2023-06-21 01:54:15 +03:00
|
|
|
// Copyright 2023 The Gitea Authors. All rights reserved.
|
|
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
|
|
|
|
package actions
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"code.gitea.io/gitea/models/db"
|
2024-03-08 09:14:35 +03:00
|
|
|
"code.gitea.io/gitea/modules/log"
|
2023-06-21 01:54:15 +03:00
|
|
|
"code.gitea.io/gitea/modules/timeutil"
|
|
|
|
|
|
|
|
"xorm.io/builder"
|
|
|
|
)
|
|
|
|
|
Clarify Actions resources ownership (#31724)
Fix #31707.
Also related to #31715.
Some Actions resources could has different types of ownership. It could
be:
- global: all repos and orgs/users can use it.
- org/user level: only the org/user can use it.
- repo level: only the repo can use it.
There are two ways to distinguish org/user level from repo level:
1. `{owner_id: 1, repo_id: 2}` for repo level, and `{owner_id: 1,
repo_id: 0}` for org level.
2. `{owner_id: 0, repo_id: 2}` for repo level, and `{owner_id: 1,
repo_id: 0}` for org level.
The first way seems more reasonable, but it may not be true. The point
is that although a resource, like a runner, belongs to a repo (it can be
used by the repo), the runner doesn't belong to the repo's org (other
repos in the same org cannot use the runner). So, the second method
makes more sense.
And the first way is not user-friendly to query, we must set the repo id
to zero to avoid wrong results.
So, #31715 should be right. And the most simple way to fix #31707 is
just:
```diff
- shared.GetRegistrationToken(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.ID)
+ shared.GetRegistrationToken(ctx, 0, ctx.Repo.Repository.ID)
```
However, it is quite intuitive to set both owner id and repo id since
the repo belongs to the owner. So I prefer to be compatible with it. If
we get both owner id and repo id not zero when creating or finding, it's
very clear that the caller want one with repo level, but set owner id
accidentally. So it's OK to accept it but fix the owner id to zero.
(cherry picked from commit a33e74d40d356e8f628ac06a131cb203a3609dec)
2024-08-01 12:04:04 +03:00
|
|
|
// ActionVariable represents a variable that can be used in actions
|
|
|
|
//
|
|
|
|
// It can be:
|
|
|
|
// 1. global variable, OwnerID is 0 and RepoID is 0
|
|
|
|
// 2. org/user level variable, OwnerID is org/user ID and RepoID is 0
|
|
|
|
// 3. repo level variable, OwnerID is 0 and RepoID is repo ID
|
|
|
|
//
|
|
|
|
// Please note that it's not acceptable to have both OwnerID and RepoID to be non-zero,
|
|
|
|
// or it will be complicated to find variables belonging to a specific owner.
|
|
|
|
// For example, conditions like `OwnerID = 1` will also return variable {OwnerID: 1, RepoID: 1},
|
|
|
|
// but it's a repo level variable, not an org/user level variable.
|
|
|
|
// To avoid this, make it clear with {OwnerID: 0, RepoID: 1} for repo level variables.
|
2023-06-21 01:54:15 +03:00
|
|
|
type ActionVariable struct {
|
|
|
|
ID int64 `xorm:"pk autoincr"`
|
|
|
|
OwnerID int64 `xorm:"UNIQUE(owner_repo_name)"`
|
|
|
|
RepoID int64 `xorm:"INDEX UNIQUE(owner_repo_name)"`
|
|
|
|
Name string `xorm:"UNIQUE(owner_repo_name) NOT NULL"`
|
|
|
|
Data string `xorm:"LONGTEXT NOT NULL"`
|
|
|
|
CreatedUnix timeutil.TimeStamp `xorm:"created NOT NULL"`
|
|
|
|
UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
|
|
|
|
}
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
db.RegisterModel(new(ActionVariable))
|
|
|
|
}
|
|
|
|
|
Clarify Actions resources ownership (#31724)
Fix #31707.
Also related to #31715.
Some Actions resources could has different types of ownership. It could
be:
- global: all repos and orgs/users can use it.
- org/user level: only the org/user can use it.
- repo level: only the repo can use it.
There are two ways to distinguish org/user level from repo level:
1. `{owner_id: 1, repo_id: 2}` for repo level, and `{owner_id: 1,
repo_id: 0}` for org level.
2. `{owner_id: 0, repo_id: 2}` for repo level, and `{owner_id: 1,
repo_id: 0}` for org level.
The first way seems more reasonable, but it may not be true. The point
is that although a resource, like a runner, belongs to a repo (it can be
used by the repo), the runner doesn't belong to the repo's org (other
repos in the same org cannot use the runner). So, the second method
makes more sense.
And the first way is not user-friendly to query, we must set the repo id
to zero to avoid wrong results.
So, #31715 should be right. And the most simple way to fix #31707 is
just:
```diff
- shared.GetRegistrationToken(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.ID)
+ shared.GetRegistrationToken(ctx, 0, ctx.Repo.Repository.ID)
```
However, it is quite intuitive to set both owner id and repo id since
the repo belongs to the owner. So I prefer to be compatible with it. If
we get both owner id and repo id not zero when creating or finding, it's
very clear that the caller want one with repo level, but set owner id
accidentally. So it's OK to accept it but fix the owner id to zero.
(cherry picked from commit a33e74d40d356e8f628ac06a131cb203a3609dec)
2024-08-01 12:04:04 +03:00
|
|
|
func InsertVariable(ctx context.Context, ownerID, repoID int64, name, data string) (*ActionVariable, error) {
|
|
|
|
if ownerID != 0 && repoID != 0 {
|
|
|
|
// It's trying to create a variable that belongs to a repository, but OwnerID has been set accidentally.
|
|
|
|
// Remove OwnerID to avoid confusion; it's not worth returning an error here.
|
|
|
|
ownerID = 0
|
2023-06-21 01:54:15 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
variable := &ActionVariable{
|
|
|
|
OwnerID: ownerID,
|
|
|
|
RepoID: repoID,
|
|
|
|
Name: strings.ToUpper(name),
|
|
|
|
Data: data,
|
|
|
|
}
|
|
|
|
return variable, db.Insert(ctx, variable)
|
|
|
|
}
|
|
|
|
|
|
|
|
type FindVariablesOpts struct {
|
|
|
|
db.ListOptions
|
|
|
|
RepoID int64
|
Clarify Actions resources ownership (#31724)
Fix #31707.
Also related to #31715.
Some Actions resources could has different types of ownership. It could
be:
- global: all repos and orgs/users can use it.
- org/user level: only the org/user can use it.
- repo level: only the repo can use it.
There are two ways to distinguish org/user level from repo level:
1. `{owner_id: 1, repo_id: 2}` for repo level, and `{owner_id: 1,
repo_id: 0}` for org level.
2. `{owner_id: 0, repo_id: 2}` for repo level, and `{owner_id: 1,
repo_id: 0}` for org level.
The first way seems more reasonable, but it may not be true. The point
is that although a resource, like a runner, belongs to a repo (it can be
used by the repo), the runner doesn't belong to the repo's org (other
repos in the same org cannot use the runner). So, the second method
makes more sense.
And the first way is not user-friendly to query, we must set the repo id
to zero to avoid wrong results.
So, #31715 should be right. And the most simple way to fix #31707 is
just:
```diff
- shared.GetRegistrationToken(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.ID)
+ shared.GetRegistrationToken(ctx, 0, ctx.Repo.Repository.ID)
```
However, it is quite intuitive to set both owner id and repo id since
the repo belongs to the owner. So I prefer to be compatible with it. If
we get both owner id and repo id not zero when creating or finding, it's
very clear that the caller want one with repo level, but set owner id
accidentally. So it's OK to accept it but fix the owner id to zero.
(cherry picked from commit a33e74d40d356e8f628ac06a131cb203a3609dec)
2024-08-01 12:04:04 +03:00
|
|
|
OwnerID int64 // it will be ignored if RepoID is set
|
2024-03-28 23:40:35 +03:00
|
|
|
Name string
|
2023-06-21 01:54:15 +03:00
|
|
|
}
|
|
|
|
|
2023-11-24 06:49:41 +03:00
|
|
|
func (opts FindVariablesOpts) ToConds() builder.Cond {
|
2023-06-21 01:54:15 +03:00
|
|
|
cond := builder.NewCond()
|
2024-03-28 23:40:35 +03:00
|
|
|
// Since we now support instance-level variables,
|
|
|
|
// there is no need to check for null values for `owner_id` and `repo_id`
|
2023-12-25 10:28:59 +03:00
|
|
|
cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
|
Clarify Actions resources ownership (#31724)
Fix #31707.
Also related to #31715.
Some Actions resources could has different types of ownership. It could
be:
- global: all repos and orgs/users can use it.
- org/user level: only the org/user can use it.
- repo level: only the repo can use it.
There are two ways to distinguish org/user level from repo level:
1. `{owner_id: 1, repo_id: 2}` for repo level, and `{owner_id: 1,
repo_id: 0}` for org level.
2. `{owner_id: 0, repo_id: 2}` for repo level, and `{owner_id: 1,
repo_id: 0}` for org level.
The first way seems more reasonable, but it may not be true. The point
is that although a resource, like a runner, belongs to a repo (it can be
used by the repo), the runner doesn't belong to the repo's org (other
repos in the same org cannot use the runner). So, the second method
makes more sense.
And the first way is not user-friendly to query, we must set the repo id
to zero to avoid wrong results.
So, #31715 should be right. And the most simple way to fix #31707 is
just:
```diff
- shared.GetRegistrationToken(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.ID)
+ shared.GetRegistrationToken(ctx, 0, ctx.Repo.Repository.ID)
```
However, it is quite intuitive to set both owner id and repo id since
the repo belongs to the owner. So I prefer to be compatible with it. If
we get both owner id and repo id not zero when creating or finding, it's
very clear that the caller want one with repo level, but set owner id
accidentally. So it's OK to accept it but fix the owner id to zero.
(cherry picked from commit a33e74d40d356e8f628ac06a131cb203a3609dec)
2024-08-01 12:04:04 +03:00
|
|
|
if opts.RepoID != 0 { // if RepoID is set
|
|
|
|
// ignore OwnerID and treat it as 0
|
|
|
|
cond = cond.And(builder.Eq{"owner_id": 0})
|
|
|
|
} else {
|
|
|
|
cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
|
|
|
|
}
|
2024-03-28 23:40:35 +03:00
|
|
|
|
|
|
|
if opts.Name != "" {
|
|
|
|
cond = cond.And(builder.Eq{"name": strings.ToUpper(opts.Name)})
|
|
|
|
}
|
2023-06-21 01:54:15 +03:00
|
|
|
return cond
|
|
|
|
}
|
|
|
|
|
2024-03-28 23:40:35 +03:00
|
|
|
func FindVariables(ctx context.Context, opts FindVariablesOpts) ([]*ActionVariable, error) {
|
|
|
|
return db.Find[ActionVariable](ctx, opts)
|
2023-06-21 01:54:15 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
func UpdateVariable(ctx context.Context, variable *ActionVariable) (bool, error) {
|
|
|
|
count, err := db.GetEngine(ctx).ID(variable.ID).Cols("name", "data").
|
|
|
|
Update(&ActionVariable{
|
|
|
|
Name: variable.Name,
|
|
|
|
Data: variable.Data,
|
|
|
|
})
|
|
|
|
return count != 0, err
|
|
|
|
}
|
2024-03-08 09:14:35 +03:00
|
|
|
|
2024-03-28 23:40:35 +03:00
|
|
|
func DeleteVariable(ctx context.Context, id int64) error {
|
|
|
|
if _, err := db.DeleteByID[ActionVariable](ctx, id); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2024-03-08 09:14:35 +03:00
|
|
|
func GetVariablesOfRun(ctx context.Context, run *ActionRun) (map[string]string, error) {
|
|
|
|
variables := map[string]string{}
|
|
|
|
|
2024-04-23 21:55:25 +03:00
|
|
|
if err := run.LoadRepo(ctx); err != nil {
|
|
|
|
log.Error("LoadRepo: %v", err)
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-03-08 09:14:35 +03:00
|
|
|
// Global
|
|
|
|
globalVariables, err := db.Find[ActionVariable](ctx, FindVariablesOpts{})
|
|
|
|
if err != nil {
|
|
|
|
log.Error("find global variables: %v", err)
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Org / User level
|
|
|
|
ownerVariables, err := db.Find[ActionVariable](ctx, FindVariablesOpts{OwnerID: run.Repo.OwnerID})
|
|
|
|
if err != nil {
|
|
|
|
log.Error("find variables of org: %d, error: %v", run.Repo.OwnerID, err)
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Repo level
|
|
|
|
repoVariables, err := db.Find[ActionVariable](ctx, FindVariablesOpts{RepoID: run.RepoID})
|
|
|
|
if err != nil {
|
|
|
|
log.Error("find variables of repo: %d, error: %v", run.RepoID, err)
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Level precedence: Repo > Org / User > Global
|
|
|
|
for _, v := range append(globalVariables, append(ownerVariables, repoVariables...)...) {
|
|
|
|
variables[v.Name] = v.Data
|
|
|
|
}
|
|
|
|
|
|
|
|
return variables, nil
|
|
|
|
}
|