feat: Add support for GitHub
Some checks failed
ci/woodpecker/push/cron-docker-builder Pipeline was successful
ci/woodpecker/push/push-next Pipeline failed
ci/woodpecker/push/tag-created Pipeline was successful
Rust / build (push) Successful in 1m27s

This doesn't include GitHub Enterprise

Closes kemitix/git-next#86
This commit is contained in:
Paul Campbell 2024-05-25 11:25:13 +01:00
parent 206e64cd5b
commit 4bd7f255b6
49 changed files with 1254 additions and 539 deletions

View file

@ -7,6 +7,7 @@ members = [
"crates/git",
"crates/forge",
"crates/forge-forgejo",
"crates/forge-github",
"crates/repo-actor",
]
@ -26,6 +27,7 @@ git-next-config = { path = "crates/config" }
git-next-git = { path = "crates/git" }
git-next-forge = { path = "crates/forge" }
git-next-forge-forgejo = { path = "crates/forge-forgejo" }
git-next-forge-github = { path = "crates/forge-github" }
git-next-repo-actor = { path = "crates/repo-actor" }
# CLI parsing
@ -39,6 +41,11 @@ tracing-subscriber = "0.3"
# base64 decoding
base64 = "0.22"
# sha256 encoding (e.g. verify github webhooks)
hmac = "0.12"
sha2 = "0.10"
hex = "0.4"
# git
# gix = "0.62"
gix = { version = "0.63", features = [

View file

@ -172,6 +172,46 @@ In the directory with your `git-next-server.toml` file, run the command:
git next server start
```
### Forges
The following forges are supported: [ForgeJo](https://forgejo.org) and [GitHub](https://github.com/).
#### ForgeJo
Configure the forge in `git-next-server.toml` like:
```toml
[forge.jo]
forge_type = "ForgeJo"
hostname = "git.myforgejo.com"
user = "bob"
token = "..."
[forge.jo.repos]
hello = { repo = "user/hello", branch = "main", gitdir = "/opt/git/projects/user/hello.git" } # maps to https://git.example.net/user/hello on the branch 'main'
world = { repo = "user/world", branch = "master", main = "master", next = "upcoming", "dev" = "develop" } # maps to the 'master' branch
```
The token is created `/user/settings/applications` and requires the `write:repository` permission.
#### GitHub
Configure the forge in `git-next-server.toml` like:
```toml
[forge.gh]
forge_type = "GitHub"
hostname = "github.com"
user = "bob"
token = "..."
[forge.gh.repos]
hello = { repo = "user/hello", branch = "main", gitdir = "/opt/git/projects/user/hello.git" } # maps to https://github.com/user/hello on the branch 'main'
world = { repo = "user/world", branch = "master", main = "master", next = "upcoming", "dev" = "develop" } # maps to the 'master' branch
```
The token is created [here](https://github.com/settings/tokens/new) and requires the `repo` and `admin:repo_hook` permissions.
## Contributing
Contributions to `git-next` are welcome! If you find a bug or have a feature
@ -201,15 +241,17 @@ stateDiagram-v2
forge --> config
forge --> git
forge --> forgejo
forge --> github
forgejo --> config
forgejo --> git
github --> config
github --> git
repo_actor --> config
repo_actor --> git
repo_actor --> forge
```
## License

View file

@ -4,7 +4,7 @@ version = { workspace = true }
edition = { workspace = true }
[features]
default = ["forgejo"]
default = ["forgejo", "github"]
forgejo = []
github = []
@ -36,9 +36,9 @@ secrecy = { workspace = true }
# # Conventional Commit check
# git-conventional = { workspace = true }
#
# # Webhooks
# Webhooks
# bytes = { workspace = true }
# ulid = { workspace = true }
ulid = { workspace = true }
# warp = { workspace = true }
# boilerplate

View file

@ -4,7 +4,8 @@ pub enum ForgeType {
#[cfg(feature = "forgejo")]
ForgeJo,
// Gitea,
// GitHub,
#[cfg(feature = "github")]
GitHub,
// GitLab,
// BitBucket,
#[default]

View file

@ -8,6 +8,7 @@ mod forge_name;
mod forge_type;
pub mod git_dir;
mod host_name;
mod registered_webhook;
mod repo_alias;
mod repo_branches;
mod repo_config;
@ -16,6 +17,7 @@ mod repo_path;
pub mod server;
mod server_repo_config;
mod user;
pub mod webhook;
#[cfg(test)]
mod tests;
@ -28,6 +30,7 @@ pub use forge_name::ForgeAlias;
pub use forge_type::ForgeType;
pub use git_dir::GitDir;
pub use host_name::Hostname;
pub use registered_webhook::RegisteredWebhook;
pub use repo_alias::RepoAlias;
pub use repo_branches::RepoBranches;
pub use repo_config::RepoConfig;
@ -35,3 +38,6 @@ pub use repo_config_source::RepoConfigSource;
pub use repo_path::RepoPath;
pub use server_repo_config::ServerRepoConfig;
pub use user::User;
pub use webhook::auth::WebhookAuth;
pub use webhook::id::WebhookId;
pub use webhook::message::WebhookMessage;

View file

@ -0,0 +1,16 @@
//
use crate as config;
#[derive(Debug, derive_more::Constructor)]
pub struct RegisteredWebhook {
id: config::WebhookId,
auth: config::WebhookAuth,
}
impl RegisteredWebhook {
pub const fn id(&self) -> &config::WebhookId {
&self.id
}
pub const fn auth(&self) -> &config::WebhookAuth {
&self.auth
}
}

View file

@ -0,0 +1,50 @@
use std::str::FromStr as _;
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Deref, derive_more::Display)]
pub struct WebhookAuth(ulid::Ulid);
impl WebhookAuth {
pub fn new(authorisation: &str) -> Result<Self, ulid::DecodeError> {
let id = ulid::Ulid::from_str(authorisation)?;
tracing::info!("Parse auth token: {}", id);
Ok(Self(id))
}
pub fn generate() -> Self {
Self(ulid::Ulid::new())
}
pub fn header_value(&self) -> String {
format!("Basic {}", self)
}
pub const fn to_bytes(&self) -> [u8; 16] {
self.0.to_bytes()
}
}
#[cfg(test)]
mod tests {
use crate::WebhookAuth;
#[test]
fn bytes() -> Result<(), Box<dyn std::error::Error>> {
let ulid = ulid::Ulid::new();
let wa = WebhookAuth::new(ulid.to_string().as_str())?;
assert_eq!(ulid.to_bytes(), wa.to_bytes());
Ok(())
}
#[test]
fn string() -> Result<(), Box<dyn std::error::Error>> {
let ulid = ulid::Ulid::new();
let wa = WebhookAuth::new(ulid.to_string().as_str())?;
assert_eq!(ulid.to_string(), wa.to_string());
Ok(())
}
}

View file

@ -0,0 +1,4 @@
use derive_more::{Constructor, Deref, Display};
#[derive(Clone, Debug, PartialEq, Eq, Constructor, Deref, Display)]
pub struct WebhookId(String);

View file

@ -0,0 +1,45 @@
//
use actix::prelude::*;
use crate as config;
use std::collections::HashMap;
#[derive(Message, Debug, Clone, derive_more::Constructor)]
#[rtype(result = "()")]
pub struct WebhookMessage {
forge_alias: config::ForgeAlias,
repo_alias: config::RepoAlias,
headers: HashMap<String, String>,
body: Body,
}
impl WebhookMessage {
pub const fn forge_alias(&self) -> &config::ForgeAlias {
&self.forge_alias
}
pub const fn repo_alias(&self) -> &config::RepoAlias {
&self.repo_alias
}
pub const fn body(&self) -> &Body {
&self.body
}
#[deprecated]
pub const fn authorisation(&self) -> &config::WebhookAuth {
todo!()
}
pub fn header(&self, header: &str) -> Option<String> {
self.headers.get(header).map(|value| value.to_string())
}
}
#[derive(Clone, Debug, derive_more::Constructor)]
pub struct Body(String);
impl Body {
pub fn as_str(&self) -> &str {
self.0.as_str()
}
pub fn as_bytes(&self) -> &[u8] {
self.0.as_bytes()
}
}

View file

@ -0,0 +1,6 @@
pub mod auth;
pub mod id;
pub mod message;
pub mod push;
pub use push::Push;

View file

@ -0,0 +1,39 @@
//
use crate as config;
use derive_more::Constructor;
#[derive(Debug, Constructor)]
pub struct Push {
branch: config::BranchName,
sha: String,
message: String,
}
impl Push {
pub fn branch(&self, repo_branches: &crate::RepoBranches) -> Option<Branch> {
if self.branch == repo_branches.main() {
return Some(Branch::Main);
}
if self.branch == repo_branches.next() {
return Some(Branch::Next);
}
if self.branch == repo_branches.dev() {
return Some(Branch::Dev);
}
tracing::warn!(branch = %self.branch, "Unexpected branch");
None
}
pub fn sha(&self) -> &str {
&self.sha
}
pub fn message(&self) -> &str {
&self.message
}
}
#[derive(Debug)]
pub enum Branch {
Main,
Next,
Dev,
}

View file

@ -1,7 +1,12 @@
//
mod webhook;
use git::forge::commit::Status;
use git_next_config as config;
use git_next_git as git;
use kxio::network::{self, Network};
use tracing::{error, warn};
use tracing::warn;
#[derive(Clone, Debug)]
pub struct ForgeJo {
@ -15,11 +20,32 @@ impl ForgeJo {
}
#[async_trait::async_trait]
impl git::ForgeLike for ForgeJo {
fn forge_alias(&self) -> String {
fn name(&self) -> String {
"forgejo".to_string()
}
async fn commit_status(&self, commit: &git::Commit) -> git::commit::Status {
fn is_message_authorised(
&self,
msg: &config::WebhookMessage,
expected: &config::WebhookAuth,
) -> bool {
let authorization = msg.header("authorization");
tracing::info!(?authorization, %expected, "is message authorised?");
authorization
.and_then(|header| header.strip_prefix("Basic ").map(|v| v.to_owned()))
.and_then(|value| config::WebhookAuth::new(value.as_str()).ok())
.map(|auth| &auth == expected)
.unwrap_or(false)
}
fn parse_webhook_body(
&self,
body: &config::webhook::message::Body,
) -> git::forge::webhook::Result<config::webhook::Push> {
webhook::parse_body(body)
}
async fn commit_status(&self, commit: &git::Commit) -> Status {
let repo_details = &self.repo_details;
let hostname = &repo_details.forge.hostname();
let repo_path = &repo_details.repo_path;
@ -44,33 +70,54 @@ impl git::ForgeLike for ForgeJo {
Ok(response) => {
match response.response_body() {
Some(status) => match status.state {
CommitStatusState::Success => git::commit::Status::Pass,
CommitStatusState::Pending => git::commit::Status::Pending,
CommitStatusState::Failure => git::commit::Status::Fail,
CommitStatusState::Error => git::commit::Status::Fail,
CommitStatusState::Blank => git::commit::Status::Pending,
ForgejoState::Success => Status::Pass,
ForgejoState::Pending => Status::Pending,
ForgejoState::Failure => Status::Fail,
ForgejoState::Error => Status::Fail,
ForgejoState::Blank => Status::Pending,
},
None => {
warn!("No status found for commit");
git::commit::Status::Pending // assume issue is transient and allow retry
Status::Pending // assume issue is transient and allow retry
}
}
}
Err(e) => {
error!(?e, "Failed to get commit status");
git::commit::Status::Pending // assume issue is transient and allow retry
}
warn!(?e, "Failed to get commit status");
Status::Pending // assume issue is transient and allow retry
}
}
}
#[derive(Debug, serde::Deserialize)]
pub struct CombinedStatus {
pub state: CommitStatusState,
async fn list_webhooks(
&self,
webhook_url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<Vec<config::WebhookId>> {
webhook::list(&self.repo_details, webhook_url, &self.net).await
}
async fn unregister_webhook(
&self,
webhook_id: &config::WebhookId,
) -> git::forge::webhook::Result<()> {
webhook::unregister(webhook_id, &self.repo_details, &self.net).await
}
async fn register_webhook(
&self,
webhook_url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<config::RegisteredWebhook> {
webhook::register(&self.repo_details, webhook_url, &self.net).await
}
}
#[derive(Debug, serde::Deserialize)]
pub enum CommitStatusState {
struct CombinedStatus {
pub state: ForgejoState,
}
#[derive(Debug, serde::Deserialize)]
enum ForgejoState {
#[serde(rename = "success")]
Success,
#[serde(rename = "pending")]

View file

@ -0,0 +1,54 @@
//
use git_next_config as config;
use git_next_git as git;
use kxio::network;
use crate::webhook::Hook;
pub async fn list(
repo_details: &git::RepoDetails,
webhook_url: &config::server::WebhookUrl,
net: &network::Network,
) -> git::forge::webhook::Result<Vec<config::WebhookId>> {
let mut ids: Vec<config::WebhookId> = vec![];
let hostname = &repo_details.forge.hostname();
let repo_path = &repo_details.repo_path;
let mut page = 1;
loop {
use secrecy::ExposeSecret;
let token = &repo_details.forge.token().expose_secret();
let url =
format!("https://{hostname}/api/v1/repos/{repo_path}/hooks?page={page}&token={token}");
let net_url = network::NetUrl::new(url);
let request = network::NetRequest::new(
network::RequestMethod::Get,
net_url,
network::NetRequestHeaders::new(),
network::RequestBody::None,
network::ResponseType::Json,
None,
network::NetRequestLogging::None,
);
let result = net.get::<Vec<Hook>>(request).await;
match result {
Ok(response) => {
if let Some(list) = response.response_body() {
if list.is_empty() {
return Ok(ids);
}
for hook in list {
if let Some(existing_url) = hook.config.get("url") {
if existing_url.starts_with(webhook_url.as_ref()) {
ids.push(hook.id());
}
}
}
page += 1;
}
}
Err(e) => {
return Err(git::forge::webhook::Error::Network(e));
}
};
}
}

View file

@ -0,0 +1,52 @@
//
use git_next_config as config;
use git_next_git as git;
//
use std::collections::HashMap;
mod list;
mod parse;
mod register;
mod unregister;
pub use list::list;
pub use parse::parse_body;
pub use register::register;
pub use unregister::unregister;
#[derive(Debug, serde::Deserialize)]
struct Hook {
id: i64,
config: HashMap<String, String>,
}
impl Hook {
fn id(&self) -> config::WebhookId {
config::WebhookId::new(format!("{}", self.id))
}
}
#[derive(Debug, serde::Deserialize)]
pub struct Push {
#[serde(rename = "ref")]
reference: String,
after: String,
head_commit: HeadCommit,
}
impl TryFrom<Push> for config::webhook::Push {
type Error = git::forge::webhook::Error;
fn try_from(push: Push) -> Result<Self, Self::Error> {
let branch = push
.reference
.splitn(3, '/') // should be of the form 'refs/heads/branchname'
.nth(2)
.map(config::BranchName::new)
.ok_or(git::forge::webhook::Error::UnknownBranch(push.reference))?;
Ok(Self::new(branch, push.after, push.head_commit.message))
}
}
#[derive(Debug, serde::Deserialize)]
struct HeadCommit {
message: String,
}

View file

@ -0,0 +1,10 @@
//
use crate as forgejo;
use git_next_config as config;
use git_next_git as git;
pub fn parse_body(
body: &config::webhook::message::Body,
) -> git::forge::webhook::Result<config::webhook::Push> {
serde_json::from_str::<forgejo::webhook::Push>(body.as_str())?.try_into()
}

View file

@ -0,0 +1,76 @@
//
use git_next_config as config;
use git_next_git as git;
use kxio::network;
use tracing::{info, warn};
use crate::webhook;
use crate::webhook::Hook;
#[tracing::instrument(skip_all)]
// TODO: caller must do this: addr.do_send(WebhookRegistered(hook.id(), authorisation));
pub async fn register(
repo_details: &git::RepoDetails,
webhook_url: &config::server::WebhookUrl,
net: &network::Network,
) -> git::forge::webhook::Result<config::RegisteredWebhook> {
let Some(repo_config) = repo_details.repo_config.clone() else {
return Err(git::forge::webhook::Error::NoRepoConfig);
};
// remove any lingering webhooks for the same URL
let existing_webhook_ids = webhook::list(repo_details, webhook_url, net).await?;
for webhook_id in existing_webhook_ids {
webhook::unregister(&webhook_id, repo_details, net).await?;
}
let hostname = &repo_details.forge.hostname();
let repo_path = &repo_details.repo_path;
use secrecy::ExposeSecret;
let token = repo_details.forge.token().expose_secret();
let url = network::NetUrl::new(format!(
"https://{hostname}/api/v1/repos/{repo_path}/hooks?token={token}"
));
let repo_alias = &repo_details.repo_alias;
let headers = network::NetRequestHeaders::new().with("Content-Type", "application/json");
let authorisation = config::WebhookAuth::generate();
let body = network::json!({
"active": true,
"authorization_header": authorisation.header_value(),
"branch_filter": format!("{{{},{},{}}}", repo_config.branches().main(), repo_config.branches().next(), repo_config.branches().dev()),
"config": {
"content_type": "json",
"url": format!("{}/{}", webhook_url.as_ref(), repo_alias),
},
"events": [ "push" ],
"type": "forgejo"
});
let request = network::NetRequest::new(
network::RequestMethod::Post,
url,
headers,
network::RequestBody::Json(body),
network::ResponseType::Json,
None,
network::NetRequestLogging::None,
);
let result = net.post_json::<Hook>(request).await;
match result {
Ok(response) => {
let Some(hook) = response.response_body() else {
return Err(git::forge::webhook::Error::NetworkResponseEmpty);
};
info!(webhook_id = %hook.id, "Webhook registered");
Ok(config::RegisteredWebhook::new(
config::WebhookId::new(format!("{}", hook.id)),
authorisation,
))
}
Err(e) => {
warn!("Failed to register webhook");
Err(git::forge::webhook::Error::FailedToRegister(e.to_string()))
}
}
}

View file

@ -0,0 +1,30 @@
//
use git_next_config as config;
use git_next_git as git;
use kxio::network;
pub async fn unregister(
webhook_id: &config::WebhookId,
repo_details: &git::RepoDetails,
net: &network::Network,
) -> git::forge::webhook::Result<()> {
let hostname = &repo_details.forge.hostname();
let repo_path = &repo_details.repo_path;
use secrecy::ExposeSecret;
let token = repo_details.forge.token().expose_secret();
let url = network::NetUrl::new(format!(
"https://{hostname}/api/v1/repos/{repo_path}/hooks/{webhook_id}?token={token}"
));
let request = network::NetRequest::new(
network::RequestMethod::Delete,
url,
network::NetRequestHeaders::new(),
network::RequestBody::None,
network::ResponseType::None,
None,
network::NetRequestLogging::None,
);
let result = net.delete(request).await;
Ok(result.map(|_| ())?)
}

View file

@ -0,0 +1,67 @@
[package]
name = "git-next-forge-github"
version = { workspace = true }
edition = { workspace = true }
[dependencies]
git-next-config = { workspace = true }
git-next-git = { workspace = true }
# own version
clap = { workspace = true }
# logging
console-subscriber = { workspace = true }
tracing = { workspace = true }
tracing-subscriber = { workspace = true }
# sha256 encoding (e.g. verify github webhooks)
hmac = { workspace = true }
sha2 = { workspace = true }
hex = { workspace = true }
# base64 decoding
base64 = { workspace = true }
# git
async-trait = { workspace = true }
# fs/network
kxio = { workspace = true }
# TOML parsing
serde = { workspace = true }
serde_json = { workspace = true }
toml = { workspace = true }
# Secrets and Password
secrecy = { workspace = true }
# Conventional Commit check
git-conventional = { workspace = true }
# Webhooks
bytes = { workspace = true }
ulid = { workspace = true }
warp = { workspace = true }
# boilerplate
derive_more = { workspace = true }
# file watcher
inotify = { workspace = true }
# # Actors
# actix = { workspace = true }
# actix-rt = { workspace = true }
tokio = { workspace = true }
[dev-dependencies]
# Testing
assert2 = { workspace = true }
[lints.clippy]
nursery = { level = "warn", priority = -1 }
# pedantic = "warn"
unwrap_used = "warn"
expect_used = "warn"

