BigW Consortium Gitlab

move `lib/ci/gitlab_ci_yaml_processor.rb` into `lib/gitlab/ci/yaml_processor.rb`

parent c295d336
...@@ -7,11 +7,11 @@ module Ci ...@@ -7,11 +7,11 @@ module Ci
def create def create
@content = params[:content] @content = params[:content]
@error = Ci::GitlabCiYamlProcessor.validation_message(@content) @error = Gitlab::Ci::YamlProcessor.validation_message(@content)
@status = @error.blank? @status = @error.blank?
if @error.blank? if @error.blank?
@config_processor = Ci::GitlabCiYamlProcessor.new(@content) @config_processor = Gitlab::Ci::YamlProcessor.new(@content)
@stages = @config_processor.stages @stages = @config_processor.stages
@builds = @config_processor.builds @builds = @config_processor.builds
@jobs = @config_processor.jobs @jobs = @config_processor.jobs
......
...@@ -13,7 +13,7 @@ module BlobViewer ...@@ -13,7 +13,7 @@ module BlobViewer
prepare! prepare!
@validation_message = Ci::GitlabCiYamlProcessor.validation_message(blob.data) @validation_message = Gitlab::Ci::YamlProcessor.validation_message(blob.data)
end end
def valid? def valid?
......
...@@ -336,8 +336,8 @@ module Ci ...@@ -336,8 +336,8 @@ module Ci
return @config_processor if defined?(@config_processor) return @config_processor if defined?(@config_processor)
@config_processor ||= begin @config_processor ||= begin
Ci::GitlabCiYamlProcessor.new(ci_yaml_file, project.full_path) Gitlab::Ci::YamlProcessor.new(ci_yaml_file, project.full_path)
rescue Ci::GitlabCiYamlProcessor::ValidationError, Psych::SyntaxError => e rescue Gitlab::Ci::YamlProcessor::ValidationError, Psych::SyntaxError => e
self.yaml_errors = e.message self.yaml_errors = e.message
nil nil
rescue rescue
......
...@@ -6,7 +6,7 @@ module API ...@@ -6,7 +6,7 @@ module API
requires :content, type: String, desc: 'Content of .gitlab-ci.yml' requires :content, type: String, desc: 'Content of .gitlab-ci.yml'
end end
post '/lint' do post '/lint' do
error = Ci::GitlabCiYamlProcessor.validation_message(params[:content]) error = Gitlab::Ci::YamlProcessor.validation_message(params[:content])
status 200 status 200
......
module Ci module Gitlab
class GitlabCiYamlProcessor module Ci
ValidationError = Class.new(StandardError) class YamlProcessor
ValidationError = Class.new(StandardError)
include Gitlab::Ci::Config::Entry::LegacyValidationHelpers include Gitlab::Ci::Config::Entry::LegacyValidationHelpers
attr_reader :path, :cache, :stages, :jobs attr_reader :path, :cache, :stages, :jobs
def initialize(config, path = nil) def initialize(config, path = nil)
@ci_config = Gitlab::Ci::Config.new(config) @ci_config = Gitlab::Ci::Config.new(config)
@config = @ci_config.to_hash @config = @ci_config.to_hash
@path = path @path = path
unless @ci_config.valid? unless @ci_config.valid?
raise ValidationError, @ci_config.errors.first raise ValidationError, @ci_config.errors.first
end end
initial_parsing
rescue Gitlab::Ci::Config::Loader::FormatError => e
raise ValidationError, e.message
end
def builds_for_stage_and_ref(stage, ref, tag = false, source = nil) initial_parsing
jobs_for_stage_and_ref(stage, ref, tag, source).map do |name, _| rescue Gitlab::Ci::Config::Loader::FormatError => e
build_attributes(name) raise ValidationError, e.message
end end
end
def builds def builds_for_stage_and_ref(stage, ref, tag = false, source = nil)
@jobs.map do |name, _| jobs_for_stage_and_ref(stage, ref, tag, source).map do |name, _|
build_attributes(name) build_attributes(name)
end
end end
end
def stage_seeds(pipeline) def builds
seeds = @stages.uniq.map do |stage| @jobs.map do |name, _|
builds = pipeline_stage_builds(stage, pipeline) build_attributes(name)
end
Gitlab::Ci::Stage::Seed.new(pipeline, stage, builds) if builds.any?
end end
seeds.compact def stage_seeds(pipeline)
end seeds = @stages.uniq.map do |stage|
builds = pipeline_stage_builds(stage, pipeline)
def build_attributes(name) Gitlab::Ci::Stage::Seed.new(pipeline, stage, builds) if builds.any?
job = @jobs[name.to_sym] || {} end
{ stage_idx: @stages.index(job[:stage]),
stage: job[:stage],
commands: job[:commands],
tag_list: job[:tags] || [],
name: job[:name].to_s,
allow_failure: job[:ignore],
when: job[:when] || 'on_success',
environment: job[:environment_name],
coverage_regex: job[:coverage],
yaml_variables: yaml_variables(name),
options: {
image: job[:image],
services: job[:services],
artifacts: job[:artifacts],
cache: job[:cache],
dependencies: job[:dependencies],
before_script: job[:before_script],
script: job[:script],
after_script: job[:after_script],
environment: job[:environment],
retry: job[:retry]
}.compact }
end
def self.validation_message(content)
return 'Please provide content of .gitlab-ci.yml' if content.blank?
begin seeds.compact
Ci::GitlabCiYamlProcessor.new(content) end
nil
rescue ValidationError, Psych::SyntaxError => e def build_attributes(name)
e.message job = @jobs[name.to_sym] || {}
{ stage_idx: @stages.index(job[:stage]),
stage: job[:stage],
commands: job[:commands],
tag_list: job[:tags] || [],
name: job[:name].to_s,
allow_failure: job[:ignore],
when: job[:when] || 'on_success',
environment: job[:environment_name],
coverage_regex: job[:coverage],
yaml_variables: yaml_variables(name),
options: {
image: job[:image],
services: job[:services],
artifacts: job[:artifacts],
cache: job[:cache],
dependencies: job[:dependencies],
before_script: job[:before_script],
script: job[:script],
after_script: job[:after_script],
environment: job[:environment],
retry: job[:retry]
}.compact }
end
def self.validation_message(content)
return 'Please provide content of .gitlab-ci.yml' if content.blank?
begin
Gitlab::Ci::YamlProcessor.new(content)
nil
rescue ValidationError, Psych::SyntaxError => e
e.message
end
end end
end
private private
def pipeline_stage_builds(stage, pipeline) def pipeline_stage_builds(stage, pipeline)
builds = builds_for_stage_and_ref( builds = builds_for_stage_and_ref(
stage, pipeline.ref, pipeline.tag?, pipeline.source) stage, pipeline.ref, pipeline.tag?, pipeline.source)
builds.select do |build| builds.select do |build|
job = @jobs[build.fetch(:name).to_sym] job = @jobs[build.fetch(:name).to_sym]
has_kubernetes = pipeline.has_kubernetes_active? has_kubernetes = pipeline.has_kubernetes_active?
only_kubernetes = job.dig(:only, :kubernetes) only_kubernetes = job.dig(:only, :kubernetes)
except_kubernetes = job.dig(:except, :kubernetes) except_kubernetes = job.dig(:except, :kubernetes)
[!only_kubernetes && !except_kubernetes, [!only_kubernetes && !except_kubernetes,
only_kubernetes && has_kubernetes, only_kubernetes && has_kubernetes,
except_kubernetes && !has_kubernetes].any? except_kubernetes && !has_kubernetes].any?
