d2b09d854f
Implement a new error handling library based on pkg/errors. It provides stack saving on wrapping and exports some function to add stack saving also to external errors. It also implements custom zerolog error formatting without adding too much verbosity by just printing the chain error file:line without a full stack trace of every error. * Add a --detailed-errors options to print error with they full chain * Wrap all error returns. Use errors.WithStack to wrap without adding a new messsage and error.Wrap[f] to add a message. * Add golangci-lint wrapcheck to check that external packages errors are wrapped. This won't check that internal packages error are wrapped. But we want also to ensure this case so we'll have to find something else to check also these.
523 lines
14 KiB
Go
523 lines
14 KiB
Go
// Copyright 2019 Sorint.lab
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package github
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"net"
|
|
"net/http"
|
|
"net/url"
|
|
"path"
|
|
"regexp"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"agola.io/agola/internal/errors"
|
|
gitsource "agola.io/agola/internal/gitsources"
|
|
|
|
"github.com/google/go-github/v29/github"
|
|
"golang.org/x/oauth2"
|
|
)
|
|
|
|
var (
|
|
GitHubOauth2Scopes = []string{"repo"}
|
|
|
|
branchRefPrefix = "refs/heads/"
|
|
tagRefPrefix = "refs/tags/"
|
|
pullRequestRefRegex = regexp.MustCompile("refs/pull/(.*)/head")
|
|
pullRequestRefFmt = "refs/pull/%s/head"
|
|
)
|
|
|
|
const (
|
|
GitHubAPIURL = "https://api.github.com"
|
|
GitHubWebURL = "https://github.com"
|
|
|
|
GitHubSSHHostKey = "github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
|
|
)
|
|
|
|
type Opts struct {
|
|
APIURL string
|
|
WebURL string
|
|
Token string
|
|
SkipVerify bool
|
|
Oauth2ClientID string
|
|
Oauth2Secret string
|
|
}
|
|
|
|
type Client struct {
|
|
client *github.Client
|
|
oauth2HTTPClient *http.Client
|
|
APIURL string
|
|
WebURL string
|
|
oauth2ClientID string
|
|
oauth2Secret string
|
|
}
|
|
|
|
// fromCommitStatus converts a gitsource commit status to a github commit status
|
|
func fromCommitStatus(status gitsource.CommitStatus) string {
|
|
switch status {
|
|
case gitsource.CommitStatusPending:
|
|
return "pending"
|
|
case gitsource.CommitStatusSuccess:
|
|
return "success"
|
|
case gitsource.CommitStatusError:
|
|
return "error"
|
|
case gitsource.CommitStatusFailed:
|
|
return "failure"
|
|
default:
|
|
panic(errors.Errorf("unknown commit status %q", status))
|
|
}
|
|
}
|
|
|
|
func parseRepoPath(repopath string) (string, string, error) {
|
|
parts := strings.Split(repopath, "/")
|
|
if len(parts) != 2 {
|
|
return "", "", errors.Errorf("wrong github repo path: %q", repopath)
|
|
}
|
|
return parts[0], parts[1], nil
|
|
}
|
|
|
|
type TokenTransport struct {
|
|
token string
|
|
rt http.RoundTripper
|
|
}
|
|
|
|
func (t *TokenTransport) RoundTrip(r *http.Request) (*http.Response, error) {
|
|
if t.token != "" {
|
|
r.Header.Set("Authorization", "Bearer "+t.token)
|
|
}
|
|
|
|
//nolint:wrapcheck
|
|
return t.rt.RoundTrip(r)
|
|
}
|
|
|
|
