Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
fa3fb23f
Commit
fa3fb23f
authored
Sep 26, 2017
by
Grzegorz Bizon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Move pipeline builder validation chain to a module
parent
609fa45f
Changes
8
Show whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
125 additions
and
119 deletions
+125
-119
app/services/ci/create_pipeline_service.rb
app/services/ci/create_pipeline_service.rb
+3
-3
lib/gitlab/ci/pipeline/chain/validate/abilities.rb
lib/gitlab/ci/pipeline/chain/validate/abilities.rb
+54
-0
lib/gitlab/ci/pipeline/chain/validate/config.rb
lib/gitlab/ci/pipeline/chain/validate/config.rb
+35
-0
lib/gitlab/ci/pipeline/chain/validate/repository.rb
lib/gitlab/ci/pipeline/chain/validate/repository.rb
+32
-0
lib/gitlab/ci/pipeline/chain/validate_abilities.rb
lib/gitlab/ci/pipeline/chain/validate_abilities.rb
+0
-52
lib/gitlab/ci/pipeline/chain/validate_config.rb
lib/gitlab/ci/pipeline/chain/validate_config.rb
+0
-33
lib/gitlab/ci/pipeline/chain/validate_repository.rb
lib/gitlab/ci/pipeline/chain/validate_repository.rb
+0
-30
spec/lib/gitlab/ci/pipeline/chain/validate/abilities_spec.rb
spec/lib/gitlab/ci/pipeline/chain/validate/abilities_spec.rb
+1
-1
No files found.
app/services/ci/create_pipeline_service.rb
View file @
fa3fb23f
...
@@ -2,9 +2,9 @@ module Ci
...
@@ -2,9 +2,9 @@ module Ci
class
CreatePipelineService
<
BaseService
class
CreatePipelineService
<
BaseService
attr_reader
:pipeline
attr_reader
:pipeline
SEQUENCE
=
[
Gitlab
::
Ci
::
Pipeline
::
Chain
::
ValidateAbilities
,
SEQUENCE
=
[
Gitlab
::
Ci
::
Pipeline
::
Chain
::
Validate
::
Abilities
,
Gitlab
::
Ci
::
Pipeline
::
Chain
::
ValidateRepository
,
Gitlab
::
Ci
::
Pipeline
::
Chain
::
Validate
::
Repository
,
Gitlab
::
Ci
::
Pipeline
::
Chain
::
ValidateConfig
,
Gitlab
::
Ci
::
Pipeline
::
Chain
::
Validate
::
Config
,
Gitlab
::
Ci
::
Pipeline
::
Chain
::
Skip
,
Gitlab
::
Ci
::
Pipeline
::
Chain
::
Skip
,
Gitlab
::
Ci
::
Pipeline
::
Chain
::
Create
].
freeze
Gitlab
::
Ci
::
Pipeline
::
Chain
::
Create
].
freeze
...
...
lib/gitlab/ci/pipeline/chain/validate/abilities.rb
0 → 100644
View file @
fa3fb23f
module
Gitlab
module
Ci
module
Pipeline
module
Chain
module
Validate
class
Abilities
<
Chain
::
Base
include
Gitlab
::
Allowable
include
Chain
::
Helpers
def
perform!
unless
project
.
builds_enabled?
return
error
(
'Pipelines are disabled!'
)
end
unless
allowed_to_trigger_pipeline?
if
can?
(
current_user
,
:create_pipeline
,
project
)
return
error
(
"Insufficient permissions for protected ref '
#{
pipeline
.
ref
}
'"
)
else
return
error
(
'Insufficient permissions to create a new pipeline'
)
end
end
end
def
break?
@pipeline
.
errors
.
any?
end
def
allowed_to_trigger_pipeline?
if
current_user
allowed_to_create?
else
# legacy triggers don't have a corresponding user
!
project
.
protected_for?
(
@pipeline
.
ref
)
end
end
def
allowed_to_create?
return
unless
can?
(
current_user
,
:create_pipeline
,
project
)
access
=
Gitlab
::
UserAccess
.
new
(
current_user
,
project:
project
)
if
branch_exists?
access
.
can_update_branch?
(
@pipeline
.
ref
)
elsif
tag_exists?
access
.
can_create_tag?
(
@pipeline
.
ref
)
else
true
# Allow it for now and we'll reject when we check ref existence
end
end
end
end
end
end
end
end
lib/gitlab/ci/pipeline/chain/validate/config.rb
0 → 100644
View file @
fa3fb23f
module
Gitlab
module
Ci
module
Pipeline
module
Chain
module
Validate
class
Config
<
Chain
::
Base
include
Chain
::
Helpers
def
perform!
unless
@pipeline
.
config_processor
unless
@pipeline
.
ci_yaml_file
return
error
(
"Missing
#{
@pipeline
.
ci_yaml_file_path
}
file"
)
end
if
@command
.
save_incompleted
&&
@pipeline
.
has_yaml_errors?
@pipeline
.
drop
end
return
error
(
@pipeline
.
yaml_errors
)
end
unless
@pipeline
.
has_stage_seeds?
return
error
(
'No stages / jobs for this pipeline.'
)
end
end
def
break?
@pipeline
.
errors
.
any?
||
@pipeline
.
persisted?
end
end
end
end
end
end
end
lib/gitlab/ci/pipeline/chain/validate/repository.rb
0 → 100644
View file @
fa3fb23f
module
Gitlab
module
Ci
module
Pipeline
module
Chain
module
Validate
class
Repository
<
Chain
::
Base
include
Chain
::
Helpers
def
perform!
unless
branch_exists?
||
tag_exists?
return
error
(
'Reference not found'
)
end
## TODO, we check commit in the service, that is why
# there is no repository access here.
#
# Should we validate repository before building a pipeline?
#
unless
pipeline
.
sha
return
error
(
'Commit not found'
)
end
end
def
break?
@pipeline
.
errors
.
any?
end
end
end
end
end
end
end
lib/gitlab/ci/pipeline/chain/validate_abilities.rb
deleted
100644 → 0
View file @
609fa45f
module
Gitlab
module
Ci
module
Pipeline
module
Chain
class
ValidateAbilities
<
Chain
::
Base
include
Gitlab
::
Allowable
include
Chain
::
Helpers
def
perform!
unless
project
.
builds_enabled?
return
error
(
'Pipelines are disabled!'
)
end
unless
allowed_to_trigger_pipeline?
if
can?
(
current_user
,
:create_pipeline
,
project
)
return
error
(
"Insufficient permissions for protected ref '
#{
pipeline
.
ref
}
'"
)
else
return
error
(
'Insufficient permissions to create a new pipeline'
)
end
end
end
def
break?
@pipeline
.
errors
.
any?
end
def
allowed_to_trigger_pipeline?
if
current_user
allowed_to_create?
else
# legacy triggers don't have a corresponding user
!
project
.
protected_for?
(
@pipeline
.
ref
)
end
end
def
allowed_to_create?
return
unless
can?
(
current_user
,
:create_pipeline
,
project
)
access
=
Gitlab
::
UserAccess
.
new
(
current_user
,
project:
project
)
if
branch_exists?
access
.
can_update_branch?
(
@pipeline
.
ref
)
elsif
tag_exists?
access
.
can_create_tag?
(
@pipeline
.
ref
)
else
true
# Allow it for now and we'll reject when we check ref existence
end
end
end
end
end
end
end
lib/gitlab/ci/pipeline/chain/validate_config.rb
deleted
100644 → 0
View file @
609fa45f
module
Gitlab
module
Ci
module
Pipeline
module
Chain
class
ValidateConfig
<
Chain
::
Base
include
Chain
::
Helpers
def
perform!
unless
@pipeline
.
config_processor
unless
@pipeline
.
ci_yaml_file
return
error
(
"Missing
#{
@pipeline
.
ci_yaml_file_path
}
file"
)
end
if
@command
.
save_incompleted
&&
@pipeline
.
has_yaml_errors?
@pipeline
.
drop
end
return
error
(
@pipeline
.
yaml_errors
)
end
unless
@pipeline
.
has_stage_seeds?
return
error
(
'No stages / jobs for this pipeline.'
)
end
end
def
break?
@pipeline
.
errors
.
any?
||
@pipeline
.
persisted?
end
end
end
end
end
end
lib/gitlab/ci/pipeline/chain/validate_repository.rb
deleted
100644 → 0
View file @
609fa45f
module
Gitlab
module
Ci
module
Pipeline
module
Chain
class
ValidateRepository
<
Chain
::
Base
include
Chain
::
Helpers
def
perform!
unless
branch_exists?
||
tag_exists?
return
error
(
'Reference not found'
)
end
## TODO, we check commit in the service, that is why
# there is no repository access here.
#
# Should we validate repository before building a pipeline?
#
unless
pipeline
.
sha
return
error
(
'Commit not found'
)
end
end
def
break?
@pipeline
.
errors
.
any?
end
end
end
end
end
end
spec/lib/gitlab/ci/pipeline/chain/validate
_
abilities_spec.rb
→
spec/lib/gitlab/ci/pipeline/chain/validate
/
abilities_spec.rb
View file @
fa3fb23f
require
'spec_helper'
require
'spec_helper'
describe
Gitlab
::
Ci
::
Pipeline
::
Chain
::
ValidateAbilities
do
describe
Gitlab
::
Ci
::
Pipeline
::
Chain
::
Validate
::
Abilities
do
describe
'#allowed_to_create?'
do
describe
'#allowed_to_create?'
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:project
)
{
create
(
:project
,
:repository
)
}
let
(
:project
)
{
create
(
:project
,
:repository
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment