def _hook_environment(repo_path): """ Create a light-weight environment for stand-alone scripts and return an UI and the db repository. Git hooks are executed as subprocess of Git while Kallithea is waiting, and they thus need enough info to be able to create an app environment and connect to the database. """ import paste.deploy import kallithea.config.middleware extras = get_hook_environment() path_to_ini_file = extras['config'] kallithea.CONFIG = paste.deploy.appconfig('config:' + path_to_ini_file) #logging.config.fileConfig(ini_file_path) # Note: we are in a different process - don't use configured logging kallithea.config.middleware.make_app(kallithea.CONFIG.global_conf, **kallithea.CONFIG.local_conf) # fix if it's not a bare repo if repo_path.endswith(os.sep + '.git'): repo_path = repo_path[:-5] repo = Repository.get_by_full_path(repo_path) if not repo: raise OSError('Repository %s not found in database' % repo_path) baseui = make_ui() return baseui, repo
def wrapper_app(environ, start_response): if (parsed_request.cmd == 'info/refs' and parsed_request.service == 'git-upload-pack'): baseui = make_ui() repo = Repository.get_by_repo_name(parsed_request.repo_name) scm_repo = repo.scm_instance # Run hooks, like Mercurial outgoing.pull_logger does log_pull_action(ui=baseui, repo=scm_repo._repo) # Note: push hooks are handled by post-receive hook return pygrack_app(environ, start_response)
def validate_python(self, value, state): repo_type = value.get('repo_type') url = value.get('clone_uri') if url and url != value.get('clone_uri_hidden'): try: url_handler(repo_type, url, make_ui('db', clear_session=False)) except Exception: log.exception('URL validation failed') msg = M(self, 'clone_uri') raise formencode.Invalid(msg, value, state, error_dict=dict(clone_uri=msg) )
def _serve(self): # Note: we want a repo with config based on .hg/hgrc and can thus not use self.db_repo.scm_instance._repo.ui baseui = make_ui(repo_path=self.db_repo.repo_full_path) if not self.allow_push: baseui.setconfig(b'hooks', b'pretxnopen._ssh_reject', b'python:kallithea.lib.hooks.rejectpush') baseui.setconfig(b'hooks', b'prepushkey._ssh_reject', b'python:kallithea.lib.hooks.rejectpush') repo = mercurial.hg.repository(baseui, safe_bytes(self.db_repo.repo_full_path)) log.debug("Starting Mercurial sshserver for %s", self.db_repo.repo_full_path) mercurial.wireprotoserver.sshserver(baseui, repo).serve_forever()
def _validate_python(self, value, state): repo_type = value.get('repo_type') url = value.get('clone_uri') if url and url != value.get('clone_uri_hidden'): try: is_valid_repo_uri(repo_type, url, make_ui()) except InvalidCloneUriException as e: log.warning('validation of clone URL %r failed: %s', url, e) msg = self.message('clone_uri', state) raise formencode.Invalid(msg, value, state, error_dict=dict(clone_uri=msg))
def validate_python(self, value, state): repo_type = value.get('repo_type') url = value.get('clone_uri') if url and url != value.get('clone_uri_hidden'): try: url_handler(repo_type, url, make_ui('db', clear_session=False)) except Exception: log.exception('URL validation failed') msg = self.message('clone_uri', state) raise formencode.Invalid(msg, value, state, error_dict=dict(clone_uri=msg))
def _make_app(self, parsed_request): """ Make an hgweb wsgi application. """ repo_name = parsed_request.repo_name repo_path = os.path.join(self.basepath, repo_name) baseui = make_ui(repo_path=repo_path) hgweb_app = mercurial.hgweb.hgweb(safe_bytes(repo_path), name=safe_bytes(repo_name), baseui=baseui) def wrapper_app(environ, start_response): environ['REPO_NAME'] = repo_name # used by mercurial.hgweb.hgweb return hgweb_app(environ, start_response) return wrapper_app
def validate_python(self, value, state): repo_type = value.get('repo_type') url = value.get('clone_uri') if not url: pass else: try: url_handler(repo_type, url, make_ui('db', clear_session=False)) except Exception: log.exception('URL validation failed') msg = M(self, 'clone_uri') raise formencode.Invalid(msg, value, state, error_dict=dict(clone_uri=msg))
def _serve(self): if self.verb == 'git-upload-pack': # action 'pull' # base class called set_hook_environment - action is hardcoded to 'pull' log_pull_action(ui=make_ui(), repo=self.db_repo.scm_instance._repo) else: # probably verb 'git-receive-pack', action 'push' if not self.allow_push: self.exit('Push access to %r denied' % self.repo_name) # Note: push logging is handled by Git post-receive hook # git shell is not a real shell but use shell inspired quoting *inside* the argument. # Per https://github.com/git/git/blob/v2.22.0/quote.c#L12 : # The path must be "'" quoted, but "'" and "!" must exit the quoting and be "\" escaped quoted_abspath = "'%s'" % self.db_repo.repo_full_path.replace( "'", r"'\''").replace("!", r"'\!'") newcmd = ['git', 'shell', '-c', "%s %s" % (self.verb, quoted_abspath)] log.debug('Serving: %s', newcmd) os.execvp(newcmd[0], newcmd) self.exit("Failed to exec 'git' as %s" % newcmd)
def __inject_extras(self, repo_path, baseui, extras={}): """ Injects some extra params into baseui instance also overwrites global settings with those takes from local hgrc file :param baseui: baseui instance :param extras: dict with extra params to put into baseui """ hgrc = os.path.join(repo_path, '.hg', 'hgrc') repoui = make_ui('file', hgrc, False) if repoui: #overwrite our ui instance with the section from hgrc file for section in ui_sections: for k, v in repoui.configitems(section): baseui.setconfig(section, k, v) _set_extras(extras)
def __inject_extras(self, repo_path, baseui, extras=None): """ Injects some extra params into baseui instance also overwrites global settings with those takes from local hgrc file :param baseui: baseui instance :param extras: dict with extra params to put into baseui """ hgrc = os.path.join(repo_path, '.hg', 'hgrc') repoui = make_ui('file', hgrc) if repoui: #overwrite our ui instance with the section from hgrc file for section in ui_sections: for k, v in repoui.configitems(section): baseui.setconfig(section, k, v) _set_extras(extras or {})
def repo_scan(self, repos_path=None): """ Listing of repositories in given path. This path should not be a repository itself. Return a dictionary of repository objects mapping to vcs instances. :param repos_path: path to directory containing repositories """ if repos_path is None: repos_path = self.repos_path log.info('scanning for repositories in %s', repos_path) baseui = make_ui() repos = {} for name, path in get_filesystem_repos(repos_path): # name need to be decomposed and put back together using the / # since this is internal storage separator for kallithea name = Repository.normalize_repo_name(name) try: if name in repos: raise RepositoryError('Duplicate repository name %s ' 'found in %s' % (name, path)) else: klass = get_backend(path[0]) if path[0] == 'hg' and path[0] in BACKENDS: repos[name] = klass(path[1], baseui=baseui) if path[0] == 'git' and path[0] in BACKENDS: repos[name] = klass(path[1]) except OSError: continue log.debug('found %s paths with repositories', len(repos)) return repos
def repo_scan(self, repos_path=None): """ Listing of repositories in given path. This path should not be a repository itself. Return a dictionary of repository objects :param repos_path: path to directory containing repositories """ if repos_path is None: repos_path = self.repos_path log.info('scanning for repositories in %s' % repos_path) baseui = make_ui('db') repos = {} for name, path in get_filesystem_repos(repos_path, recursive=True): # name need to be decomposed and put back together using the / # since this is internal storage separator for kallithea name = Repository.normalize_repo_name(name) try: if name in repos: raise RepositoryError('Duplicate repository name %s ' 'found in %s' % (name, path)) else: klass = get_backend(path[0]) if path[0] == 'hg' and path[0] in BACKENDS.keys(): repos[name] = klass(safe_str(path[1]), baseui=baseui) if path[0] == 'git' and path[0] in BACKENDS.keys(): repos[name] = klass(path[1]) except OSError: continue log.debug('found %s paths with repositories' % (len(repos))) return repos
def update(self, repo, **kwargs): try: cur_repo = Repository.guess_instance(repo) org_repo_name = cur_repo.repo_name if 'owner' in kwargs: cur_repo.owner = User.get_by_username(kwargs['owner']) if 'repo_group' in kwargs: assert kwargs[ 'repo_group'] != '-1', kwargs # RepoForm should have converted to None cur_repo.group = RepoGroup.get(kwargs['repo_group']) cur_repo.repo_name = cur_repo.get_new_name(cur_repo.just_name) log.debug('Updating repo %s with params:%s', cur_repo, kwargs) for k in [ 'repo_enable_downloads', 'repo_description', 'repo_landing_rev', 'repo_private', 'repo_enable_statistics', ]: if k in kwargs: setattr(cur_repo, remove_prefix(k, 'repo_'), kwargs[k]) clone_uri = kwargs.get('clone_uri') if clone_uri is not None and clone_uri != cur_repo.clone_uri_hidden: # clone_uri is modified - if given a value, check it is valid if clone_uri != '': # will raise exception on error is_valid_repo_uri(cur_repo.repo_type, clone_uri, make_ui()) cur_repo.clone_uri = clone_uri if 'repo_name' in kwargs: repo_name = kwargs['repo_name'] if kallithea.lib.utils2.repo_name_slug(repo_name) != repo_name: raise Exception('invalid repo name %s' % repo_name) cur_repo.repo_name = cur_repo.get_new_name(repo_name) # if private flag is set, reset default permission to NONE if kwargs.get('repo_private'): EMPTY_PERM = 'repository.none' RepoModel().grant_user_permission(repo=cur_repo, user='******', perm=EMPTY_PERM) # handle extra fields for field in [ k for k in kwargs if k.startswith(RepositoryField.PREFIX) ]: k = RepositoryField.un_prefix_key(field) ex_field = RepositoryField.get_by_key_name(key=k, repo=cur_repo) if ex_field: ex_field.field_value = kwargs[field] if org_repo_name != cur_repo.repo_name: # rename repository self._rename_filesystem_repo(old=org_repo_name, new=cur_repo.repo_name) return cur_repo except Exception: log.error(traceback.format_exc()) raise
def _handle_request(self, environ, start_response): if not is_git(environ): return self.application(environ, start_response) ip_addr = self._get_ip_addr(environ) self._git_first_op = False # skip passing error to error controller environ['pylons.status_code_redirect'] = True #====================================================================== # EXTRACT REPOSITORY NAME FROM ENV #====================================================================== try: str_repo_name = self.__get_repository(environ) repo_name = safe_unicode(str_repo_name) log.debug('Extracted repo name is %s', repo_name) except Exception as e: log.error('error extracting repo_name: %r', e) return HTTPInternalServerError()(environ, start_response) # quick check if that dir exists... if not is_valid_repo(repo_name, self.basepath, 'git'): return HTTPNotFound()(environ, start_response) #====================================================================== # GET ACTION PULL or PUSH #====================================================================== action = self.__get_action(environ) #====================================================================== # CHECK PERMISSIONS #====================================================================== user, response_app = self._authorize(environ, start_response, action, repo_name, ip_addr) if response_app is not None: return response_app(environ, start_response) # extras are injected into UI object and later available # in hooks executed by kallithea from kallithea import CONFIG server_url = get_server_url(environ) extras = { 'ip': ip_addr, 'username': user.username, 'action': action, 'repository': repo_name, 'scm': 'git', 'config': CONFIG['__file__'], 'server_url': server_url, 'make_lock': None, 'locked_by': [None, None] } #=================================================================== # GIT REQUEST HANDLING #=================================================================== repo_path = os.path.join(safe_str(self.basepath),str_repo_name) log.debug('Repository path is %s', repo_path) # CHECK LOCKING only if it's not ANONYMOUS USER if not user.is_default_user: log.debug('Checking locking on repository') make_lock, locked, locked_by = check_locking_state(action, repo_name, user) # store the make_lock for later evaluation in hooks extras.update({'make_lock': make_lock, 'locked_by': locked_by}) fix_PATH() log.debug('HOOKS extras is %s', extras) baseui = make_ui('db') self.__inject_extras(repo_path, baseui, extras) try: self._handle_githooks(repo_name, action, baseui, environ) log.info('%s action on Git repo "%s" by "%s" from %s', action, str_repo_name, safe_str(user.username), ip_addr) app = self.__make_app(repo_name, repo_path, extras) result = app(environ, start_response) if action == 'push': result = WSGIResultCloseCallback(result, lambda: self._invalidate_cache(repo_name)) return result except HTTPLockedRC as e: log.debug('Locked, response %s: %s', e.code, e.title) return e(environ, start_response) except Exception: log.error(traceback.format_exc()) return HTTPInternalServerError()(environ, start_response)