func New(opts Opts) (*Client, error) {
|
|
// copied from net/http until it has a clone function: https://github.com/golang/go/issues/26013
|
|
transport := &http.Transport{
|
|
Proxy: http.ProxyFromEnvironment,
|
|
DialContext: (&net.Dialer{
|
|
Timeout: 30 * time.Second,
|
|
KeepAlive: 30 * time.Second,
|
|
DualStack: true,
|
|
}).DialContext,
|
|
MaxIdleConns: 100,
|
|
IdleConnTimeout: 90 * time.Second,
|
|
TLSHandshakeTimeout: 10 * time.Second,
|
|
ExpectContinueTimeout: 1 * time.Second,
|
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: opts.SkipVerify},
|
|
}
|
|
httpClient := &http.Client{Transport: &TokenTransport{token: opts.Token, rt: transport}}
|
|
oauth2HTTPClient := &http.Client{Transport: transport}
|
|
|
|
isPublicGithub := false
|
|
// TODO(sgotti) improve detection of public github url (handle also trailing slash)
|
|
if opts.APIURL == GitHubAPIURL {
|
|
isPublicGithub = true
|
|
}
|
|
|
|
if isPublicGithub {
|
|
opts.WebURL = GitHubWebURL
|
|
if !strings.HasSuffix(opts.APIURL, "/") {
|
|
opts.APIURL += "/"
|
|
}
|
|
} else {
|
|
if opts.WebURL == "" {
|
|
opts.WebURL = opts.APIURL
|
|
}
|
|
if !strings.HasSuffix(opts.APIURL, "/") {
|
|
opts.APIURL += "/"
|
|
}
|
|
if !strings.HasSuffix(opts.APIURL, "/api/v3/") {
|
|
opts.APIURL += "api/v3/"
|
|
}
|
|
}
|
|
|
|
client := github.NewClient(httpClient)
|
|
client.BaseURL, _ = url.Parse(opts.APIURL)
|
|
|
|
return &Client{
|
|
client: client,
|
|
oauth2HTTPClient: oauth2HTTPClient,
|
|
APIURL: opts.APIURL,
|
|
WebURL: opts.WebURL,
|
|
oauth2ClientID: opts.Oauth2ClientID,
|
|
oauth2Secret: opts.Oauth2Secret,
|
|
}, nil
|
|
}
|
|
|
|
func (c *Client) oauth2Config(callbackURL string) *oauth2.Config {
|
|
return &oauth2.Config{
|
|
ClientID: c.oauth2ClientID,
|
|
ClientSecret: c.oauth2Secret,
|
|
Scopes: GitHubOauth2Scopes,
|
|
Endpoint: oauth2.Endpoint{
|
|
AuthURL: fmt.Sprintf("%s/login/oauth/authorize", c.WebURL),
|
|
TokenURL: fmt.Sprintf("%s/login/oauth/access_token", c.WebURL),
|
|
},
|
|
RedirectURL: callbackURL,
|
|
}
|
|
}
|
|
|
|
func (c *Client) GetOauth2AuthorizationURL(callbackURL, state string) (string, error) {
|
|
var config = c.oauth2Config(callbackURL)
|
|
return config.AuthCodeURL(state), nil
|
|
}
|
|
|
|
func (c *Client) RequestOauth2Token(callbackURL, code string) (*oauth2.Token, error) {
|
|
ctx := context.TODO()
|
|
ctx = context.WithValue(ctx, oauth2.HTTPClient, c.oauth2HTTPClient)
|
|
|
|
var config = c.oauth2Config(callbackURL)
|
|
token, err := config.Exchange(ctx, code)
|
|
if err != nil {
|
|
return nil, errors.Wrapf(err, "cannot get oauth2 token")
|
|
}
|
|
return token, nil
|
|
}
|
|
|
|
func (c *Client) RefreshOauth2Token(refreshToken string) (*oauth2.Token, error) {
|
|
ctx := context.TODO()
|
|
ctx = context.WithValue(ctx, oauth2.HTTPClient, c.oauth2HTTPClient)
|
|
|
|
var config = c.oauth2Config("")
|
|
token := &oauth2.Token{RefreshToken: refreshToken}
|
|
ts := config.TokenSource(ctx, token)
|
|
ntoken, err := ts.Token()
|
|
|
|
return ntoken, errors.WithStack(err)
|
|
}
|
|
|
|
func (c *Client) GetUserInfo() (*gitsource.UserInfo, error) {
|
|
user, _, err := c.client.Users.Get(context.TODO(), "")
|
|
if err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
|
|
userInfo := &gitsource.UserInfo{
|
|
ID: strconv.FormatInt(*user.ID, 10),
|
|
LoginName: *user.Login,
|
|
}
|
|
if user.Email != nil {
|
|
userInfo.Email = *user.Email
|
|
}
|
|
|
|
return userInfo, nil
|
|
}
|
|
|
|
func (c *Client) GetRepoInfo(repopath string) (*gitsource.RepoInfo, error) {
|
|
owner, reponame, err := parseRepoPath(repopath)
|
|
if err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
rr, _, err := c.client.Repositories.Get(context.TODO(), owner, reponame)
|
|
if err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
return fromGithubRepo(rr), nil
|
|
}
|
|
|
|
func (c *Client) GetFile(repopath, commit, file string) ([]byte, error) {
|
|
owner, reponame, err := parseRepoPath(repopath)
|
|
if err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
r, err := c.client.Repositories.DownloadContents(context.TODO(), owner, reponame, file, &github.RepositoryContentGetOptions{Ref: commit})
|
|
if err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
defer r.Close()
|
|
|
|
d, err := ioutil.ReadAll(r)
|
|
return d, errors.WithStack(err)
|
|
}
|
|
|
|
func (c *Client) CreateDeployKey(repopath, title, pubKey string, readonly bool) error {
|
|
owner, reponame, err := parseRepoPath(repopath)
|
|
if err != nil {
|
|
return errors.WithStack(err)
|
|
}
|
|
if _, _, err = c.client.Repositories.CreateKey(context.TODO(), owner, reponame, &github.Key{
|
|
Title: github.String(title),
|
|
Key: github.String(pubKey),
|
|
ReadOnly: github.Bool(readonly),
|
|
}); err != nil {
|
|
return errors.Wrapf(err, "error creating deploy key")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (c *Client) UpdateDeployKey(repopath, title, pubKey string, readonly bool) error {
|
|
owner, reponame, err := parseRepoPath(repopath)
|
|
if err != nil {
|
|
return errors.WithStack(err)
|
|
}
|
|
// NOTE(sgotti) gitea has a bug where if we delete and remove the same key with
|
|
// the same value it is correctly readded and the admin must force a
|
|
// authorized_keys regeneration on the server. To avoid this we update it only
|
|
// when the public key value has changed
|
|
keys, _, err := c.client.Repositories.ListKeys(context.TODO(), owner, reponame, nil)
|
|
if err != nil {
|
|
return errors.Wrapf(err, "error retrieving existing deploy keys")
|
|
}
|
|
|
|
for _, key := range keys {
|
|
if *key.Title == title {
|
|
if *key.Key == pubKey {
|
|
return nil
|
|
}
|
|
if _, err := c.client.Repositories.DeleteKey(context.TODO(), owner, reponame, *key.ID); err != nil {
|
|
return errors.Wrapf(err, "error removing existing deploy key")
|
|
}
|
|
}
|
|
}
|
|
|
|
if _, _, err = c.client.Repositories.CreateKey(context.TODO(), owner, reponame, &github.Key{
|
|
Title: github.String(title),
|
|
Key: github.String(pubKey),
|
|
ReadOnly: github.Bool(readonly),
|
|
}); err != nil {
|
|
return errors.Wrapf(err, "error creating deploy key")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (c *Client) DeleteDeployKey(repopath, title string) error {
|
|
owner, reponame, err := parseRepoPath(repopath)
|
|
if err != nil {
|
|
return errors.WithStack(err)
|
|
}
|
|
keys, _, err := c.client.Repositories.ListKeys(context.TODO(), owner, reponame, nil)
|
|
if err != nil {
|
|
return errors.Wrapf(err, "error retrieving existing deploy keys")
|
|
}
|
|
|
|
for _, key := range keys {
|
|
if *key.Title == title {
|
|
if _, err := c.client.Repositories.DeleteKey(context.TODO(), owner, reponame, *key.ID); err != nil {
|
|
return errors.Wrapf(err, "error removing existing deploy key")
|
|
}
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (c *Client) CreateRepoWebhook(repopath, url, secret string) error {
|
|
owner, reponame, err := parseRepoPath(repopath)
|
|
if err != nil {
|
|
return errors.WithStack(err)
|
|
}
|
|
|
|
hook := &github.Hook{
|
|
Config: map[string]interface{}{
|
|
"url": url,
|
|
"content_type": "json",
|
|
"secret": secret,
|
|
},
|
|
Events: []string{"push", "pull_request"},
|
|
Active: github.Bool(true),
|
|
}
|
|
|
|
if _, _, err = c.client.Repositories.CreateHook(context.TODO(), owner, reponame, hook); err != nil {
|
|
return errors.Wrapf(err, "error creating repository webhook")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (c *Client) DeleteRepoWebhook(repopath, u string) error {
|
|
owner, reponame, err := parseRepoPath(repopath)
|
|
if err != nil {
|
|
return errors.WithStack(err)
|
|
}
|
|
|
|
hooks := []*github.Hook{}
|
|
|
|
opt := &github.ListOptions{}
|
|
for {
|
|
pHooks, resp, err := c.client.Repositories.ListHooks(context.TODO(), owner, reponame, opt)
|
|
if err != nil {
|
|
return errors.Wrapf(err, "error retrieving repository webhooks")
|
|
}
|
|
hooks = append(hooks, pHooks...)
|
|
if resp.NextPage == 0 {
|
|
break
|
|
}
|
|
opt.Page = resp.NextPage
|
|
}
|
|
|
|
// match the full url so we can have multiple webhooks for different agola
|
|
// projects
|
|
for _, hook := range hooks {
|
|
if hook.Config["url"] == u {
|
|
if _, err := c.client.Repositories.DeleteHook(context.TODO(), owner, reponame, *hook.ID); err != nil {
|
|
return errors.Wrapf(err, "error deleting existing repository webhook")
|
|
}
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (c *Client) CreateCommitStatus(repopath, commitSHA string, status gitsource.CommitStatus, targetURL, description, statusContext string) error {
|
|
owner, reponame, err := parseRepoPath(repopath)
|
|
if err != nil {
|
|
return errors.WithStack(err)
|
|
}
|
|
_, _, err = c.client.Repositories.CreateStatus(context.TODO(), owner, reponame, commitSHA, &github.RepoStatus{
|
|
State: github.String(fromCommitStatus(status)),
|
|
TargetURL: github.String(targetURL),
|
|
Description: github.String(description),
|
|
Context: github.String(statusContext),
|
|
})
|
|
return errors.WithStack(err)
|
|
}
|
|
|
|
func (c *Client) ListUserRepos() ([]*gitsource.RepoInfo, error) {
|
|
remoteRepos := []*github.Repository{}
|
|
|
|
opt := &github.RepositoryListOptions{}
|
|
for {
|
|
pRemoteRepos, resp, err := c.client.Repositories.List(context.TODO(), "", opt)
|
|
if err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
remoteRepos = append(remoteRepos, pRemoteRepos...)
