feat: Add support for GitHub
Some checks failed
ci/woodpecker/push/cron-docker-builder Pipeline was successful
ci/woodpecker/push/push-next Pipeline failed
ci/woodpecker/push/tag-created Pipeline was successful
Rust / build (push) Successful in 1m27s

This doesn't include GitHub Enterprise

Closes kemitix/git-next#86
This commit is contained in:
Paul Campbell 2024-05-25 11:25:13 +01:00
parent 206e64cd5b
commit 4bd7f255b6
49 changed files with 1254 additions and 539 deletions

View file

@ -7,6 +7,7 @@ members = [
"crates/git", "crates/git",
"crates/forge", "crates/forge",
"crates/forge-forgejo", "crates/forge-forgejo",
"crates/forge-github",
"crates/repo-actor", "crates/repo-actor",
] ]
@ -26,6 +27,7 @@ git-next-config = { path = "crates/config" }
git-next-git = { path = "crates/git" } git-next-git = { path = "crates/git" }
git-next-forge = { path = "crates/forge" } git-next-forge = { path = "crates/forge" }
git-next-forge-forgejo = { path = "crates/forge-forgejo" } git-next-forge-forgejo = { path = "crates/forge-forgejo" }
git-next-forge-github = { path = "crates/forge-github" }
git-next-repo-actor = { path = "crates/repo-actor" } git-next-repo-actor = { path = "crates/repo-actor" }
# CLI parsing # CLI parsing
@ -39,6 +41,11 @@ tracing-subscriber = "0.3"
# base64 decoding # base64 decoding
base64 = "0.22" base64 = "0.22"
# sha256 encoding (e.g. verify github webhooks)
hmac = "0.12"
sha2 = "0.10"
hex = "0.4"
# git # git
# gix = "0.62" # gix = "0.62"
gix = { version = "0.63", features = [ gix = { version = "0.63", features = [

View file

@ -172,6 +172,46 @@ In the directory with your `git-next-server.toml` file, run the command:
git next server start git next server start
``` ```
### Forges
The following forges are supported: [ForgeJo](https://forgejo.org) and [GitHub](https://github.com/).
#### ForgeJo
Configure the forge in `git-next-server.toml` like:
```toml
[forge.jo]
forge_type = "ForgeJo"
hostname = "git.myforgejo.com"
user = "bob"
token = "..."
[forge.jo.repos]
hello = { repo = "user/hello", branch = "main", gitdir = "/opt/git/projects/user/hello.git" } # maps to https://git.example.net/user/hello on the branch 'main'
world = { repo = "user/world", branch = "master", main = "master", next = "upcoming", "dev" = "develop" } # maps to the 'master' branch
```
The token is created `/user/settings/applications` and requires the `write:repository` permission.
#### GitHub
Configure the forge in `git-next-server.toml` like:
```toml
[forge.gh]
forge_type = "GitHub"
hostname = "github.com"
user = "bob"
token = "..."
[forge.gh.repos]
hello = { repo = "user/hello", branch = "main", gitdir = "/opt/git/projects/user/hello.git" } # maps to https://github.com/user/hello on the branch 'main'
world = { repo = "user/world", branch = "master", main = "master", next = "upcoming", "dev" = "develop" } # maps to the 'master' branch
```
The token is created [here](https://github.com/settings/tokens/new) and requires the `repo` and `admin:repo_hook` permissions.
## Contributing ## Contributing
Contributions to `git-next` are welcome! If you find a bug or have a feature Contributions to `git-next` are welcome! If you find a bug or have a feature
@ -201,15 +241,17 @@ stateDiagram-v2
forge --> config forge --> config
forge --> git forge --> git
forge --> forgejo forge --> forgejo
forge --> github
forgejo --> config forgejo --> config
forgejo --> git forgejo --> git
github --> config
github --> git
repo_actor --> config repo_actor --> config
repo_actor --> git repo_actor --> git
repo_actor --> forge repo_actor --> forge
``` ```
## License ## License

View file

@ -4,7 +4,7 @@ version = { workspace = true }
edition = { workspace = true } edition = { workspace = true }
[features] [features]
default = ["forgejo"] default = ["forgejo", "github"]
forgejo = [] forgejo = []
github = [] github = []
@ -36,9 +36,9 @@ secrecy = { workspace = true }
# # Conventional Commit check # # Conventional Commit check
# git-conventional = { workspace = true } # git-conventional = { workspace = true }
# #
# # Webhooks # Webhooks
# bytes = { workspace = true } # bytes = { workspace = true }
# ulid = { workspace = true } ulid = { workspace = true }
# warp = { workspace = true } # warp = { workspace = true }
# boilerplate # boilerplate

View file

@ -4,7 +4,8 @@ pub enum ForgeType {
#[cfg(feature = "forgejo")] #[cfg(feature = "forgejo")]
ForgeJo, ForgeJo,
// Gitea, // Gitea,
// GitHub, #[cfg(feature = "github")]
GitHub,
// GitLab, // GitLab,
// BitBucket, // BitBucket,
#[default] #[default]

View file

@ -8,6 +8,7 @@ mod forge_name;
mod forge_type; mod forge_type;
pub mod git_dir; pub mod git_dir;
mod host_name; mod host_name;
mod registered_webhook;
mod repo_alias; mod repo_alias;
mod repo_branches; mod repo_branches;
mod repo_config; mod repo_config;
@ -16,6 +17,7 @@ mod repo_path;
pub mod server; pub mod server;
mod server_repo_config; mod server_repo_config;
mod user; mod user;
pub mod webhook;
#[cfg(test)] #[cfg(test)]
mod tests; mod tests;
@ -28,6 +30,7 @@ pub use forge_name::ForgeAlias;
pub use forge_type::ForgeType; pub use forge_type::ForgeType;
pub use git_dir::GitDir; pub use git_dir::GitDir;
pub use host_name::Hostname; pub use host_name::Hostname;
pub use registered_webhook::RegisteredWebhook;
pub use repo_alias::RepoAlias; pub use repo_alias::RepoAlias;
pub use repo_branches::RepoBranches; pub use repo_branches::RepoBranches;
pub use repo_config::RepoConfig; pub use repo_config::RepoConfig;
@ -35,3 +38,6 @@ pub use repo_config_source::RepoConfigSource;
pub use repo_path::RepoPath; pub use repo_path::RepoPath;
pub use server_repo_config::ServerRepoConfig; pub use server_repo_config::ServerRepoConfig;
pub use user::User; pub use user::User;
pub use webhook::auth::WebhookAuth;
pub use webhook::id::WebhookId;
pub use webhook::message::WebhookMessage;

View file

@ -0,0 +1,16 @@
//
use crate as config;
#[derive(Debug, derive_more::Constructor)]
pub struct RegisteredWebhook {
id: config::WebhookId,
auth: config::WebhookAuth,
}
impl RegisteredWebhook {
pub const fn id(&self) -> &config::WebhookId {
&self.id
}
pub const fn auth(&self) -> &config::WebhookAuth {
&self.auth
}
}

View file

@ -0,0 +1,50 @@
use std::str::FromStr as _;
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Deref, derive_more::Display)]
pub struct WebhookAuth(ulid::Ulid);
impl WebhookAuth {
pub fn new(authorisation: &str) -> Result<Self, ulid::DecodeError> {
let id = ulid::Ulid::from_str(authorisation)?;
tracing::info!("Parse auth token: {}", id);
Ok(Self(id))
}
pub fn generate() -> Self {
Self(ulid::Ulid::new())
}
pub fn header_value(&self) -> String {
format!("Basic {}", self)
}
pub const fn to_bytes(&self) -> [u8; 16] {
self.0.to_bytes()
}
}
#[cfg(test)]
mod tests {
use crate::WebhookAuth;
#[test]
fn bytes() -> Result<(), Box<dyn std::error::Error>> {
let ulid = ulid::Ulid::new();
let wa = WebhookAuth::new(ulid.to_string().as_str())?;
assert_eq!(ulid.to_bytes(), wa.to_bytes());
Ok(())
}
#[test]
fn string() -> Result<(), Box<dyn std::error::Error>> {
let ulid = ulid::Ulid::new();
let wa = WebhookAuth::new(ulid.to_string().as_str())?;
assert_eq!(ulid.to_string(), wa.to_string());
Ok(())
}
}

View file

@ -0,0 +1,4 @@
use derive_more::{Constructor, Deref, Display};
#[derive(Clone, Debug, PartialEq, Eq, Constructor, Deref, Display)]
pub struct WebhookId(String);

View file

@ -0,0 +1,45 @@
//
use actix::prelude::*;
use crate as config;
use std::collections::HashMap;
#[derive(Message, Debug, Clone, derive_more::Constructor)]
#[rtype(result = "()")]
pub struct WebhookMessage {
forge_alias: config::ForgeAlias,
repo_alias: config::RepoAlias,
headers: HashMap<String, String>,
body: Body,
}
impl WebhookMessage {
pub const fn forge_alias(&self) -> &config::ForgeAlias {
&self.forge_alias
}
pub const fn repo_alias(&self) -> &config::RepoAlias {
&self.repo_alias
}
pub const fn body(&self) -> &Body {
&self.body
}
#[deprecated]
pub const fn authorisation(&self) -> &config::WebhookAuth {
todo!()
}
pub fn header(&self, header: &str) -> Option<String> {
self.headers.get(header).map(|value| value.to_string())
}
}
#[derive(Clone, Debug, derive_more::Constructor)]
pub struct Body(String);
impl Body {
pub fn as_str(&self) -> &str {
self.0.as_str()
}
pub fn as_bytes(&self) -> &[u8] {
self.0.as_bytes()
}
}

View file

@ -0,0 +1,6 @@
pub mod auth;
pub mod id;
pub mod message;
pub mod push;
pub use push::Push;

View file

@ -0,0 +1,39 @@
//
use crate as config;
use derive_more::Constructor;
#[derive(Debug, Constructor)]
pub struct Push {
branch: config::BranchName,
sha: String,
message: String,
}
impl Push {
pub fn branch(&self, repo_branches: &crate::RepoBranches) -> Option<Branch> {
if self.branch == repo_branches.main() {
return Some(Branch::Main);
}
if self.branch == repo_branches.next() {
return Some(Branch::Next);
}
if self.branch == repo_branches.dev() {
return Some(Branch::Dev);
}
tracing::warn!(branch = %self.branch, "Unexpected branch");
None
}
pub fn sha(&self) -> &str {
&self.sha
}
pub fn message(&self) -> &str {
&self.message
}
}
#[derive(Debug)]
pub enum Branch {
Main,
Next,
Dev,
}

View file

@ -1,7 +1,12 @@
//
mod webhook;
use git::forge::commit::Status;
use git_next_config as config;
use git_next_git as git; use git_next_git as git;
use kxio::network::{self, Network}; use kxio::network::{self, Network};
use tracing::{error, warn}; use tracing::warn;
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub struct ForgeJo { pub struct ForgeJo {
@ -15,11 +20,32 @@ impl ForgeJo {
} }
#[async_trait::async_trait] #[async_trait::async_trait]
impl git::ForgeLike for ForgeJo { impl git::ForgeLike for ForgeJo {
fn forge_alias(&self) -> String { fn name(&self) -> String {
"forgejo".to_string() "forgejo".to_string()
} }
async fn commit_status(&self, commit: &git::Commit) -> git::commit::Status { fn is_message_authorised(
&self,
msg: &config::WebhookMessage,
expected: &config::WebhookAuth,
) -> bool {
let authorization = msg.header("authorization");
tracing::info!(?authorization, %expected, "is message authorised?");
authorization
.and_then(|header| header.strip_prefix("Basic ").map(|v| v.to_owned()))
.and_then(|value| config::WebhookAuth::new(value.as_str()).ok())
.map(|auth| &auth == expected)
.unwrap_or(false)
}
fn parse_webhook_body(
&self,
body: &config::webhook::message::Body,
) -> git::forge::webhook::Result<config::webhook::Push> {
webhook::parse_body(body)
}
async fn commit_status(&self, commit: &git::Commit) -> Status {
let repo_details = &self.repo_details; let repo_details = &self.repo_details;
let hostname = &repo_details.forge.hostname(); let hostname = &repo_details.forge.hostname();
let repo_path = &repo_details.repo_path; let repo_path = &repo_details.repo_path;
@ -44,33 +70,54 @@ impl git::ForgeLike for ForgeJo {
Ok(response) => { Ok(response) => {
match response.response_body() { match response.response_body() {
Some(status) => match status.state { Some(status) => match status.state {
CommitStatusState::Success => git::commit::Status::Pass, ForgejoState::Success => Status::Pass,
CommitStatusState::Pending => git::commit::Status::Pending, ForgejoState::Pending => Status::Pending,
CommitStatusState::Failure => git::commit::Status::Fail, ForgejoState::Failure => Status::Fail,
CommitStatusState::Error => git::commit::Status::Fail, ForgejoState::Error => Status::Fail,
CommitStatusState::Blank => git::commit::Status::Pending, ForgejoState::Blank => Status::Pending,
}, },
None => { None => {
warn!("No status found for commit"); warn!("No status found for commit");
git::commit::Status::Pending // assume issue is transient and allow retry Status::Pending // assume issue is transient and allow retry
} }
} }
} }
Err(e) => { Err(e) => {
error!(?e, "Failed to get commit status"); warn!(?e, "Failed to get commit status");
git::commit::Status::Pending // assume issue is transient and allow retry Status::Pending // assume issue is transient and allow retry
} }
} }
} }
async fn list_webhooks(
&self,
webhook_url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<Vec<config::WebhookId>> {
webhook::list(&self.repo_details, webhook_url, &self.net).await
}
async fn unregister_webhook(
&self,
webhook_id: &config::WebhookId,
) -> git::forge::webhook::Result<()> {
webhook::unregister(webhook_id, &self.repo_details, &self.net).await
}
async fn register_webhook(
&self,
webhook_url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<config::RegisteredWebhook> {
webhook::register(&self.repo_details, webhook_url, &self.net).await
}
} }
#[derive(Debug, serde::Deserialize)] #[derive(Debug, serde::Deserialize)]
pub struct CombinedStatus { struct CombinedStatus {
pub state: CommitStatusState, pub state: ForgejoState,
} }
#[derive(Debug, serde::Deserialize)] #[derive(Debug, serde::Deserialize)]
pub enum CommitStatusState { enum ForgejoState {
#[serde(rename = "success")] #[serde(rename = "success")]
Success, Success,
#[serde(rename = "pending")] #[serde(rename = "pending")]

View file

@ -0,0 +1,54 @@
//
use git_next_config as config;
use git_next_git as git;
use kxio::network;
use crate::webhook::Hook;
pub async fn list(
repo_details: &git::RepoDetails,
webhook_url: &config::server::WebhookUrl,
net: &network::Network,
) -> git::forge::webhook::Result<Vec<config::WebhookId>> {
let mut ids: Vec<config::WebhookId> = vec![];
let hostname = &repo_details.forge.hostname();
let repo_path = &repo_details.repo_path;
let mut page = 1;
loop {
use secrecy::ExposeSecret;
let token = &repo_details.forge.token().expose_secret();
let url =
format!("https://{hostname}/api/v1/repos/{repo_path}/hooks?page={page}&token={token}");
let net_url = network::NetUrl::new(url);
let request = network::NetRequest::new(
network::RequestMethod::Get,
net_url,
network::NetRequestHeaders::new(),
network::RequestBody::None,
network::ResponseType::Json,
None,
network::NetRequestLogging::None,
);
let result = net.get::<Vec<Hook>>(request).await;
match result {
Ok(response) => {
if let Some(list) = response.response_body() {
if list.is_empty() {
return Ok(ids);
}
for hook in list {
if let Some(existing_url) = hook.config.get("url") {
if existing_url.starts_with(webhook_url.as_ref()) {
ids.push(hook.id());
}
}
}
page += 1;
}
}
Err(e) => {
return Err(git::forge::webhook::Error::Network(e));
}
};
}
}

View file

@ -0,0 +1,52 @@
//
use git_next_config as config;
use git_next_git as git;
//
use std::collections::HashMap;
mod list;
mod parse;
mod register;
mod unregister;
pub use list::list;
pub use parse::parse_body;
pub use register::register;
pub use unregister::unregister;
#[derive(Debug, serde::Deserialize)]
struct Hook {
id: i64,
config: HashMap<String, String>,
}
impl Hook {
fn id(&self) -> config::WebhookId {
config::WebhookId::new(format!("{}", self.id))
}
}
#[derive(Debug, serde::Deserialize)]
pub struct Push {
#[serde(rename = "ref")]
reference: String,
after: String,
head_commit: HeadCommit,
}
impl TryFrom<Push> for config::webhook::Push {
type Error = git::forge::webhook::Error;
fn try_from(push: Push) -> Result<Self, Self::Error> {
let branch = push
.reference
.splitn(3, '/') // should be of the form 'refs/heads/branchname'
.nth(2)
.map(config::BranchName::new)
.ok_or(git::forge::webhook::Error::UnknownBranch(push.reference))?;
Ok(Self::new(branch, push.after, push.head_commit.message))
}
}
#[derive(Debug, serde::Deserialize)]
struct HeadCommit {
message: String,
}

View file

@ -0,0 +1,10 @@
//
use crate as forgejo;
use git_next_config as config;
use git_next_git as git;
pub fn parse_body(
body: &config::webhook::message::Body,
) -> git::forge::webhook::Result<config::webhook::Push> {
serde_json::from_str::<forgejo::webhook::Push>(body.as_str())?.try_into()
}

View file

@ -0,0 +1,76 @@
//
use git_next_config as config;
use git_next_git as git;
use kxio::network;
use tracing::{info, warn};
use crate::webhook;
use crate::webhook::Hook;
#[tracing::instrument(skip_all)]
// TODO: caller must do this: addr.do_send(WebhookRegistered(hook.id(), authorisation));
pub async fn register(
repo_details: &git::RepoDetails,
webhook_url: &config::server::WebhookUrl,
net: &network::Network,
) -> git::forge::webhook::Result<config::RegisteredWebhook> {
let Some(repo_config) = repo_details.repo_config.clone() else {
return Err(git::forge::webhook::Error::NoRepoConfig);
};
// remove any lingering webhooks for the same URL
let existing_webhook_ids = webhook::list(repo_details, webhook_url, net).await?;
for webhook_id in existing_webhook_ids {
webhook::unregister(&webhook_id, repo_details, net).await?;
}
let hostname = &repo_details.forge.hostname();
let repo_path = &repo_details.repo_path;
use secrecy::ExposeSecret;
let token = repo_details.forge.token().expose_secret();
let url = network::NetUrl::new(format!(
"https://{hostname}/api/v1/repos/{repo_path}/hooks?token={token}"
));
let repo_alias = &repo_details.repo_alias;
let headers = network::NetRequestHeaders::new().with("Content-Type", "application/json");
let authorisation = config::WebhookAuth::generate();
let body = network::json!({
"active": true,
"authorization_header": authorisation.header_value(),
"branch_filter": format!("{{{},{},{}}}", repo_config.branches().main(), repo_config.branches().next(), repo_config.branches().dev()),
"config": {
"content_type": "json",
"url": format!("{}/{}", webhook_url.as_ref(), repo_alias),
},
"events": [ "push" ],
"type": "forgejo"
});
let request = network::NetRequest::new(
network::RequestMethod::Post,
url,
headers,
network::RequestBody::Json(body),
network::ResponseType::Json,
None,
network::NetRequestLogging::None,
);
let result = net.post_json::<Hook>(request).await;
match result {
Ok(response) => {
let Some(hook) = response.response_body() else {
return Err(git::forge::webhook::Error::NetworkResponseEmpty);
};
info!(webhook_id = %hook.id, "Webhook registered");
Ok(config::RegisteredWebhook::new(
config::WebhookId::new(format!("{}", hook.id)),
authorisation,
))
}
Err(e) => {
warn!("Failed to register webhook");
Err(git::forge::webhook::Error::FailedToRegister(e.to_string()))
}
}
}

View file

@ -0,0 +1,30 @@
//
use git_next_config as config;
use git_next_git as git;
use kxio::network;
pub async fn unregister(
webhook_id: &config::WebhookId,
repo_details: &git::RepoDetails,
net: &network::Network,
) -> git::forge::webhook::Result<()> {
let hostname = &repo_details.forge.hostname();
let repo_path = &repo_details.repo_path;
use secrecy::ExposeSecret;
let token = repo_details.forge.token().expose_secret();
let url = network::NetUrl::new(format!(
"https://{hostname}/api/v1/repos/{repo_path}/hooks/{webhook_id}?token={token}"
));
let request = network::NetRequest::new(
network::RequestMethod::Delete,
url,
network::NetRequestHeaders::new(),
network::RequestBody::None,
network::ResponseType::None,
None,
network::NetRequestLogging::None,
);
let result = net.delete(request).await;
Ok(result.map(|_| ())?)
}

View file

@ -0,0 +1,67 @@
[package]
name = "git-next-forge-github"
version = { workspace = true }
edition = { workspace = true }
[dependencies]
git-next-config = { workspace = true }
git-next-git = { workspace = true }
# own version
clap = { workspace = true }
# logging
console-subscriber = { workspace = true }
tracing = { workspace = true }
tracing-subscriber = { workspace = true }
# sha256 encoding (e.g. verify github webhooks)
hmac = { workspace = true }
sha2 = { workspace = true }
hex = { workspace = true }
# base64 decoding
base64 = { workspace = true }
# git
async-trait = { workspace = true }
# fs/network
kxio = { workspace = true }
# TOML parsing
serde = { workspace = true }
serde_json = { workspace = true }
toml = { workspace = true }
# Secrets and Password
secrecy = { workspace = true }
# Conventional Commit check
git-conventional = { workspace = true }
# Webhooks
bytes = { workspace = true }
ulid = { workspace = true }
warp = { workspace = true }
# boilerplate
derive_more = { workspace = true }
# file watcher
inotify = { workspace = true }
# # Actors
# actix = { workspace = true }
# actix-rt = { workspace = true }
tokio = { workspace = true }
[dev-dependencies]
# Testing
assert2 = { workspace = true }
[lints.clippy]
nursery = { level = "warn", priority = -1 }
# pedantic = "warn"
unwrap_used = "warn"
expect_used = "warn"

File diff suppressed because one or more lines are too long

View file

@ -0,0 +1,253 @@
//
#[cfg(test)]
mod tests;
mod webhook;
use crate as github;
use git::forge::commit::Status;
use git_next_config as config;
use git_next_git as git;
use derive_more::Constructor;
use kxio::network::{self, Network};
use tracing::{error, info, warn};
#[derive(Clone, Debug, Constructor)]
pub struct Github {
repo_details: git::RepoDetails,
net: Network,
}
#[async_trait::async_trait]
impl git::ForgeLike for Github {
fn name(&self) -> String {
"github".to_string()
}
fn is_message_authorised(
&self,
msg: &config::WebhookMessage,
webhook_auth: &config::WebhookAuth,
) -> bool {
let Some(github_signature) = msg
.header("x-hub-signature-256")
.map(|x| x.trim_matches('"').to_string())
.and_then(|sha| sha.strip_prefix("sha256=").map(|k| k.to_string()))
else {
warn!("no signature header found");
return false;
};
let Ok(gh_sig) = hex::decode(github_signature) else {
eprintln!("can't decode github signature");
return false;
};
let payload = msg.body().as_str();
use hmac::Mac;
type HmacSha256 = hmac::Hmac<sha2::Sha256>;
let Ok(mut hmac) = HmacSha256::new_from_slice(webhook_auth.to_string().as_bytes()) else {
error!("failed to parse webhook auth token");
return false;
};
hmac::Mac::update(&mut hmac, payload.as_ref());
hmac::Mac::verify_slice(hmac, gh_sig.as_ref()).is_ok()
}
fn parse_webhook_body(
&self,
body: &config::webhook::message::Body,
) -> git::forge::webhook::Result<config::webhook::push::Push> {
serde_json::from_str::<github::webhook::Push>(body.as_str())?.try_into()
}
/// Checks the results of any (e.g. CI) status checks for the commit.
///
/// GitHub: https://docs.github.com/en/rest/commits/statuses?apiVersion=2022-11-28#list-commit-statuses-for-a-reference
async fn commit_status(&self, commit: &git::Commit) -> Status {
let repo_details = &self.repo_details;
let repo_path = &repo_details.repo_path;
let api_token = &repo_details.forge.token();
use secrecy::ExposeSecret;
let token = api_token.expose_secret();
let url = network::NetUrl::new(format!(
"https://api.github.com/repos/${repo_path}/commits/{commit}/check-runs"
));
let headers = network::NetRequestHeaders::new()
.with("X-GitHub-Api-Version", "2022-11-28")
.with("Authorization", format!("Bearer: {token}").as_str());
let request = network::NetRequest::new(
network::RequestMethod::Get,
url,
headers,
network::RequestBody::None,
network::ResponseType::Json,
None,
network::NetRequestLogging::Both, // TODO: change this to None
);
let result = self.net.get::<Vec<GitHubStatus>>(request).await;
match result {
Ok(response) => response.response_body().map_or_else(
|| {
warn!("No status found for commit");
Status::Pending // assume issue is transient and allow retry
},
|statuses| {
statuses
.into_iter()
.map(|status| match status.state {
GithubState::Success => Status::Pass,
GithubState::Pending => Status::Pending,
GithubState::Failure => Status::Fail,
GithubState::Error => Status::Fail,
GithubState::Blank => Status::Pending,
})
.reduce(|l, r| match (l, r) {
(Status::Pass, Status::Pass) => Status::Pass,
(_, Status::Fail) => Status::Fail,
(_, Status::Pending) => Status::Pending,
(Status::Fail, _) => Status::Fail,
(Status::Pending, _) => Status::Pending,
})
.unwrap_or_else(|| {
warn!("No status checks configured for 'next' branch",);
Status::Pass
})
},
),
Err(e) => {
warn!(?e, "Failed to get commit status");
Status::Pending // assume issue is transient and allow retry
}
}
}
// https://docs.github.com/en/rest/repos/webhooks?apiVersion=2022-11-28#list-repository-webhooks
async fn list_webhooks(
&self,
_webhook_url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<Vec<config::WebhookId>> {
todo!("list_webhooks")
}
// https://docs.github.com/en/rest/repos/webhooks?apiVersion=2022-11-28#delete-a-repository-webhook
async fn unregister_webhook(
&self,
webhook_id: &config::WebhookId,
) -> git::forge::webhook::Result<()> {
let net = &self.net;
let repo_details = &self.repo_details;
use secrecy::ExposeSecret;
let request = network::NetRequest::new(
network::RequestMethod::Delete,
network::NetUrl::new(format!(
"https://api.github.com/repos/{}/hooks/{}",
repo_details.repo_path, webhook_id
)),
network::NetRequestHeaders::default()
.with("Accept", "application/vnd.github+json")
.with(
"User-Agent",
format!("git-next/server/{}", clap::crate_version!()).as_str(),
)
.with(
"Authorization",
format!("Bearer {}", repo_details.forge.token().expose_secret()).as_str(),
)
.with("X-GitHub-Api-Version", "2022-11-28"),
network::RequestBody::None,
network::ResponseType::None,
None,
network::NetRequestLogging::None,
);
if let Err(e) = net.post_json::<GithubHook>(request).await {
warn!("Failed to register webhook");
return Err(git::forge::webhook::Error::FailedToRegister(e.to_string()));
}
Ok(())
}
// https://docs.github.com/en/rest/repos/webhooks?apiVersion=2022-11-28#create-a-repository-webhook
async fn register_webhook(
&self,
webhook_url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<config::RegisteredWebhook> {
let net = &self.net;
let repo_details = &self.repo_details;
let authorisation = config::WebhookAuth::generate();
use secrecy::ExposeSecret;
let request = network::NetRequest::new(
network::RequestMethod::Post,
network::NetUrl::new(format!(
"https://api.github.com/repos/{}/hooks",
repo_details.repo_path
)),
network::NetRequestHeaders::default()
.with("Accept", "application/vnd.github+json")
.with(
"User-Agent",
format!("git-next/server/{}", clap::crate_version!()).as_str(),
)
.with(
"Authorization",
format!("Bearer {}", repo_details.forge.token().expose_secret()).as_str(),
)
.with("X-GitHub-Api-Version", "2022-11-28"),
network::RequestBody::Json(network::json!({
"name": "web",
"active": true,
"events": ["push"],
"config": {
"url": webhook_url.as_ref(),
"content_type": "json",
"secret": authorisation.to_string(),
"insecure_ssl": "0",
}
})),
network::ResponseType::Json,
None,
network::NetRequestLogging::None,
);
let result = net.post_json::<GithubHook>(request).await;
match result {
Ok(response) => {
let Some(hook) = response.response_body() else {
return Err(git::forge::webhook::Error::NetworkResponseEmpty);
};
info!(webhook_id = %hook.id, "Webhook registered");
Ok(config::RegisteredWebhook::new(
config::WebhookId::new(format!("{}", hook.id)),
authorisation,
))
}
Err(e) => {
warn!("Failed to register webhook");
Err(git::forge::webhook::Error::FailedToRegister(e.to_string()))
}
}
}
}
#[derive(Debug, serde::Deserialize)]
struct GitHubStatus {
pub state: GithubState,
// other fields that we ignore
}
#[derive(Debug, serde::Deserialize)]
enum GithubState {
#[serde(rename = "success")]
Success,
#[serde(rename = "pending")]
Pending,
#[serde(rename = "failure")]
Failure,
#[serde(rename = "error")]
Error,
#[serde(rename = "")]
Blank,
}
#[derive(Debug, serde::Deserialize)]
struct GithubHook {
pub id: u64,
}

View file

@ -0,0 +1,73 @@
//
use git::ForgeLike;
use git_next_config as config;
use git_next_git as git;
use std::collections::HashMap;
type TestResult = Result<(), Box<dyn std::error::Error>>;
#[test]
fn accepts_valid_webhook_signature() -> TestResult {
//given
// we registered a webhook with this secret:
let webhook_auth = config::WebhookAuth::new("01HZ598CS1K9E0C193ND175XHJ")?;
// then recorded the following test message from github:
let headers = HashMap::from([(
"x-hub-signature-256".to_string(),
"sha256=6c801b0730b1ce06bf38f901de40206d3b0e93ef7b9bf09a5cf28ad9c4221bab".to_string(),
)]);
let payload = config::webhook::message::Body::new(include_str!("payload.json").to_string());
// this reproduces that message:
let message = message(headers, payload);
//when
// now, we attempt to recreate the signature in the header given the same message:
let result = forge().is_message_authorised(&message, &webhook_auth);
//then
// if we succeed: then result will be true:
assert!(result);
Ok(())
}
fn message(
headers: HashMap<String, String>,
payload: config::webhook::message::Body,
) -> config::WebhookMessage {
config::WebhookMessage::new(
config::ForgeAlias::new("".to_string()),
config::RepoAlias::new(""),
headers,
payload,
)
}
fn forge() -> crate::Github {
crate::Github::new(
git::RepoDetails::new(
git::Generation::new(),
&config::RepoAlias::new(""),
&config::ServerRepoConfig::new(
"a".to_string(),
"b".to_string(),
None,
None,
None,
None,
),
&config::ForgeAlias::new("c".to_string()),
&config::ForgeConfig::new(
config::ForgeType::GitHub,
"d".to_string(),
"e".to_string(),
"f".to_string(),
std::collections::BTreeMap::default(),
),
config::GitDir::default(),
),
kxio::network::Network::new_mock(),
)
}

File diff suppressed because one or more lines are too long

View file

@ -0,0 +1,28 @@
//
use git_next_config as config;
use git_next_git as git;
#[derive(Debug, serde::Deserialize)]
pub struct Push {
#[serde(rename = "ref")]
reference: String,
after: String,
head_commit: HeadCommit,
}
#[derive(Debug, serde::Deserialize)]
pub struct HeadCommit {
message: String,
}
impl TryFrom<Push> for config::webhook::Push {
type Error = git::forge::webhook::Error;
fn try_from(push: Push) -> Result<Self, Self::Error> {
let branch = push
.reference
.splitn(3, '/') // should be of the form 'refs/heads/branchname'
.nth(2)
.map(config::BranchName::new)
.ok_or(git::forge::webhook::Error::UnknownBranch(push.reference))?;
Ok(Self::new(branch, push.after, push.head_commit.message))
}
}

View file

@ -4,14 +4,15 @@ version = { workspace = true }
edition = { workspace = true } edition = { workspace = true }
[features] [features]
default = ["forgejo"] default = ["forgejo", "github"]
forgejo = ["git-next-forge-forgejo"] forgejo = ["git-next-forge-forgejo"]
github = [] github = ["git-next-forge-github"]
[dependencies] [dependencies]
git-next-config = { workspace = true } git-next-config = { workspace = true }
git-next-git = { workspace = true } git-next-git = { workspace = true }
git-next-forge-forgejo = { workspace = true, optional = true } git-next-forge-forgejo = { workspace = true, optional = true }
git-next-forge-github = { workspace = true, optional = true }
# logging # logging
console-subscriber = { workspace = true } console-subscriber = { workspace = true }

View file

@ -1,21 +0,0 @@
use crate::network::Network;
struct Github;
pub(super) struct GithubEnv {
net: Network,
}
impl GithubEnv {
pub(crate) const fn new(net: Network) -> GithubEnv {
Self { net }
}
}
#[async_trait::async_trait]
impl super::ForgeLike for GithubEnv {
fn name(&self) -> String {
"github".to_string()
}
async fn branches_get_all(&self) -> Vec<super::Branch> {
todo!()
}
}

View file

@ -1,34 +1,34 @@
#![allow(dead_code)] //
use git_next_forge_forgejo as forgejo; use git_next_forge_forgejo as forgejo;
use git_next_forge_github as github;
use git_next_git as git; use git_next_git as git;
use kxio::network::Network; use kxio::network::Network;
#[cfg(feature = "github")]
mod github;
mod mock_forge; mod mock_forge;
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub enum Forge { pub enum Forge {
Mock(mock_forge::MockForgeEnv), Mock(mock_forge::MockForge),
#[allow(clippy::enum_variant_names)]
#[cfg(feature = "forgejo")] #[cfg(feature = "forgejo")]
ForgeJo(forgejo::ForgeJo), ForgeJo(git_next_forge_forgejo::ForgeJo),
#[cfg(feature = "github")] #[cfg(feature = "github")]
Github(github::GithubEnv), Github(git_next_forge_github::Github),
} }
impl Forge { impl Forge {
pub const fn new_mock() -> Self { pub const fn new_mock() -> Self {
Self::Mock(mock_forge::MockForgeEnv::new()) Self::Mock(mock_forge::MockForge::new())
} }
#[cfg(feature = "forgejo")] #[cfg(feature = "forgejo")]
pub const fn new_forgejo(repo_details: git::RepoDetails, net: Network) -> Self { pub const fn new_forgejo(repo_details: git::RepoDetails, net: Network) -> Self {
Self::ForgeJo(forgejo::ForgeJo::new(repo_details, net)) Self::ForgeJo(forgejo::ForgeJo::new(repo_details, net))
} }
#[cfg(feature = "github")] #[cfg(feature = "github")]
pub const fn new_github(net: Network) -> Self { pub const fn new_github(repo_details: git::RepoDetails, net: Network) -> Self {
Self::Github(github::GithubEnv::new(net)) Self::Github(github::Github::new(repo_details, net))
} }
} }
impl std::ops::Deref for Forge { impl std::ops::Deref for Forge {
@ -39,7 +39,7 @@ impl std::ops::Deref for Forge {
#[cfg(feature = "forgejo")] #[cfg(feature = "forgejo")]
Self::ForgeJo(env) => env, Self::ForgeJo(env) => env,
#[cfg(feature = "github")] #[cfg(feature = "github")]
Forge::Github(env) => env, Self::Github(env) => env,
} }
} }
} }

View file

@ -1,23 +1,56 @@
// //
#![cfg(not(tarpaulin_include))] #![cfg(not(tarpaulin_include))]
use derive_more::Constructor;
use git_next_config as config;
use git_next_git as git; use git_next_git as git;
struct MockForge; #[derive(Clone, Debug, Constructor)]
#[derive(Clone, Debug)] pub struct MockForge;
pub struct MockForgeEnv;
impl MockForgeEnv {
pub(crate) const fn new() -> Self {
Self
}
}
#[async_trait::async_trait] #[async_trait::async_trait]
impl git::ForgeLike for MockForgeEnv { impl git::ForgeLike for MockForge {
fn forge_alias(&self) -> String { fn name(&self) -> String {
"mock".to_string() "mock".to_string()
} }
async fn commit_status(&self, _commit: &git::Commit) -> git::commit::Status { fn is_message_authorised(
&self,
_msg: &config::WebhookMessage,
_expected: &config::WebhookAuth,
) -> bool {
todo!()
}
fn parse_webhook_body(
&self,
_body: &config::webhook::message::Body,
) -> git::forge::webhook::Result<config::webhook::push::Push> {
todo!()
}
async fn commit_status(&self, _commit: &git::Commit) -> git::forge::commit::Status {
todo!()
}
async fn list_webhooks(
&self,
_webhook_url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<Vec<config::WebhookId>> {
todo!()
}
async fn unregister_webhook(
&self,
_webhook_id: &config::WebhookId,
) -> git::forge::webhook::Result<()> {
todo!()
}
async fn register_webhook(
&self,
_webhook_url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<config::RegisteredWebhook> {
todo!() todo!()
} }
} }

View file

@ -1,8 +0,0 @@
use super::*;
#[test]
fn test_name() {
let net = Network::new_mock();
let forge = Forge::new_github(net);
assert_eq!(forge.name(), "github");
}

View file

@ -4,13 +4,10 @@ use super::*;
use git_next_config as config; use git_next_config as config;
use git_next_git as git; use git_next_git as git;
#[cfg(feature = "github")]
mod github;
#[test] #[test]
fn test_mock_name() { fn test_mock_name() {
let forge = Forge::new_mock(); let forge = Forge::new_mock();
assert_eq!(forge.forge_alias(), "mock"); assert_eq!(forge.name(), "mock");
} }
#[test] #[test]
@ -30,5 +27,5 @@ fn test_forgejo_name() {
config::GitDir::new(fs.base()), config::GitDir::new(fs.base()),
); );
let forge = Forge::new_forgejo(repo_details, net); let forge = Forge::new_forgejo(repo_details, net);
assert_eq!(forge.forge_alias(), "forgejo"); assert_eq!(forge.name(), "forgejo");
} }

View file

@ -24,7 +24,7 @@ kxio = { workspace = true }
# # TOML parsing # # TOML parsing
# serde = { workspace = true } # serde = { workspace = true }
# # serde_json = { workspace = true } serde_json = { workspace = true }
# toml = { workspace = true } # toml = { workspace = true }
# Secrets and Password # Secrets and Password
@ -44,9 +44,9 @@ derive-with = { workspace = true }
# # file watcher # # file watcher
# inotify = { workspace = true } # inotify = { workspace = true }
#
# # Actors # Actors
# actix = { workspace = true } actix = { workspace = true }
# actix-rt = { workspace = true } # actix-rt = { workspace = true }
# tokio = { workspace = true } # tokio = { workspace = true }
# #

View file

@ -1,3 +1,6 @@
//
use git_next_config as config;
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)] #[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
#[display("{}", sha)] #[display("{}", sha)]
pub struct Commit { pub struct Commit {
@ -13,19 +16,21 @@ impl Commit {
} }
} }
impl From<config::webhook::Push> for Commit {
fn from(value: config::webhook::Push) -> Self {
Self::new(
Sha::new(value.sha().to_owned()),
Message::new(value.message().to_owned()),
)
}
}
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)] #[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
pub struct Sha(String); pub struct Sha(String);
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)] #[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
pub struct Message(String); pub struct Message(String);
#[derive(Debug)]
pub enum Status {
Pass,
Fail,
Pending,
}
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub struct Histories { pub struct Histories {
pub main: Vec<Commit>, pub main: Vec<Commit>,

View file

@ -0,0 +1,6 @@
#[derive(Debug)]
pub enum Status {
Pass,
Fail,
Pending,
}

View file

@ -0,0 +1,41 @@
use crate as git;
use git_next_config as config;
#[async_trait::async_trait]
pub trait ForgeLike {
fn name(&self) -> String;
/// Checks that the message has a valid authorisation
fn is_message_authorised(
&self,
message: &config::WebhookMessage,
expected: &config::WebhookAuth,
) -> bool;
/// Parses the webhook body into Some(Push) struct if appropriate, or None if not.
fn parse_webhook_body(
&self,
body: &config::webhook::message::Body,
) -> git::forge::webhook::Result<config::webhook::push::Push>;
/// Checks the results of any (e.g. CI) status checks for the commit.
async fn commit_status(&self, commit: &git::Commit) -> git::forge::commit::Status;
// Lists all the webhooks
async fn list_webhooks(
&self,
url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<Vec<config::WebhookId>>;
// Unregisters a webhook
async fn unregister_webhook(
&self,
webhook: &config::WebhookId,
) -> git::forge::webhook::Result<()>;
// Registers a webhook
async fn register_webhook(
&self,
webhook_url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<config::RegisteredWebhook>;
}

View file

@ -0,0 +1,3 @@
pub mod commit;
pub(super) mod like;
pub mod webhook;

View file

@ -0,0 +1,34 @@
use derive_more::Display;
pub type Result<T> = core::result::Result<T, Error>;
#[derive(Debug, Display)]
pub enum Error {
#[display("network: {}", 0)]
Network(kxio::network::NetworkError),
FailedToRegister(String),
NetworkResponseEmpty,
NoRepoConfig,
FailedToNotifySelf(String),
Serde(serde_json::error::Error),
UnknownBranch(String),
}
impl std::error::Error for Error {}
impl From<kxio::network::NetworkError> for Error {
fn from(value: kxio::network::NetworkError) -> Self {
Self::Network(value)
}
}
impl From<serde_json::error::Error> for Error {
fn from(value: serde_json::error::Error) -> Self {
Self::Serde(value)
}
}

View file

@ -1,9 +0,0 @@
use crate as git;
#[async_trait::async_trait]
pub trait ForgeLike {
fn forge_alias(&self) -> String;
/// Checks the results of any (e.g. CI) status checks for the commit.
async fn commit_status(&self, commit: &git::Commit) -> git::commit::Status;
}

View file

@ -4,7 +4,7 @@ pub mod commit;
pub mod common; pub mod common;
pub mod fetch; pub mod fetch;
pub mod file; pub mod file;
mod forge_like; pub mod forge;
mod generation; mod generation;
mod git_ref; mod git_ref;
mod git_remote; mod git_remote;
@ -17,7 +17,7 @@ pub mod validation;
mod tests; mod tests;
pub use commit::Commit; pub use commit::Commit;
pub use forge_like::ForgeLike; pub use forge::like::ForgeLike;
pub use generation::Generation; pub use generation::Generation;
pub use git_ref::GitRef; pub use git_ref::GitRef;
pub use git_remote::GitRemote; pub use git_remote::GitRemote;

View file

@ -10,6 +10,7 @@ use git_next_config as config;
use git_next_config::GitDir; use git_next_config::GitDir;
pub use open::OpenRepository; pub use open::OpenRepository;
use tracing::info;
use crate::{repository::mock::MockRepository, validation::repo::validate_repo}; use crate::{repository::mock::MockRepository, validation::repo::validate_repo};
@ -29,18 +30,20 @@ pub fn mock() -> (Repository, MockRepository) {
} }
/// Opens a repository, cloning if necessary /// Opens a repository, cloning if necessary
#[tracing::instrument(skip_all)]
pub fn open( pub fn open(
repository: &Repository, repository: &Repository,
repo_details: &RepoDetails, repo_details: &RepoDetails,
gitdir: config::GitDir, gitdir: config::GitDir,
) -> Result<OpenRepository> { ) -> Result<OpenRepository> {
let repository = if !gitdir.exists() { let repository = if !gitdir.exists() {
// info!("Local copy not found - cloning..."); info!("Local copy not found - cloning...");
repository.git_clone(repo_details)? repository.git_clone(repo_details)?
} else { } else {
info!("Local copy found - opening...");
repository.open(&gitdir)? repository.open(&gitdir)?
}; };
// info!("Validating..."); info!("Validating...");
validate_repo(&repository, repo_details).map_err(|e| Error::Validation(e.to_string()))?; validate_repo(&repository, repo_details).map_err(|e| Error::Validation(e.to_string()))?;
Ok(repository) Ok(repository)
} }

View file

@ -162,15 +162,12 @@ impl super::OpenRepositoryLike for RealOpenRepository {
git::commit::Sha::new(id), git::commit::Sha::new(id),
git::commit::Message::new(message), git::commit::Message::new(message),
); );
info!(?commit, "found");
if find_commits.contains(&commit) { if find_commits.contains(&commit) {
info!("Is in find_commits");
commits.push(commit); commits.push(commit);
break; break;
} }
commits.push(commit); commits.push(commit);
} }
info!("finished walkfing");
Ok(commits) Ok(commits)
})? })?
} }

View file

@ -15,13 +15,16 @@ impl RepositoryLike for RealRepository {
Ok(OpenRepository::real(gix_repo)) Ok(OpenRepository::real(gix_repo))
} }
#[tracing::instrument(skip_all)]
fn git_clone(&self, repo_details: &RepoDetails) -> Result<OpenRepository, Error> { fn git_clone(&self, repo_details: &RepoDetails) -> Result<OpenRepository, Error> {
tracing::info!("creating");
use secrecy::ExposeSecret; use secrecy::ExposeSecret;
let (gix_repo, _outcome) = gix::prepare_clone_bare( let (gix_repo, _outcome) = gix::prepare_clone_bare(
repo_details.origin().expose_secret().as_str(), repo_details.origin().expose_secret().as_str(),
repo_details.gitdir.deref(), repo_details.gitdir.deref(),
)? )?
.fetch_only(gix::progress::Discard, &AtomicBool::new(false))?; .fetch_only(gix::progress::Discard, &AtomicBool::new(false))?;
tracing::info!("created");
Ok(OpenRepository::real(gix_repo)) Ok(OpenRepository::real(gix_repo))
} }

View file

@ -4,7 +4,7 @@ version = { workspace = true }
edition = { workspace = true } edition = { workspace = true }
[features] [features]
default = ["forgejo"] default = ["forgejo", "github"]
forgejo = [] forgejo = []
github = [] github = []

View file

@ -9,6 +9,7 @@ mod tests;
use std::time::Duration; use std::time::Duration;
use actix::prelude::*; use actix::prelude::*;
use config::RegisteredWebhook;
use git::validation::positions::{validate_positions, Positions}; use git::validation::positions::{validate_positions, Positions};
use crate as repo_actor; use crate as repo_actor;
@ -26,8 +27,8 @@ pub struct RepoActor {
message_token: MessageToken, message_token: MessageToken,
repo_details: git::RepoDetails, repo_details: git::RepoDetails,
webhook: config::server::Webhook, webhook: config::server::Webhook,
webhook_id: Option<webhook::WebhookId>, // INFO: if [None] then no webhook is configured webhook_id: Option<config::WebhookId>, // INFO: if [None] then no webhook is configured
webhook_auth: Option<webhook::WebhookAuth>, // INFO: if [None] then no webhook is configured webhook_auth: Option<config::WebhookAuth>, // INFO: if [None] then no webhook is configured
last_main_commit: Option<git::Commit>, last_main_commit: Option<git::Commit>,
last_next_commit: Option<git::Commit>, last_next_commit: Option<git::Commit>,
last_dev_commit: Option<git::Commit>, last_dev_commit: Option<git::Commit>,
@ -47,6 +48,7 @@ impl RepoActor {
let forge = match details.forge.forge_type() { let forge = match details.forge.forge_type() {
#[cfg(feature = "forgejo")] #[cfg(feature = "forgejo")]
config::ForgeType::ForgeJo => forge::Forge::new_forgejo(details.clone(), net.clone()), config::ForgeType::ForgeJo => forge::Forge::new_forgejo(details.clone(), net.clone()),
config::ForgeType::GitHub => forge::Forge::new_github(details.clone(), net.clone()),
config::ForgeType::MockForge => forge::Forge::new_mock(), config::ForgeType::MockForge => forge::Forge::new_mock(),
}; };
debug!(?forge, "new"); debug!(?forge, "new");
@ -74,13 +76,16 @@ impl Actor for RepoActor {
info!("Checking webhook"); info!("Checking webhook");
match self.webhook_id.take() { match self.webhook_id.take() {
Some(webhook_id) => { Some(webhook_id) => {
let repo_details = self.repo_details.clone();
let net = self.net.clone();
info!(%webhook_id, "Unregistring webhook"); info!(%webhook_id, "Unregistring webhook");
webhook::unregister(webhook_id, repo_details, net) let forge = self.forge.clone();
.in_current_span() async move {
.into_actor(self) if let Err(err) = forge.unregister_webhook(&webhook_id).await {
.wait(ctx); warn!("unregistering webhook: {err}");
}
}
.in_current_span()
.into_actor(self)
.wait(ctx);
Running::Continue Running::Continue
} }
None => Running::Stop, None => Running::Stop,
@ -107,7 +112,7 @@ impl Handler<CloneRepo> for RepoActor {
}); });
} }
} }
Err(err) => warn!("Could not Clone repo: {err}"), Err(err) => warn!("Could not open repo: {err}"),
} }
} }
} }
@ -171,12 +176,26 @@ impl Handler<ValidateRepo> for RepoActor {
} }
} }
if self.webhook_id.is_none() { if self.webhook_id.is_none() {
webhook::register( let forge_alias = self.repo_details.forge.forge_alias();
self.repo_details.clone(), let repo_alias = &self.repo_details.repo_alias;
self.webhook.clone(), let webhook_url = self.webhook.url(forge_alias, repo_alias);
ctx.address(), let forge = self.forge.clone();
self.net.clone(), let addr = ctx.address();
) async move {
if let Err(err) =
forge
.register_webhook(&webhook_url)
.await
.and_then(|registered_webhook| {
addr.try_send(WebhookRegistered::from(registered_webhook))
.map_err(|e| {
git::forge::webhook::Error::FailedToNotifySelf(e.to_string())
})
})
{
warn!("registering webhook: {err}");
}
}
.in_current_span() .in_current_span()
.into_actor(self) .into_actor(self)
.wait(ctx); .wait(ctx);
@ -264,7 +283,12 @@ impl Handler<StartMonitoring> for RepoActor {
#[derive(Message)] #[derive(Message)]
#[rtype(result = "()")] #[rtype(result = "()")]
pub struct WebhookRegistered(webhook::WebhookId, webhook::WebhookAuth); pub struct WebhookRegistered(config::WebhookId, config::WebhookAuth);
impl From<RegisteredWebhook> for WebhookRegistered {
fn from(value: RegisteredWebhook) -> Self {
Self(value.id().clone(), value.auth().clone())
}
}
impl Handler<WebhookRegistered> for RepoActor { impl Handler<WebhookRegistered> for RepoActor {
type Result = (); type Result = ();
#[tracing::instrument(name = "RepoActor::WebhookRegistered", skip_all, fields(repo = %self.repo_details, webhook_id = %msg.0))] #[tracing::instrument(name = "RepoActor::WebhookRegistered", skip_all, fields(repo = %self.repo_details, webhook_id = %msg.0))]

View file

@ -19,14 +19,14 @@ pub async fn check_next(
let status = forge.commit_status(&next).await; let status = forge.commit_status(&next).await;
info!(?status, "Checking next branch"); info!(?status, "Checking next branch");
match status { match status {
git::commit::Status::Pass => { git::forge::commit::Status::Pass => {
addr.do_send(AdvanceMainTo(next)); addr.do_send(AdvanceMainTo(next));
} }
git::commit::Status::Pending => { git::forge::commit::Status::Pending => {
tokio::time::sleep(tokio::time::Duration::from_secs(10)).await; tokio::time::sleep(tokio::time::Duration::from_secs(10)).await;
addr.do_send(ValidateRepo { message_token }); addr.do_send(ValidateRepo { message_token });
} }
git::commit::Status::Fail => { git::forge::commit::Status::Fail => {
warn!("Checks have failed"); warn!("Checks have failed");
} }
} }

View file

@ -32,12 +32,3 @@ mod branch {
assert_eq!(next_commit, Some(expected), "Found the wrong commit"); assert_eq!(next_commit, Some(expected), "Found the wrong commit");
} }
} }
mod webhook {
use super::super::webhook::*;
#[test]
fn should_split_ref() {
assert_eq!(split_ref("refs/heads/next"), ("refs/heads/", "next"));
}
}

View file

@ -1,195 +1,30 @@
//
use actix::prelude::*; use actix::prelude::*;
use git_next_config::{
server::{Webhook, WebhookUrl}, use crate::{RepoActor, ValidateRepo};
BranchName, ForgeAlias, RepoAlias, RepoBranches, use git_next_config as config;
};
use git_next_git as git; use git_next_git as git;
use kxio::network::{self, json};
use tracing::{info, warn}; use tracing::{info, warn};
use ulid::DecodeError;
use std::{collections::HashMap, str::FromStr}; impl Handler<config::WebhookMessage> for RepoActor {
use crate::{RepoActor, ValidateRepo, WebhookRegistered};
#[derive(
Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Deref, derive_more::Display,
)]
pub struct WebhookId(String);
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Deref, derive_more::Display)]
pub struct WebhookAuth(ulid::Ulid);
impl WebhookAuth {
pub fn new(authorisation: &str) -> Result<Self, DecodeError> {
let id = ulid::Ulid::from_str(authorisation)?;
info!("Parse auth token: {}", id);
Ok(Self(id))
}
fn generate() -> Self {
Self(ulid::Ulid::new())
}
fn header_value(&self) -> String {
format!("Basic {}", self)
}
}
#[tracing::instrument(skip_all, fields(%webhook_id))]
pub async fn unregister(
webhook_id: WebhookId,
repo_details: git::RepoDetails,
net: network::Network,
) {
let hostname = &repo_details.forge.hostname();
let repo_path = repo_details.repo_path;
use secrecy::ExposeSecret;
let token = repo_details.forge.token().expose_secret();
let url = network::NetUrl::new(format!(
"https://{hostname}/api/v1/repos/{repo_path}/hooks/{webhook_id}?token={token}"
));
let request = network::NetRequest::new(
network::RequestMethod::Delete,
url,
network::NetRequestHeaders::new(),
network::RequestBody::None,
network::ResponseType::None,
None,
network::NetRequestLogging::None,
);
let result = net.delete(request).await;
match result {
Ok(_) => info!("unregistered webhook"),
Err(err) => warn!(?err, "Failed to unregister webhook"),
}
}
#[tracing::instrument(skip_all)]
pub async fn register(
repo_details: git::RepoDetails,
webhook: Webhook,
addr: actix::prelude::Addr<super::RepoActor>,
net: network::Network,
) {
let Some(repo_config) = repo_details.repo_config.clone() else {
return;
};
let forge_alias = repo_details.forge.forge_alias();
let repo_alias = &repo_details.repo_alias;
let webhook_url = webhook.url(forge_alias, repo_alias);
// remove any lingering webhooks for the same URL
let existing_webhook_ids = find_existing_webhooks(&repo_details, &webhook_url, &net).await;
for webhook_id in existing_webhook_ids {
unregister(webhook_id, repo_details.clone(), net.clone()).await;
}
let hostname = &repo_details.forge.hostname();
let repo_path = repo_details.repo_path;
use secrecy::ExposeSecret;
let token = repo_details.forge.token().expose_secret();
let url = network::NetUrl::new(format!(
"https://{hostname}/api/v1/repos/{repo_path}/hooks?token={token}"
));
let headers = network::NetRequestHeaders::new().with("Content-Type", "application/json");
let authorisation = WebhookAuth::generate();
let body = json!({
"active": true,
"authorization_header": authorisation.header_value(),
"branch_filter": format!("{{{},{},{}}}", repo_config.branches().main(), repo_config.branches().next(), repo_config.branches().dev()),
"config": {
"content_type": "json",
"url": webhook_url.as_ref(),
},
"events": [ "push" ],
"type": "forgejo"
});
let request = network::NetRequest::new(
network::RequestMethod::Post,
url,
headers,
network::RequestBody::Json(body),
network::ResponseType::Json,
None,
network::NetRequestLogging::None,
);
let result = net.post_json::<Hook>(request).await;
match result {
Ok(response) => {
if let Some(hook) = response.response_body() {
info!(webhook_id = %hook.id, "Webhook registered");
addr.do_send(WebhookRegistered(hook.id(), authorisation));
}
}
Err(_) => warn!("Failed to register webhook"),
}
}
async fn find_existing_webhooks(
repo_details: &git::RepoDetails,
webhook_url: &WebhookUrl,
net: &network::Network,
) -> Vec<WebhookId> {
let mut ids: Vec<WebhookId> = vec![];
let hostname = &repo_details.forge.hostname();
let repo_path = &repo_details.repo_path;
let mut page = 1;
loop {
use secrecy::ExposeSecret;
let token = &repo_details.forge.token().expose_secret();
let url =
format!("https://{hostname}/api/v1/repos/{repo_path}/hooks?page={page}&token={token}");
let net_url = network::NetUrl::new(url);
let request = network::NetRequest::new(
network::RequestMethod::Get,
net_url,
network::NetRequestHeaders::new(),
network::RequestBody::None,
network::ResponseType::Json,
None,
network::NetRequestLogging::None,
);
let result = net.get::<Vec<Hook>>(request).await;
if let Ok(response) = result {
if let Some(list) = response.response_body() {
if list.is_empty() {
return ids;
}
for hook in list {
if let Some(existing_url) = hook.config.get("url") {
if existing_url == webhook_url.as_ref() {
ids.push(hook.id());
}
}
}
}
}
page += 1;
}
}
#[derive(Debug, serde::Deserialize)]
struct Hook {
id: i64,
config: HashMap<String, String>,
}
impl Hook {
fn id(&self) -> WebhookId {
WebhookId(format!("{}", self.id))
}
}
impl Handler<WebhookMessage> for RepoActor {
type Result = (); type Result = ();
#[allow(clippy::cognitive_complexity)] // TODO: (#49) reduce complexity #[allow(clippy::cognitive_complexity)] // TODO: (#49) reduce complexity
#[tracing::instrument(name = "RepoActor::WebhookMessage", skip_all, fields(token = %self.message_token, repo = %self.repo_details))] #[tracing::instrument(name = "RepoActor::WebhookMessage", skip_all, fields(token = %self.message_token, repo = %self.repo_details))]
fn handle(&mut self, msg: WebhookMessage, ctx: &mut Self::Context) -> Self::Result { fn handle(&mut self, msg: config::WebhookMessage, ctx: &mut Self::Context) -> Self::Result {
let Some(expected_authorization) = &self.webhook_auth else { let Some(expected_authorization) = &self.webhook_auth else {
warn!("Don't know what authorization to expect"); warn!("Don't know what authorization to expect");
return; return;
}; };
if msg.authorisation() != expected_authorization { let Some(config) = &self.repo_details.repo_config else {
warn!("No repo config");
return;
};
if !self
.forge
.is_message_authorised(&msg, expected_authorization)
{
warn!( warn!(
"Invalid authorization - expected {}", "Invalid authorization - expected {}",
expected_authorization expected_authorization
@ -197,146 +32,62 @@ impl Handler<WebhookMessage> for RepoActor {
return; return;
} }
let body = msg.body(); let body = msg.body();
match serde_json::from_str::<Push>(body.as_str()) { match self.forge.parse_webhook_body(body) {
Err(err) => warn!(?err, ?body, "Not a 'push'"), Err(err) => {
Ok(push) => { warn!(?err, "Not a 'push'");
if let Some(config) = &self.repo_details.repo_config { return;
match push.branch(config.branches()) {
None => warn!(
?push,
"Unrecognised branch, we should be filtering to only the ones we want"
),
Some(branch) => {
match branch {
Branch::Main => {
if self.last_main_commit == Some(push.commit()) {
info!(
branch = %config.branches().main(),
commit = %push.commit(),
"Ignoring - already aware of branch at commit",
);
return;
}
self.last_main_commit.replace(push.commit())
}
Branch::Next => {
if self.last_next_commit == Some(push.commit()) {
info!(
branch = %config.branches().next(),
commit = %push.commit(),
"Ignoring - already aware of branch at commit",
);
return;
}
self.last_next_commit.replace(push.commit())
}
Branch::Dev => {
if self.last_dev_commit == Some(push.commit()) {
info!(
branch = %config.branches().dev(),
commit = %push.commit(),
"Ignoring - already aware of branch at commit",
);
return;
}
self.last_dev_commit.replace(push.commit())
}
};
let message_token = self.message_token.next();
info!(
token = %message_token,
?branch,
commit = %push.commit(),
"New commit"
);
ctx.address().do_send(ValidateRepo { message_token });
}
}
}
} }
Ok(push) => match push.branch(config.branches()) {
None => {
warn!(
?push,
"Unrecognised branch, we should be filtering to only the ones we want"
);
return;
}
Some(config::webhook::push::Branch::Main) => {
let commit = git::Commit::from(push);
if self.last_main_commit.as_ref() == Some(&commit) {
info!(
branch = %config.branches().main(),
%commit,
"Ignoring - already aware of branch at commit",
);
return;
}
self.last_main_commit.replace(commit);
}
Some(config::webhook::push::Branch::Next) => {
let commit = git::Commit::from(push);
if self.last_next_commit.as_ref() == Some(&commit) {
info!(
branch = %config.branches().next(),
%commit,
"Ignoring - already aware of branch at commit",
);
return;
}
self.last_next_commit.replace(commit);
}
Some(config::webhook::push::Branch::Dev) => {
let commit = git::Commit::from(push);
if self.last_dev_commit.as_ref() == Some(&commit) {
info!(
branch = %config.branches().dev(),
%commit,
"Ignoring - already aware of branch at commit",
);
return;
}
self.last_dev_commit.replace(commit);
}
},
} }
} let message_token = self.message_token.next();
} info!(
token = %message_token,
pub fn split_ref(reference: &str) -> (&str, &str) { "New commit"
reference.split_at(11) );
} ctx.address().do_send(ValidateRepo { message_token });
#[derive(Debug, serde::Deserialize)]
struct Push {
#[serde(rename = "ref")]
reference: String,
after: String,
head_commit: HeadCommit,
}
impl Push {
pub fn branch(&self, repo_branches: &RepoBranches) -> Option<Branch> {
if !self.reference.starts_with("refs/heads/") {
warn!(r#ref = self.reference, "Unexpected ref");
return None;
}
let (_, branch) = split_ref(&self.reference);
let branch = BranchName::new(branch);
if branch == repo_branches.main() {
return Some(Branch::Main);
}
if branch == repo_branches.next() {
return Some(Branch::Next);
}
if branch == repo_branches.dev() {
return Some(Branch::Dev);
}
warn!(%branch, "Unexpected branch");
None
}
pub fn commit(&self) -> git::Commit {
git::Commit::new(
git::commit::Sha::new(self.after.clone()),
git::commit::Message::new(self.head_commit.message.clone()),
)
}
}
#[derive(Debug)]
pub enum Branch {
Main,
Next,
Dev,
}
#[derive(Debug, serde::Deserialize)]
struct HeadCommit {
message: String,
}
#[derive(Message, Debug, Clone, derive_more::Constructor)]
#[rtype(result = "()")]
pub struct WebhookMessage {
forge_alias: ForgeAlias,
repo_alias: RepoAlias,
authorisation: WebhookAuth,
body: Body,
}
impl WebhookMessage {
pub const fn forge_alias(&self) -> &ForgeAlias {
&self.forge_alias
}
pub const fn repo_alias(&self) -> &RepoAlias {
&self.repo_alias
}
pub const fn body(&self) -> &Body {
&self.body
}
pub const fn authorisation(&self) -> &WebhookAuth {
&self.authorisation
}
}
#[derive(Clone, Debug, derive_more::Constructor)]
pub struct Body(String);
impl Body {
pub fn as_str(&self) -> &str {
self.0.as_str()
} }
} }

View file

@ -3,11 +3,6 @@ name = "git-next-server"
version = { workspace = true } version = { workspace = true }
edition = { workspace = true } edition = { workspace = true }
[features]
default = ["forgejo"]
forgejo = []
github = []
[dependencies] [dependencies]
git-next-config = { workspace = true } git-next-config = { workspace = true }
git-next-git = { workspace = true } git-next-git = { workspace = true }

View file

@ -1,13 +1,13 @@
// crate::server::actors::webhook // crate::server::actors::webhook
use actix::prelude::*;
mod router; mod router;
mod server; mod server;
use git_next_config as config;
use std::net::SocketAddr; use std::net::SocketAddr;
use actix::prelude::*;
use git_next_repo_actor::webhook::WebhookMessage;
pub use router::AddWebhookRecipient; pub use router::AddWebhookRecipient;
pub use router::WebhookRouter; pub use router::WebhookRouter;
use tracing::Instrument; use tracing::Instrument;
@ -17,10 +17,13 @@ pub struct WebhookActor {
socket_addr: SocketAddr, socket_addr: SocketAddr,
span: tracing::Span, span: tracing::Span,
spawn_handle: Option<actix::SpawnHandle>, spawn_handle: Option<actix::SpawnHandle>,
message_receiver: Recipient<WebhookMessage>, message_receiver: Recipient<config::WebhookMessage>,
} }
impl WebhookActor { impl WebhookActor {
pub fn new(socket_addr: SocketAddr, message_receiver: Recipient<WebhookMessage>) -> Self { pub fn new(
socket_addr: SocketAddr,
message_receiver: Recipient<config::WebhookMessage>,
) -> Self {
let span = tracing::info_span!("WebhookActor"); let span = tracing::info_span!("WebhookActor");
Self { Self {
socket_addr, socket_addr,
@ -34,7 +37,7 @@ impl Actor for WebhookActor {
type Context = actix::Context<Self>; type Context = actix::Context<Self>;
fn started(&mut self, ctx: &mut Self::Context) { fn started(&mut self, ctx: &mut Self::Context) {
let _gaurd = self.span.enter(); let _gaurd = self.span.enter();
let address: Recipient<WebhookMessage> = self.message_receiver.clone(); let address: Recipient<config::WebhookMessage> = self.message_receiver.clone();
let server = server::start(self.socket_addr, address); let server = server::start(self.socket_addr, address);
let spawn_handle = ctx.spawn(server.in_current_span().into_actor(self)); let spawn_handle = ctx.spawn(server.in_current_span().into_actor(self));
self.spawn_handle.replace(spawn_handle); self.spawn_handle.replace(spawn_handle);

View file

@ -3,8 +3,8 @@ use std::collections::HashMap;
use actix::prelude::*; use actix::prelude::*;
use derive_more::Constructor; use derive_more::Constructor;
use git_next_config::WebhookMessage;
use git_next_config::{ForgeAlias, RepoAlias}; use git_next_config::{ForgeAlias, RepoAlias};
use git_next_repo_actor::webhook::WebhookMessage;
use tracing::{debug, info}; use tracing::{debug, info};
pub struct WebhookRouter { pub struct WebhookRouter {

View file

@ -1,14 +1,17 @@
// //
use std::net::SocketAddr; use std::{collections::HashMap, net::SocketAddr};
use actix::prelude::*; use actix::prelude::*;
use git_next_config::{ForgeAlias, RepoAlias}; use config::{ForgeAlias, RepoAlias};
use git_next_repo_actor::webhook::{self, WebhookAuth, WebhookMessage}; use git_next_config as config;
use tracing::{info, warn};
use warp::reject::Rejection;
pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<WebhookMessage>) { use tracing::{info, warn};
pub async fn start(
socket_addr: SocketAddr,
address: actix::prelude::Recipient<config::WebhookMessage>,
) {
// start webhook server // start webhook server
use warp::Filter; use warp::Filter;
// Define the Warp route to handle incoming HTTP requests // Define the Warp route to handle incoming HTTP requests
@ -19,7 +22,7 @@ pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<W
.and(warp::header::headers_cloned()) .and(warp::header::headers_cloned())
.and(warp::body::bytes()) .and(warp::body::bytes())
.and_then( .and_then(
|recipient: Recipient<WebhookMessage>, |recipient: Recipient<config::WebhookMessage>,
forge_alias: String, forge_alias: String,
repo_alias: String, repo_alias: String,
// query: String, // query: String,
@ -29,47 +32,26 @@ pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<W
let forge_alias = ForgeAlias::new(forge_alias); let forge_alias = ForgeAlias::new(forge_alias);
let repo_alias = RepoAlias::new(repo_alias); let repo_alias = RepoAlias::new(repo_alias);
let bytes = body.to_vec(); let bytes = body.to_vec();
let body = webhook::Body::new(String::from_utf8_lossy(&bytes).to_string()); let body = config::webhook::message::Body::new(
headers.get("Authorization").map_or_else( String::from_utf8_lossy(&bytes).to_string(),
|| { );
warn!("No Authorization header"); let headers = headers
Err(warp::reject()) .into_iter()
}, .filter_map(|(k, v)| {
|authorisation_header| { k.map(|k| (k.to_string(), v.to_str().unwrap_or_default().to_string()))
info!( })
forge = %forge_alias, .collect::<HashMap<String, String>>();
repo = %repo_alias, let message = config::WebhookMessage::new(forge_alias, repo_alias, headers, body);
?authorisation_header, recipient
"Received webhook", .try_send(message)
); .map(|_| {
// TODO: (#86) Authorization isn't presented consistently, allow each forge info!("Message sent ok");
// to parse the authorization from the request warp::reply::with_status("OK", warp::http::StatusCode::OK)
match parse_auth(authorisation_header) { })
Ok(authorisation) => { .map_err(|e| {
let message = WebhookMessage::new( warn!("Unknown error: {:?}", e);
forge_alias, warp::reject()
repo_alias, })
authorisation,
body,
);
recipient
.try_send(message)
.map(|_| {
info!("Message sent ok");
warp::reply::with_status("OK", warp::http::StatusCode::OK)
})
.map_err(|e| {
warn!("Unknown error: {:?}", e);
warp::reject()
})
}
Err(e) => {
warn!(?e, "Failed to decode authorization header");
Err(warp::reject())
}
}
},
)
}, },
); );
@ -77,27 +59,3 @@ pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<W
info!("Starting webhook server: {}", socket_addr); info!("Starting webhook server: {}", socket_addr);
warp::serve(route).run(socket_addr).await; warp::serve(route).run(socket_addr).await;
} }
fn parse_auth(authorization_header: &warp::http::HeaderValue) -> Result<WebhookAuth, Rejection> {
WebhookAuth::new(
authorization_header
.to_str()
.map_err(|e| {
warn!("Invalid non-ascii value in authorization: {:?}", e);
warp::reject()
}) // valid characters
.map(|v| {
info!("raw auth header: {}", v);
v
})?
.strip_prefix("Basic ")
.ok_or_else(|| {
warn!("Authorization must be 'Basic'");
warp::reject()
})?, // must start with "Basic "
)
.map_err(|e| {
warn!(?e, "decode error");
warp::reject()
})
}