def add(repository, provider):
repo_bits = repository.split('/', 2)
assert len(
repo_bits
) == 3, 'repository not in valid format: {provider}/{owner}/{name}'
repo = Repository.query.unrestricted_unsafe().filter(
Repository.provider == RepositoryProvider(repo_bits[0]),
Repository.owner_name == repo_bits[1],
Repository.name == repo_bits[2],
).first()
assert repo
hook = Hook(
repository_id=repo.id,
provider=provider,
)
db.session.add(hook)
db.session.commit()
click.echo('Hook created:')
click.echo('-> id = {}'.format(str(hook.id)))
click.echo('-> token = {}'.format(
urlsafe_b64encode(hook.token).decode('utf-8')))
click.echo('-> provider = {}'.format(hook.provider))
click.echo('-> base_path = /hooks/{}/{}'.format(str(hook.id),
hook.get_signature()))
def dispatch_request(
self,
provider: str,
owner_name: str,
repo_name: str,
build_number: int,
job_number: int,
*args,
**kwargs
) -> Response:
queryset = (
Job.query.join(Build, Build.id == Job.build_id)
.join(Repository, Repository.id == Build.repository_id)
.filter(
Repository.provider == RepositoryProvider(provider),
Repository.owner_name == owner_name,
Repository.name == repo_name,
Build.number == build_number,
Job.number == job_number,
)
)
if self.select_resource_for_update():
queryset = queryset.with_for_update()
job = queryset.first()
if not job:
return self.not_found()
tenant = auth.get_current_tenant()
if not tenant.has_permission(job.repository_id, PERMISSION_MAP[request.method]):
return self.error("permission denied", 400)
return Resource.dispatch_request(self, job, *args, **kwargs)
def dispatch_request(self, provider: str, owner_name: str, repo_name: str,
build_number: int, *args, **kwargs) -> Response:
queryset = Build.query.join(
Repository, Repository.id == Build.repository_id).filter(
Repository.provider == RepositoryProvider(provider),
Repository.owner_name == owner_name,
Repository.name == repo_name,
Build.number == build_number,
)
if self.select_resource_for_update():
queryset = queryset.with_for_update()
else:
# HACK(dcramer): we dont want to lock the repo row, so for now just deal
# w/ the consequences of this
queryset = queryset.options(contains_eager("repository"))
build = queryset.first()
if not build:
return self.not_found()
tenant = auth.get_current_tenant()
if not tenant.has_permission(build.repository_id,
PERMISSION_MAP[request.method]):
return self.error("permission denied", 400)
return Resource.dispatch_request(self, build, *args, **kwargs)
def sync(repository):
provider, owner_name, repo_name = repository.split("/", 2)
repo = Repository.query.unrestricted_unsafe().filter(
Repository.provider == RepositoryProvider(provider),
Repository.owner_name == owner_name,
Repository.name == repo_name,
).first()
sync_repo(repo_id=repo.id)
def ssh_connect(args, repository):
if '/' in repository:
r_provider, r_owner, r_name = repository.split('/', 2)
repo = Repository.query.unrestricted_unsafe().filter(
Repository.provider == RepositoryProvider(r_provider),
Repository.owner_name == r_owner,
Repository.name == r_name,
).first()
else:
repo = Repository.query.unrestricted_unsafe().get(repository)
if not repo:
click.echo('Unable to find repository', err=True)
sys.exit(1)
auth.set_current_tenant(auth.Tenant(repository_ids=[repo.id]))
options = dict(
db.session.query(ItemOption.name, ItemOption.value).filter(
ItemOption.item_id == repo.id,
ItemOption.name.in_([
'auth.private-key',
'auth.private-key-file',
])))
command = [
'ssh',
# Not supported in all ssh client versions
# '-oUserAuthorizedKeysFile=/dev/null',
'-oLogLevel=ERROR',
'-oStrictHostKeyChecking=no',
'-oUserKnownHostsFile=/dev/null',
]
tmp_file = None
if options.get('auth.private-key'):
tmp_file = NamedTemporaryFile(delete=False)
tmp_file.write(options['auth.private-key'].encode('utf-8'))
tmp_file.close()
command.append('-i{0}'.format(tmp_file.name))
elif options.get('auth.private-key-file'):
command.append('-i{0}'.format(options['auth.private-key-file']))
command.append('--')
command.extend(args)
try:
exit_code = subprocess.call(
command,
cwd=os.getcwd(),
env=os.environ,
stdout=sys.stdout,
stderr=sys.stderr,
)
finally:
if tmp_file:
os.unlink(tmp_file.name)
sys.exit(exit_code)
def config_get(repository, option):
provider, owner_name, repo_name = repository.split("/", 2)
repo = Repository.query.unrestricted_unsafe().filter(
Repository.provider == RepositoryProvider(provider),
Repository.owner_name == owner_name,
Repository.name == repo_name,
).first()
for key in option:
result = db.session.query(ItemOption.value).filter(
ItemOption.item_id == repo.id, ItemOption.name == key).first()
click.echo("{} = {}".format(key, result[0] if result else "(not set)"))
def access_add(repository, email):
provider, owner_name, repo_name = repository.split("/", 2)
repo = Repository.query.unrestricted_unsafe().filter(
Repository.provider == RepositoryProvider(provider),
Repository.owner_name == owner_name,
Repository.name == repo_name,
).first()
user = User.query.filter(User.email == email).first()
assert repo
assert email
access = RepositoryAccess(user=user, repository=repo)
db.session.add(access)
db.session.commit()
def dispatch_request(self, provider, owner_name: str, repo_name: str,
*args, **kwargs) -> Response:
queryset = Repository.query.filter(
Repository.provider == RepositoryProvider(provider),
Repository.owner_name == owner_name,
Repository.name == repo_name,
)
if self.select_resurce_for_update():
queryset = queryset.with_for_update()
repo = queryset.first()
if not repo:
return self.not_found()
return Resource.dispatch_request(self, repo, *args, **kwargs)
def add(repository, url, backend, active):
raise NotImplementedError
provider, owner_name, repo_name = repository.split("/", 2)
repo = Repository(
url=url,
owner_name=slugify(owner_name),
provider=RepositoryProvider(provider),
name=slugify(repo_name),
backend=getattr(RepositoryBackend, backend),
status=RepositoryStatus.active if active else RepositoryStatus.inactive,
)
db.session.add(repo)
db.session.commit()
def dispatch_request(self, provider, owner_name: str, repo_name: str,
revision_sha: str, *args, **kwargs) -> Response:
queryset = Revision.query.join(
Repository, Repository.id == Revision.repository_id).filter(
Repository.provider == RepositoryProvider(provider),
Repository.owner_name == owner_name,
Repository.name == repo_name,
Revision.sha == revision_sha,
)
if self.select_resurce_for_update():
queryset = queryset.with_for_update()
revision = queryset.first()
if not revision:
return self.not_found()
return Resource.dispatch_request(self, revision, *args, **kwargs)
def dispatch_request(self, provider: str, owner_name: str, repo_name: str,
build_number: int, *args, **kwargs) -> Response:
queryset = Build.query.options(contains_eager('repository'), ).join(
Repository, Repository.id == Build.repository_id).filter(
Repository.provider == RepositoryProvider(provider),
Repository.owner_name == owner_name,
Repository.name == repo_name,
Build.number == build_number,
)
if self.select_resurce_for_update():
queryset = queryset.with_for_update()
build = queryset.first()
if not build:
return self.not_found()
return Resource.dispatch_request(self, build, *args, **kwargs)
def config_set(repository, option):
provider, owner_name, repo_name = repository.split("/", 2)
repo = Repository.query.unrestricted_unsafe().filter(
Repository.provider == RepositoryProvider(provider),
Repository.owner_name == owner_name,
Repository.name == repo_name,
).first()
for key, value in [o.split("=", 1) for o in option]:
create_or_update(ItemOption,
where={
"item_id": repo.id,
"name": key
},
values={"value": value})
db.session.commit()
def RepositoryType(value):
if "/" in value:
provider, owner_name, repo_name = value.split("/", 2)
result = (
Repository.query.unrestricted_unsafe()
.filter_by(
provider=RepositoryProvider(provider),
