vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #22 from coreos-inc/git

Browse source 
git's a pretty cool guy
This commit is contained in:
Jimmy Zelinskie 2015-04-23 17:33:36 -04:00
commit 2a13eade80
35 changed files with 797 additions and 136 deletions
Download patch file Download diff file Expand all files Collapse all files

13
endpoints/api/build.py
View file

@ -43,14 +43,13 @@ def user_view(user):
'is_robot': user.robot,
}
def trigger_view(trigger):
def trigger_view(trigger, can_admin=False):
if trigger and trigger.uuid:
config_dict = get_trigger_config(trigger)
build_trigger = BuildTrigger.get_trigger_for_service(trigger.service.name)
return {
'service': trigger.service.name,
'config': config_dict,
'config': config_dict if can_admin else {},
'id': trigger.uuid,
'connected_user': trigger.connected_user.username,
'is_active': build_trigger.is_active(config_dict),
@ -60,7 +59,7 @@ def trigger_view(trigger):
return None
def build_status_view(build_obj, can_write=False):
def build_status_view(build_obj, can_write=False, can_admin=False):
phase = build_obj.phase
try:
status = build_logs.get_status(build_obj.uuid)
@ -92,7 +91,7 @@ def build_status_view(build_obj, can_write=False):
'status': status or {},
'job_config': get_job_config(build_obj) if can_write else None,
'is_writer': can_write,
'trigger': trigger_view(build_obj.trigger),
'trigger': trigger_view(build_obj.trigger, can_admin),
'resource_key': build_obj.resource_key,
'pull_robot': user_view(build_obj.pull_robot) if build_obj.pull_robot else None,
'repository': {
@ -101,7 +100,7 @@ def build_status_view(build_obj, can_write=False):
}
}
if can_write:
if can_write and build_obj.resource_key is not None:
resp['archive_url'] = user_files.get_file_url(build_obj.resource_key, requires_cors=True)
return resp
@ -208,7 +207,7 @@ class RepositoryBuildList(RepositoryParamResource):
build_request = start_build(repo, dockerfile_id, tags, display_name, subdir, True,
pull_robot_name=pull_robot_name)
resp = build_status_view(build_request, True)
resp = build_status_view(build_request, can_write=True)
repo_string = '%s/%s' % (namespace, repository)
headers = {
'Location': api.url_for(RepositoryBuildStatus, repository=repo_string,