|
|
if resp.NextPage == 0 {
|
|
break
|
|
}
|
|
opt.Page = resp.NextPage
|
|
}
|
|
|
|
repos := []*gitsource.RepoInfo{}
|
|
|
|
for _, rr := range remoteRepos {
|
|
// keep only repos with admin permissions
|
|
if rr.Permissions != nil {
|
|
if !(*rr.Permissions)["admin"] {
|
|
continue
|
|
}
|
|
repos = append(repos, fromGithubRepo(rr))
|
|
}
|
|
}
|
|
|
|
return repos, nil
|
|
}
|
|
|
|
func fromGithubRepo(rr *github.Repository) *gitsource.RepoInfo {
|
|
return &gitsource.RepoInfo{
|
|
ID: strconv.FormatInt(*rr.ID, 10),
|
|
Path: path.Join(*rr.Owner.Login, *rr.Name),
|
|
HTMLURL: *rr.HTMLURL,
|
|
SSHCloneURL: *rr.SSHURL,
|
|
HTTPCloneURL: *rr.CloneURL,
|
|
}
|
|
}
|
|
|
|
func (c *Client) GetRef(repopath, ref string) (*gitsource.Ref, error) {
|
|
owner, reponame, err := parseRepoPath(repopath)
|
|
if err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
|
|
remoteRef, _, err := c.client.Git.GetRef(context.TODO(), owner, reponame, ref)
|
|
if err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
|
|
return fromGithubRef(remoteRef)
|
|
}
|
|
|
|
func fromGithubRef(remoteRef *github.Reference) (*gitsource.Ref, error) {
|
|
t := *(remoteRef.Object.Type)
|
|
switch t {
|
|
case "commit":
|
|
default:
|
|
return nil, errors.Errorf("unsupported object type: %s", t)
|
|
}
|
|
|
|
return &gitsource.Ref{
|
|
Ref: *remoteRef.Ref,
|
|
CommitSHA: *remoteRef.Object.SHA,
|
|
}, nil
|
|
}
|
|
|
|
func (c *Client) RefType(ref string) (gitsource.RefType, string, error) {
|
|
switch {
|
|
case strings.HasPrefix(ref, branchRefPrefix):
|
|
return gitsource.RefTypeBranch, strings.TrimPrefix(ref, branchRefPrefix), nil
|
|
|
|
case strings.HasPrefix(ref, tagRefPrefix):
|
|
return gitsource.RefTypeTag, strings.TrimPrefix(ref, tagRefPrefix), nil
|
|
|
|
case pullRequestRefRegex.MatchString(ref):
|
|
m := pullRequestRefRegex.FindStringSubmatch(ref)
|
|
return gitsource.RefTypePullRequest, m[1], nil
|
|
|
|
default:
|
|
return -1, "", errors.Errorf("unsupported ref: %s", ref)
|
|
}
|
|
}
|
|
|
|
func (c *Client) GetCommit(repopath, commitSHA string) (*gitsource.Commit, error) {
|
|
owner, reponame, err := parseRepoPath(repopath)
|
|
if err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
|
|
commit, _, err := c.client.Git.GetCommit(context.TODO(), owner, reponame, commitSHA)
|
|
if err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
|
|
return &gitsource.Commit{
|
|
SHA: *commit.SHA,
|
|
Message: *commit.Message,
|
|
}, nil
|
|
}
|
|
|
|
func (c *Client) BranchRef(branch string) string {
|
|
return branchRefPrefix + branch
|
|
}
|
|
|
|
func (c *Client) TagRef(tag string) string {
|
|
return tagRefPrefix + tag
|
|
}
|
|
|
|
func (c *Client) PullRequestRef(prID string) string {
|
|
return fmt.Sprintf(pullRequestRefFmt, prID)
|
|
}
|
|
|
|
func (c *Client) CommitLink(repoInfo *gitsource.RepoInfo, commitSHA string) string {
|
|
return fmt.Sprintf("%s/commit/%s", repoInfo.HTMLURL, commitSHA)
|
|
}
|
|
|
|
func (c *Client) BranchLink(repoInfo *gitsource.RepoInfo, branch string) string {
|
|
return fmt.Sprintf("%s/src/branch/%s", repoInfo.HTMLURL, branch)
|
|
}
|
|
|
|
func (c *Client) TagLink(repoInfo *gitsource.RepoInfo, tag string) string {
|
|
return fmt.Sprintf("%s/src/tag/%s", repoInfo.HTMLURL, tag)
|
|
}
|
|
|
|
func (c *Client) PullRequestLink(repoInfo *gitsource.RepoInfo, prID string) string {
|
|
return fmt.Sprintf("%s/pull/%s", repoInfo.HTMLURL, prID)
|
|
}
|