File diff suppressed because one or more lines are too long

View file

@ -0,0 +1,253 @@
//
#[cfg(test)]
mod tests;
mod webhook;
use crate as github;
use git::forge::commit::Status;
use git_next_config as config;
use git_next_git as git;
use derive_more::Constructor;
use kxio::network::{self, Network};
use tracing::{error, info, warn};
#[derive(Clone, Debug, Constructor)]
pub struct Github {
repo_details: git::RepoDetails,
net: Network,
}
#[async_trait::async_trait]
impl git::ForgeLike for Github {
fn name(&self) -> String {
"github".to_string()
}
fn is_message_authorised(
&self,
msg: &config::WebhookMessage,
webhook_auth: &config::WebhookAuth,
) -> bool {
let Some(github_signature) = msg
.header("x-hub-signature-256")
.map(|x| x.trim_matches('"').to_string())
.and_then(|sha| sha.strip_prefix("sha256=").map(|k| k.to_string()))
else {
warn!("no signature header found");
return false;
};
let Ok(gh_sig) = hex::decode(github_signature) else {
eprintln!("can't decode github signature");
return false;
};
let payload = msg.body().as_str();
use hmac::Mac;
type HmacSha256 = hmac::Hmac<sha2::Sha256>;
let Ok(mut hmac) = HmacSha256::new_from_slice(webhook_auth.to_string().as_bytes()) else {
error!("failed to parse webhook auth token");
return false;
};
hmac::Mac::update(&mut hmac, payload.as_ref());
hmac::Mac::verify_slice(hmac, gh_sig.as_ref()).is_ok()
}
fn parse_webhook_body(
&self,
body: &config::webhook::message::Body,
) -> git::forge::webhook::Result<config::webhook::push::Push> {
serde_json::from_str::<github::webhook::Push>(body.as_str())?.try_into()
}
/// Checks the results of any (e.g. CI) status checks for the commit.
///
/// GitHub: https://docs.github.com/en/rest/commits/statuses?apiVersion=2022-11-28#list-commit-statuses-for-a-reference
async fn commit_status(&self, commit: &git::Commit) -> Status {
let repo_details = &self.repo_details;
let repo_path = &repo_details.repo_path;
let api_token = &repo_details.forge.token();
use secrecy::ExposeSecret;
let token = api_token.expose_secret();
let url = network::NetUrl::new(format!(
"https://api.github.com/repos/${repo_path}/commits/{commit}/check-runs"
));
let headers = network::NetRequestHeaders::new()
.with("X-GitHub-Api-Version", "2022-11-28")
.with("Authorization", format!("Bearer: {token}").as_str());
let request = network::NetRequest::new(
network::RequestMethod::Get,
url,
headers,
network::RequestBody::None,
network::ResponseType::Json,
None,
network::NetRequestLogging::Both, // TODO: change this to None
);
let result = self.net.get::<Vec<GitHubStatus>>(request).await;
match result {
Ok(response) => response.response_body().map_or_else(
|| {
warn!("No status found for commit");
Status::Pending // assume issue is transient and allow retry
},
|statuses| {
statuses
.into_iter()
.map(|status| match status.state {
GithubState::Success => Status::Pass,
GithubState::Pending => Status::Pending,
GithubState::Failure => Status::Fail,
GithubState::Error => Status::Fail,
GithubState::Blank => Status::Pending,
})
.reduce(|l, r| match (l, r) {
(Status::Pass, Status::Pass) => Status::Pass,
(_, Status::Fail) => Status::Fail,
(_, Status::Pending) => Status::Pending,
(Status::Fail, _) => Status::Fail,
(Status::Pending, _) => Status::Pending,
})
.unwrap_or_else(|| {
warn!("No status checks configured for 'next' branch",);
Status::Pass
})
},
),
Err(e) => {
warn!(?e, "Failed to get commit status");
Status::Pending // assume issue is transient and allow retry
}
}
}
// https://docs.github.com/en/rest/repos/webhooks?apiVersion=2022-11-28#list-repository-webhooks
async fn list_webhooks(
&self,
_webhook_url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<Vec<config::WebhookId>> {
todo!("list_webhooks")
}
// https://docs.github.com/en/rest/repos/webhooks?apiVersion=2022-11-28#delete-a-repository-webhook
async fn unregister_webhook(
&self,
webhook_id: &config::WebhookId,
) -> git::forge::webhook::Result<()> {
let net = &self.net;
let repo_details = &self.repo_details;
use secrecy::ExposeSecret;
let request = network::NetRequest::new(
network::RequestMethod::Delete,
network::NetUrl::new(format!(
"https://api.github.com/repos/{}/hooks/{}",
repo_details.repo_path, webhook_id
)),
network::NetRequestHeaders::default()
.with("Accept", "application/vnd.github+json")
.with(
"User-Agent",
format!("git-next/server/{}", clap::crate_version!()).as_str(),
)
.with(
"Authorization",
format!("Bearer {}", repo_details.forge.token().expose_secret()).as_str(),
)
.with("X-GitHub-Api-Version", "2022-11-28"),
network::RequestBody::None,
network::ResponseType::None,
None,
network::NetRequestLogging::None,
);
if let Err(e) = net.post_json::<GithubHook>(request).await {
warn!("Failed to register webhook");
return Err(git::forge::webhook::Error::FailedToRegister(e.to_string()));
}
Ok(())
}
// https://docs.github.com/en/rest/repos/webhooks?apiVersion=2022-11-28#create-a-repository-webhook
async fn register_webhook(
&self,
webhook_url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<config::RegisteredWebhook> {
let net = &self.net;
let repo_details = &self.repo_details;
let authorisation = config::WebhookAuth::generate();
use secrecy::ExposeSecret;
let request = network::NetRequest::new(
network::RequestMethod::Post,
network::NetUrl::new(format!(
"https://api.github.com/repos/{}/hooks",
repo_details.repo_path
)),
network::NetRequestHeaders::default()
.with("Accept", "application/vnd.github+json")
.with(
"User-Agent",
format!("git-next/server/{}", clap::crate_version!()).as_str(),
)
.with(
"Authorization",
format!("Bearer {}", repo_details.forge.token().expose_secret()).as_str(),
)
.with("X-GitHub-Api-Version", "2022-11-28"),
network::RequestBody::Json(network::json!({
"name": "web",
"active": true,
"events": ["push"],
"config": {
"url": webhook_url.as_ref(),
"content_type": "json",
"secret": authorisation.to_string(),
"insecure_ssl": "0",
}
})),
network::ResponseType::Json,
None,
network::NetRequestLogging::None,
);
let result = net.post_json::<GithubHook>(request).await;
match result {
Ok(response) => {
let Some(hook) = response.response_body() else {
return Err(git::forge::webhook::Error::NetworkResponseEmpty);
};
info!(webhook_id = %hook.id, "Webhook registered");
Ok(config::RegisteredWebhook::new(
config::WebhookId::new(format!("{}", hook.id)),
authorisation,
))
}
Err(e) => {
warn!("Failed to register webhook");
Err(git::forge::webhook::Error::FailedToRegister(e.to_string()))
}
}
}
}
#[derive(Debug, serde::Deserialize)]
struct GitHubStatus {
pub state: GithubState,
// other fields that we ignore
}
#[derive(Debug, serde::Deserialize)]
enum GithubState {
#[serde(rename = "success")]
Success,
#[serde(rename = "pending")]
Pending,
#[serde(rename = "failure")]
Failure,
#[serde(rename = "error")]
Error,
#[serde(rename = "")]
Blank,
}
#[derive(Debug, serde::Deserialize)]
struct GithubHook {
pub id: u64,
}

View file

@ -0,0 +1,73 @@
//
use git::ForgeLike;
use git_next_config as config;
use git_next_git as git;
use std::collections::HashMap;
type TestResult = Result<(), Box<dyn std::error::Error>>;
#[test]
fn accepts_valid_webhook_signature() -> TestResult {
//given
// we registered a webhook with this secret:
let webhook_auth = config::WebhookAuth::new("01HZ598CS1K9E0C193ND175XHJ")?;
// then recorded the following test message from github:
let headers = HashMap::from([(
"x-hub-signature-256".to_string(),
"sha256=6c801b0730b1ce06bf38f901de40206d3b0e93ef7b9bf09a5cf28ad9c4221bab".to_string(),
)]);
let payload = config::webhook::message::Body::new(include_str!("payload.json").to_string());
// this reproduces that message:
let message = message(headers, payload);
//when
// now, we attempt to recreate the signature in the header given the same message:
let result = forge().is_message_authorised(&message, &webhook_auth);
//then
// if we succeed: then result will be true:
assert!(result);
Ok(())
}
fn message(
headers: HashMap<String, String>,
payload: config::webhook::message::Body,
) -> config::WebhookMessage {
config::WebhookMessage::new(
config::ForgeAlias::new("".to_string()),
config::RepoAlias::new(""),
headers,
payload,
)
}
fn forge() -> crate::Github {
crate::Github::new(
git::RepoDetails::new(
git::Generation::new(),
&config::RepoAlias::new(""),
&config::ServerRepoConfig::new(
"a".to_string(),
"b".to_string(),
None,
None,
None,
None,
),
&config::ForgeAlias::new("c".to_string()),
&config::ForgeConfig::new(
config::ForgeType::GitHub,
"d".to_string(),
"e".to_string(),
"f".to_string(),
std::collections::BTreeMap::default(),
),
config::GitDir::default(),
),
kxio::network::Network::new_mock(),
)
}

File diff suppressed because one or more lines are too long

View file

@ -0,0 +1,28 @@
//
use git_next_config as config;
use git_next_git as git;
#[derive(Debug, serde::Deserialize)]
pub struct Push {
#[serde(rename = "ref")]
reference: String,
after: String,
head_commit: HeadCommit,
}
#[derive(Debug, serde::Deserialize)]
pub struct HeadCommit {
message: String,
}
impl TryFrom<Push> for config::webhook::Push {
type Error = git::forge::webhook::Error;
fn try_from(push: Push) -> Result<Self, Self::Error> {
let branch = push
.reference
.splitn(3, '/') // should be of the form 'refs/heads/branchname'
.nth(2)
.map(config::BranchName::new)
.ok_or(git::forge::webhook::Error::UnknownBranch(push.reference))?;
Ok(Self::new(branch, push.after, push.head_commit.message))
}
}

View file

@ -4,14 +4,15 @@ version = { workspace = true }
edition = { workspace = true }
[features]
default = ["forgejo"]
default = ["forgejo", "github"]
forgejo = ["git-next-forge-forgejo"]
github = []
github = ["git-next-forge-github"]
[dependencies]
git-next-config = { workspace = true }
git-next-git = { workspace = true }
git-next-forge-forgejo = { workspace = true, optional = true }
git-next-forge-github = { workspace = true, optional = true }
# logging
console-subscriber = { workspace = true }

View file

@ -1,21 +0,0 @@
use crate::network::Network;
struct Github;
pub(super) struct GithubEnv {
net: Network,
}
impl GithubEnv {
pub(crate) const fn new(net: Network) -> GithubEnv {
Self { net }
}
}
#[async_trait::async_trait]
impl super::ForgeLike for GithubEnv {
fn name(&self) -> String {
"github".to_string()
}
async fn branches_get_all(&self) -> Vec<super::Branch> {
todo!()
}
}

View file

@ -1,34 +1,34 @@
#![allow(dead_code)]
//
use git_next_forge_forgejo as forgejo;
use git_next_forge_github as github;
use git_next_git as git;
use kxio::network::Network;
#[cfg(feature = "github")]
mod github;
mod mock_forge;
#[derive(Clone, Debug)]
pub enum Forge {
Mock(mock_forge::MockForgeEnv),
#[allow(clippy::enum_variant_names)]
Mock(mock_forge::MockForge),
#[cfg(feature = "forgejo")]
ForgeJo(forgejo::ForgeJo),
ForgeJo(git_next_forge_forgejo::ForgeJo),
#[cfg(feature = "github")]
Github(github::GithubEnv),
Github(git_next_forge_github::Github),
}
impl Forge {
pub const fn new_mock() -> Self {
Self::Mock(mock_forge::MockForgeEnv::new())
Self::Mock(mock_forge::MockForge::new())
}
#[cfg(feature = "forgejo")]
pub const fn new_forgejo(repo_details: git::RepoDetails, net: Network) -> Self {
Self::ForgeJo(forgejo::ForgeJo::new(repo_details, net))
}
#[cfg(feature = "github")]
pub const fn new_github(net: Network) -> Self {
Self::Github(github::GithubEnv::new(net))
pub const fn new_github(repo_details: git::RepoDetails, net: Network) -> Self {
Self::Github(github::Github::new(repo_details, net))
}
}
impl std::ops::Deref for Forge {
@ -39,7 +39,7 @@ impl std::ops::Deref for Forge {
#[cfg(feature = "forgejo")]
Self::ForgeJo(env) => env,
#[cfg(feature = "github")]
Forge::Github(env) => env,
Self::Github(env) => env,
}
}
}

View file

@ -1,23 +1,56 @@
//
#![cfg(not(tarpaulin_include))]
use derive_more::Constructor;
use git_next_config as config;
use git_next_git as git;
struct MockForge;
#[derive(Clone, Debug)]
pub struct MockForgeEnv;
impl MockForgeEnv {
pub(crate) const fn new() -> Self {
Self
}
}
#[derive(Clone, Debug, Constructor)]
pub struct MockForge;
#[async_trait::async_trait]
impl git::ForgeLike for MockForgeEnv {
fn forge_alias(&self) -> String {
impl git::ForgeLike for MockForge {
fn name(&self) -> String {
"mock".to_string()
}
async fn commit_status(&self, _commit: &git::Commit) -> git::commit::Status {
fn is_message_authorised(
&self,
_msg: &config::WebhookMessage,
_expected: &config::WebhookAuth,
) -> bool {
todo!()
}
fn parse_webhook_body(
&self,
_body: &config::webhook::message::Body,
) -> git::forge::webhook::Result<config::webhook::push::Push> {
todo!()
}
async fn commit_status(&self, _commit: &git::Commit) -> git::forge::commit::Status {
todo!()
}
async fn list_webhooks(
&self,
_webhook_url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<Vec<config::WebhookId>> {
todo!()
}
async fn unregister_webhook(
&self,
_webhook_id: &config::WebhookId,
) -> git::forge::webhook::Result<()> {
todo!()
}
async fn register_webhook(
&self,
_webhook_url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<config::RegisteredWebhook> {
todo!()
}
}

View file

@ -1,8 +0,0 @@
use super::*;
#[test]
fn test_name() {
let net = Network::new_mock();
let forge = Forge::new_github(net);
assert_eq!(forge.name(), "github");
}

View file

@ -4,13 +4,10 @@ use super::*;
use git_next_config as config;
use git_next_git as git;
#[cfg(feature = "github")]
mod github;
#[test]
fn test_mock_name() {
let forge = Forge::new_mock();
assert_eq!(forge.forge_alias(), "mock");
assert_eq!(forge.name(), "mock");
}
#[test]
@ -30,5 +27,5 @@ fn test_forgejo_name() {
config::GitDir::new(fs.base()),
);
let forge = Forge::new_forgejo(repo_details, net);
assert_eq!(forge.forge_alias(), "forgejo");
assert_eq!(forge.name(), "forgejo");
}

View file

@ -24,7 +24,7 @@ kxio = { workspace = true }
# # TOML parsing
# serde = { workspace = true }
# # serde_json = { workspace = true }
serde_json = { workspace = true }
# toml = { workspace = true }
# Secrets and Password
@ -44,9 +44,9 @@ derive-with = { workspace = true }
# # file watcher
# inotify = { workspace = true }
#
# # Actors
# actix = { workspace = true }
# Actors
actix = { workspace = true }
# actix-rt = { workspace = true }
# tokio = { workspace = true }
#

View file

@ -1,3 +1,6 @@
//
use git_next_config as config;
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
#[display("{}", sha)]
pub struct Commit {
@ -13,19 +16,21 @@ impl Commit {
}
}
impl From<config::webhook::Push> for Commit {
fn from(value: config::webhook::Push) -> Self {
Self::new(
Sha::new(value.sha().to_owned()),
Message::new(value.message().to_owned()),
)
}
}
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
pub struct Sha(String);
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Display)]
pub struct Message(String);
#[derive(Debug)]
pub enum Status {
Pass,
Fail,
Pending,
}
#[derive(Clone, Debug)]
pub struct Histories {
pub main: Vec<Commit>,

View file

@ -0,0 +1,6 @@
#[derive(Debug)]
pub enum Status {
Pass,
Fail,
Pending,
}

View file

@ -0,0 +1,41 @@
use crate as git;
use git_next_config as config;
#[async_trait::async_trait]
pub trait ForgeLike {
fn name(&self) -> String;
/// Checks that the message has a valid authorisation
fn is_message_authorised(
&self,
message: &config::WebhookMessage,
expected: &config::WebhookAuth,
) -> bool;
/// Parses the webhook body into Some(Push) struct if appropriate, or None if not.
fn parse_webhook_body(
&self,
body: &config::webhook::message::Body,
) -> git::forge::webhook::Result<config::webhook::push::Push>;
/// Checks the results of any (e.g. CI) status checks for the commit.
async fn commit_status(&self, commit: &git::Commit) -> git::forge::commit::Status;
// Lists all the webhooks
async fn list_webhooks(
&self,
url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<Vec<config::WebhookId>>;
// Unregisters a webhook
async fn unregister_webhook(
&self,
webhook: &config::WebhookId,
) -> git::forge::webhook::Result<()>;
// Registers a webhook
async fn register_webhook(
&self,
webhook_url: &config::server::WebhookUrl,
) -> git::forge::webhook::Result<config::RegisteredWebhook>;
}

View file

@ -0,0 +1,3 @@
pub mod commit;
pub(super) mod like;
pub mod webhook;

View file

@ -0,0 +1,34 @@
use derive_more::Display;
pub type Result<T> = core::result::Result<T, Error>;
#[derive(Debug, Display)]
pub enum Error {
#[display("network: {}", 0)]
Network(kxio::network::NetworkError),
FailedToRegister(String),
NetworkResponseEmpty,
NoRepoConfig,
FailedToNotifySelf(String),
Serde(serde_json::error::Error),
UnknownBranch(String),
}
impl std::error::Error for Error {}
impl From<kxio::network::NetworkError> for Error {
fn from(value: kxio::network::NetworkError) -> Self {
Self::Network(value)
}
}
impl From<serde_json::error::Error> for Error {
fn from(value: serde_json::error::Error) -> Self {
Self::Serde(value)
}
}

View file

@ -1,9 +0,0 @@
use crate as git;
#[async_trait::async_trait]
pub trait ForgeLike {
fn forge_alias(&self) -> String;
/// Checks the results of any (e.g. CI) status checks for the commit.
async fn commit_status(&self, commit: &git::Commit) -> git::commit::Status;
}

View file

@ -4,7 +4,7 @@ pub mod commit;
pub mod common;
pub mod fetch;
pub mod file;
mod forge_like;
pub mod forge;
mod generation;
mod git_ref;
mod git_remote;
@ -17,7 +17,7 @@ pub mod validation;
mod tests;
pub use commit::Commit;
pub use forge_like::ForgeLike;
pub use forge::like::ForgeLike;
pub use generation::Generation;
pub use git_ref::GitRef;
pub use git_remote::GitRemote;

View file

@ -10,6 +10,7 @@ use git_next_config as config;
use git_next_config::GitDir;
pub use open::OpenRepository;
use tracing::info;
use crate::{repository::mock::MockRepository, validation::repo::validate_repo};
@ -29,18 +30,20 @@ pub fn mock() -> (Repository, MockRepository) {
}
/// Opens a repository, cloning if necessary
#[tracing::instrument(skip_all)]
pub fn open(
repository: &Repository,
repo_details: &RepoDetails,
gitdir: config::GitDir,
) -> Result<OpenRepository> {
let repository = if !gitdir.exists() {
// info!("Local copy not found - cloning...");
info!("Local copy not found - cloning...");
repository.git_clone(repo_details)?
} else {
info!("Local copy found - opening...");
repository.open(&gitdir)?
};
// info!("Validating...");
info!("Validating...");
validate_repo(&repository, repo_details).map_err(|e| Error::Validation(e.to_string()))?;
Ok(repository)
}

View file

@ -162,15 +162,12 @@ impl super::OpenRepositoryLike for RealOpenRepository {
git::commit::Sha::new(id),
git::commit::Message::new(message),
);
info!(?commit, "found");
if find_commits.contains(&commit) {
info!("Is in find_commits");
commits.push(commit);
break;
}
commits.push(commit);
}
info!("finished walkfing");
Ok(commits)
})?
}

View file

@ -15,13 +15,16 @@ impl RepositoryLike for RealRepository {
Ok(OpenRepository::real(gix_repo))
}
#[tracing::instrument(skip_all)]
fn git_clone(&self, repo_details: &RepoDetails) -> Result<OpenRepository, Error> {
tracing::info!("creating");
use secrecy::ExposeSecret;
let (gix_repo, _outcome) = gix::prepare_clone_bare(
repo_details.origin().expose_secret().as_str(),
repo_details.gitdir.deref(),
)?
.fetch_only(gix::progress::Discard, &AtomicBool::new(false))?;
tracing::info!("created");
Ok(OpenRepository::real(gix_repo))
}

View file

@ -4,7 +4,7 @@ version = { workspace = true }
edition = { workspace = true }
[features]
default = ["forgejo"]
default = ["forgejo", "github"]
forgejo = []
github = []

View file

@ -9,6 +9,7 @@ mod tests;
use std::time::Duration;
use actix::prelude::*;
use config::RegisteredWebhook;
use git::validation::positions::{validate_positions, Positions};
use crate as repo_actor;
@ -26,8 +27,8 @@ pub struct RepoActor {
message_token: MessageToken,
repo_details: git::RepoDetails,
webhook: config::server::Webhook,
webhook_id: Option<webhook::WebhookId>, // INFO: if [None] then no webhook is configured
webhook_auth: Option<webhook::WebhookAuth>, // INFO: if [None] then no webhook is configured
webhook_id: Option<config::WebhookId>, // INFO: if [None] then no webhook is configured
webhook_auth: Option<config::WebhookAuth>, // INFO: if [None] then no webhook is configured
last_main_commit: Option<git::Commit>,
last_next_commit: Option<git::Commit>,
last_dev_commit: Option<git::Commit>,
@ -47,6 +48,7 @@ impl RepoActor {
let forge = match details.forge.forge_type() {
#[cfg(feature = "forgejo")]
config::ForgeType::ForgeJo => forge::Forge::new_forgejo(details.clone(), net.clone()),
config::ForgeType::GitHub => forge::Forge::new_github(details.clone(), net.clone()),
config::ForgeType::MockForge => forge::Forge::new_mock(),
};
debug!(?forge, "new");
@ -74,10 +76,13 @@ impl Actor for RepoActor {
info!("Checking webhook");
match self.webhook_id.take() {
Some(webhook_id) => {
let repo_details = self.repo_details.clone();
let net = self.net.clone();
info!(%webhook_id, "Unregistring webhook");
webhook::unregister(webhook_id, repo_details, net)
let forge = self.forge.clone();
async move {
if let Err(err) = forge.unregister_webhook(&webhook_id).await {
warn!("unregistering webhook: {err}");
}
}
.in_current_span()
.into_actor(self)
.wait(ctx);
@ -107,7 +112,7 @@ impl Handler<CloneRepo> for RepoActor {
});
}
}
Err(err) => warn!("Could not Clone repo: {err}"),
Err(err) => warn!("Could not open repo: {err}"),
}
}
}
@ -171,12 +176,26 @@ impl Handler<ValidateRepo> for RepoActor {
}
}
if self.webhook_id.is_none() {
webhook::register(
self.repo_details.clone(),
self.webhook.clone(),
ctx.address(),
self.net.clone(),
)
let forge_alias = self.repo_details.forge.forge_alias();
let repo_alias = &self.repo_details.repo_alias;
let webhook_url = self.webhook.url(forge_alias, repo_alias);
let forge = self.forge.clone();
let addr = ctx.address();
async move {
if let Err(err) =
forge
.register_webhook(&webhook_url)
.await
.and_then(|registered_webhook| {
addr.try_send(WebhookRegistered::from(registered_webhook))
.map_err(|e| {
git::forge::webhook::Error::FailedToNotifySelf(e.to_string())
})
})
{
warn!("registering webhook: {err}");
}
}
.in_current_span()
.into_actor(self)
.wait(ctx);
@ -264,7 +283,12 @@ impl Handler<StartMonitoring> for RepoActor {
#[derive(Message)]
#[rtype(result = "()")]
pub struct WebhookRegistered(webhook::WebhookId, webhook::WebhookAuth);
pub struct WebhookRegistered(config::WebhookId, config::WebhookAuth);
impl From<RegisteredWebhook> for WebhookRegistered {
fn from(value: RegisteredWebhook) -> Self {
Self(value.id().clone(), value.auth().clone())
}
}
impl Handler<WebhookRegistered> for RepoActor {
type Result = ();
#[tracing::instrument(name = "RepoActor::WebhookRegistered", skip_all, fields(repo = %self.repo_details, webhook_id = %msg.0))]

View file

@ -19,14 +19,14 @@ pub async fn check_next(
let status = forge.commit_status(&next).await;
info!(?status, "Checking next branch");
match status {
git::commit::Status::Pass => {
git::forge::commit::Status::Pass => {
addr.do_send(AdvanceMainTo(next));
}
git::commit::Status::Pending => {
git::forge::commit::Status::Pending => {
tokio::time::sleep(tokio::time::Duration::from_secs(10)).await;
addr.do_send(ValidateRepo { message_token });
}
git::commit::Status::Fail => {
git::forge::commit::Status::Fail => {
warn!("Checks have failed");
}
}

View file

@ -32,12 +32,3 @@ mod branch {
assert_eq!(next_commit, Some(expected), "Found the wrong commit");
}
}
mod webhook {
use super::super::webhook::*;
#[test]
fn should_split_ref() {
assert_eq!(split_ref("refs/heads/next"), ("refs/heads/", "next"));
}
}

View file

@ -1,195 +1,30 @@
//
use actix::prelude::*;
use git_next_config::{
server::{Webhook, WebhookUrl},
BranchName, ForgeAlias, RepoAlias, RepoBranches,
};
use crate::{RepoActor, ValidateRepo};
use git_next_config as config;
use git_next_git as git;
use kxio::network::{self, json};
use tracing::{info, warn};
use ulid::DecodeError;
use std::{collections::HashMap, str::FromStr};
use crate::{RepoActor, ValidateRepo, WebhookRegistered};
#[derive(
Clone, Debug, PartialEq, Eq, derive_more::Constructor, derive_more::Deref, derive_more::Display,
)]
pub struct WebhookId(String);
#[derive(Clone, Debug, PartialEq, Eq, derive_more::Deref, derive_more::Display)]
pub struct WebhookAuth(ulid::Ulid);
impl WebhookAuth {
pub fn new(authorisation: &str) -> Result<Self, DecodeError> {
let id = ulid::Ulid::from_str(authorisation)?;
info!("Parse auth token: {}", id);
Ok(Self(id))
}
fn generate() -> Self {
Self(ulid::Ulid::new())
}
fn header_value(&self) -> String {
format!("Basic {}", self)
}
}
#[tracing::instrument(skip_all, fields(%webhook_id))]
pub async fn unregister(
webhook_id: WebhookId,
repo_details: git::RepoDetails,
net: network::Network,
) {
let hostname = &repo_details.forge.hostname();
let repo_path = repo_details.repo_path;
use secrecy::ExposeSecret;
let token = repo_details.forge.token().expose_secret();
let url = network::NetUrl::new(format!(
"https://{hostname}/api/v1/repos/{repo_path}/hooks/{webhook_id}?token={token}"
));
let request = network::NetRequest::new(
network::RequestMethod::Delete,
url,
network::NetRequestHeaders::new(),
network::RequestBody::None,
network::ResponseType::None,
None,
network::NetRequestLogging::None,
);
let result = net.delete(request).await;
match result {
Ok(_) => info!("unregistered webhook"),
Err(err) => warn!(?err, "Failed to unregister webhook"),
}
}
#[tracing::instrument(skip_all)]
pub async fn register(
repo_details: git::RepoDetails,
webhook: Webhook,
addr: actix::prelude::Addr<super::RepoActor>,
net: network::Network,
) {
let Some(repo_config) = repo_details.repo_config.clone() else {
return;
};
let forge_alias = repo_details.forge.forge_alias();
let repo_alias = &repo_details.repo_alias;
let webhook_url = webhook.url(forge_alias, repo_alias);
// remove any lingering webhooks for the same URL
let existing_webhook_ids = find_existing_webhooks(&repo_details, &webhook_url, &net).await;
for webhook_id in existing_webhook_ids {
unregister(webhook_id, repo_details.clone(), net.clone()).await;
}
let hostname = &repo_details.forge.hostname();
let repo_path = repo_details.repo_path;
use secrecy::ExposeSecret;
let token = repo_details.forge.token().expose_secret();
let url = network::NetUrl::new(format!(
"https://{hostname}/api/v1/repos/{repo_path}/hooks?token={token}"
));
let headers = network::NetRequestHeaders::new().with("Content-Type", "application/json");
let authorisation = WebhookAuth::generate();
let body = json!({
"active": true,
"authorization_header": authorisation.header_value(),
"branch_filter": format!("{{{},{},{}}}", repo_config.branches().main(), repo_config.branches().next(), repo_config.branches().dev()),
"config": {
"content_type": "json",
"url": webhook_url.as_ref(),
},
"events": [ "push" ],
"type": "forgejo"
});
let request = network::NetRequest::new(
network::RequestMethod::Post,
url,
headers,
network::RequestBody::Json(body),
network::ResponseType::Json,
None,
network::NetRequestLogging::None,
);
let result = net.post_json::<Hook>(request).await;
match result {
Ok(response) => {
if let Some(hook) = response.response_body() {
info!(webhook_id = %hook.id, "Webhook registered");
addr.do_send(WebhookRegistered(hook.id(), authorisation));
}
}
Err(_) => warn!("Failed to register webhook"),
}
}
async fn find_existing_webhooks(
repo_details: &git::RepoDetails,
webhook_url: &WebhookUrl,
net: &network::Network,
) -> Vec<WebhookId> {
let mut ids: Vec<WebhookId> = vec![];
let hostname = &repo_details.forge.hostname();
let repo_path = &repo_details.repo_path;
let mut page = 1;
loop {
use secrecy::ExposeSecret;
let token = &repo_details.forge.token().expose_secret();
let url =
format!("https://{hostname}/api/v1/repos/{repo_path}/hooks?page={page}&token={token}");
let net_url = network::NetUrl::new(url);
let request = network::NetRequest::new(
network::RequestMethod::Get,
net_url,
network::NetRequestHeaders::new(),
network::RequestBody::None,
network::ResponseType::Json,
None,
network::NetRequestLogging::None,
);
let result = net.get::<Vec<Hook>>(request).await;
if let Ok(response) = result {
if let Some(list) = response.response_body() {
if list.is_empty() {
return ids;
}
for hook in list {
if let Some(existing_url) = hook.config.get("url") {
if existing_url == webhook_url.as_ref() {
ids.push(hook.id());
}
}
}
}
}
page += 1;
}
}
#[derive(Debug, serde::Deserialize)]
struct Hook {
id: i64,
config: HashMap<String, String>,
}
impl Hook {
fn id(&self) -> WebhookId {
WebhookId(format!("{}", self.id))
}
}
impl Handler<WebhookMessage> for RepoActor {
impl Handler<config::WebhookMessage> for RepoActor {
type Result = ();
#[allow(clippy::cognitive_complexity)] // TODO: (#49) reduce complexity
#[tracing::instrument(name = "RepoActor::WebhookMessage", skip_all, fields(token = %self.message_token, repo = %self.repo_details))]
fn handle(&mut self, msg: WebhookMessage, ctx: &mut Self::Context) -> Self::Result {
fn handle(&mut self, msg: config::WebhookMessage, ctx: &mut Self::Context) -> Self::Result {
let Some(expected_authorization) = &self.webhook_auth else {
warn!("Don't know what authorization to expect");
return;
};
if msg.authorisation() != expected_authorization {
let Some(config) = &self.repo_details.repo_config else {
warn!("No repo config");
return;
};
if !self
.forge
.is_message_authorised(&msg, expected_authorization)
{
warn!(
"Invalid authorization - expected {}",
expected_authorization
@ -197,146 +32,62 @@ impl Handler<WebhookMessage> for RepoActor {
return;
}
let body = msg.body();
match serde_json::from_str::<Push>(body.as_str()) {
Err(err) => warn!(?err, ?body, "Not a 'push'"),
Ok(push) => {
if let Some(config) = &self.repo_details.repo_config {
match push.branch(config.branches()) {
None => warn!(
match self.forge.parse_webhook_body(body) {
Err(err) => {
warn!(?err, "Not a 'push'");
return;
}
Ok(push) => match push.branch(config.branches()) {
None => {
warn!(
?push,
"Unrecognised branch, we should be filtering to only the ones we want"
),
Some(branch) => {
match branch {
Branch::Main => {
if self.last_main_commit == Some(push.commit()) {
);
return;
}
Some(config::webhook::push::Branch::Main) => {
let commit = git::Commit::from(push);
if self.last_main_commit.as_ref() == Some(&commit) {
info!(
branch = %config.branches().main(),
commit = %push.commit(),
%commit,
"Ignoring - already aware of branch at commit",
);
return;
}
self.last_main_commit.replace(push.commit())
self.last_main_commit.replace(commit);
}
Branch::Next => {
if self.last_next_commit == Some(push.commit()) {
Some(config::webhook::push::Branch::Next) => {
let commit = git::Commit::from(push);
if self.last_next_commit.as_ref() == Some(&commit) {
info!(
branch = %config.branches().next(),
commit = %push.commit(),
%commit,
"Ignoring - already aware of branch at commit",
);
return;
}
self.last_next_commit.replace(push.commit())
self.last_next_commit.replace(commit);
}
Branch::Dev => {
if self.last_dev_commit == Some(push.commit()) {
Some(config::webhook::push::Branch::Dev) => {
let commit = git::Commit::from(push);
if self.last_dev_commit.as_ref() == Some(&commit) {
info!(
branch = %config.branches().dev(),
commit = %push.commit(),
%commit,
"Ignoring - already aware of branch at commit",
);
return;
}
self.last_dev_commit.replace(push.commit())
self.last_dev_commit.replace(commit);
}
},
}
};
let message_token = self.message_token.next();
info!(
token = %message_token,
?branch,
commit = %push.commit(),
"New commit"
);
ctx.address().do_send(ValidateRepo { message_token });
}
}
}
}
}
}
}
pub fn split_ref(reference: &str) -> (&str, &str) {
reference.split_at(11)
}
#[derive(Debug, serde::Deserialize)]
struct Push {
#[serde(rename = "ref")]
reference: String,
after: String,
head_commit: HeadCommit,
}
impl Push {
pub fn branch(&self, repo_branches: &RepoBranches) -> Option<Branch> {
if !self.reference.starts_with("refs/heads/") {
warn!(r#ref = self.reference, "Unexpected ref");
return None;
}
let (_, branch) = split_ref(&self.reference);
let branch = BranchName::new(branch);
if branch == repo_branches.main() {
return Some(Branch::Main);
}
if branch == repo_branches.next() {
return Some(Branch::Next);
}
if branch == repo_branches.dev() {
return Some(Branch::Dev);
}
warn!(%branch, "Unexpected branch");
None
}
pub fn commit(&self) -> git::Commit {
git::Commit::new(
git::commit::Sha::new(self.after.clone()),
git::commit::Message::new(self.head_commit.message.clone()),
)
}
}
#[derive(Debug)]
pub enum Branch {
Main,
Next,
Dev,
}
#[derive(Debug, serde::Deserialize)]
struct HeadCommit {
message: String,
}
#[derive(Message, Debug, Clone, derive_more::Constructor)]
#[rtype(result = "()")]
pub struct WebhookMessage {
forge_alias: ForgeAlias,
repo_alias: RepoAlias,
authorisation: WebhookAuth,
body: Body,
}
impl WebhookMessage {
pub const fn forge_alias(&self) -> &ForgeAlias {
&self.forge_alias
}
pub const fn repo_alias(&self) -> &RepoAlias {
&self.repo_alias
}
pub const fn body(&self) -> &Body {
&self.body
}
pub const fn authorisation(&self) -> &WebhookAuth {
&self.authorisation
}
}
#[derive(Clone, Debug, derive_more::Constructor)]
pub struct Body(String);
impl Body {
pub fn as_str(&self) -> &str {
self.0.as_str()
}
}

View file

@ -3,11 +3,6 @@ name = "git-next-server"
version = { workspace = true }
edition = { workspace = true }
[features]
default = ["forgejo"]
forgejo = []
github = []
[dependencies]
git-next-config = { workspace = true }
git-next-git = { workspace = true }

View file

@ -1,13 +1,13 @@
// crate::server::actors::webhook
use actix::prelude::*;
mod router;
mod server;
use git_next_config as config;
use std::net::SocketAddr;
use actix::prelude::*;
use git_next_repo_actor::webhook::WebhookMessage;
pub use router::AddWebhookRecipient;
pub use router::WebhookRouter;
use tracing::Instrument;
@ -17,10 +17,13 @@ pub struct WebhookActor {
socket_addr: SocketAddr,
span: tracing::Span,
spawn_handle: Option<actix::SpawnHandle>,
message_receiver: Recipient<WebhookMessage>,
message_receiver: Recipient<config::WebhookMessage>,
}
impl WebhookActor {
pub fn new(socket_addr: SocketAddr, message_receiver: Recipient<WebhookMessage>) -> Self {
pub fn new(
socket_addr: SocketAddr,
message_receiver: Recipient<config::WebhookMessage>,
) -> Self {
let span = tracing::info_span!("WebhookActor");
Self {
socket_addr,
@ -34,7 +37,7 @@ impl Actor for WebhookActor {
type Context = actix::Context<Self>;
fn started(&mut self, ctx: &mut Self::Context) {
let _gaurd = self.span.enter();
let address: Recipient<WebhookMessage> = self.message_receiver.clone();
let address: Recipient<config::WebhookMessage> = self.message_receiver.clone();
let server = server::start(self.socket_addr, address);
let spawn_handle = ctx.spawn(server.in_current_span().into_actor(self));
self.spawn_handle.replace(spawn_handle);

View file

@ -3,8 +3,8 @@ use std::collections::HashMap;
use actix::prelude::*;
use derive_more::Constructor;
use git_next_config::WebhookMessage;
use git_next_config::{ForgeAlias, RepoAlias};
use git_next_repo_actor::webhook::WebhookMessage;
use tracing::{debug, info};
pub struct WebhookRouter {

View file

@ -1,14 +1,17 @@
//
use std::net::SocketAddr;
use std::{collections::HashMap, net::SocketAddr};
use actix::prelude::*;
use git_next_config::{ForgeAlias, RepoAlias};
use git_next_repo_actor::webhook::{self, WebhookAuth, WebhookMessage};
use tracing::{info, warn};
use warp::reject::Rejection;
use config::{ForgeAlias, RepoAlias};
use git_next_config as config;
pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<WebhookMessage>) {
use tracing::{info, warn};
pub async fn start(
socket_addr: SocketAddr,
address: actix::prelude::Recipient<config::WebhookMessage>,
) {
// start webhook server
use warp::Filter;
// Define the Warp route to handle incoming HTTP requests
@ -19,7 +22,7 @@ pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<W
.and(warp::header::headers_cloned())
.and(warp::body::bytes())
.and_then(
|recipient: Recipient<WebhookMessage>,
|recipient: Recipient<config::WebhookMessage>,
forge_alias: String,
repo_alias: String,
// query: String,
@ -29,29 +32,16 @@ pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<W
let forge_alias = ForgeAlias::new(forge_alias);
let repo_alias = RepoAlias::new(repo_alias);
let bytes = body.to_vec();
let body = webhook::Body::new(String::from_utf8_lossy(&bytes).to_string());
headers.get("Authorization").map_or_else(
|| {
warn!("No Authorization header");
Err(warp::reject())
},
|authorisation_header| {
info!(
forge = %forge_alias,
repo = %repo_alias,
?authorisation_header,
"Received webhook",
);
// TODO: (#86) Authorization isn't presented consistently, allow each forge
// to parse the authorization from the request
match parse_auth(authorisation_header) {
Ok(authorisation) => {
let message = WebhookMessage::new(
forge_alias,
repo_alias,
authorisation,
body,
let body = config::webhook::message::Body::new(
String::from_utf8_lossy(&bytes).to_string(),
);
let headers = headers
.into_iter()
.filter_map(|(k, v)| {
k.map(|k| (k.to_string(), v.to_str().unwrap_or_default().to_string()))
})
.collect::<HashMap<String, String>>();
let message = config::WebhookMessage::new(forge_alias, repo_alias, headers, body);
recipient
.try_send(message)
.map(|_| {
@ -62,14 +52,6 @@ pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<W
warn!("Unknown error: {:?}", e);
warp::reject()
})
}
Err(e) => {
warn!(?e, "Failed to decode authorization header");
Err(warp::reject())
}
}
},
)
},
);
@ -77,27 +59,3 @@ pub async fn start(socket_addr: SocketAddr, address: actix::prelude::Recipient<W
info!("Starting webhook server: {}", socket_addr);
warp::serve(route).run(socket_addr).await;
}
fn parse_auth(authorization_header: &warp::http::HeaderValue) -> Result<WebhookAuth, Rejection> {
WebhookAuth::new(
authorization_header
.to_str()
.map_err(|e| {
warn!("Invalid non-ascii value in authorization: {:?}", e);
warp::reject()
}) // valid characters
.map(|v| {
info!("raw auth header: {}", v);
v
})?
.strip_prefix("Basic ")
.ok_or_else(|| {
warn!("Authorization must be 'Basic'");
warp::reject()
})?, // must start with "Basic "
)
.map_err(|e| {
warn!(?e, "decode error");
warp::reject()
})
}