35
endpoints/api/trigger.py
View file

@ -41,7 +41,7 @@ class BuildTriggerList(RepositoryParamResource):
""" List the triggers for the specified repository. """
triggers = model.list_build_triggers(namespace, repository)
return {
'triggers': [trigger_view(trigger) for trigger in triggers]
'triggers': [trigger_view(trigger, can_admin=True) for trigger in triggers]
}
@ -60,7 +60,7 @@ class BuildTrigger(RepositoryParamResource):
except model.InvalidBuildTriggerException:
raise NotFound()
return trigger_view(trigger)
return trigger_view(trigger, can_admin=True)
@require_repo_admin
@nickname('deleteBuildTrigger')
@ -207,24 +207,25 @@ class BuildTriggerActivate(RepositoryParamResource):
# Update the config.
new_config_dict = request.get_json()['config']
token_name = 'Build Trigger: %s' % trigger.service.name
token = model.create_delegate_token(namespace, repository, token_name,
'write')
write_token_name = 'Build Trigger: %s' % trigger.service.name
write_token = model.create_delegate_token(namespace, repository, write_token_name,
'write')
try:
path = url_for('webhooks.build_trigger_webhook', trigger_uuid=trigger.uuid)
authed_url = _prepare_webhook_url(app.config['PREFERRED_URL_SCHEME'], '$token', token.code,
authed_url = _prepare_webhook_url(app.config['PREFERRED_URL_SCHEME'],
'$token', write_token.code,
app.config['SERVER_HOSTNAME'], path)
final_config = handler.activate(trigger.uuid, authed_url,
final_config, trigger.private_key = handler.activate(trigger.uuid, authed_url,
trigger.auth_token, new_config_dict)
except TriggerActivationException as exc:
token.delete_instance()
write_token.delete_instance()
raise request_error(message=exc.message)
# Save the updated config.
trigger.config = json.dumps(final_config)
trigger.write_token = token
trigger.write_token = write_token
trigger.save()
# Log the trigger setup.
@ -235,7 +236,7 @@ class BuildTriggerActivate(RepositoryParamResource):
'pull_robot': trigger.pull_robot.username if trigger.pull_robot else None,
'config': final_config}, repo=repo)
return trigger_view(trigger)
return trigger_view(trigger, can_admin=True)
else:
raise Unauthorized()
@ -373,6 +374,10 @@ class BuildTriggerAnalyze(RepositoryParamResource):
'status': 'error',
'message': rre.message
}
except NotImplementedError:
return {
'status': 'notimplemented',
}
raise NotFound()
@ -392,6 +397,10 @@ class ActivateBuildTrigger(RepositoryParamResource):
'branch_name': {
'type': 'string',
'description': '(GitHub Only) If specified, the name of the GitHub branch to build.'
},
'commit_sha': {
'type': 'string',
'description': '(Custom Only) If specified, the ref/SHA1 used to checkout a git repository.'
}
}
}
@ -414,7 +423,7 @@ class ActivateBuildTrigger(RepositoryParamResource):
try:
run_parameters = request.get_json()
specs = handler.manual_start(trigger.auth_token, config_dict, run_parameters=run_parameters)
specs = handler.manual_start(trigger, run_parameters=run_parameters)
dockerfile_id, tags, name, subdir, metadata = specs
repo = model.get_repository(namespace, repository)
@ -426,7 +435,7 @@ class ActivateBuildTrigger(RepositoryParamResource):
except TriggerStartException as tse:
raise InvalidRequest(tse.message)
resp = build_status_view(build_request, True)
resp = build_status_view(build_request, can_write=True)
repo_string = '%s/%s' % (namespace, repository)
headers = {
'Location': api.url_for(RepositoryBuildStatus, repository=repo_string,
@ -450,7 +459,7 @@ class TriggerBuildList(RepositoryParamResource):
builds = list(model.list_trigger_builds(namespace, repository,
trigger_uuid, limit))
return {
'builds': [build_status_view(build, True) for build in builds]
'builds': [build_status_view(build, can_write=True) for build in builds]
}

2
endpoints/callbacks.py
View file

@ -295,7 +295,7 @@ def attach_github_build_trigger(namespace, repository):
trigger.uuid)
logger.debug('Redirecting to full url: %s' % full_url)
logger.debug('Redirecting to full url: %s', full_url)
return redirect(full_url)
abort(403)

294
endpoints/trigger.py
View file

@ -4,12 +4,15 @@ import os.path
import tarfile
import base64
import re
import json
from github import Github, UnknownObjectException, GithubException
from tempfile import SpooledTemporaryFile
from jsonschema import validate
from app import app, userfiles as user_files, github_trigger
from util.tarfileappender import TarfileAppender
from util.ssh import generate_ssh_keypair
client = app.config['HTTPCLIENT']
@ -25,6 +28,8 @@ CHUNK_SIZE = 512 * 1024
def should_skip_commit(message):
return '[skip build]' in message or '[build skip]' in message
class InvalidPayloadException(Exception):
pass
class BuildArchiveException(Exception):
pass
@ -60,16 +65,16 @@ class BuildTrigger(object):
def dockerfile_url(self, auth_token, config):
"""
Returns the URL at which the Dockerfile for the trigger can be found or None if none/not applicable.
Returns the URL at which the Dockerfile for the trigger is found or None if none/not applicable.
"""
return None
raise NotImplementedError
def load_dockerfile_contents(self, auth_token, config):
"""
Loads the Dockerfile found for the trigger's config and returns them or None if none could
be found/loaded.
"""
return None
raise NotImplementedError
def list_build_sources(self, auth_token):
"""
@ -85,7 +90,7 @@ class BuildTrigger(object):
"""
raise NotImplementedError
def handle_trigger_request(self, request, auth_token, config):
def handle_trigger_request(self, request, trigger):
"""
Transform the incoming request data into a set of actions. Returns a tuple
of usefiles resource id, docker tags, build name, and resource subdir.
@ -114,7 +119,7 @@ class BuildTrigger(object):
"""
raise NotImplementedError
def manual_start(self, auth_token, config, run_parameters = None):
def manual_start(self, trigger, run_parameters=None):
"""
Manually creates a repository build for this trigger.
"""
@ -146,8 +151,17 @@ class BuildTrigger(object):
def raise_unsupported():
raise io.UnsupportedOperation
def get_trigger_config(trigger):
try:
return json.loads(trigger.config)
except:
return {}
class GithubBuildTrigger(BuildTrigger):
"""
BuildTrigger for GitHub that uses the archive API and buildpacks.
"""
@staticmethod
def _get_client(auth_token):
return Github(auth_token,
@ -166,34 +180,70 @@ class GithubBuildTrigger(BuildTrigger):
new_build_source = config['build_source']
gh_client = self._get_client(auth_token)
# Find the GitHub repository.
try:
to_add_webhook = gh_client.get_repo(new_build_source)
gh_repo = gh_client.get_repo(new_build_source)
except UnknownObjectException:
msg = 'Unable to find GitHub repository for source: %s'
raise TriggerActivationException(msg % new_build_source)
msg = 'Unable to find GitHub repository for source: %s' % new_build_source
raise TriggerActivationException(msg)
# Add a deploy key to the GitHub repository.
public_key, private_key = generate_ssh_keypair()
config['credentials'] = [
{
'name': 'SSH Public Key',
'value': public_key,
},
]
try:
deploy_key = gh_repo.create_key('%s Builder' % app.config['REGISTRY_TITLE'],
public_key)
config['deploy_key_id'] = deploy_key.id
except GithubException:
msg = 'Unable to add deploy key to repository: %s' % new_build_source
raise TriggerActivationException(msg)
# Add the webhook to the GitHub repository.
webhook_config = {
'url': standard_webhook_url,
'content_type': 'json',
}
try:
hook = to_add_webhook.create_hook('web', webhook_config)
hook = gh_repo.create_hook('web', webhook_config)
config['hook_id'] = hook.id
config['master_branch'] = to_add_webhook.default_branch
config['master_branch'] = gh_repo.default_branch
except GithubException:
msg = 'Unable to create webhook on repository: %s'
raise TriggerActivationException(msg % new_build_source)
msg = 'Unable to create webhook on repository: %s' % new_build_source
raise TriggerActivationException(msg)
return config
return config, private_key
def deactivate(self, auth_token, config):
gh_client = self._get_client(auth_token)
# Find the GitHub repository.
try:
repo = gh_client.get_repo(config['build_source'])
to_delete = repo.get_hook(config['hook_id'])
to_delete.delete()
except UnknownObjectException:
msg = 'Unable to find GitHub repository for source: %s' % config['build_source']
raise TriggerDeactivationException(msg)
# If the trigger uses a deploy key, remove it.
try:
if config['deploy_key_id']:
deploy_key = repo.get_key(config['deploy_key_id'])
deploy_key.delete()
except KeyError:
# There was no config['deploy_key_id'], thus this is an old trigger without a deploy key.
pass
except GithubException:
msg = 'Unable to remove deploy key: %s' % config['deploy_key_id']
