true }
|
git-next-git = { workspace = true }
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
// crate::server::actors::webhook
|
// crate::server::actors::webhook
|
||||||
|
use actix::prelude::*;
|
||||||
|
|
||||||
mod router;
|
mod router;
|
||||||
mod server;
|
mod server;
|
||||||
|
|
||||||
|
use git_next_config as config;
|
||||||
|
|
||||||
use std::net::SocketAddr;
|
use std::net::SocketAddr;
|
||||||
|
|
||||||
use actix::prelude::*;
|
|
||||||
|
|
||||||
use git_next_repo_actor::webhook::WebhookMessage;
|
|
||||||
pub use router::AddWebhookRecipient;
|
pub use router::AddWebhookRecipient;
|
||||||
pub use router::WebhookRouter;
|
pub use router::WebhookRouter;
|
||||||
use tracing::Instrument;
|
use tracing::Instrument;
|
||||||
|
@ -17,10 +17,13 @@ pub struct WebhookActor {
|
||||||
socket_addr: SocketAddr,
|
socket_addr: SocketAddr,
|
||||||
span: tracing::Span,
|
span: tracing::Span,
|
||||||
spawn_handle: Option<actix::SpawnHandle>,
|
spawn_handle: Option<actix::SpawnHandle>,
|
||||||
message_receiver: Recipient<WebhookMessage>,
|
message_receiver: Recipient<config::WebhookMessage>,
|
||||||
}
|
}
|
||||||
impl WebhookActor {
|
impl WebhookActor {
|
||||||
pub fn new(socket_addr: SocketAddr, message_receiver: Recipient<WebhookMessage>) -> Self {
|
pub fn new(
|
||||||
|
socket_addr: SocketAddr,
|
||||||
|
message_receiver: Recipient<config::WebhookMessage>,
|
||||||
|
) -> Self {
|
||||||
let span = tracing::info_span!("WebhookActor");
|
let span = tracing::info_span!("WebhookActor");
|
||||||
Self {
|
Self {
|
||||||
socket_addr,
|
socket_addr,
|
||||||
|
@ -34,7 +37,7 @@ impl Actor for WebhookActor {
|
||||||
type Context = actix::Context<Self>;
|
type Context = actix::Context<Self>;
|
||||||
fn started(&mut self, ctx: &mut Self::Context) {
|
fn started(&mut self, ctx: &mut Self::Context) {
|
||||||
let _gaurd = self.span.enter();
|
let _gaurd = self.span.enter();
|
||||||
let address: Recipient<WebhookMessage> = self.message_receiver.clone();
|
let address: Recipient<config::WebhookMessage> = self.message_receiver.clone();
|
||||||
let server = server::start(self.socket_addr, address);
|
let server = server::start(self.socket_addr, address);
|
||||||
let spawn_handle = ctx.spawn(server.in_current_span().into_actor(self));
|
let spawn_handle = ctx.spawn(server.in_current_span().into_actor(self));
|
||||||
self.spawn_handle.replace(spawn_handle);
|
self.spawn_handle.replace(spawn_handle);
|
||||||
|
|
|
@ -3,8 +3,8 @@ use std::collections::HashMap;
|
||||||
|
|
||||||
use actix::prelude::*;
|
use actix::prelude::*;
|
||||||
use derive_more::Constructor;
|
use derive_more::Constructor;
|
||||||
|
use git_next_config::WebhookMessage;
|
||||||
use git_next_config::{ForgeAlias, RepoAlias};
|
use git_next_config::{ForgeAlias, RepoAlias};
|
||||||
use git_next_repo_actor::webhook::WebhookMessage;
|
|
||||||
use tracing::{debug, info};
|
use tracing::{debug, info};
|
||||||
|
|
||||||
pub struct WebhookRouter {
|
pub struct WebhookRouter {
|
||||||
|
|
|
@ -1,14 +1,17 @@
|
||||||
//
|
//
|
||||||
use std::net::SocketAddr;
|
use std::{collections::HashMap, net::SocketAddr};
|
||||||
|
|
||||||
use actix::prelude::*;
|
use actix::prelude::*;
|
||||||
|
|
||||||
use git_next_config::{ForgeAlias, RepoAlias};
|
use config::{ForgeAlias, RepoAlias};
|
||||||
use git_next_repo_actor::webhook::{self, WebhookAuth, WebhookMessage};
|
use git_next_config as config;
|
||||||
use tracing::{info, warn};
|
|
||||||
use warp::reject::Rejection;
|
|
||||||
|
|
||||||
pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<WebhookMessage>) {
|
use tracing::{info, warn};
|
||||||
|
|
||||||
|
pub async fn start(
|
||||||
|
socket_addr: SocketAddr,
|
||||||
|
address: actix::prelude::Recipient<config::WebhookMessage>,
|
||||||
|
) {
|
||||||
// start webhook server
|
// start webhook server
|
||||||
use warp::Filter;
|
use warp::Filter;
|
||||||
// Define the Warp route to handle incoming HTTP requests
|
// Define the Warp route to handle incoming HTTP requests
|
||||||
|
@ -19,7 +22,7 @@ pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<W
|
||||||
.and(warp::header::headers_cloned())
|
.and(warp::header::headers_cloned())
|
||||||
.and(warp::body::bytes())
|
.and(warp::body::bytes())
|
||||||
.and_then(
|
.and_then(
|
||||||
|recipient: Recipient<WebhookMessage>,
|
|recipient: Recipient<config::WebhookMessage>,
|
||||||
forge_alias: String,
|
forge_alias: String,
|
||||||
repo_alias: String,
|
repo_alias: String,
|
||||||
// query: String,
|
// query: String,
|
||||||
|
@ -29,29 +32,16 @@ pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<W
|
||||||
let forge_alias = ForgeAlias::new(forge_alias);
|
let forge_alias = ForgeAlias::new(forge_alias);
|
||||||
let repo_alias = RepoAlias::new(repo_alias);
|
let repo_alias = RepoAlias::new(repo_alias);
|
||||||
let bytes = body.to_vec();
|
let bytes = body.to_vec();
|
||||||
let body = webhook::Body::new(String::from_utf8_lossy(&bytes).to_string());
|
let body = config::webhook::message::Body::new(
|
||||||
headers.get("Authorization").map_or_else(
|
String::from_utf8_lossy(&bytes).to_string(),
|
||||||
|| {
|
|
||||||
warn!("No Authorization header");
|
|
||||||
Err(warp::reject())
|
|
||||||
},
|
|
||||||
|authorisation_header| {
|
|
||||||
info!(
|
|
||||||
forge = %forge_alias,
|
|
||||||
repo = %repo_alias,
|
|
||||||
?authorisation_header,
|
|
||||||
"Received webhook",
|
|
||||||
);
|
|
||||||
// TODO: (#86) Authorization isn't presented consistently, allow each forge
|
|
||||||
// to parse the authorization from the request
|
|
||||||
match parse_auth(authorisation_header) {
|
|
||||||
Ok(authorisation) => {
|
|
||||||
let message = WebhookMessage::new(
|
|
||||||
forge_alias,
|
|
||||||
repo_alias,
|
|
||||||
authorisation,
|
|
||||||
body,
|
|
||||||
);
|
);
|
||||||
|
let headers = headers
|
||||||
|
.into_iter()
|
||||||
|
.filter_map(|(k, v)| {
|
||||||
|
k.map(|k| (k.to_string(), v.to_str().unwrap_or_default().to_string()))
|
||||||
|
})
|
||||||
|
.collect::<HashMap<String, String>>();
|
||||||
|
let message = config::WebhookMessage::new(forge_alias, repo_alias, headers, body);
|
||||||
recipient
|
recipient
|
||||||
.try_send(message)
|
.try_send(message)
|
||||||
.map(|_| {
|
.map(|_| {
|
||||||
|
@ -62,14 +52,6 @@ pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<W
|
||||||
warn!("Unknown error: {:?}", e);
|
warn!("Unknown error: {:?}", e);
|
||||||
warp::reject()
|
warp::reject()
|
||||||
})
|
})
|
||||||
}
|
|
||||||
Err(e) => {
|
|
||||||
warn!(?e, "Failed to decode authorization header");
|
|
||||||
Err(warp::reject())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
)
|
|
||||||
},
|
},
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -77,27 +59,3 @@ pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<W
|
||||||
info!("Starting webhook server: {}", socket_addr);
|
info!("Starting webhook server: {}", socket_addr);
|
||||||
warp::serve(route).run(socket_addr).await;
|
warp::serve(route).run(socket_addr).await;
|
||||||
}
|
}
|
||||||
|
|
||||||
fn parse_auth(authorization_header: &warp::http::HeaderValue) -> Result<WebhookAuth, Rejection> {
|
|
||||||
WebhookAuth::new(
|
|
||||||
authorization_header
|
|
||||||
.to_str()
|
|
||||||
.map_err(|e| {
|
|
||||||
warn!("Invalid non-ascii value in authorization: {:?}", e);
|
|
||||||
warp::reject()
|
|
||||||
}) // valid characters
|
|
||||||
.map(|v| {
|
|
||||||
info!("raw auth header: {}", v);
|
|
||||||
v
|
|
||||||
})?
|
|
||||||
.strip_prefix("Basic ")
|
|
||||||
.ok_or_else(|| {
|
|
||||||
warn!("Authorization must be 'Basic'");
|
|
||||||
warp::reject()
|
|
||||||
})?, // must start with "Basic "
|
|
||||||
)
|
|
||||||
.map_err(|e| {
|
|
||||||
warn!(?e, "decode error");
|
|
||||||
warp::reject()
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in a new issue