owner_name=owner_name,
name=repo_name,
)
.first()
)
else:
result = Repository.query.unrestricted_unsafe().get(value)
assert result
return result
def dispatch_request(self, provider: str, owner_name: str, repo_name: str,
build_number: int, job_number: int, *args,
**kwargs) -> Response:
queryset = Job.query.join(Build, Build.id == Job.build_id).join(
Repository, Repository.id == Build.repository_id).filter(
Repository.provider == RepositoryProvider(provider),
Repository.owner_name == owner_name,
Repository.name == repo_name,
Build.number == build_number,
Job.number == job_number,
)
if self.select_resurce_for_update():
queryset = queryset.with_for_update()
job = queryset.first()
if not job:
return self.not_found()
return Resource.dispatch_request(self, job, *args, **kwargs)
def config_set(repository, option):
provider, owner_name, repo_name = repository.split('/', 2)
repo = Repository.query.unrestricted_unsafe().filter(
Repository.provider == RepositoryProvider(provider),
Repository.owner_name == owner_name,
Repository.name == repo_name,
).first()
for key, value in [o.split('=', 1) for o in option]:
create_or_update(ItemOption,
where={
'item_id': repo.id,
'name': key,
},
values={
'value': value,
})
db.session.commit()
def add(repository_full_name, url, backend, active):
raise NotImplementedError
provider, owner_name, repo_name = repository_full_name.split('/', 2)
repo = Repository(
url=url,
owner_name=slugify(owner_name),
provider=RepositoryProvider(provider),
name=slugify(repo_name),
backend=getattr(RepositoryBackend, backend),
status=RepositoryStatus.active
if active else RepositoryStatus.inactive,
)
db.session.add(repo)
db.session.commit()
if active:
# do initial import in process
import_repo(repo_id=repo.id)
def dispatch_request(self, provider: str, owner_name: str, repo_name: str,
build_number: int, *args, **kwargs) -> Response:
queryset = Build.query.join(
Repository, Repository.id == Build.repository_id).filter(
Repository.provider == RepositoryProvider(provider),
Repository.owner_name == owner_name,
Repository.name == repo_name,
Build.number == build_number,
)
if self.select_resurce_for_update():
queryset = queryset.with_for_update()
else:
# HACK(dcramer): we dont want to lock the repo row, so for now just deal
# w/ the consequences of this
queryset = queryset.options(contains_eager('repository'), )
build = queryset.first()
if not build:
return self.not_found()
return Resource.dispatch_request(self, build, *args, **kwargs)
def dispatch_request(self, provider, owner_name: str, repo_name: str,
revision_sha: str, *args, **kwargs) -> Response:
queryset = Revision.query.join(
Repository, Repository.id == Revision.repository_id).filter(
Repository.provider == RepositoryProvider(provider),
Repository.owner_name == owner_name,
Repository.name == repo_name,
Revision.sha == revision_sha,
)
if self.select_resource_for_update():
queryset = queryset.with_for_update()
revision = queryset.first()
if not revision:
return self.not_found()
tenant = auth.get_current_tenant()
if not tenant.has_permission(revision.repository_id,
PERMISSION_MAP[request.method]):
return self.error("permission denied", 400)
return Resource.dispatch_request(self, revision, *args, **kwargs)
def dispatch_request(self, provider, owner_name: str, repo_name: str,
*args, **kwargs) -> Response:
queryset = Repository.query.filter(
Repository.provider == RepositoryProvider(provider),
Repository.owner_name == owner_name,
Repository.name == repo_name,
)
if self.select_resource_for_update():
queryset = queryset.with_for_update()
repo = queryset.first()
if not repo:
return self.not_found()
tenant = auth.get_current_tenant()
required_permission = self.permission_overrides.get(
request.method, PERMISSION_MAP[request.method])
if not tenant.has_permission(repo.id, required_permission):
return self.error("permission denied", 400)
return Resource.dispatch_request(self, repo, *args, **kwargs)