Skip to content
Snippets Groups Projects
Verified Commit 2edc0214 authored by Matija Čupić's avatar Matija Čupić
Browse files

Prevent creating pipelines with ambiguous refs

parent 1bf58068
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 35 additions and 30 deletions
lib/gitlab/ci/pipeline/chain/build.rb
+ 0
1
View file @ 2edc0214
@@ -17,7 +17,6 @@ module Gitlab
user: @command.current_user,
pipeline_schedule: @command.schedule,
merge_request: @command.merge_request,
protected: @command.protected_ref?,
variables_attributes: Array(@command.variables_attributes)
)
 
lib/gitlab/ci/pipeline/chain/command.rb
+ 0
6
View file @ 2edc0214
@@ -51,12 +51,6 @@ module Gitlab
def before_sha
self[:before_sha] || checkout_sha || Gitlab::Git::BLANK_SHA
end
def protected_ref?
strong_memoize(:protected_ref) do
project.protected_for?(origin_ref)
end
end
end
end
end
lib/gitlab/ci/pipeline/chain/populate.rb
+ 5
0
View file @ 2edc0214
@@ -18,6 +18,11 @@ module Gitlab
#
@command.seeds_block&.call(pipeline)
 
##
# Populate pipeline protected status
#
pipeline.protected = @command.project.protected_for?(@command.origin_ref)
##
# Populate pipeline with all stages, and stages with builds.
#
lib/gitlab/ci/pipeline/chain/validate/abilities.rb
+ 1
1
View file @ 2edc0214
@@ -31,7 +31,7 @@ module Gitlab
if current_user
allowed_to_create?
else # legacy triggers don't have a corresponding user
!@command.protected_ref?
!@command.project.protected_for?(@command.origin_ref)
end
end
 
lib/gitlab/ci/pipeline/chain/validate/repository.rb
+ 6
0
View file @ 2edc0214
@@ -16,6 +16,12 @@ module Gitlab
unless @command.sha
return error('Commit not found')
end
begin
@command.project.resolve_ref(@command.origin_ref)
rescue Project::AmbiguousRef
return error('Ref is ambiguous')
end
end
 
def break?
spec/lib/gitlab/ci/pipeline/chain/command_spec.rb
+ 0
22
View file @ 2edc0214
@@ -160,26 +160,4 @@ describe Gitlab::Ci::Pipeline::Chain::Command do
end
end
end
describe '#protected_ref?' do
let(:command) { described_class.new(project: project, origin_ref: 'my-branch') }
subject { command.protected_ref? }
context 'when a ref is protected' do
before do
expect_any_instance_of(Project).to receive(:protected_for?).with('my-branch').and_return(true)
end
it { is_expected.to eq(true) }
end
context 'when a ref is unprotected' do
before do
expect_any_instance_of(Project).to receive(:protected_for?).with('my-branch').and_return(false)
end
it { is_expected.to eq(false) }
end
end
end
spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb
+ 2
0
View file @ 2edc0214
@@ -14,6 +14,7 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do
Gitlab::Ci::Pipeline::Chain::Command.new(
project: project,
current_user: user,
origin_ref: 'master',
seeds_block: nil)
end
 
@@ -106,6 +107,7 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do
Gitlab::Ci::Pipeline::Chain::Command.new(
project: project,
current_user: user,
origin_ref: 'master',
seeds_block: seeds_block)
end
 
spec/lib/gitlab/ci/pipeline/chain/validate/repository_spec.rb
+ 21
0
View file @ 2edc0214
@@ -42,6 +42,27 @@ describe Gitlab::Ci::Pipeline::Chain::Validate::Repository do
end
end
 
context 'when ref is ambiguous' do
let(:project) do
p = create(:project, :repository)
p.repository.add_tag(user, 'master', 'master')
p
end
let(:command) do
Gitlab::Ci::Pipeline::Chain::Command.new(
project: project, current_user: user, origin_ref: 'master')
end
it 'breaks the chain' do
expect(step.break?).to be true
end
it 'adds an error about missing ref' do
expect(pipeline.errors.to_a)
.to include 'Ref is ambiguous'
end
end
context 'when does not have existing SHA set' do
let(:command) do
Gitlab::Ci::Pipeline::Chain::Command.new(
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment