Commit 86c4ae2a authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch '26013-release-generation-from-within-gitlab-ci-yml-6' into 'master'

Allow create access Releases API via Job-Token

See merge request gitlab-org/gitlab!20632
parents 2ff379d0 27d5526e
---
title: Allow Job-Token authentication on Releases creation API
merge_request: 20632
author:
type: added
...@@ -57,6 +57,7 @@ module API ...@@ -57,6 +57,7 @@ module API
optional :milestones, type: Array, desc: 'The titles of the related milestones', default: [] optional :milestones, type: Array, desc: 'The titles of the related milestones', default: []
optional :released_at, type: DateTime, desc: 'The date when the release will be/was ready. Defaults to the current time.' optional :released_at, type: DateTime, desc: 'The date when the release will be/was ready. Defaults to the current time.'
end end
route_setting :authentication, job_token_allowed: true
post ':id/releases' do post ':id/releases' do
authorize_create_release! authorize_create_release!
......
...@@ -558,6 +558,43 @@ describe API::Releases do ...@@ -558,6 +558,43 @@ describe API::Releases do
end end
end end
context 'when using JOB-TOKEN auth' do
let(:job) { create(:ci_build, user: maintainer) }
let(:params) do
{
name: 'Another release',
tag_name: 'v0.2',
description: 'Another nice release',
released_at: '2019-04-25T10:00:00+09:00'
}
end
context 'when no token is provided' do
it 'returns a :not_found error' do
post api("/projects/#{project.id}/releases"), params: params
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'when an invalid token is provided' do
it 'returns an :unauthorized error' do
post api("/projects/#{project.id}/releases"), params: params.merge(job_token: 'yadayadayada')
expect(response).to have_gitlab_http_status(:unauthorized)
end
end
context 'when a valid token is provided' do
it 'creates the release' do
post api("/projects/#{project.id}/releases"), params: params.merge(job_token: job.token)
expect(response).to have_gitlab_http_status(:created)
expect(project.releases.last.description).to eq('Another nice release')
end
end
end
context 'when tag does not exist in git repository' do context 'when tag does not exist in git repository' do
let(:params) do let(:params) do
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment