Compare commits
No commits in common. "ad358ad7c2427a1d1df760cb57e055cb8cae9db3" and "6acefda5d3aae4e7b3098f705718a3c3cf245488" have entirely different histories.
ad358ad7c2
...
6acefda5d3
13 changed files with 65 additions and 63 deletions
|
@ -6,15 +6,6 @@ license = { workspace = true }
|
|||
repository = { workspace = true }
|
||||
description = "Forgejo support for git-next, the trunk-based development manager"
|
||||
|
||||
[lints.clippy]
|
||||
nursery = { level = "warn", priority = -1 }
|
||||
pedantic = { level = "warn", priority = -1 }
|
||||
unwrap_used = "warn"
|
||||
expect_used = "warn"
|
||||
|
||||
[lints.rust]
|
||||
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(tarpaulin_include)'] }
|
||||
|
||||
[dependencies]
|
||||
git-next-core = { workspace = true }
|
||||
|
||||
|
@ -41,3 +32,12 @@ tokio = { workspace = true }
|
|||
# Testing
|
||||
assert2 = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
|
||||
[lints.clippy]
|
||||
nursery = { level = "warn", priority = -1 }
|
||||
# pedantic = "warn"
|
||||
unwrap_used = "warn"
|
||||
expect_used = "warn"
|
||||
|
||||
[lints.rust]
|
||||
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(tarpaulin_include)'] }
|
||||
|
|
|
@ -4,8 +4,6 @@ mod tests;
|
|||
|
||||
mod webhook;
|
||||
|
||||
use std::borrow::ToOwned;
|
||||
|
||||
use git_next_core::{
|
||||
self as core,
|
||||
git::{self, forge::commit::Status},
|
||||
|
@ -22,7 +20,6 @@ pub struct ForgeJo {
|
|||
net: Network,
|
||||
}
|
||||
impl ForgeJo {
|
||||
#[must_use]
|
||||
pub const fn new(repo_details: git::RepoDetails, net: Network) -> Self {
|
||||
Self { repo_details, net }
|
||||
}
|
||||
|
@ -40,9 +37,10 @@ impl git::ForgeLike for ForgeJo {
|
|||
let authorization = msg.header("authorization");
|
||||
tracing::info!(?authorization, %expected, "is message authorised?");
|
||||
authorization
|
||||
.and_then(|header| header.strip_prefix("Basic ").map(ToOwned::to_owned))
|
||||
.and_then(|header| header.strip_prefix("Basic ").map(|v| v.to_owned()))
|
||||
.and_then(|value| WebhookAuth::try_new(value.as_str()).ok())
|
||||
.is_some_and(|auth| &auth == expected)
|
||||
.map(|auth| &auth == expected)
|
||||
.unwrap_or(false)
|
||||
}
|
||||
|
||||
fn parse_webhook_body(
|
||||
|
@ -77,8 +75,10 @@ impl git::ForgeLike for ForgeJo {
|
|||
Ok(response) => match response.response_body() {
|
||||
Some(status) => match status.state {
|
||||
ForgejoState::Success => Status::Pass,
|
||||
ForgejoState::Pending | ForgejoState::Blank => Status::Pending,
|
||||
ForgejoState::Failure | ForgejoState::Error => Status::Fail,
|
||||
ForgejoState::Pending => Status::Pending,
|
||||
ForgejoState::Failure => Status::Fail,
|
||||
ForgejoState::Error => Status::Fail,
|
||||
ForgejoState::Blank => Status::Pending,
|
||||
},
|
||||
None => {
|
||||
#[cfg(not(tarpaulin_include))]
|
||||
|
|
|
@ -284,7 +284,7 @@ mod forgejo {
|
|||
|
||||
let forge = given::a_forgejo_forge(&repo_details, net);
|
||||
|
||||
let_assert!(Ok(()) = forge.unregister_webhook(&webhook_id).await);
|
||||
let_assert!(Ok(_) = forge.unregister_webhook(&webhook_id).await);
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
|
@ -397,15 +397,13 @@ mod forgejo {
|
|||
repo_path,
|
||||
token,
|
||||
};
|
||||
let hook_1 =
|
||||
with::ReturnedWebhook::new(given::a_forgejo_webhook_id(), &repo_listen_url);
|
||||
let hook_2 =
|
||||
with::ReturnedWebhook::new(given::a_forgejo_webhook_id(), &repo_listen_url);
|
||||
let hook_3 = with::ReturnedWebhook::new(
|
||||
let hook1 = with::ReturnedWebhook::new(given::a_forgejo_webhook_id(), &repo_listen_url);
|
||||
let hook2 = with::ReturnedWebhook::new(given::a_forgejo_webhook_id(), &repo_listen_url);
|
||||
let hook3 = with::ReturnedWebhook::new(
|
||||
given::a_forgejo_webhook_id(),
|
||||
&given::a_repo_listen_url(&repo_details),
|
||||
);
|
||||
let hooks = [hook_1, hook_2, hook_3];
|
||||
let hooks = [hook1, hook2, hook3];
|
||||
|
||||
// there are three existing webhooks, two are matching webhooks
|
||||
with::get_webhooks_by_page(1, &hooks, &mut args);
|
||||
|
@ -587,7 +585,7 @@ mod forgejo {
|
|||
a_commit_status_url(repo_details, commit).as_str(),
|
||||
StatusCode::OK,
|
||||
response.to_string().as_str(),
|
||||
);
|
||||
)
|
||||
}
|
||||
|
||||
pub fn a_commit_status_url(
|
||||
|
@ -711,7 +709,7 @@ mod forgejo {
|
|||
a_name(),
|
||||
a_name(),
|
||||
a_name(),
|
||||
BTreeMap::default(), // no repos
|
||||
Default::default(), // no repos
|
||||
)
|
||||
}
|
||||
|
||||
|
|
|
@ -4,12 +4,12 @@ use git_next_core::{git, webhook, BranchName, WebhookId};
|
|||
use std::collections::HashMap;
|
||||
|
||||
mod list;
|
||||
mod parser;
|
||||
mod parse;
|
||||
mod register;
|
||||
mod unregister;
|
||||
|
||||
pub use list::list;
|
||||
pub use parser::parse_body;
|
||||
pub use parse::parse_body;
|
||||
pub use register::register;
|
||||
pub use unregister::unregister;
|
||||
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
use git_next_core::server::RepoListenUrl;
|
||||
//
|
||||
use git_next_core::{git, server::RepoListenUrl, RegisteredWebhook, WebhookAuth, WebhookId};
|
||||
use git_next_core::{git, RegisteredWebhook, WebhookAuth, WebhookId};
|
||||
|
||||
use kxio::network;
|
||||
use secrecy::ExposeSecret as _;
|
||||
use tracing::{info, instrument, warn};
|
||||
use tracing::{info, warn};
|
||||
|
||||
use crate::webhook;
|
||||
use crate::webhook::Hook;
|
||||
|
||||
#[instrument(skip_all)]
|
||||
#[tracing::instrument(skip_all)]
|
||||
pub async fn register(
|
||||
repo_details: &git::RepoDetails,
|
||||
repo_listen_url: &RepoListenUrl,
|
||||
|
@ -26,6 +26,7 @@ pub async fn register(
|
|||
|
||||
let hostname = &repo_details.forge.hostname();
|
||||
let repo_path = &repo_details.repo_path;
|
||||
use secrecy::ExposeSecret;
|
||||
let token = repo_details.forge.token().expose_secret();
|
||||
let url = network::NetUrl::new(format!(
|
||||
"https://{hostname}/api/v1/repos/{repo_path}/hooks?token={token}"
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
use git_next_core::{git, WebhookId};
|
||||
|
||||
use kxio::network;
|
||||
use secrecy::ExposeSecret as _;
|
||||
|
||||
pub async fn unregister(
|
||||
webhook_id: &WebhookId,
|
||||
|
@ -11,6 +10,7 @@ pub async fn unregister(
|
|||
) -> git::forge::webhook::Result<()> {
|
||||
let hostname = &repo_details.forge.hostname();
|
||||
let repo_path = &repo_details.repo_path;
|
||||
use secrecy::ExposeSecret;
|
||||
let token = repo_details.forge.token().expose_secret();
|
||||
let url = network::NetUrl::new(format!(
|
||||
"https://{hostname}/api/v1/repos/{repo_path}/hooks/{webhook_id}?token={token}"
|
||||
|
|
|
@ -6,15 +6,6 @@ license = { workspace = true }
|
|||
repository = { workspace = true }
|
||||
description = "GitHub support for git-next, the trunk-based development manager"
|
||||
|
||||
[lints.clippy]
|
||||
nursery = { level = "warn", priority = -1 }
|
||||
pedantic = { level = "warn", priority = -1 }
|
||||
unwrap_used = "warn"
|
||||
expect_used = "warn"
|
||||
|
||||
[lints.rust]
|
||||
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(tarpaulin_include)'] }
|
||||
|
||||
[dependencies]
|
||||
git-next-core = { workspace = true }
|
||||
|
||||
|
@ -52,3 +43,12 @@ tokio = { workspace = true }
|
|||
# Testing
|
||||
assert2 = { workspace = true }
|
||||
rand = { workspace = true }
|
||||
|
||||
[lints.clippy]
|
||||
nursery = { level = "warn", priority = -1 }
|
||||
# pedantic = "warn"
|
||||
unwrap_used = "warn"
|
||||
expect_used = "warn"
|
||||
|
||||
[lints.rust]
|
||||
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(tarpaulin_include)'] }
|
||||
|
|
|
@ -6,7 +6,7 @@ use kxio::network;
|
|||
|
||||
/// Checks the results of any (e.g. CI) status checks for the commit.
|
||||
///
|
||||
/// GitHub: <https://docs.github.com/en/rest/commits/statuses?apiVersion=2022-11-28#list-commit-statuses-for-a-reference>
|
||||
/// GitHub: https://docs.github.com/en/rest/commits/statuses?apiVersion=2022-11-28#list-commit-statuses-for-a-reference
|
||||
pub async fn status(github: &github::Github, commit: &git::Commit) -> git::forge::commit::Status {
|
||||
let repo_details = &github.repo_details;
|
||||
let hostname = repo_details.forge.hostname();
|
||||
|
@ -33,13 +33,17 @@ pub async fn status(github: &github::Github, commit: &git::Commit) -> git::forge
|
|||
.into_iter()
|
||||
.map(|status| match status.state {
|
||||
GithubState::Success => Status::Pass,
|
||||
GithubState::Pending | GithubState::Blank => Status::Pending,
|
||||
GithubState::Failure | GithubState::Error => Status::Fail,
|
||||
GithubState::Pending => Status::Pending,
|
||||
GithubState::Failure => Status::Fail,
|
||||
GithubState::Error => Status::Fail,
|
||||
GithubState::Blank => Status::Pending,
|
||||
})
|
||||
.reduce(|l, r| match (l, r) {
|
||||
(Status::Pass, Status::Pass) => Status::Pass,
|
||||
(_, Status::Fail) | (Status::Fail, _) => Status::Fail,
|
||||
(_, Status::Pending) | (Status::Pending, _) => Status::Pending,
|
||||
(_, Status::Fail) => Status::Fail,
|
||||
(Status::Fail, _) => Status::Fail,
|
||||
(_, Status::Pending) => Status::Pending,
|
||||
(Status::Pending, _) => Status::Pending,
|
||||
})
|
||||
})
|
||||
.unwrap_or_else(|| {
|
||||
|
|
|
@ -231,7 +231,7 @@ mod github {
|
|||
|
||||
let forge = given::a_github_forge(&repo_details, net);
|
||||
|
||||
let_assert!(Ok(()) = forge.unregister_webhook(&webhook_id).await);
|
||||
let_assert!(Ok(_) = forge.unregister_webhook(&webhook_id).await);
|
||||
}
|
||||
#[tokio::test]
|
||||
async fn should_return_error_on_network_error() {
|
||||
|
@ -335,11 +335,11 @@ mod github {
|
|||
hostname,
|
||||
repo_path,
|
||||
};
|
||||
let hook_1 = with::ReturnedWebhook::new(given::a_github_webhook_id(), &repo_listen_url);
|
||||
let hook_2 = with::ReturnedWebhook::new(given::a_github_webhook_id(), &repo_listen_url);
|
||||
let hook_3 =
|
||||
let hook1 = with::ReturnedWebhook::new(given::a_github_webhook_id(), &repo_listen_url);
|
||||
let hook2 = with::ReturnedWebhook::new(given::a_github_webhook_id(), &repo_listen_url);
|
||||
let hook3 =
|
||||
with::ReturnedWebhook::new(given::a_github_webhook_id(), &given::any_webhook_url());
|
||||
let hooks = [hook_1, hook_2, hook_3];
|
||||
let hooks = [hook1, hook2, hook3];
|
||||
// there are three existing webhooks, two are matching webhooks
|
||||
with::get_webhooks_by_page(1, &hooks, &mut args);
|
||||
with::get_webhooks_by_page(2, &[], &mut args);
|
||||
|
@ -511,7 +511,7 @@ mod github {
|
|||
a_commit_status_url(repo_details, commit).as_str(),
|
||||
StatusCode::OK,
|
||||
response.to_string().as_str(),
|
||||
);
|
||||
)
|
||||
}
|
||||
|
||||
pub fn a_commit_status_url(
|
||||
|
|
|
@ -1,20 +1,17 @@
|
|||
//
|
||||
|
||||
use std::string::ToString;
|
||||
|
||||
use git_next_core::{ForgeNotification, WebhookAuth};
|
||||
|
||||
use hmac::Mac;
|
||||
type HmacSha256 = hmac::Hmac<sha2::Sha256>;
|
||||
|
||||
pub fn is_authorised(msg: &ForgeNotification, webhook_auth: &WebhookAuth) -> bool {
|
||||
msg.header("x-hub-signature-256")
|
||||
.map(|x| x.trim_matches('"').to_string())
|
||||
.and_then(|sha| sha.strip_prefix("sha256=").map(ToString::to_string))
|
||||
.and_then(|sha| sha.strip_prefix("sha256=").map(|k| k.to_string()))
|
||||
.and_then(|github_signature| hex::decode(github_signature).ok())
|
||||
.and_then(|gh_sig| {
|
||||
let payload = &msg.body().as_str();
|
||||
|
||||
use hmac::Mac;
|
||||
type HmacSha256 = hmac::Hmac<sha2::Sha256>;
|
||||
let mut hmac = HmacSha256::new_from_slice(webhook_auth.to_string().as_bytes()).ok()?;
|
||||
hmac::Mac::update(&mut hmac, payload.as_ref());
|
||||
Some(hmac::Mac::verify_slice(hmac, gh_sig.as_ref()).is_ok())
|
||||
|
@ -28,6 +25,8 @@ pub fn sign_body(
|
|||
body: &git_next_core::webhook::forge_notification::Body,
|
||||
) -> Option<String> {
|
||||
let payload = body.as_str();
|
||||
use hmac::Mac;
|
||||
type HmacSha256 = hmac::Hmac<sha2::Sha256>;
|
||||
let mut hmac = HmacSha256::new_from_slice(webhook_auth.to_string().as_bytes()).ok()?;
|
||||
hmac::Mac::update(&mut hmac, payload.as_ref());
|
||||
let f = hmac::Mac::finalize(hmac);
|
|
@ -1,20 +1,20 @@
|
|||
//
|
||||
use git_next_core::{git, webhook, ApiToken, BranchName};
|
||||
|
||||
mod authorisation;
|
||||
mod authorised;
|
||||
mod list;
|
||||
mod parser;
|
||||
mod parse;
|
||||
mod register;
|
||||
mod unregister;
|
||||
|
||||
pub use authorisation::is_authorised;
|
||||
pub use authorised::is_authorised;
|
||||
pub use list::list;
|
||||
pub use parser::parse_body;
|
||||
pub use parse::parse_body;
|
||||
pub use register::register;
|
||||
pub use unregister::unregister;
|
||||
|
||||
#[cfg(test)]
|
||||
pub use authorisation::sign_body;
|
||||
pub use authorised::sign_body;
|
||||
|
||||
pub fn headers(token: &ApiToken) -> kxio::network::NetRequestHeaders {
|
||||
use secrecy::ExposeSecret;
|
||||
|
|
Loading…
Reference in a new issue