raise TriggerDeactivationException(msg)
# Remove the webhook.
try:
hook = repo.get_hook(config['hook_id'])
hook.delete()
except GithubException:
msg = 'Unable to remove hook: %s' % config['hook_id']
raise TriggerDeactivationException(msg)
@ -233,7 +283,8 @@ class GithubBuildTrigger(BuildTrigger):
return repos_by_org
def matches_ref(self, ref, regex):
@staticmethod
def matches_ref(ref, regex):
match_string = ref.split('/', 1)[1]
if not regex:
return False
@ -257,7 +308,7 @@ class GithubBuildTrigger(BuildTrigger):
try:
regex = re.compile(config['branchtag_regex'])
branches = [branch.name for branch in repo.get_branches()
if self.matches_ref('refs/heads/' + branch.name, regex)]
if GithubBuildTrigger.matches_ref('refs/heads/' + branch.name, regex)]
except:
pass
@ -275,17 +326,18 @@ class GithubBuildTrigger(BuildTrigger):
raise RepositoryReadException(message)
def dockerfile_url(self, auth_token, config):
def dockerfile_url(self, auth_token, config):
source = config['build_source']
subdirectory = config.get('subdir', '')
path = subdirectory + '/Dockerfile' if subdirectory else 'Dockerfile'
gh_client = self._get_client(auth_token)
try:
repo = gh_client.get_repo(source)
master_branch = repo.default_branch or 'master'
return 'https://github.com/%s/blob/%s/%s' % (source, master_branch, path)
except GithubException as ge:
except GithubException:
logger.exception('Could not load repository for Dockerfile.')
return None
def load_dockerfile_contents(self, auth_token, config):
@ -341,12 +393,12 @@ class GithubBuildTrigger(BuildTrigger):
return commit_info
@staticmethod
def _prepare_build(config, repo, commit_sha, build_name, ref):
def _prepare_tarball(repo, commit_sha):
# Prepare the download and upload URLs
archive_link = repo.get_archive_link('tarball', commit_sha)
download_archive = client.get(archive_link, stream=True)
tarball_subdir = ''
with SpooledTemporaryFile(CHUNK_SIZE) as tarball:
for chunk in download_archive.iter_content(CHUNK_SIZE):
tarball.write(chunk)
@ -372,6 +424,25 @@ class GithubBuildTrigger(BuildTrigger):
logger.debug('Successfully prepared job')
return tarball_subdir, dockerfile_id
@staticmethod
def _prepare_build(trigger, config, repo, commit_sha, build_name, ref, git_url):
repo_subdir = config['subdir']
joined_subdir = repo_subdir
dockerfile_id = None
if trigger.private_key is None:
# If the trigger isn't using git, prepare the buildpack.
tarball_subdir, dockerfile_id = GithubBuildTrigger._prepare_tarball(repo, commit_sha)
logger.debug('Successfully prepared job')
# Join provided subdir with the tarball subdir.
joined_subdir = os.path.join(tarball_subdir, repo_subdir)
logger.debug('Final subdir: %s', joined_subdir)
# compute the tag(s)
branch = ref.split('/')[-1]
tags = {branch}
@ -379,18 +450,14 @@ class GithubBuildTrigger(BuildTrigger):
if branch == repo.default_branch:
tags.add('latest')
logger.debug('Pushing to tags: %s' % tags)
# compute the subdir
repo_subdir = config['subdir']
joined_subdir = os.path.join(tarball_subdir, repo_subdir)
logger.debug('Final subdir: %s' % joined_subdir)
logger.debug('Pushing to tags: %s', tags)
# compute the metadata
metadata = {
'commit_sha': commit_sha,
'ref': ref,
'default_branch': repo.default_branch,
'git_url': git_url,
}
# add the commit info.
@ -404,7 +471,7 @@ class GithubBuildTrigger(BuildTrigger):
def get_display_name(sha):
return sha[0:7]
def handle_trigger_request(self, request, auth_token, config):
def handle_trigger_request(self, request, trigger):
payload = request.get_json()
if not payload or payload.get('head_commit') is None:
raise SkipRequestException()
@ -416,14 +483,16 @@ class GithubBuildTrigger(BuildTrigger):
ref = payload['ref']
commit_sha = payload['head_commit']['id']
commit_message = payload['head_commit'].get('message', '')
git_url = payload['repository']['git_url']
config = get_trigger_config(trigger)
if 'branchtag_regex' in config:
try:
regex = re.compile(config['branchtag_regex'])
except:
regex = re.compile('.*')
if not self.matches_ref(ref, regex):
if not GithubBuildTrigger.matches_ref(ref, regex):
raise SkipRequestException()
if should_skip_commit(commit_message):
@ -431,7 +500,7 @@ class GithubBuildTrigger(BuildTrigger):
short_sha = GithubBuildTrigger.get_display_name(commit_sha)
gh_client = self._get_client(auth_token)
gh_client = self._get_client(trigger.auth_token)
repo_full_name = '%s/%s' % (payload['repository']['owner']['name'],
payload['repository']['name'])
@ -439,24 +508,25 @@ class GithubBuildTrigger(BuildTrigger):
logger.debug('Github repo: %s', repo)
return GithubBuildTrigger._prepare_build(config, repo, commit_sha,
short_sha, ref)
return GithubBuildTrigger._prepare_build(trigger, config, repo, commit_sha,
short_sha, ref, git_url)
def manual_start(self, auth_token, config, run_parameters = None):
def manual_start(self, trigger, run_parameters=None):
config = get_trigger_config(trigger)
try:
source = config['build_source']
run_parameters = run_parameters or {}
gh_client = self._get_client(auth_token)
gh_client = self._get_client(trigger.auth_token)
repo = gh_client.get_repo(source)
branch_name = run_parameters.get('branch_name') or repo.default_branch
branch = repo.get_branch(branch_name)
branch_sha = branch.commit.sha
commit_info = branch.commit
short_sha = GithubBuildTrigger.get_display_name(branch_sha)
ref = 'refs/heads/%s' % (branch_name)
git_url = repo.git_url
return self._prepare_build(config, repo, branch_sha, short_sha, ref)
return self._prepare_build(trigger, config, repo, branch_sha, short_sha, ref, git_url)
except GithubException as ghe:
raise TriggerStartException(ghe.data['message'])
@ -491,3 +561,151 @@ class GithubBuildTrigger(BuildTrigger):
return branches
return None
class CustomBuildTrigger(BuildTrigger):
payload_schema = {
'type': 'object',
'properties': {
'commit': {
'type': 'string',
'description': 'first 7 characters of the SHA-1 identifier for a git commit',
'pattern': '^([A-Fa-f0-9]{7})$',
},
'ref': {
'type': 'string',
'description': 'git reference for a git commit',
'pattern': '^refs\/(heads|tags|remotes)\/(.+)$',
},
'default_branch': {
'type': 'string',
'description': 'default branch of the git repository',
},
'commit_info': {
'type': 'object',
'description': 'metadata about a git commit',
'properties': {
'url': {
'type': 'string',
'description': 'URL to view a git commit',
},
'message': {
'type': 'string',
'description': 'git commit message',
},
'date': {
'type': 'string',
'description': 'timestamp for a git commit'
},
'author': {
'type': 'object',
'description': 'metadata about the author of a git commit',
'properties': {
'username': {
'type': 'string',
'description': 'username of the author',
},
'url': {
'type': 'string',
'description': 'URL to view the profile of the author',
},
'avatar_url': {
'type': 'string',
'description': 'URL to view the avatar of the author',
},
},
'required': ['username', 'url', 'avatar_url'],
},
'committer': {
'type': 'object',
'description': 'metadata about the committer of a git commit',
'properties': {
'username': {
'type': 'string',
'description': 'username of the committer',
},
'url': {
'type': 'string',
'description': 'URL to view the profile of the committer',
},
'avatar_url': {
'type': 'string',
'description': 'URL to view the avatar of the committer',
},
},
'required': ['username', 'url', 'avatar_url'],
},
},
'required': ['url', 'message', 'date'],
},
},
'required': ['commits', 'ref', 'default_branch'],
}
@classmethod
def service_name(cls):
return 'custom-git'
def is_active(self, config):
return config.has_key('credentials')
def _metadata_from_payload(self, payload):
try:
metadata = json.loads(payload)
validate(metadata, self.payload_schema)
except:
raise InvalidPayloadException()
return metadata
def handle_trigger_request(self, request, trigger):
payload = request.get_json()
if not payload:
raise SkipRequestException()
logger.debug('Payload %s', payload)
metadata = self._metadata_from_payload(payload)
# The build source is the canonical git URL used to clone.
config = get_trigger_config(trigger)
metadata['git_url'] = config['build_source']
branch = metadata['ref'].split('/')[-1]
tags = {branch}
build_name = metadata['commit_sha'][:6]
dockerfile_id = None
return dockerfile_id, tags, build_name, trigger.config['subdir'], metadata
def activate(self, trigger_uuid, standard_webhook_url, auth_token, config):
public_key, private_key = generate_ssh_keypair()
config['credentials'] = [
{
'name': 'SSH Public Key',
'value': public_key,
},
{
'name': 'Webhook Endpoint URL',
'value': standard_webhook_url,
},
]
return config, private_key
def deactivate(self, auth_token, config):
config.pop('credentials', None)
return config
def manual_start(self, trigger, run_parameters=None):
# commit_sha is the only required parameter
if 'commit_sha' not in run_parameters:
raise TriggerStartException('missing required parameter')
config = get_trigger_config(trigger)
dockerfile_id = None
tags = {run_parameters['commit_sha']}
build_name = run_parameters['commit_sha']
metadata = {
'commit_sha': run_parameters['commit_sha'],
'git_url': config['build_source'],
}
return dockerfile_id, list(tags), build_name, config['subdir'], metadata

25
endpoints/web.py
View file

@ -12,7 +12,7 @@ from data.model.oauth import DatabaseAuthorizationProvider
from app import app, billing as stripe, build_logs, avatar, signer
from auth.auth import require_session_login, process_oauth
from auth.permissions import (AdministerOrganizationPermission, ReadRepositoryPermission,
SuperUserPermission)
SuperUserPermission, AdministerRepositoryPermission)
from util.invoice import renderInvoiceToPdf
from util.seo import render_snapshot
@ -20,6 +20,7 @@ from util.cache import no_cache
from endpoints.common import common_login, render_page_template, route_show_if, param_required
from endpoints.csrf import csrf_protect, generate_csrf_token, verify_csrf
from endpoints.registry import set_cache_headers
from endpoints.trigger import CustomBuildTrigger
from util.names import parse_repository_name, parse_repository_name_and_tag
from util.useremails import send_email_changed
from util.systemlogs import build_logs_archive
@ -494,6 +495,28 @@ def download_logs_archive():
abort(403)
@web.route('/customtrigger/setup/<path:repository>', methods=['GET'])
@require_session_login
@parse_repository_name
def attach_custom_build_trigger(namespace, repository_name):
permission = AdministerRepositoryPermission(namespace, repository_name)
if permission.can():
repo = model.get_repository(namespace, repository_name)
if not repo:
msg = 'Invalid repository: %s/%s' % (namespace, repository_name)
abort(404, message=msg)
trigger = model.create_build_trigger(repo, CustomBuildTrigger.service_name(),
None, current_user.db_user())
repo_path = '%s/%s' % (namespace, repository_name)
full_url = '%s%s%s' % (url_for('web.repository', path=repo_path), '?tab=builds&newtrigger=',
trigger.uuid)
logger.debug('Redirecting to full url: %s', full_url)
return redirect(full_url)
abort(403)
@web.route('/<path:repository>')
@no_cache

15
endpoints/webhooks.py
View file

@ -1,5 +1,4 @@
import logging
import json
from flask import request, make_response, Blueprint
@ -9,9 +8,8 @@ from auth.auth import process_auth
from auth.permissions import ModifyRepositoryPermission
from util.invoice import renderInvoiceToHtml
from util.useremails import send_invoice_email, send_subscription_change, send_payment_failed
from util.names import parse_repository_name
from util.http import abort
from endpoints.trigger import BuildTrigger, ValidationRequestException, SkipRequestException
from endpoints.trigger import BuildTrigger, ValidationRequestException, SkipRequestException, InvalidPayloadException
from endpoints.common import start_build
@ -23,7 +21,7 @@ webhooks = Blueprint('webhooks', __name__)
@webhooks.route('/stripe', methods=['POST'])
def stripe_webhook():
request_data = request.get_json()
logger.debug('Stripe webhook call: %s' % request_data)
logger.debug('Stripe webhook call: %s', request_data)
customer_id = request_data.get('data', {}).get('object', {}).get('customer', None)
user = model.get_user_or_org_by_customer_id(customer_id) if customer_id else None
@ -87,19 +85,18 @@ def build_trigger_webhook(trigger_uuid, **kwargs):
handler = BuildTrigger.get_trigger_for_service(trigger.service.name)
logger.debug('Passing webhook request to handler %s', handler)
config_dict = json.loads(trigger.config)
try:
specs = handler.handle_trigger_request(request, trigger.auth_token,
config_dict)
specs = handler.handle_trigger_request(request, trigger)
dockerfile_id, tags, name, subdir, metadata = specs
except ValidationRequestException:
# This was just a validation request, we don't need to build anything
return make_response('Okay')
except SkipRequestException:
# The build was requested to be skipped
return make_response('Okay')
except InvalidPayloadException:
# The payload was malformed
abort(400)
pull_robot_name = model.get_pull_robot_name(trigger)
repo = model.get_repository(namespace, repository)