def _handle_request(self, environ, start_response): if not is_git(environ): return self.application(environ, start_response) if not self._check_ssl(environ): return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response) ip_addr = self._get_ip_addr(environ) username = None self._git_first_op = False # skip passing error to error controller environ['pylons.status_code_redirect'] = True #====================================================================== # EXTRACT REPOSITORY NAME FROM ENV #====================================================================== try: repo_name = self.__get_repository(environ) log.debug('Extracted repo name is %s' % repo_name) except Exception: return HTTPInternalServerError()(environ, start_response) # quick check if that dir exists... if not is_valid_repo(repo_name, self.basepath, 'git'): return HTTPNotFound()(environ, start_response) #====================================================================== # GET ACTION PULL or PUSH #====================================================================== action = self.__get_action(environ) #====================================================================== # CHECK ANONYMOUS PERMISSION #====================================================================== if action in ['pull', 'push']: anonymous_user = self.__get_user('default') username = anonymous_user.username if anonymous_user.active: # ONLY check permissions if the user is activated anonymous_perm = self._check_permission( action, anonymous_user, repo_name, ip_addr) else: anonymous_perm = False if not anonymous_user.active or not anonymous_perm: if not anonymous_user.active: log.debug('Anonymous access is disabled, running ' 'authentication') if not anonymous_perm: log.debug('Not enough credentials to access this ' 'repository as anonymous user') username = None #============================================================== # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS #============================================================== # try to auth based on environ, container auth methods log.debug( 'Running PRE-AUTH for container based authentication') pre_auth = auth_modules.authenticate('', '', environ) if pre_auth and pre_auth.get('username'): username = pre_auth['username'] log.debug('PRE-AUTH got %s as username' % username) # If not authenticated by the container, running basic auth if not username: self.authenticate.realm = \ safe_str(self.config['realm']) result = self.authenticate(environ) if isinstance(result, str): AUTH_TYPE.update(environ, 'basic') REMOTE_USER.update(environ, result) username = result else: return result.wsgi_application(environ, start_response) #============================================================== # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME #============================================================== try: user = self.__get_user(username) if user is None or not user.active: return HTTPForbidden()(environ, start_response) username = user.username except Exception: log.error(traceback.format_exc()) return HTTPInternalServerError()(environ, start_response) #check permissions for this repository perm = self._check_permission(action, user, repo_name, ip_addr) if not perm: return HTTPForbidden()(environ, start_response) # extras are injected into UI object and later available # in hooks executed by kallithea from kallithea import CONFIG server_url = get_server_url(environ) extras = { 'ip': ip_addr, 'username': username, 'action': action, 'repository': repo_name, 'scm': 'git', 'config': CONFIG['__file__'], 'server_url': server_url, 'make_lock': None, 'locked_by': [None, None] } #=================================================================== # GIT REQUEST HANDLING #=================================================================== str_repo_name = safe_str(repo_name) repo_path = os.path.join(safe_str(self.basepath), str_repo_name) log.debug('Repository path is %s' % repo_path) # CHECK LOCKING only if it's not ANONYMOUS USER if username != User.DEFAULT_USER: log.debug('Checking locking on repository') (make_lock, locked, locked_by) = self._check_locking_state(environ=environ, action=action, repo=repo_name, user_id=user.user_id) # store the make_lock for later evaluation in hooks extras.update({'make_lock': make_lock, 'locked_by': locked_by}) fix_PATH() log.debug('HOOKS extras is %s' % extras) baseui = make_ui('db') self.__inject_extras(repo_path, baseui, extras) try: self._handle_githooks(repo_name, action, baseui, environ) log.info('%s action on Git repo "%s" by "%s" from %s' % (action, str_repo_name, safe_str(username), ip_addr)) app = self.__make_app(repo_name, repo_path, extras) return app(environ, start_response) except HTTPLockedRC, e: _code = CONFIG.get('lock_ret_code') log.debug('Repository LOCKED ret code %s!' % (_code)) return e(environ, start_response)
def load_environment(global_conf, app_conf, initial=False, test_env=None, test_index=None): """ Configure the Pylons environment via the ``pylons.config`` object """ config = pylons.configuration.PylonsConfig() # Pylons paths root = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) paths = dict( root=root, controllers=os.path.join(root, 'controllers'), static_files=os.path.join(root, 'public'), templates=[os.path.join(root, 'templates')] ) # Initialize config with the basic options config.init_app(global_conf, app_conf, package='kallithea', paths=paths) # store some globals into kallithea kallithea.CELERY_ON = str2bool(config['app_conf'].get('use_celery')) kallithea.CELERY_EAGER = str2bool(config['app_conf'].get('celery.always.eager')) config['routes.map'] = make_map(config) config['pylons.app_globals'] = app_globals.Globals(config) config['pylons.h'] = helpers kallithea.CONFIG = config load_rcextensions(root_path=config['here']) # Setup cache object as early as possible pylons.cache._push_object(config['pylons.app_globals'].cache) # Create the Mako TemplateLookup, with the default auto-escaping config['pylons.app_globals'].mako_lookup = mako.lookup.TemplateLookup( directories=paths['templates'], error_handler=pylons.error.handle_mako_error, module_directory=os.path.join(app_conf['cache_dir'], 'templates'), input_encoding='utf-8', default_filters=['escape'], imports=['from webhelpers.html import escape']) # sets the c attribute access when don't existing attribute are accessed config['pylons.strict_tmpl_context'] = True test = os.path.split(config['__file__'])[-1] == 'test.ini' if test: if test_env is None: test_env = not int(os.environ.get('KALLITHEA_NO_TMP_PATH', 0)) if test_index is None: test_index = not int(os.environ.get('KALLITHEA_WHOOSH_TEST_DISABLE', 0)) if os.environ.get('TEST_DB'): # swap config if we pass enviroment variable config['sqlalchemy.db1.url'] = os.environ.get('TEST_DB') from kallithea.lib.utils import create_test_env, create_test_index from kallithea.tests import TESTS_TMP_PATH #set KALLITHEA_NO_TMP_PATH=1 to disable re-creating the database and #test repos if test_env: create_test_env(TESTS_TMP_PATH, config) #set KALLITHEA_WHOOSH_TEST_DISABLE=1 to disable whoosh index during tests if test_index: create_test_index(TESTS_TMP_PATH, config, True) DbManage.check_waitress() # MULTIPLE DB configs # Setup the SQLAlchemy database engine sa_engine_db1 = engine_from_config(config, 'sqlalchemy.db1.') init_model(sa_engine_db1) set_available_permissions(config) repos_path = make_ui('db').configitems('paths')[0][1] config['base_path'] = repos_path set_app_settings(config) instance_id = kallithea.CONFIG.get('instance_id', '*') if instance_id == '*': instance_id = '%s-%s' % (platform.uname()[1], os.getpid()) kallithea.CONFIG['instance_id'] = instance_id # CONFIGURATION OPTIONS HERE (note: all config options will override # any Pylons config options) # store config reference into our module to skip import magic of # pylons kallithea.CONFIG.update(config) set_vcs_config(kallithea.CONFIG) set_indexer_config(kallithea.CONFIG) #check git version check_git_version() if str2bool(config.get('initial_repo_scan', True)): repo2db_mapper(ScmModel().repo_scan(repos_path), remove_obsolete=False, install_git_hooks=False) formencode.api.set_stdtranslation(languages=[config.get('lang')]) return config
def _handle_request(self, environ, start_response): if not is_git(environ): return self.application(environ, start_response) if not self._check_ssl(environ): return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response) ip_addr = self._get_ip_addr(environ) username = None self._git_first_op = False # skip passing error to error controller environ['pylons.status_code_redirect'] = True #====================================================================== # EXTRACT REPOSITORY NAME FROM ENV #====================================================================== try: str_repo_name = self.__get_repository(environ) repo_name = safe_unicode(str_repo_name) log.debug('Extracted repo name is %s', repo_name) except Exception as e: log.error('error extracting repo_name: %r', e) return HTTPInternalServerError()(environ, start_response) # quick check if that dir exists... if not is_valid_repo(repo_name, self.basepath, 'git'): return HTTPNotFound()(environ, start_response) #====================================================================== # GET ACTION PULL or PUSH #====================================================================== action = self.__get_action(environ) #====================================================================== # CHECK ANONYMOUS PERMISSION #====================================================================== if action in ['pull', 'push']: anonymous_user = User.get_default_user(cache=True) username = anonymous_user.username if anonymous_user.active: # ONLY check permissions if the user is activated anonymous_perm = self._check_permission(action, anonymous_user, repo_name, ip_addr) else: anonymous_perm = False if not anonymous_user.active or not anonymous_perm: if not anonymous_user.active: log.debug('Anonymous access is disabled, running ' 'authentication') if not anonymous_perm: log.debug('Not enough credentials to access this ' 'repository as anonymous user') username = None #============================================================== # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS #============================================================== # try to auth based on environ, container auth methods log.debug('Running PRE-AUTH for container based authentication') pre_auth = auth_modules.authenticate('', '', environ) if pre_auth is not None and pre_auth.get('username'): username = pre_auth['username'] log.debug('PRE-AUTH got %s as username', username) # If not authenticated by the container, running basic auth if not username: self.authenticate.realm = \ safe_str(self.config['realm']) result = self.authenticate(environ) if isinstance(result, str): AUTH_TYPE.update(environ, 'basic') REMOTE_USER.update(environ, result) username = result else: return result.wsgi_application(environ, start_response) #============================================================== # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME #============================================================== try: user = User.get_by_username_or_email(username) if user is None or not user.active: return HTTPForbidden()(environ, start_response) username = user.username except Exception: log.error(traceback.format_exc()) return HTTPInternalServerError()(environ, start_response) #check permissions for this repository perm = self._check_permission(action, user, repo_name, ip_addr) if not perm: return HTTPForbidden()(environ, start_response) # extras are injected into UI object and later available # in hooks executed by kallithea from kallithea import CONFIG server_url = get_server_url(environ) extras = { 'ip': ip_addr, 'username': username, 'action': action, 'repository': repo_name, 'scm': 'git', 'config': CONFIG['__file__'], 'server_url': server_url, 'make_lock': None, 'locked_by': [None, None] } #=================================================================== # GIT REQUEST HANDLING #=================================================================== repo_path = os.path.join(safe_str(self.basepath),str_repo_name) log.debug('Repository path is %s', repo_path) # CHECK LOCKING only if it's not ANONYMOUS USER if username != User.DEFAULT_USER: log.debug('Checking locking on repository') (make_lock, locked, locked_by) = self._check_locking_state( environ=environ, action=action, repo=repo_name, user_id=user.user_id ) # store the make_lock for later evaluation in hooks extras.update({'make_lock': make_lock, 'locked_by': locked_by}) fix_PATH() log.debug('HOOKS extras is %s', extras) baseui = make_ui('db') self.__inject_extras(repo_path, baseui, extras) try: self._handle_githooks(repo_name, action, baseui, environ) log.info('%s action on Git repo "%s" by "%s" from %s', action, str_repo_name, safe_str(username), ip_addr) app = self.__make_app(repo_name, repo_path, extras) result = app(environ, start_response) if action == 'push': result = WSGIResultCloseCallback(result, lambda: self._invalidate_cache(repo_name)) return result except HTTPLockedRC as e: _code = CONFIG.get('lock_ret_code') log.debug('Repository LOCKED ret code %s!', _code) return e(environ, start_response) except Exception: log.error(traceback.format_exc()) return HTTPInternalServerError()(environ, start_response)
def _create_filesystem_repo(self, repo_name, repo_type, repo_group, clone_uri=None, repo_store_location=None): """ Makes repository on filesystem. Operation is group aware, meaning that it will create a repository within a group, and alter the paths accordingly to the group location. :param repo_name: :param alias: :param parent: :param clone_uri: :param repo_store_location: """ from kallithea.lib.utils import is_valid_repo, is_valid_repo_group from kallithea.model.scm import ScmModel if '/' in repo_name: raise ValueError('repo_name must not contain groups got `%s`' % repo_name) if isinstance(repo_group, RepoGroup): new_parent_path = os.sep.join(repo_group.full_path_splitted) else: new_parent_path = repo_group or '' if repo_store_location: _paths = [repo_store_location] else: _paths = [self.repos_path, new_parent_path, repo_name] # we need to make it str for mercurial repo_path = os.path.join(*map(lambda x: safe_str(x), _paths)) # check if this path is not a repository if is_valid_repo(repo_path, self.repos_path): raise Exception('This path %s is a valid repository' % repo_path) # check if this path is a group if is_valid_repo_group(repo_path, self.repos_path): raise Exception('This path %s is a valid group' % repo_path) log.info('creating repo %s in %s from url: `%s`' % ( repo_name, safe_unicode(repo_path), obfuscate_url_pw(clone_uri))) backend = get_backend(repo_type) if repo_type == 'hg': baseui = make_ui('db', clear_session=False) # patch and reset hooks section of UI config to not run any # hooks on creating remote repo for k, v in baseui.configitems('hooks'): baseui.setconfig('hooks', k, None) repo = backend(repo_path, create=True, src_url=clone_uri, baseui=baseui) elif repo_type == 'git': repo = backend(repo_path, create=True, src_url=clone_uri, bare=True) # add kallithea hook into this repo ScmModel().install_git_hook(repo=repo) else: raise Exception('Not supported repo_type %s expected hg/git' % repo_type) log.debug('Created repo %s with %s backend' % (safe_unicode(repo_name), safe_unicode(repo_type))) return repo
def load_environment(global_conf, app_conf, initial=False, test_env=None, test_index=None): """ Configure the Pylons environment via the ``pylons.config`` object """ config = PylonsConfig() # Pylons paths root = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) paths = dict(root=root, controllers=os.path.join(root, 'controllers'), static_files=os.path.join(root, 'public'), templates=[os.path.join(root, 'templates')]) # Initialize config with the basic options config.init_app(global_conf, app_conf, package='kallithea', paths=paths) # store some globals into kallithea kallithea.CELERY_ON = str2bool(config['app_conf'].get('use_celery')) kallithea.CELERY_EAGER = str2bool( config['app_conf'].get('celery.always.eager')) config['routes.map'] = make_map(config) config['pylons.app_globals'] = app_globals.Globals(config) config['pylons.h'] = helpers kallithea.CONFIG = config load_rcextensions(root_path=config['here']) # Setup cache object as early as possible import pylons pylons.cache._push_object(config['pylons.app_globals'].cache) # Create the Mako TemplateLookup, with the default auto-escaping config['pylons.app_globals'].mako_lookup = TemplateLookup( directories=paths['templates'], error_handler=handle_mako_error, module_directory=os.path.join(app_conf['cache_dir'], 'templates'), input_encoding='utf-8', default_filters=['escape'], imports=['from webhelpers.html import escape']) # sets the c attribute access when don't existing attribute are accessed config['pylons.strict_tmpl_context'] = True test = os.path.split(config['__file__'])[-1] == 'test.ini' if test: if test_env is None: test_env = not int(os.environ.get('KALLITHEA_NO_TMP_PATH', 0)) if test_index is None: test_index = not int( os.environ.get('KALLITHEA_WHOOSH_TEST_DISABLE', 0)) if os.environ.get('TEST_DB'): # swap config if we pass enviroment variable config['sqlalchemy.db1.url'] = os.environ.get('TEST_DB') from kallithea.lib.utils import create_test_env, create_test_index from kallithea.tests import TESTS_TMP_PATH #set KALLITHEA_NO_TMP_PATH=1 to disable re-creating the database and #test repos if test_env: create_test_env(TESTS_TMP_PATH, config) #set KALLITHEA_WHOOSH_TEST_DISABLE=1 to disable whoosh index during tests if test_index: create_test_index(TESTS_TMP_PATH, config, True) DbManage.check_waitress() # MULTIPLE DB configs # Setup the SQLAlchemy database engine sa_engine_db1 = engine_from_config(config, 'sqlalchemy.db1.') init_model(sa_engine_db1) set_available_permissions(config) repos_path = make_ui('db').configitems('paths')[0][1] config['base_path'] = repos_path set_app_settings(config) instance_id = kallithea.CONFIG.get('instance_id') if instance_id == '*': instance_id = '%s-%s' % (platform.uname()[1], os.getpid()) kallithea.CONFIG['instance_id'] = instance_id # CONFIGURATION OPTIONS HERE (note: all config options will override # any Pylons config options) # store config reference into our module to skip import magic of # pylons kallithea.CONFIG.update(config) set_vcs_config(kallithea.CONFIG) #check git version check_git_version() if str2bool(config.get('initial_repo_scan', True)): repo2db_mapper(ScmModel().repo_scan(repos_path), remove_obsolete=False, install_git_hook=False) return config
def _handle_request(self, environ, start_response): if not is_mercurial(environ): return self.application(environ, start_response) ip_addr = self._get_ip_addr(environ) # skip passing error to error controller environ['pylons.status_code_redirect'] = True #====================================================================== # EXTRACT REPOSITORY NAME FROM ENV #====================================================================== try: str_repo_name = environ['REPO_NAME'] = self.__get_repository(environ) assert isinstance(str_repo_name, str), str_repo_name repo_name = safe_unicode(str_repo_name) assert safe_str(repo_name) == str_repo_name, (str_repo_name, repo_name) log.debug('Extracted repo name is %s', repo_name) except Exception as e: log.error('error extracting repo_name: %r', e) return HTTPInternalServerError()(environ, start_response) # quick check if that dir exists... if not is_valid_repo(repo_name, self.basepath, 'hg'): return HTTPNotFound()(environ, start_response) #====================================================================== # GET ACTION PULL or PUSH #====================================================================== try: action = self.__get_action(environ) except HTTPBadRequest as e: return e(environ, start_response) #====================================================================== # CHECK PERMISSIONS #====================================================================== user, response_app = self._authorize(environ, start_response, action, repo_name, ip_addr) if response_app is not None: return response_app(environ, start_response) # extras are injected into mercurial UI object and later available # in hg hooks executed by kallithea from kallithea import CONFIG server_url = get_server_url(environ) extras = { 'ip': ip_addr, 'username': user.username, 'action': action, 'repository': repo_name, 'scm': 'hg', 'config': CONFIG['__file__'], 'server_url': server_url, 'make_lock': None, 'locked_by': [None, None] } #====================================================================== # MERCURIAL REQUEST HANDLING #====================================================================== repo_path = os.path.join(safe_str(self.basepath), str_repo_name) log.debug('Repository path is %s', repo_path) # A Mercurial HTTP server will see listkeys operations (bookmarks, # phases and obsolescence marker) in a different request - we don't # want to check locking on those if environ['QUERY_STRING'] == 'cmd=listkeys': pass # CHECK LOCKING only if it's not ANONYMOUS USER elif not user.is_default_user: log.debug('Checking locking on repository') make_lock, locked, locked_by = check_locking_state(action, repo_name, user) # store the make_lock for later evaluation in hooks extras.update({'make_lock': make_lock, 'locked_by': locked_by}) fix_PATH() log.debug('HOOKS extras is %s', extras) baseui = make_ui('db') self.__inject_extras(repo_path, baseui, extras) try: log.info('%s action on Mercurial repo "%s" by "%s" from %s', action, str_repo_name, safe_str(user.username), ip_addr) app = self.__make_app(repo_path, baseui, extras) result = app(environ, start_response) if action == 'push': result = WSGIResultCloseCallback(result, lambda: self._invalidate_cache(repo_name)) return result except RepoError as e: if str(e).find('not found') != -1: return HTTPNotFound()(environ, start_response) except HTTPLockedRC as e: # Before Mercurial 3.6, lock exceptions were caught here log.debug('Locked, response %s: %s', e.code, e.title) return e(environ, start_response) except Exception: log.error(traceback.format_exc()) return HTTPInternalServerError()(environ, start_response)
def _handle_request(self, environ, start_response): if not is_mercurial(environ): return self.application(environ, start_response) ip_addr = self._get_ip_addr(environ) # skip passing error to error controller environ['pylons.status_code_redirect'] = True #====================================================================== # EXTRACT REPOSITORY NAME FROM ENV #====================================================================== try: str_repo_name = environ['REPO_NAME'] = self.__get_repository( environ) assert isinstance(str_repo_name, str), str_repo_name repo_name = safe_unicode(str_repo_name) assert safe_str(repo_name) == str_repo_name, (str_repo_name, repo_name) log.debug('Extracted repo name is %s', repo_name) except Exception as e: log.error('error extracting repo_name: %r', e) return HTTPInternalServerError()(environ, start_response) # quick check if that dir exists... if not is_valid_repo(repo_name, self.basepath, 'hg'): return HTTPNotFound()(environ, start_response) #====================================================================== # GET ACTION PULL or PUSH #====================================================================== try: action = self.__get_action(environ) except HTTPBadRequest as e: return e(environ, start_response) #====================================================================== # CHECK PERMISSIONS #====================================================================== user, response_app = self._authorize(environ, start_response, action, repo_name, ip_addr) if response_app is not None: return response_app(environ, start_response) # extras are injected into mercurial UI object and later available # in hg hooks executed by kallithea from kallithea import CONFIG server_url = get_server_url(environ) extras = { 'ip': ip_addr, 'username': user.username, 'action': action, 'repository': repo_name, 'scm': 'hg', 'config': CONFIG['__file__'], 'server_url': server_url, 'make_lock': None, 'locked_by': [None, None] } #====================================================================== # MERCURIAL REQUEST HANDLING #====================================================================== repo_path = os.path.join(safe_str(self.basepath), str_repo_name) log.debug('Repository path is %s', repo_path) # A Mercurial HTTP server will see listkeys operations (bookmarks, # phases and obsolescence marker) in a different request - we don't # want to check locking on those if environ['QUERY_STRING'] == 'cmd=listkeys': pass # CHECK LOCKING only if it's not ANONYMOUS USER elif not user.is_default_user: log.debug('Checking locking on repository') make_lock, locked, locked_by = check_locking_state( action, repo_name, user) # store the make_lock for later evaluation in hooks extras.update({'make_lock': make_lock, 'locked_by': locked_by}) fix_PATH() log.debug('HOOKS extras is %s', extras) baseui = make_ui('db') self.__inject_extras(repo_path, baseui, extras) try: log.info('%s action on Mercurial repo "%s" by "%s" from %s', action, str_repo_name, safe_str(user.username), ip_addr) app = self.__make_app(repo_path, baseui, extras) result = app(environ, start_response) if action == 'push': result = WSGIResultCloseCallback( result, lambda: self._invalidate_cache(repo_name)) return result except RepoError as e: if str(e).find('not found') != -1: return HTTPNotFound()(environ, start_response) except HTTPLockedRC as e: # Before Mercurial 3.6, lock exceptions were caught here log.debug('Locked, response %s: %s', e.code, e.title) return e(environ, start_response) except Exception: log.error(traceback.format_exc()) return HTTPInternalServerError()(environ, start_response)
def _create_filesystem_repo(self, repo_name, repo_type, repo_group, clone_uri=None, repo_store_location=None): """ Makes repository on filesystem. Operation is group aware, meaning that it will create a repository within a group, and alter the paths accordingly to the group location. :param repo_name: :param alias: :param parent: :param clone_uri: :param repo_store_location: """ from kallithea.lib.utils import is_valid_repo, is_valid_repo_group from kallithea.model.scm import ScmModel if '/' in repo_name: raise ValueError('repo_name must not contain groups got `%s`' % repo_name) if isinstance(repo_group, RepoGroup): new_parent_path = os.sep.join(repo_group.full_path_splitted) else: new_parent_path = repo_group or '' if repo_store_location: _paths = [repo_store_location] else: _paths = [self.repos_path, new_parent_path, repo_name] # we need to make it str for mercurial repo_path = os.path.join(*map(lambda x: safe_str(x), _paths)) # check if this path is not a repository if is_valid_repo(repo_path, self.repos_path): raise Exception('This path %s is a valid repository' % repo_path) # check if this path is a group if is_valid_repo_group(repo_path, self.repos_path): raise Exception('This path %s is a valid group' % repo_path) log.info('creating repo %s in %s from url: `%s`', repo_name, safe_unicode(repo_path), obfuscate_url_pw(clone_uri)) backend = get_backend(repo_type) if repo_type == 'hg': baseui = make_ui('db', clear_session=False) # patch and reset hooks section of UI config to not run any # hooks on creating remote repo for k, v in baseui.configitems('hooks'): baseui.setconfig('hooks', k, None) repo = backend(repo_path, create=True, src_url=clone_uri, baseui=baseui) elif repo_type == 'git': repo = backend(repo_path, create=True, src_url=clone_uri, bare=True) # add kallithea hook into this repo ScmModel().install_git_hooks(repo=repo) else: raise Exception('Not supported repo_type %s expected hg/git' % repo_type) log.debug('Created repo %s with %s backend', safe_unicode(repo_name), safe_unicode(repo_type)) return repo
def _create_repo(self, repo_name, repo_type, description, owner, private=False, clone_uri=None, repo_group=None, landing_rev='rev:tip', fork_of=None, copy_fork_permissions=False, enable_statistics=False, enable_downloads=False, copy_group_permissions=False, state=Repository.STATE_PENDING): """ Create repository inside database with PENDING state. This should only be executed by create() repo, with exception of importing existing repos. """ from kallithea.model.scm import ScmModel owner = User.guess_instance(owner) fork_of = Repository.guess_instance(fork_of) repo_group = RepoGroup.guess_instance(repo_group) try: repo_name = repo_name description = description # repo name is just a name of repository # while repo_name_full is a full qualified name that is combined # with name and path of group repo_name_full = repo_name repo_name = repo_name.split(URL_SEP)[-1] if kallithea.lib.utils2.repo_name_slug(repo_name) != repo_name: raise Exception('invalid repo name %s' % repo_name) new_repo = Repository() new_repo.repo_state = state new_repo.enable_statistics = False new_repo.repo_name = repo_name_full new_repo.repo_type = repo_type new_repo.owner = owner new_repo.group = repo_group new_repo.description = description or repo_name new_repo.private = private if clone_uri: # will raise exception on error is_valid_repo_uri(repo_type, clone_uri, make_ui()) new_repo.clone_uri = clone_uri new_repo.landing_rev = landing_rev new_repo.enable_statistics = enable_statistics new_repo.enable_downloads = enable_downloads if fork_of: parent_repo = fork_of new_repo.fork = parent_repo Session().add(new_repo) if fork_of and copy_fork_permissions: repo = fork_of user_perms = UserRepoToPerm.query() \ .filter(UserRepoToPerm.repository == repo).all() group_perms = UserGroupRepoToPerm.query() \ .filter(UserGroupRepoToPerm.repository == repo).all() for perm in user_perms: UserRepoToPerm.create(perm.user, new_repo, perm.permission) for perm in group_perms: UserGroupRepoToPerm.create(perm.users_group, new_repo, perm.permission) elif repo_group and copy_group_permissions: user_perms = UserRepoGroupToPerm.query() \ .filter(UserRepoGroupToPerm.group == repo_group).all() group_perms = UserGroupRepoGroupToPerm.query() \ .filter(UserGroupRepoGroupToPerm.group == repo_group).all() for perm in user_perms: perm_name = perm.permission.permission_name.replace( 'group.', 'repository.') perm_obj = Permission.get_by_key(perm_name) UserRepoToPerm.create(perm.user, new_repo, perm_obj) for perm in group_perms: perm_name = perm.permission.permission_name.replace( 'group.', 'repository.') perm_obj = Permission.get_by_key(perm_name) UserGroupRepoToPerm.create(perm.users_group, new_repo, perm_obj) else: self._create_default_perms(new_repo, private) # now automatically start following this repository as owner ScmModel().toggle_following_repo(new_repo.repo_id, owner.user_id) # we need to flush here, in order to check if database won't # throw any exceptions, create filesystem dirs at the very end Session().flush() return new_repo except Exception: log.error(traceback.format_exc()) raise
def _handle_request(self, environ, start_response): if not is_git(environ): return self.application(environ, start_response) ip_addr = self._get_ip_addr(environ) self._git_first_op = False # skip passing error to error controller environ['pylons.status_code_redirect'] = True #====================================================================== # EXTRACT REPOSITORY NAME FROM ENV #====================================================================== try: str_repo_name = self.__get_repository(environ) repo_name = safe_unicode(str_repo_name) log.debug('Extracted repo name is %s', repo_name) except Exception as e: log.error('error extracting repo_name: %r', e) return HTTPInternalServerError()(environ, start_response) # quick check if that dir exists... if not is_valid_repo(repo_name, self.basepath, 'git'): return HTTPNotFound()(environ, start_response) #====================================================================== # GET ACTION PULL or PUSH #====================================================================== action = self.__get_action(environ) #====================================================================== # CHECK PERMISSIONS #====================================================================== user, response_app = self._authorize(environ, start_response, action, repo_name, ip_addr) if response_app is not None: return response_app(environ, start_response) # extras are injected into UI object and later available # in hooks executed by kallithea from kallithea import CONFIG server_url = get_server_url(environ) extras = { 'ip': ip_addr, 'username': user.username, 'action': action, 'repository': repo_name, 'scm': 'git', 'config': CONFIG['__file__'], 'server_url': server_url, 'make_lock': None, 'locked_by': [None, None] } #=================================================================== # GIT REQUEST HANDLING #=================================================================== repo_path = os.path.join(safe_str(self.basepath), str_repo_name) log.debug('Repository path is %s', repo_path) # CHECK LOCKING only if it's not ANONYMOUS USER if not user.is_default_user: log.debug('Checking locking on repository') make_lock, locked, locked_by = check_locking_state( action, repo_name, user) # store the make_lock for later evaluation in hooks extras.update({'make_lock': make_lock, 'locked_by': locked_by}) fix_PATH() log.debug('HOOKS extras is %s', extras) baseui = make_ui('db') self.__inject_extras(repo_path, baseui, extras) try: self._handle_githooks(repo_name, action, baseui, environ) log.info('%s action on Git repo "%s" by "%s" from %s', action, str_repo_name, safe_str(user.username), ip_addr) app = self.__make_app(repo_name, repo_path, extras) result = app(environ, start_response) if action == 'push': result = WSGIResultCloseCallback( result, lambda: self._invalidate_cache(repo_name)) return result except HTTPLockedRC as e: log.debug('Locked, response %s: %s', e.code, e.title) return e(environ, start_response) except Exception: log.error(traceback.format_exc()) return HTTPInternalServerError()(environ, start_response)
def handle_git_receive(repo_path, revs, env, hook_type): """ A really hacky method that is run by git post-receive hook and logs a push action together with pushed revisions. It's executed by subprocess thus needs all info to be able to create an on the fly app environment, connect to database and run the logging code. Hacky as sh*t but works. :param repo_path: :param revs: :param env: """ from paste.deploy import appconfig from sqlalchemy import engine_from_config from kallithea.config.environment import load_environment from kallithea.model.base import init_model from kallithea.model.db import Ui from kallithea.lib.utils import make_ui, setup_cache_regions extras = _extract_extras(env) repo_path = safe_unicode(repo_path) path, ini_name = os.path.split(extras['config']) conf = appconfig('config:%s' % ini_name, relative_to=path) conf = load_environment(conf.global_conf, conf.local_conf) setup_cache_regions(conf) engine = engine_from_config(conf, 'sqlalchemy.') init_model(engine) baseui = make_ui('db') # fix if it's not a bare repo if repo_path.endswith(os.sep + '.git'): repo_path = repo_path[:-5] repo = Repository.get_by_full_path(repo_path) if not repo: raise OSError('Repository %s not found in database' % (safe_str(repo_path))) _hooks = dict(baseui.configitems('hooks')) or {} if hook_type == 'pre': repo = repo.scm_instance else: # post push shouldn't use the cached instance never repo = repo.scm_instance_no_cache() if hook_type == 'pre': pre_push(baseui, repo) # if push hook is enabled via web interface elif hook_type == 'post' and _hooks.get(Ui.HOOK_PUSH): rev_data = [] for l in revs: old_rev, new_rev, ref = l.strip().split(' ') _ref_data = ref.split('/') if _ref_data[1] in ['tags', 'heads']: rev_data.append({ 'old_rev': old_rev, 'new_rev': new_rev, 'ref': ref, 'type': _ref_data[1], 'name': '/'.join(_ref_data[2:]) }) git_revs = [] for push_ref in rev_data: _type = push_ref['type'] if _type == 'heads': if push_ref['old_rev'] == EmptyChangeset().raw_id: # update the symbolic ref if we push new repo if repo.is_empty(): repo._repo.refs.set_symbolic_ref( 'HEAD', 'refs/heads/%s' % push_ref['name']) cmd = [ 'for-each-ref', '--format=%(refname)', 'refs/heads/*' ] heads = repo.run_git_command(cmd)[0] cmd = [ 'log', push_ref['new_rev'], '--reverse', '--pretty=format:%H', '--not' ] heads = heads.replace(push_ref['ref'], '') for l in heads.splitlines(): cmd.append(l.strip()) git_revs += repo.run_git_command(cmd)[0].splitlines() elif push_ref['new_rev'] == EmptyChangeset().raw_id: #delete branch case git_revs += ['delete_branch=>%s' % push_ref['name']] else: cmd = [ 'log', '%(old_rev)s..%(new_rev)s' % push_ref, '--reverse', '--pretty=format:%H' ] git_revs += repo.run_git_command(cmd)[0].splitlines() elif _type == 'tags': git_revs += ['tag=>%s' % push_ref['name']] log_push_action(baseui, repo, _git_revs=git_revs)
def handle_git_receive(repo_path, revs, env, hook_type='post'): """ A really hacky method that is run by git post-receive hook and logs an push action together with pushed revisions. It's executed by subprocess thus needs all info to be able to create a on the fly pylons environment, connect to database and run the logging code. Hacky as sh*t but works. :param repo_path: :param revs: :param env: """ from paste.deploy import appconfig from sqlalchemy import engine_from_config from kallithea.config.environment import load_environment from kallithea.model import init_model from kallithea.model.db import Ui from kallithea.lib.utils import make_ui extras = _extract_extras(env) path, ini_name = os.path.split(extras['config']) conf = appconfig('config:%s' % ini_name, relative_to=path) load_environment(conf.global_conf, conf.local_conf, test_env=False, test_index=False) engine = engine_from_config(conf, 'sqlalchemy.db1.') init_model(engine) baseui = make_ui('db') # fix if it's not a bare repo if repo_path.endswith(os.sep + '.git'): repo_path = repo_path[:-5] repo = Repository.get_by_full_path(repo_path) if not repo: raise OSError('Repository %s not found in database' % (safe_str(repo_path))) _hooks = dict(baseui.configitems('hooks')) or {} if hook_type == 'pre': repo = repo.scm_instance else: #post push shouldn't use the cached instance never repo = repo.scm_instance_no_cache() if hook_type == 'pre': pre_push(baseui, repo) # if push hook is enabled via web interface elif hook_type == 'post' and _hooks.get(Ui.HOOK_PUSH): rev_data = [] for l in revs: old_rev, new_rev, ref = l.split(' ') _ref_data = ref.split('/') if _ref_data[1] in ['tags', 'heads']: rev_data.append({'old_rev': old_rev, 'new_rev': new_rev, 'ref': ref, 'type': _ref_data[1], 'name': _ref_data[2].strip()}) git_revs = [] for push_ref in rev_data: _type = push_ref['type'] if _type == 'heads': if push_ref['old_rev'] == EmptyChangeset().raw_id: # update the symbolic ref if we push new repo if repo.is_empty(): repo._repo.refs.set_symbolic_ref('HEAD', 'refs/heads/%s' % push_ref['name']) cmd = "for-each-ref --format='%(refname)' 'refs/heads/*'" heads = repo.run_git_command(cmd)[0] heads = heads.replace(push_ref['ref'], '') heads = ' '.join(map(lambda c: c.strip('\n').strip(), heads.splitlines())) cmd = (('log %(new_rev)s' % push_ref) + ' --reverse --pretty=format:"%H" --not ' + heads) git_revs += repo.run_git_command(cmd)[0].splitlines() elif push_ref['new_rev'] == EmptyChangeset().raw_id: #delete branch case git_revs += ['delete_branch=>%s' % push_ref['name']] else: cmd = (('log %(old_rev)s..%(new_rev)s' % push_ref) + ' --reverse --pretty=format:"%H"') git_revs += repo.run_git_command(cmd)[0].splitlines() elif _type == 'tags': git_revs += ['tag=>%s' % push_ref['name']] log_push_action(baseui, repo, _git_revs=git_revs)