Merge branch 'feature/send-registry-address-with-build-payload' into 'master'

Send registry address with build payload

## What does this MR do?

Adds `registry_url` as a part of a build payload, when sending a response to a GitLab Runner which requested a new build.

## Are there points in the code the reviewer needs to double check?

Change in `lib/ci/api/entities.rb`.

## Why was this MR needed?

This is one of the steps needed to add support for private/protected registries hosted with GitLab CE/EE.

## Screenshots (if relevant)

## Does this MR meet the acceptance criteria?

- [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [x] API support added
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?

Related to gitlab-org/gitlab-ci-multi-runner#1828, gitlab-org/gitlab-ci-multi-runner!386, gitlab-org/gitlab-ci-multi-runner#1434

See merge request !7474

app/models/ci/build.rb

@@ -487,6 +487,10 @@ module Ci
       ]
     end
 
+    def credentials
+      Gitlab::Ci::Build::Credentials::Factory.new(self).create!
+    end
+
     private
 
     def update_artifacts_size

changelogs/unreleased/feature-send-registry-address-with-build-payload.yml

+---
+title: Send credentials (currently for registry only) with build data to GitLab Runner
+merge_request: 7474
+author:

lib/ci/api/entities.rb

@@ -32,6 +32,10 @@ module Ci
         expose :artifacts_file, using: ArtifactFile, if: ->(build, _) { build.artifacts? }
       end
 
+      class BuildCredentials < Grape::Entity
+        expose :type, :url, :username, :password
+      end
+
       class BuildDetails < Build
         expose :commands
         expose :repo_url
@@ -50,6 +54,8 @@ module Ci
 
         expose :variables
         expose :depends_on_builds, using: Build
+
+        expose :credentials, using: BuildCredentials
       end
 
       class Runner < Grape::Entity

lib/gitlab/ci/build/credentials/base.rb

+module Gitlab
+  module Ci
+    module Build
+      module Credentials
+        class Base
+          def type
+            self.class.name.demodulize.underscore
+          end
+        end
+      end
+    end
+  end
+end

lib/gitlab/ci/build/credentials/factory.rb

+module Gitlab
+  module Ci
+    module Build
+      module Credentials
+        class Factory
+          def initialize(build)
+            @build = build
+          end
+
+          def create!
+            credentials.select(&:valid?)
+          end
+
+          private
+
+          def credentials
+            providers.map { |provider| provider.new(@build) }
+          end
+
+          def providers
+            [Registry]
+          end
+        end
+      end
+    end
+  end
+end

lib/gitlab/ci/build/credentials/registry.rb

+module Gitlab
+  module Ci
+    module Build
+      module Credentials
+        class Registry < Base
+          attr_reader :username, :password
+
+          def initialize(build)
+            @username = 'gitlab-ci-token'
+            @password = build.token
+          end
+
+          def url
+            Gitlab.config.registry.host_port
+          end
+
+          def valid?
+            Gitlab.config.registry.enabled
+          end
+        end
+      end
+    end
+  end
+end

spec/lib/gitlab/ci/build/credentials/factory_spec.rb

+require 'spec_helper'
+
+describe Gitlab::Ci::Build::Credentials::Factory do
+  let(:build) { create(:ci_build, name: 'spinach', stage: 'test', stage_idx: 0) }
+
+  subject { Gitlab::Ci::Build::Credentials::Factory.new(build).create! }
+
+  class TestProvider
+    def initialize(build); end
+  end
+
+  before do
+    allow_any_instance_of(Gitlab::Ci::Build::Credentials::Factory).to receive(:providers).and_return([TestProvider])
+  end
+
+  context 'when provider is valid' do
+    before do
+      allow_any_instance_of(TestProvider).to receive(:valid?).and_return(true)
+    end
+
+    it 'generates an array of credentials objects' do
+      is_expected.to be_kind_of(Array)
+      is_expected.not_to be_empty
+      expect(subject.first).to be_kind_of(TestProvider)
+    end
+  end
+
+  context 'when provider is not valid' do
+    before do
+      allow_any_instance_of(TestProvider).to receive(:valid?).and_return(false)
+    end
+
+    it 'generates an array without specific credential object' do
+      is_expected.to be_kind_of(Array)
+      is_expected.to be_empty
+    end
+  end
+end

spec/lib/gitlab/ci/build/credentials/registry_spec.rb

+require 'spec_helper'
+
+describe Gitlab::Ci::Build::Credentials::Registry do
+  let(:build) { create(:ci_build, name: 'spinach', stage: 'test', stage_idx: 0) }
+  let(:registry_url) { 'registry.example.com:5005' }
+
+  subject { Gitlab::Ci::Build::Credentials::Registry.new(build) }
+
+  before do
+    stub_container_registry_config(host_port: registry_url)
+  end
+
+  it 'contains valid DockerRegistry credentials' do
+    expect(subject).to be_kind_of(Gitlab::Ci::Build::Credentials::Registry)
+
+    expect(subject.username).to eq 'gitlab-ci-token'
+    expect(subject.password).to eq build.token
+    expect(subject.url).to eq registry_url
+    expect(subject.type).to eq 'registry'
+  end
+
+  describe '.valid?' do
+    subject { Gitlab::Ci::Build::Credentials::Registry.new(build).valid? }
+
+    context 'when registry is enabled' do
+      before do
+        stub_container_registry_config(enabled: true)
+      end
+
+      it { is_expected.to be_truthy }
+    end
+
+    context 'when registry is disabled' do
+      before do
+        stub_container_registry_config(enabled: false)
+      end
+
+      it { is_expected.to be_falsey }
+    end
+  end
+end

spec/requests/ci/api/builds_spec.rb

@@ -17,6 +17,10 @@ describe Ci::API::API do
       let!(:build) { create(:ci_build, pipeline: pipeline, name: 'spinach', stage: 'test', stage_idx: 0) }
       let(:user_agent) { 'gitlab-ci-multi-runner 1.5.2 (1-5-stable; go1.6.3; linux/amd64)' }
 
+      before do
+        stub_container_registry_config(enabled: false)
+      end
+
       shared_examples 'no builds available' do
         context 'when runner sends version in User-Agent' do
           context 'for stable version' do
@@ -53,6 +57,41 @@ describe Ci::API::API do
         it 'updates runner info' do
           expect { register_builds }.to change { runner.reload.contacted_at }
         end
+
+        context 'registry credentials' do
+          let(:registry_credentials) do
+            { 'type' => 'registry',
+              'url' => 'registry.example.com:5005',
+              'username' => 'gitlab-ci-token',
+              'password' => build.token }
+          end
+
+          context 'when registry is enabled' do
+            before do
+              stub_container_registry_config(enabled: true, host_port: 'registry.example.com:5005')
+            end
+
+            it 'sends registry credentials key' do
+              register_builds info: { platform: :darwin }
+
+              expect(json_response).to have_key('credentials')
+              expect(json_response['credentials']).to include(registry_credentials)
+            end
+          end
+
+          context 'when registry is disabled' do
+            before do
+              stub_container_registry_config(enabled: false, host_port: 'registry.example.com:5005')
+            end
+
+            it 'does not send registry credentials' do
+              register_builds info: { platform: :darwin }
+
+              expect(json_response).to have_key('credentials')
+              expect(json_response['credentials']).not_to include(registry_credentials)
+            end
+          end
+        end
       end
 
       context 'when builds are finished' do