end
end end
end
def jobs_for_ref(ref, tag = false, source = nil) def jobs_for_ref(ref, tag = false, source = nil)
@jobs.select do |_, job| @jobs.select do |_, job|
process?(job.dig(:only, :refs), job.dig(:except, :refs), ref, tag, source) process?(job.dig(:only, :refs), job.dig(:except, :refs), ref, tag, source)
end
end end
end
def jobs_for_stage_and_ref(stage, ref, tag = false, source = nil) def jobs_for_stage_and_ref(stage, ref, tag = false, source = nil)
jobs_for_ref(ref, tag, source).select do |_, job| jobs_for_ref(ref, tag, source).select do |_, job|
job[:stage] == stage job[:stage] == stage
end
end end
end
def initial_parsing def initial_parsing
## ##
# Global config # Global config
# #
@before_script = @ci_config.before_script @before_script = @ci_config.before_script
@image = @ci_config.image @image = @ci_config.image
@after_script = @ci_config.after_script @after_script = @ci_config.after_script
@services = @ci_config.services @services = @ci_config.services
@variables = @ci_config.variables @variables = @ci_config.variables
@stages = @ci_config.stages @stages = @ci_config.stages
@cache = @ci_config.cache @cache = @ci_config.cache
## ##
# Jobs # Jobs
# #
@jobs = @ci_config.jobs @jobs = @ci_config.jobs
@jobs.each do |name, job| @jobs.each do |name, job|
# logical validation for job # logical validation for job
validate_job_stage!(name, job) validate_job_stage!(name, job)
validate_job_dependencies!(name, job) validate_job_dependencies!(name, job)
validate_job_environment!(name, job) validate_job_environment!(name, job)
end
end end
end
def yaml_variables(name) def yaml_variables(name)
variables = (@variables || {}) variables = (@variables || {})
.merge(job_variables(name)) .merge(job_variables(name))
variables.map do |key, value| variables.map do |key, value|
{ key: key.to_s, value: value, public: true } { key: key.to_s, value: value, public: true }
end
end end
end
def job_variables(name) def job_variables(name)
job = @jobs[name.to_sym] job = @jobs[name.to_sym]
return {} unless job return {} unless job
job[:variables] || {} job[:variables] || {}
end end
def validate_job_stage!(name, job) def validate_job_stage!(name, job)
return unless job[:stage] return unless job[:stage]
unless job[:stage].is_a?(String) && job[:stage].in?(@stages) unless job[:stage].is_a?(String) && job[:stage].in?(@stages)
raise ValidationError, "#{name} job: stage parameter should be #{@stages.join(", ")}" raise ValidationError, "#{name} job: stage parameter should be #{@stages.join(", ")}"
end
end end
end
def validate_job_dependencies!(name, job) def validate_job_dependencies!(name, job)
return unless job[:dependencies] return unless job[:dependencies]
stage_index = @stages.index(job[:stage]) stage_index = @stages.index(job[:stage])
job[:dependencies].each do |dependency| job[:dependencies].each do |dependency|
raise ValidationError, "#{name} job: undefined dependency: #{dependency}" unless @jobs[dependency.to_sym] raise ValidationError, "#{name} job: undefined dependency: #{dependency}" unless @jobs[dependency.to_sym]
unless @stages.index(@jobs[dependency.to_sym][:stage]) < stage_index unless @stages.index(@jobs[dependency.to_sym][:stage]) < stage_index
raise ValidationError, "#{name} job: dependency #{dependency} is not defined in prior stages" raise ValidationError, "#{name} job: dependency #{dependency} is not defined in prior stages"
end
end end
end end
end
def validate_job_environment!(name, job) def validate_job_environment!(name, job)
return unless job[:environment] return unless job[:environment]
return unless job[:environment].is_a?(Hash) return unless job[:environment].is_a?(Hash)
environment = job[:environment] environment = job[:environment]
validate_on_stop_job!(name, environment, environment[:on_stop]) validate_on_stop_job!(name, environment, environment[:on_stop])
end end
def validate_on_stop_job!(name, environment, on_stop) def validate_on_stop_job!(name, environment, on_stop)
return unless on_stop return unless on_stop
on_stop_job = @jobs[on_stop.to_sym] on_stop_job = @jobs[on_stop.to_sym]
unless on_stop_job unless on_stop_job
raise ValidationError, "#{name} job: on_stop job #{on_stop} is not defined" raise ValidationError, "#{name} job: on_stop job #{on_stop} is not defined"
end end
unless on_stop_job[:environment] unless on_stop_job[:environment]
raise ValidationError, "#{name} job: on_stop job #{on_stop} does not have environment defined" raise ValidationError, "#{name} job: on_stop job #{on_stop} does not have environment defined"
end end
unless on_stop_job[:environment][:name] == environment[:name] unless on_stop_job[:environment][:name] == environment[:name]
raise ValidationError, "#{name} job: on_stop job #{on_stop} have different environment name" raise ValidationError, "#{name} job: on_stop job #{on_stop} have different environment name"
end end
unless on_stop_job[:environment][:action] == 'stop' unless on_stop_job[:environment][:action] == 'stop'
raise ValidationError, "#{name} job: on_stop job #{on_stop} needs to have action stop defined" raise ValidationError, "#{name} job: on_stop job #{on_stop} needs to have action stop defined"
end
end end
end
def process?(only_params, except_params, ref, tag, source) def process?(only_params, except_params, ref, tag, source)
if only_params.present? if only_params.present?
return false unless matching?(only_params, ref, tag, source) return false unless matching?(only_params, ref, tag, source)
end end
if except_params.present? if except_params.present?
return false if matching?(except_params, ref, tag, source) return false if matching?(except_params, ref, tag, source)
end end
true true
end end
def matching?(patterns, ref, tag, source) def matching?(patterns, ref, tag, source)
patterns.any? do |pattern| patterns.any? do |pattern|
pattern, path = pattern.split('@', 2) pattern, path = pattern.split('@', 2)
matches_path?(path) && matches_pattern?(pattern, ref, tag, source) matches_path?(path) && matches_pattern?(pattern, ref, tag, source)
end
end end
end
def matches_path?(path) def matches_path?(path)
return true unless path return true unless path
path == self.path path == self.path
end end
def matches_pattern?(pattern, ref, tag, source) def matches_pattern?(pattern, ref, tag, source)
return true if tag && pattern == 'tags' return true if tag && pattern == 'tags'
return true if !tag && pattern == 'branches' return true if !tag && pattern == 'branches'
return true if source_to_pattern(source) == pattern return true if source_to_pattern(source) == pattern
if pattern.first == "/" && pattern.last == "/" if pattern.first == "/" && pattern.last == "/"
Regexp.new(pattern[1...-1]) =~ ref Regexp.new(pattern[1...-1]) =~ ref
else else
pattern == ref pattern == ref
end
end end
end
def source_to_pattern(source) def source_to_pattern(source)
if %w[api external web].include?(source) if %w[api external web].include?(source)
source source
else else
source&.pluralize source&.pluralize
end
end end
end end
end end
......
...@@ -4,7 +4,7 @@ describe 'ci/lints/show' do ...@@ -4,7 +4,7 @@ describe 'ci/lints/show' do
include Devise::Test::ControllerHelpers include Devise::Test::ControllerHelpers
describe 'XSS protection' do describe 'XSS protection' do
let(:config_processor) { Ci::GitlabCiYamlProcessor.new(YAML.dump(content)) } let(:config_processor) { Gitlab::Ci::YamlProcessor.new(YAML.dump(content)) }
before do before do
assign(:status, true) assign(:status, true)
assign(:builds, config_processor.builds) assign(:builds, config_processor.builds)
...@@ -59,7 +59,7 @@ describe 'ci/lints/show' do ...@@ -59,7 +59,7 @@ describe 'ci/lints/show' do
} }
end end
let(:config_processor) { Ci::GitlabCiYamlProcessor.new(YAML.dump(content)) } let(:config_processor) { Gitlab::Ci::YamlProcessor.new(YAML.dump(content)) }
context 'when the content is valid' do context 'when the content is valid' do
before do before do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment