diff --git a/cmd/main.go b/cmd/main.go index 358455c..aa1c38c 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -23,7 +23,7 @@ import ( "github.com/sirupsen/logrus" "github.com/spf13/cobra" - proworg "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/config/org" + proworg "sigs.k8s.io/prow/pkg/config/org" "sigs.k8s.io/release-utils/version" "github.com/uwu-tools/peribolos/internal/yaml" diff --git a/config/config_test.go b/config/config_test.go index c2fe6ec..141e58a 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -23,9 +23,9 @@ import ( "sort" "strings" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/config/org" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/github" "k8s.io/apimachinery/pkg/util/sets" + "sigs.k8s.io/prow/pkg/config/org" + "sigs.k8s.io/prow/pkg/github" "github.com/uwu-tools/peribolos/internal/yaml" ) diff --git a/go.mod b/go.mod index ee4efc4..5312f20 100644 --- a/go.mod +++ b/go.mod @@ -2,43 +2,57 @@ module github.com/uwu-tools/peribolos go 1.21 -// Upstream is unmaintained. This fork introduces two important changes: -// - We log an error if writing a cache key fails e.g., because disk is full -// - We inject a header that allows ghproxy to detect if the response was revalidated or a cache miss -replace github.com/gregjones/httpcache => github.com/alvaroaleman/httpcache v0.0.0-20210618195546-ab9a1a3f8a38 - require ( github.com/airconduct/go-probot v0.0.4 github.com/bmatcuk/doublestar/v4 v4.6.1 github.com/caarlos0/env/v7 v7.1.0 - github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1 - github.com/gomodule/redigo v1.9.2 github.com/google/go-cmp v0.6.0 - github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc - github.com/peterbourgon/diskv v2.0.1+incompatible - github.com/prometheus/client_golang v1.19.0 github.com/sethvargo/go-githubactions v1.2.0 - github.com/shurcooL/githubv4 v0.0.0-20230305132112-efb623903184 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.8.0 - go4.org v0.0.0-20230225012048-214862532bf5 - golang.org/x/oauth2 v0.19.0 - golang.org/x/sync v0.7.0 k8s.io/apimachinery v0.29.3 - k8s.io/utils v0.0.0-20230726121419-3b25d923346b + sigs.k8s.io/prow v0.0.0-20240424151722-0a31882002b9 sigs.k8s.io/release-utils v0.8.1 sigs.k8s.io/yaml v1.4.0 ) require ( + cloud.google.com/go v0.110.2 // indirect + cloud.google.com/go/compute v1.20.1 // indirect + cloud.google.com/go/compute/metadata v0.2.3 // indirect + cloud.google.com/go/iam v0.13.0 // indirect + cloud.google.com/go/storage v1.29.0 // indirect + contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d // indirect + contrib.go.opencensus.io/exporter/prometheus v0.4.0 // indirect + github.com/Azure/go-autorest v14.2.0+incompatible // indirect + github.com/Azure/go-autorest/autorest v0.11.29 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect + github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect + github.com/Azure/go-autorest/logger v0.2.1 // indirect + github.com/Azure/go-autorest/tracing v0.6.0 // indirect + github.com/GoogleCloudPlatform/testgrid v0.0.123 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect + github.com/andygrunwald/go-jira v1.14.0 // indirect + github.com/aws/aws-sdk-go v1.38.49 // indirect github.com/beorn7/perks v1.0.1 // indirect + github.com/blendle/zapdriver v1.3.1 // indirect github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 // indirect + github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cjwagner/httpcache v0.0.0-20230907212505-d4841bbad466 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1 // indirect github.com/emicklei/go-restful-openapi/v2 v2.9.1 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/evanphx/json-patch v5.6.0+incompatible // indirect + github.com/evanphx/json-patch/v5 v5.6.0 // indirect + github.com/fatih/structs v1.1.0 // indirect + github.com/fsnotify/fsnotify v1.6.0 // indirect + github.com/fvbommel/sortorder v1.0.1 // indirect + github.com/go-kit/log v0.2.1 // indirect + github.com/go-logfmt/logfmt v0.5.1 // indirect github.com/go-logr/logr v1.3.0 // indirect github.com/go-logr/zapr v1.2.4 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect @@ -46,39 +60,89 @@ require ( github.com/go-openapi/spec v0.20.9 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang-jwt/jwt v3.2.1+incompatible // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/gomodule/redigo v1.9.2 // indirect github.com/google/btree v1.0.1 // indirect + github.com/google/gnostic v0.6.9 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-containerregistry v0.15.2 // indirect github.com/google/go-github/v48 v48.2.0 // indirect github.com/google/go-github/v53 v53.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.1-0.20210504230335-f78f29fc09ea // indirect + github.com/google/s2a-go v0.1.4 // indirect + github.com/google/uuid v1.3.0 // indirect + github.com/google/wire v0.4.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect + github.com/googleapis/gax-go v2.0.2+incompatible // indirect + github.com/googleapis/gax-go/v2 v2.11.0 // indirect + github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect + github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect + github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.2 // indirect + github.com/imdario/mergo v0.3.13 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/opencontainers/go-digest v1.0.0 // indirect + github.com/peterbourgon/diskv v2.0.1+incompatible // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/prometheus/client_golang v1.19.0 // indirect github.com/prometheus/client_model v0.5.0 // indirect github.com/prometheus/common v0.48.0 // indirect github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/statsd_exporter v0.21.0 // indirect + github.com/shurcooL/githubv4 v0.0.0-20230305132112-efb623903184 // indirect github.com/shurcooL/graphql v0.0.0-20220606043923-3cf50f8a0a29 // indirect github.com/spf13/pflag v1.0.5 // indirect + github.com/tektoncd/pipeline v0.45.0 // indirect + github.com/trivago/tgo v1.0.7 // indirect github.com/xanzy/go-gitlab v0.90.0 // indirect - go.uber.org/multierr v1.10.0 // indirect + go.opencensus.io v0.24.0 // indirect + go.uber.org/atomic v1.10.0 // indirect + go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.25.0 // indirect + go4.org v0.0.0-20230225012048-214862532bf5 // indirect + gocloud.dev v0.19.0 // indirect golang.org/x/crypto v0.21.0 // indirect golang.org/x/net v0.23.0 // indirect + golang.org/x/oauth2 v0.19.0 // indirect + golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect + golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect + google.golang.org/api v0.126.0 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect + google.golang.org/grpc v1.55.0 // indirect google.golang.org/protobuf v1.33.0 // indirect + gopkg.in/fsnotify.v1 v1.4.7 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/api v0.25.9 // indirect + k8s.io/client-go v0.25.9 // indirect + k8s.io/component-base v0.25.4 // indirect k8s.io/klog/v2 v2.110.1 // indirect + k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/utils v0.0.0-20230726121419-3b25d923346b // "github.com/uwu-tools/peribolos/options/root" diff --git a/options/merge/merge.go b/options/merge/merge.go index bd0dace..d68927a 100644 --- a/options/merge/merge.go +++ b/options/merge/merge.go @@ -23,7 +23,7 @@ import ( "path/filepath" "github.com/sirupsen/logrus" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/config/org" + "sigs.k8s.io/prow/pkg/config/org" "github.com/uwu-tools/peribolos/internal/helpers" "github.com/uwu-tools/peribolos/internal/yaml" diff --git a/options/root/flags.go b/options/root/flags.go index b8ad4d3..e338722 100644 --- a/options/root/flags.go +++ b/options/root/flags.go @@ -22,7 +22,7 @@ import ( "github.com/sirupsen/logrus" "github.com/spf13/cobra" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/flagutil" + "sigs.k8s.io/prow/pkg/flagutil" ) const ( diff --git a/options/root/root.go b/options/root/root.go index db874d1..207f3dc 100644 --- a/options/root/root.go +++ b/options/root/root.go @@ -25,7 +25,7 @@ import ( "github.com/caarlos0/env/v7" actions "github.com/sethvargo/go-githubactions" "github.com/sirupsen/logrus" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/flagutil" + "sigs.k8s.io/prow/pkg/flagutil" ) const ( diff --git a/org/dump.go b/org/dump.go index 977cc4b..b54e375 100644 --- a/org/dump.go +++ b/org/dump.go @@ -20,8 +20,8 @@ import ( "fmt" "github.com/sirupsen/logrus" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/config/org" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/github" + "sigs.k8s.io/prow/pkg/config/org" + "sigs.k8s.io/prow/pkg/github" ) type dumpClient interface { diff --git a/org/members.go b/org/members.go index aec2a86..fd95389 100644 --- a/org/members.go +++ b/org/members.go @@ -21,10 +21,10 @@ import ( "strings" "github.com/sirupsen/logrus" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/config/org" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/github" utilerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/sets" + "sigs.k8s.io/prow/pkg/config/org" + "sigs.k8s.io/prow/pkg/github" "github.com/uwu-tools/peribolos/options/root" ) diff --git a/org/org.go b/org/org.go index 4f46719..4b7120f 100644 --- a/org/org.go +++ b/org/org.go @@ -20,9 +20,9 @@ import ( "fmt" "github.com/sirupsen/logrus" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/config/org" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/github" "k8s.io/apimachinery/pkg/util/sets" + "sigs.k8s.io/prow/pkg/config/org" + "sigs.k8s.io/prow/pkg/github" "github.com/uwu-tools/peribolos/options/root" ) diff --git a/org/org_test.go b/org/org_test.go index 6a6d12c..8ee0db8 100644 --- a/org/org_test.go +++ b/org/org_test.go @@ -24,9 +24,9 @@ import ( "testing" "github.com/google/go-cmp/cmp" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/config/org" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/github" "k8s.io/apimachinery/pkg/util/sets" + "sigs.k8s.io/prow/pkg/config/org" + "sigs.k8s.io/prow/pkg/github" "github.com/uwu-tools/peribolos/options/root" ) diff --git a/org/repos.go b/org/repos.go index 6fd75a6..0febd28 100644 --- a/org/repos.go +++ b/org/repos.go @@ -21,9 +21,9 @@ import ( "strings" "github.com/sirupsen/logrus" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/config/org" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/github" utilerrors "k8s.io/apimachinery/pkg/util/errors" + "sigs.k8s.io/prow/pkg/config/org" + "sigs.k8s.io/prow/pkg/github" "github.com/uwu-tools/peribolos/options/root" ) diff --git a/org/teams.go b/org/teams.go index e9f8a27..ed4a603 100644 --- a/org/teams.go +++ b/org/teams.go @@ -21,10 +21,10 @@ import ( "strings" "github.com/sirupsen/logrus" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/config/org" - Note that if the first request fails, then -// all subsequent requests will fail together. -type firstRequest struct { - *sync.Cond - - // Are there any threads that are "subscribed" to this first request's - // response? - subscribers bool - resp []byte - err error -} - -// RoundTrip coalesces concurrent GET requests for the same URI by blocking -// the later requests until the first request returns and then sharing the -// response between all requests. -// -// Notes: Deadlock shouldn't be possible because the map lock is always -// acquired before firstRequest lock if both locks are to be held and we -// never hold multiple firstRequest locks. -func (coalescer *requestCoalescer) RoundTrip(req *http.Request) (*http.Response, error) { - // Only coalesce GET requests - if req.Method != http.MethodGet { - resp, err := coalescer.requestExecutor.RoundTrip(req) - var tokenBudgetName string - if val := req.Header.Get(TokenBudgetIdentifierHeader); val != "" { - tokenBudgetName = val - } else { - tokenBudgetName = coalescer.hasher.Hash(req) - } - collectMetrics(ModeSkip, req, resp, tokenBudgetName) - return resp, err - } - - var cacheMode = ModeError - resp, err := func() (*http.Response, error) { - key := req.URL.String() - coalescer.Lock() - firstReq, ok := coalescer.cache[key] - // Note that we cannot immediately Unlock() coalescer here just after - // the cache lookup, because that may result in multiple threads - // possibly becoming a "firstReq" creator (main) thread. This is why we - // only Unlock() coalescer __after__ creating the cache entry. - - // Earlier request in flight. Wait for its response, which will be - // received by a different thread (specifically, the original thread - // that created the firstReq object --- let's call this the "main" - // thread for simplicity). - if ok { - // If the request that we're trying to process has a body, don't - // forget to close it. Normally if we're performing the HTTP - // roundtrip ourselves, we won't need to do this because the - // RoundTripper will do it on its own. However we'll never call - // RoundTrip() on this request ourselves because we're going to be - // lazy and just wait for the main thread to do it for us. So we - // need to close the body directly. See - // https://cs.opensource.google/go/go/+/refs/tags/go1.17.1:src/net/http/transport.go;l=510 - // and - // https://cs.opensource.google/go/go/+/refs/tags/go1.17.1:src/net/http/request.go;drc=refs%2Ftags%2Fgo1.17.1;l=1408 - // for an example. - if req.Body != nil { - defer req.Body.Close() // Since we won't pass the request we must close it. - } - - // Let the main thread know that there is at least one subscriber - // (us). We do this by incrementing the firstReq.subscribers - // variable. Note that we first grab the inner firstReq lock before - // unlocking the outer coalescer. This order is important as it - // guarantees that no other threads will delete the cache entry - // (firstReq) before we're done waiting for it. - // - // We need to unlock the coalescer so that other threads can read - // from it (and decide whether to wait or create a new cache entry). - // That is, the coalescer itself should never be blocked by - // subscribed threads. - firstReq.L.Lock() - coalescer.Unlock() - firstReq.subscribers = true - - // The documentation for Wait() says: - // "Because c.L is not locked when Wait first resumes, the caller typically - // cannot assume that the condition is true when Wait returns. Instead, the - // caller should Wait in a loop." - // This does not apply to this use of Wait() because the condition we are - // waiting for remains true once it becomes true. This lets us avoid the - // normal check to see if the condition has switched back to false between - // the signal being sent and this thread acquiring the lock. - - // Unlock firstReq.L variable (so that the thread that __did__ create - // the first request can actually process it). Suspend execution of - // this thread until that is done. - firstReq.Wait() - - // Because firstReq.Wait() will lock firstReq.L before returning, - // release the lock now because we won't be modifying anything - // inside firstRequest. Anyway, if we're here it means that we've - // been woken by a Broadcast() by the main thread. - firstReq.L.Unlock() - - if firstReq.err != nil { - // Don't log the error ourselves, because it will be logged once - // by the main thread. This avoids spamming the logs with the - // same error. - return nil, firstReq.err - } - - // Copy in firstReq's response into our own response. We didn't have - // to process the request ourselves! Wasn't that easy? - resp, err := http.ReadResponse(bufio.NewReader(bytes.NewBuffer(firstReq.resp)), nil) - if err != nil { - logrus.WithField("cache-key", key).WithError(err).Error("Error loading response.") - return nil, err - } - - cacheMode = ModeCoalesced - return resp, nil - } - - // No earlier (first) request in flight yet. Create a new firstRequest - // object and process it ourselves. - firstReq = &firstRequest{Cond: sync.NewCond(&sync.Mutex{})} - coalescer.cache[key] = firstReq - - // Unlock the coalescer so that it doesn't block on this particular - // request. This allows subsequent requests for the same URL to become - // subscribers to this main one. - coalescer.Unlock() - - // Actually process the request and get a response. - resp, err := coalescer.requestExecutor.RoundTrip(req) - // Real response received. Remove this firstRequest from the cache first - // __before__ waking any subscribed threads to let them copy the - // response we got. This order is important. If delete the cache entry - // __after__ waking the subscribed threads, then the following race - // condition can happen: - // - // 1. firstReq creator thread wakes subscribed threads - // 2. subscribed threads begin copying data from firstReq struct - // 3. *NEW* subscribers get created, because the cached key is still there - // 4. cached key is finally deleted - // 5. firstReq creator thread from Step 1 dies - // 6. subscribed threads from Step 3 will wait forever - // (memory leak, not to mention request timeout for all of these) - // - // Deleting the cache key now also allows a new firstRequest{} object to - // be created (and the whole cycle repeated again) by another set of - // requests in flight, if any. - coalescer.Lock() - delete(coalescer.cache, key) - coalescer.Unlock() - - // Write response data into firstReq for all subscribers to see. But - // only bother with writing into firstReq if we have subscribers at all - // (because otherwise no other thread will use it anyway). - firstReq.L.Lock() - if firstReq.subscribers { - if err != nil { - firstReq.resp, firstReq.err = nil, err - } else { - // Copy the response into firstReq.resp before letting - // subscribers know about it. - firstReq.resp, firstReq.err = httputil.DumpResponse(resp, true) - } - - // Wake up all subscribed threads. They will all read firstReq.resp - // to construct their own (identical) HTTP Responses, based on the - // contents of firstReq. - firstReq.Broadcast() - } - firstReq.L.Unlock() - - // The RoundTrip() encountered an error. Log it. - if err != nil { - logrus.WithField("cache-key", key).WithError(err).Warn("Error from cache transport layer.") - return nil, err - } - - // Return a ModeMiss by default (that is, the response was not in the - // cache, so we had to proxy the request and cache the response). This - // is what cacheResponseMode() does, unless there are other modes we can - // glean from the response header, find it with cacheResponseMode. - cacheMode = cacheResponseMode(resp.Header) - - return resp, nil - }() - - var tokenBudgetName string - if val := req.Header.Get(TokenBudgetIdentifierHeader); val != "" { - tokenBudgetName = val - } else { - tokenBudgetName = coalescer.hasher.Hash(req) - } - - collectMetrics(cacheMode, req, resp, tokenBudgetName) - return resp, err -} - -func collectMetrics(cacheMode CacheResponseMode, req *http.Request, resp *http.Response, tokenBudgetName string) { - ghmetrics.CollectCacheRequestMetrics(string(cacheMode), req.URL.Path, req.Header.Get("User-Agent"), tokenBudgetName) - if resp != nil { - resp.Header.Set(CacheModeHeader, string(cacheMode)) - if cacheMode == ModeRevalidated && resp.Header.Get(cacheEntryCreationDateHeader) != "" { - intVal, err := strconv.Atoi(resp.Header.Get(cacheEntryCreationDateHeader)) - if err != nil { - logrus.WithError(err).WithField("header-value", resp.Header.Get(cacheEntryCreationDateHeader)).Warn("Failed to convert cacheEntryCreationDateHeader value to int") - } else { - ghmetrics.CollectCacheEntryAgeMetrics(float64(time.Now().Unix()-int64(intVal)), req.URL.Path, req.Header.Get("User-Agent"), tokenBudgetName) - } - } - } -} diff --git a/third_party/k8s.io/test-infra/ghproxy/ghcache/ghcache.go b/third_party/k8s.io/test-infra/ghproxy/ghcache/ghcache.go deleted file mode 100644 index f76adc7..0000000 --- a/third_party/k8s.io/test-infra/ghproxy/ghcache/ghcache.go +++ /dev/null @@ -1,542 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package ghcache implements an HTTP cache optimized for caching responses -// from the GitHub API (https://api.github.com). -// -// Specifically, it enforces a cache policy that revalidates every cache hit -// with a conditional request to upstream regardless of cache entry freshness -// because conditional requests for unchanged resources don't cost any API -// tokens!!! See: https://developer.github.com/v3/#conditional-requests -// -// It also provides request coalescing and prometheus instrumentation. -package ghcache - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - "os" - "path" - "path/filepath" - "strconv" - "strings" - "sync" - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - - "github.com/gomodule/redigo/redis" - "github.com/gregjones/httpcache" - "github.com/gregjones/httpcache/diskcache" - rediscache "github.com/gregjones/httpcache/redis" - "github.com/peterbourgon/diskv" - "github.com/prometheus/client_golang/prometheus" - "github.com/sirupsen/logrus" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/ghproxy/ghmetrics" - "golang.org/x/sync/semaphore" -) - -type CacheResponseMode string - -// Cache response modes describe how ghcache fulfilled a request. -const ( - CacheModeHeader = "X-Cache-Mode" - - ModeError CacheResponseMode = "ERROR" // internal error handling request - ModeNoStore CacheResponseMode = "NO-STORE" // response not cacheable - ModeMiss CacheResponseMode = "MISS" // not in cache, request proxied and response cached. - ModeChanged CacheResponseMode = "CHANGED" // cache value invalid: resource changed, cache updated - ModeSkip CacheResponseMode = "SKIP" // cache was skipped, not applicable. e.g. POST request. - // The modes below are the happy cases in which the request is fulfilled for - // free (no API tokens used). - ModeCoalesced CacheResponseMode = "COALESCED" // coalesced request, this is a copied response - ModeRevalidated CacheResponseMode = "REVALIDATED" // cached value revalidated and returned - - // cacheEntryCreationDateHeader contains the creation date of the cache entry - cacheEntryCreationDateHeader = "X-PROW-REQUEST-DATE" - - // TokenBudgetIdentifierHeader is used to identify the token budget for - // which metrics should be recorded if set. If unset, the sha256sum of - // the Authorization header will be used. - TokenBudgetIdentifierHeader = "X-PROW-GHCACHE-TOKEN-BUDGET-IDENTIFIER" - - // TokenExpiryAtHeader includes a date at which the passed token expires and all associated caches - // can be cleaned up. It's value must be in RFC3339 format. - TokenExpiryAtHeader = "X-PROW-TOKEN-EXPIRES-AT" - - apiV3 = "v3" - apiV4 = "v4" -) - -// RequestThrottlingTimes keeps the information about throttling times per API and request methods -type RequestThrottlingTimes struct { - // throttlingTime is applied for all non-GET request methods for apiV3 and apiV4 - throttlingTime uint - // throttlingTimeV4 if different than 0, it's applied for non-GET request methods for apiV4, instead of ThrottlingTime - throttlingTimeV4 uint - // throttlingTimeForGET is applied for all GET request methods for apiV3 and apiV4 - throttlingTimeForGET uint - // maxDelayTime is applied when formed queue is too large, it allows to temporarily set max delay time provided by user instead of calculated value - maxDelayTime uint - // maxDelayTimeV4 is maxDelayTime for APIv4 - maxDelayTimeV4 uint -} - -func (rtt *RequestThrottlingTimes) isEnabled() bool { - return rtt.throttlingTime > 0 && rtt.throttlingTimeForGET > 0 -} - -func (rtt *RequestThrottlingTimes) getThrottlingTimeV4() uint { - if rtt.throttlingTimeV4 > 0 { - return rtt.throttlingTimeV4 - } - return rtt.throttlingTime -} - -// NewRequestThrottlingTimes creates a new RequestThrottlingTimes and returns it -func NewRequestThrottlingTimes(requestThrottlingTime, requestThrottlingTimeV4, requestThrottlingTimeForGET, requestThrottlingMaxDelayTime, requestThrottlingMaxDelayTimeV4 uint) RequestThrottlingTimes { - return RequestThrottlingTimes{ - throttlingTime: requestThrottlingTime, - throttlingTimeV4: requestThrottlingTimeV4, - throttlingTimeForGET: requestThrottlingTimeForGET, - maxDelayTime: requestThrottlingMaxDelayTime, - maxDelayTimeV4: requestThrottlingMaxDelayTimeV4, - } -} - -func CacheModeIsFree(mode CacheResponseMode) bool { - switch mode { - case ModeCoalesced: - return true - case ModeRevalidated: - return true - case ModeError: - // In this case we did not successfully communicate with the GH API, so no - // token is used, but we also don't return a response, so ModeError won't - // ever be returned as a value of CacheModeHeader. - return true - } - return false -} - -// outboundConcurrencyGauge provides the 'concurrent_outbound_requests' gauge that -// is global to the proxy. -var outboundConcurrencyGauge = prometheus.NewGauge(prometheus.GaugeOpts{ - Name: "concurrent_outbound_requests", - Help: "How many concurrent requests are in flight to GitHub servers.", -}) - -// pendingOutboundConnectionsGauge provides the 'pending_outbound_requests' gauge that -// is global to the proxy. -var pendingOutboundConnectionsGauge = prometheus.NewGauge(prometheus.GaugeOpts{ - Name: "pending_outbound_requests", - Help: "How many pending requests are waiting to be sent to GitHub servers.", -}) - -var cachePartitionsCounter = prometheus.NewCounterVec( - prometheus.CounterOpts{ - Name: "ghcache_cache_parititions", - Help: "Which cache partitions exist.", - }, - []string{"token_hash"}, -) - -func init() { - - prometheus.MustRegister(outboundConcurrencyGauge) - prometheus.MustRegister(pendingOutboundConnectionsGauge) - prometheus.MustRegister(cachePartitionsCounter) -} - -func cacheResponseMode(headers http.Header) CacheResponseMode { - if strings.Contains(headers.Get("Cache-Control"), "no-store") { - return ModeNoStore - } - if strings.Contains(headers.Get("Status"), "304 Not Modified") { - return ModeRevalidated - } - if headers.Get("X-Conditional-Request") != "" { - return ModeChanged - } - return ModeMiss -} - -func newThrottlingTransport(maxConcurrency int, roundTripper http.RoundTripper, hasher ghmetrics.Hasher, throttlingTimes RequestThrottlingTimes) http.RoundTripper { - return &throttlingTransport{ - sem: semaphore.NewWeighted(int64(maxConcurrency)), - roundTripper: roundTripper, - timeThrottlingEnabled: throttlingTimes.isEnabled(), - hasher: hasher, - registryApiV3: newTokensRegistry(throttlingTimes.throttlingTime, throttlingTimes.throttlingTimeForGET, throttlingTimes.maxDelayTime), - registryApiV4: newTokensRegistry(throttlingTimes.getThrottlingTimeV4(), throttlingTimes.throttlingTimeForGET, throttlingTimes.maxDelayTimeV4), - } -} - -func newTokensRegistry(requestThrottlingTime, requestThrottlingTimeForGET, maxDelayTime uint) tokensRegistry { - return tokensRegistry{ - lock: sync.Mutex{}, - tokens: map[string]tokenInfo{}, - throttlingTime: time.Millisecond * time.Duration(requestThrottlingTime), - throttlingTimeForGET: time.Millisecond * time.Duration(requestThrottlingTimeForGET), - maxDelayTime: time.Second * time.Duration(maxDelayTime), - } -} - -// tokenInfo keeps the last request timestamp and information whether it was GET request -type tokenInfo struct { - getReq bool - timestamp time.Time -} - -// tokenRegistry keeps the timestamp of last handled request per token budget (appId or hash) -type tokensRegistry struct { - lock sync.Mutex - tokens map[string]tokenInfo - throttlingTime time.Duration - throttlingTimeForGET time.Duration - maxDelayTime time.Duration -} - -func (tr *tokensRegistry) getRequestWaitDuration(tokenBudgetName string, getReq bool) time.Duration { - var duration time.Duration - tr.lock.Lock() - defer tr.lock.Unlock() - toQueue := time.Now() - if t, exists := tr.tokens[tokenBudgetName]; exists { - toQueue, duration = tr.calculateRequestWaitDuration(t, toQueue, getReq) - } - tr.tokens[tokenBudgetName] = tokenInfo{getReq: getReq, timestamp: toQueue} - return duration -} - -func (tr *tokensRegistry) calculateRequestWaitDuration(lastRequest tokenInfo, toQueue time.Time, getReq bool) (time.Time, time.Duration) { - throttlingTime := tr.throttlingTime - // Previous request also was GET => use GET throttling time as a base - if lastRequest.getReq && getReq { - throttlingTime = tr.throttlingTimeForGET - } - duration := toQueue.Sub(lastRequest.timestamp) - - if toQueue.Before(lastRequest.timestamp) || toQueue.Equal(lastRequest.timestamp) { - // There is already queued request, queue next afterwards. - difference := throttlingTime - if getReq { - difference = tr.throttlingTimeForGET - } - future := lastRequest.timestamp.Add(difference) - duration = future.Sub(toQueue) - - // Do not exceed max wait time to avoid creating a huge request backlog if the GitHub api has performance issues - if duration >= tr.maxDelayTime { - duration = tr.maxDelayTime - future = toQueue.Add(tr.maxDelayTime) - } - toQueue = future - } else if duration >= throttlingTime || (getReq && duration >= tr.throttlingTimeForGET) { - // There was no request for some time, no need to wait. - duration = 0 - } else { - // There is a queued request, wait until the next throttling tick. - difference := throttlingTime - duration - if getReq && !lastRequest.getReq { - difference = tr.throttlingTimeForGET - duration - } - duration = difference - toQueue = toQueue.Add(duration) - } - return toQueue, duration -} - -// throttlingTransport throttles outbound concurrency from the proxy and adds QPS limit (1 request per given time) if enabled -type throttlingTransport struct { - sem *semaphore.Weighted - roundTripper http.RoundTripper - hasher ghmetrics.Hasher - timeThrottlingEnabled bool - registryApiV3 tokensRegistry - registryApiV4 tokensRegistry -} - -func (c *throttlingTransport) getTokenBudgetName(req *http.Request) string { - if val := req.Header.Get(TokenBudgetIdentifierHeader); val != "" { - return val - } - return c.hasher.Hash(req) -} - -func (c *throttlingTransport) holdRequest(req *http.Request) { - tokenBudgetName := c.getTokenBudgetName(req) - getReq := req.Method == http.MethodGet - var duration time.Duration - if strings.HasPrefix(req.URL.Path, "graphql") || strings.HasPrefix(req.URL.Path, "/graphql") { - duration = c.registryApiV4.getRequestWaitDuration(tokenBudgetName, getReq) - ghmetrics.CollectGitHubRequestWaitDurationMetrics(tokenBudgetName, req.Method, apiV4, duration) - } else { - duration = c.registryApiV3.getRequestWaitDuration(tokenBudgetName, getReq) - ghmetrics.CollectGitHubRequestWaitDurationMetrics(tokenBudgetName, req.Method, apiV3, duration) - } - if duration > 0 { - time.Sleep(duration) - } -} - -func (c *throttlingTransport) RoundTrip(req *http.Request) (*http.Response, error) { - pendingOutboundConnectionsGauge.Inc() - if c.timeThrottlingEnabled { - c.holdRequest(req) - } - - if err := c.sem.Acquire(context.Background(), 1); err != nil { - logrus.WithField("cache-key", req.URL.String()).WithError(err).Error("Internal error acquiring semaphore.") - return nil, err - } - defer c.sem.Release(1) - pendingOutboundConnectionsGauge.Dec() - outboundConcurrencyGauge.Inc() - defer outboundConcurrencyGauge.Dec() - return c.roundTripper.RoundTrip(req) -} - -// upstreamTransport changes response headers from upstream before they -// reach the cache layer in order to force the caching policy we require. -// -// By default github responds to PR requests with: -// -// Cache-Control: private, max-age=60, s-maxage=60 -// -// Which means the httpcache would not consider anything stale for 60 seconds. -// However, we want to always revalidate cache entries using ETags and last -// modified times so this RoundTripper overrides response headers to: -// -// Cache-Control: no-cache -// -// This instructs the cache to store the response, but always consider it stale. -type upstreamTransport struct { - roundTripper http.RoundTripper - hasher ghmetrics.Hasher -} - -func (u upstreamTransport) RoundTrip(req *http.Request) (*http.Response, error) { - etag := req.Header.Get("if-none-match") - var tokenBudgetName string - if val := req.Header.Get(TokenBudgetIdentifierHeader); val != "" { - tokenBudgetName = val - } else { - tokenBudgetName = u.hasher.Hash(req) - } - - reqStartTime := time.Now() - // Don't modify request, just pass to roundTripper. - resp, err := u.roundTripper.RoundTrip(req) - if err != nil { - ghmetrics.CollectRequestTimeoutMetrics(tokenBudgetName, req.URL.Path, req.Header.Get("User-Agent"), reqStartTime, time.Now()) - logrus.WithField("cache-key", req.URL.String()).WithError(err).Warn("Error from upstream (GitHub).") - return nil, err - } - responseTime := time.Now() - roundTripTime := responseTime.Sub(reqStartTime) - - if resp.StatusCode >= 400 { - // Don't store errors. They can't be revalidated to save API tokens. - resp.Header.Set("Cache-Control", "no-store") - } else { - resp.Header.Set("Cache-Control", "no-cache") - if resp.StatusCode != http.StatusNotModified { - // Used for metrics about the age of cached requests - resp.Header.Set(cacheEntryCreationDateHeader, strconv.Itoa(int(time.Now().Unix()))) - } - } - if etag != "" { - resp.Header.Set("X-Conditional-Request", etag) - } - - apiVersion := apiV3 - if strings.HasPrefix(req.URL.Path, "graphql") || strings.HasPrefix(req.URL.Path, "/graphql") { - resp.Header.Set("Cache-Control", "no-store") - apiVersion = apiV4 - } - - ghmetrics.CollectGitHubTokenMetrics(tokenBudgetName, apiVersion, resp.Header, reqStartTime, responseTime) - ghmetrics.CollectGitHubRequestMetrics(tokenBudgetName, req.URL.Path, strconv.Itoa(resp.StatusCode), req.Header.Get("User-Agent"), roundTripTime.Seconds()) - - return resp, nil -} - -const LogMessageWithDiskPartitionFields = "Not using a partitioned cache because legacyDisablePartitioningByAuthHeader is true" - -// NewDiskCache creates a GitHub cache RoundTripper that is backed by a disk -// cache. -// It supports a partitioned cache. -func NewDiskCache(roundTripper http.RoundTripper, cacheDir string, cacheSizeGB, maxConcurrency int, legacyDisablePartitioningByAuthHeader bool, cachePruneInterval time.Duration, throttlingTimes RequestThrottlingTimes) http.RoundTripper { - if legacyDisablePartitioningByAuthHeader { - diskCache := diskcache.NewWithDiskv( - diskv.New(diskv.Options{ - BasePath: path.Join(cacheDir, "data"), - TempDir: path.Join(cacheDir, "temp"), - CacheSizeMax: uint64(cacheSizeGB) * uint64(1000000000), // convert G to B - })) - return NewFromCache(roundTripper, - func(partitionKey string, _ *time.Time) httpcache.Cache { - logrus.WithField("cache-base-path", path.Join(cacheDir, "data", partitionKey)). - WithField("cache-temp-path", path.Join(cacheDir, "temp", partitionKey)). - Warning(LogMessageWithDiskPartitionFields) - return diskCache - }, - maxConcurrency, - throttlingTimes, - ) - } - - go func() { - for range time.NewTicker(cachePruneInterval).C { - Prune(cacheDir, time.Now) - } - }() - return NewFromCache(roundTripper, - func(partitionKey string, expiresAt *time.Time) httpcache.Cache { - basePath := path.Join(cacheDir, "data", partitionKey) - tempDir := path.Join(cacheDir, "temp", partitionKey) - if err := writecachePartitionMetadata(basePath, tempDir, expiresAt); err != nil { - logrus.WithError(err).Warn("Failed to write cache metadata file, pruning will not work") - } - return diskcache.NewWithDiskv( - diskv.New(diskv.Options{ - BasePath: basePath, - TempDir: tempDir, - CacheSizeMax: uint64(cacheSizeGB) * uint64(1000000000), // convert G to B - })) - }, - maxConcurrency, - throttlingTimes, - ) -} - -func Prune(baseDir string, now func() time.Time) { - // All of this would be easier if the structure was base/partition/{data,temp} - // but because of compatibility we can not change it. - for _, dir := range []string{"data", "temp"} { - base := path.Join(baseDir, dir) - cachePartitionCandidates, err := os.ReadDir(base) - if err != nil { - logrus.WithError(err).Warn("os.ReadDir failed") - // no continue, os.ReadDir returns partial results if it encounters an error - } - for _, cachePartitionCandidate := range cachePartitionCandidates { - if !cachePartitionCandidate.IsDir() { - continue - } - metadataPath := path.Join(base, cachePartitionCandidate.Name(), cachePartitionMetadataFileName) - - // Read optimistically and just ignore errors - raw, err := os.ReadFile(metadataPath) - if err != nil { - continue - } - var metadata cachePartitionMetadata - if err := json.Unmarshal(raw, &metadata); err != nil { - logrus.WithError(err).WithField("filepath", metadataPath).Error("failed to deserialize metadata file") - continue - } - if metadata.ExpiresAt.After(now()) { - continue - } - paritionPath := filepath.Dir(metadataPath) - logrus.WithField("path", paritionPath).WithField("expiresAt", metadata.ExpiresAt.String()).Info("Cleaning up expired cache parition") - if err := os.RemoveAll(paritionPath); err != nil { - logrus.WithError(err).WithField("path", paritionPath).Error("failed to delete expired cache parition") - } - } - } -} - -func writecachePartitionMetadata(basePath, tempDir string, expiresAt *time.Time) error { - // No expiry header for the token was passed, likely it is a PAT which never expires. - if expiresAt == nil { - return nil - } - metadata := cachePartitionMetadata{ExpiresAt: metav1.Time{Time: *expiresAt}} - serialized, err := json.Marshal(metadata) - if err != nil { - return fmt.Errorf("failed to serialize: %w", err) - } - - var errs []error - for _, destBase := range []string{basePath, tempDir} { - if err := os.MkdirAll(destBase, 0755); err != nil { - errs = append(errs, fmt.Errorf("failed to create dir %s: %w", destBase, err)) - } - dest := path.Join(destBase, cachePartitionMetadataFileName) - if err := os.WriteFile(dest, serialized, 0644); err != nil { - errs = append(errs, fmt.Errorf("failed to write %s: %w", dest, err)) - } - } - - return utilerrors.NewAggregate(errs) -} - -const cachePartitionMetadataFileName = ".cache_metadata.json" - -type cachePartitionMetadata struct { - ExpiresAt metav1.Time `json:"expires_at"` -} - -// NewMemCache creates a GitHub cache RoundTripper that is backed by a memory -// cache. -// It supports a partitioned cache. -func NewMemCache(roundTripper http.RoundTripper, maxConcurrency int, throttlingTimes RequestThrottlingTimes) http.RoundTripper { - return NewFromCache(roundTripper, - func(_ string, _ *time.Time) httpcache.Cache { return httpcache.NewMemoryCache() }, - maxConcurrency, - throttlingTimes) -} - -// CachePartitionCreator creates a new cache partition using the given key -type CachePartitionCreator func(partitionKey string, expiresAt *time.Time) httpcache.Cache - -// NewFromCache creates a GitHub cache RoundTripper that is backed by the -// specified httpcache.Cache implementation. -func NewFromCache(roundTripper http.RoundTripper, cache CachePartitionCreator, maxConcurrency int, throttlingTimes RequestThrottlingTimes) http.RoundTripper { - hasher := ghmetrics.NewCachingHasher() - return newPartitioningRoundTripper(func(partitionKey string, expiresAt *time.Time) http.RoundTripper { - cacheTransport := httpcache.NewTransport(cache(partitionKey, expiresAt)) - cacheTransport.Transport = newThrottlingTransport(maxConcurrency, upstreamTransport{roundTripper: roundTripper, hasher: hasher}, hasher, throttlingTimes) - return &requestCoalescer{ - cache: make(map[string]*firstRequest), - requestExecutor: cacheTransport, - hasher: hasher, - } - }) -} - -// NewRedisCache creates a GitHub cache RoundTripper that is backed by a Redis -// cache. -// Important note: The redis implementation does not support partitioning the cache -// which means that requests to the same path from different tokens will invalidate -// each other. -func NewRedisCache(roundTripper http.RoundTripper, redisAddress string, maxConcurrency int, throttlingTimes RequestThrottlingTimes) http.RoundTripper { - conn, err := redis.Dial("tcp", redisAddress) - if err != nil { - logrus.WithError(err).Fatal("Error connecting to Redis") - } - redisCache := rediscache.NewWithClient(conn) - return NewFromCache(roundTripper, - func(_ string, _ *time.Time) httpcache.Cache { return redisCache }, - maxConcurrency, - throttlingTimes) -} diff --git a/third_party/k8s.io/test-infra/ghproxy/ghcache/partitioner.go b/third_party/k8s.io/test-infra/ghproxy/ghcache/partitioner.go deleted file mode 100644 index 2831893..0000000 --- a/third_party/k8s.io/test-infra/ghproxy/ghcache/partitioner.go +++ /dev/null @@ -1,85 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ghcache - -import ( - "crypto/sha256" - "fmt" - "net/http" - "sync" - "time" - - "github.com/sirupsen/logrus" -) - -type roundTripperCreator func(partitionKey string, expiresAt *time.Time) http.RoundTripper - -// partitioningRoundTripper is a http.RoundTripper -var _ http.RoundTripper = &partitioningRoundTripper{} - -func newPartitioningRoundTripper(rtc roundTripperCreator) *partitioningRoundTripper { - return &partitioningRoundTripper{ - roundTripperCreator: rtc, - lock: &sync.Mutex{}, - roundTrippers: map[string]http.RoundTripper{}, - } -} - -type partitioningRoundTripper struct { - roundTripperCreator roundTripperCreator - lock *sync.Mutex - roundTrippers map[string]http.RoundTripper -} - -func getCachePartition(r *http.Request) string { - // Hash the key to make sure we dont leak it into the directory layout - return fmt.Sprintf("%x", sha256.Sum256([]byte(r.Header.Get("Authorization")))) -} - -func getExpiry(r *http.Request) *time.Time { - raw := r.Header.Get(TokenExpiryAtHeader) - if raw == "" { - return nil - } - parsed, err := time.Parse(time.RFC3339, raw) - if err != nil { - logrus.WithError(err).WithFields(logrus.Fields{ - "path": r.URL.Path, - "raw_value": raw, - "user-agent": r.Header.Get("User-Agent"), - }).Errorf("failed to parse value of %s header as RFC3339 time", TokenExpiryAtHeader) - return nil - } - return &parsed -} - -func (prt *partitioningRoundTripper) RoundTrip(r *http.Request) (*http.Response, error) { - cachePartition := getCachePartition(r) - expiresAt := getExpiry(r) - - prt.lock.Lock() - roundTripper, found := prt.roundTrippers[cachePartition] - if !found { - logrus.WithField("cache-parition-key", cachePartition).Info("Creating a new cache for partition") - cachePartitionsCounter.WithLabelValues(cachePartition).Add(1) - prt.roundTrippers[cachePartition] = prt.roundTripperCreator(cachePartition, expiresAt) - roundTripper = prt.roundTrippers[cachePartition] - } - prt.lock.Unlock() - - return roundTripper.RoundTrip(r) -} diff --git a/third_party/k8s.io/test-infra/ghproxy/ghmetrics/ghmetrics.go b/third_party/k8s.io/test-infra/ghproxy/ghmetrics/ghmetrics.go deleted file mode 100644 index 2dc253f..0000000 --- a/third_party/k8s.io/test-infra/ghproxy/ghmetrics/ghmetrics.go +++ /dev/null @@ -1,196 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ghmetrics - -import ( - "net/http" - "strconv" - "strings" - "sync" - "time" - - "github.com/prometheus/client_golang/prometheus" - "github.com/sirupsen/logrus" -) - -// ghTokenUntilResetGaugeVec provides the 'github_token_reset' gauge that -// enables keeping track of GitHub reset times. -var ghTokenUntilResetGaugeVec = prometheus.NewGaugeVec( - prometheus.GaugeOpts{ - Name: "github_token_reset", - Help: "Last reported GitHub token reset time.", - }, - []string{"token_hash", "api_version", "ratelimit_resource"}, -) - -// ghTokenUsageGaugeVec provides the 'github_token_usage' gauge that -// enables keeping track of GitHub calls and quotas. -var ghTokenUsageGaugeVec = prometheus.NewGaugeVec( - prometheus.GaugeOpts{ - Name: "github_token_usage", - Help: "How many GitHub token requets are remaining for the current hour.", - }, - []string{"token_hash", "api_version", "ratelimit_resource"}, -) - -// ghRequestDurationHistVec provides the 'github_request_duration' histogram that keeps track -// of the duration of GitHub requests by API path. -var ghRequestDurationHistVec = prometheus.NewHistogramVec( - prometheus.HistogramOpts{ - Name: "github_request_duration", - Help: "GitHub request duration by API path.", - Buckets: []float64{0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10}, - }, - []string{"token_hash", "path", "status", "user_agent"}, -) - -// ghRequestDurationHistVec provides the 'github_request_duration' histogram that keeps track -// of the duration of GitHub requests by API path. -var ghRequestWaitDurationHistVec = prometheus.NewHistogramVec( - prometheus.HistogramOpts{ - Name: "github_request_wait_duration_seconds", - Help: "GitHub request wait duration before sending to API in seconds", - Buckets: []float64{0.1, 0.25, 0.5, 1, 2.5, 5, 7.5, 10, 15, 20, 25, 30, 45, 60, 90, 120, 150, 180}, - }, - []string{"token_hash", "request_type", "api"}, -) - -// cacheCounter provides the 'ghcache_responses' counter vec that is indexed -// by the cache response mode. -var cacheCounter = prometheus.NewCounterVec( - prometheus.CounterOpts{ - Name: "ghcache_responses", - Help: "How many cache responses of each cache response mode there are.", - }, - []string{"mode", "path", "user_agent", "token_hash"}, -) - -// timeoutDuration provides the 'github_request_timeouts' histogram that keeps -// track of the timeouts of GitHub requests by API path. -var timeoutDuration = prometheus.NewHistogramVec( - prometheus.HistogramOpts{ - Name: "github_request_timeouts", - Help: "GitHub request timeout by API path.", - Buckets: []float64{45, 60, 90, 120, 300}, - }, - []string{"token_hash", "path", "user_agent"}, -) - -// cacheEntryAge tells us about the age of responses -// that came from the cache. -var cacheEntryAge = prometheus.NewHistogramVec( - prometheus.HistogramOpts{ - Name: "ghcache_cache_entry_age_seconds", - Help: "The age of cache entries by API path.", - Buckets: []float64{5, 900, 1800, 3600, 7200, 14400}, - }, - []string{"token_hash", "path", "user_agent"}, -) - -var muxTokenUsage sync.Mutex -var lastGitHubResponse time.Time - -func init() { - prometheus.MustRegister(ghTokenUntilResetGaugeVec) - prometheus.MustRegister(ghTokenUsageGaugeVec) - prometheus.MustRegister(ghRequestDurationHistVec) - prometheus.MustRegister(ghRequestWaitDurationHistVec) - prometheus.MustRegister(cacheCounter) - prometheus.MustRegister(timeoutDuration) - prometheus.MustRegister(cacheEntryAge) -} - -// CollectGitHubTokenMetrics publishes the rate limits of the github api to -// `github_token_usage` as well as `github_token_reset` on prometheus. -func CollectGitHubTokenMetrics(tokenHash, apiVersion string, headers http.Header, reqStartTime, responseTime time.Time) { - remaining := headers.Get("X-RateLimit-Remaining") - if remaining == "" { - return - } - resource := headers.Get("X-RateLimit-Resource") - timeUntilReset := timestampStringToTime(headers.Get("X-RateLimit-Reset")) - durationUntilReset := timeUntilReset.Sub(reqStartTime) - - remainingFloat, err := strconv.ParseFloat(remaining, 64) - if err != nil { - logrus.WithError(err).Infof("Couldn't convert number of remaining token requests into gauge value (float)") - } - if remainingFloat == 0 { - logrus.WithFields(logrus.Fields{ - "header": remaining, - "user-agent": headers.Get("User-Agent"), - }).Debug("Parsed GitHub header as indicating no remaining rate-limit.") - } - - muxTokenUsage.Lock() - isAfter := lastGitHubResponse.After(responseTime) - if !isAfter { - lastGitHubResponse = responseTime - } - muxTokenUsage.Unlock() - if isAfter { - logrus.WithField("last-github-response", lastGitHubResponse).WithField("response-time", responseTime).Debug("Previously pushed metrics of a newer response, skipping old metrics") - } else { - ghTokenUntilResetGaugeVec.With(prometheus.Labels{"token_hash": tokenHash, "api_version": apiVersion, "ratelimit_resource": resource}).Set(float64(durationUntilReset.Nanoseconds())) - ghTokenUsageGaugeVec.With(prometheus.Labels{"token_hash": tokenHash, "api_version": apiVersion, "ratelimit_resource": resource}).Set(remainingFloat) - } -} - -// CollectGitHubRequestMetrics publishes the number of requests by API path to -// `github_requests` on prometheus. -func CollectGitHubRequestMetrics(tokenHash, path, statusCode, userAgent string, roundTripTime float64) { - ghRequestDurationHistVec.With(prometheus.Labels{"token_hash": tokenHash, "path": simplifier.Simplify(path), "status": statusCode, "user_agent": userAgentWithoutVersion(userAgent)}).Observe(roundTripTime) -} - -// timestampStringToTime takes a unix timestamp and returns a `time.Time` -// from the given time. -func timestampStringToTime(tstamp string) time.Time { - timestamp, err := strconv.ParseInt(tstamp, 10, 64) - if err != nil { - logrus.WithField("timestamp", tstamp).Info("Couldn't convert unix timestamp") - } - return time.Unix(timestamp, 0) -} - -// userAgentWithouVersion formats a user agent without the version to reduce label cardinality -func userAgentWithoutVersion(userAgent string) string { - if !strings.Contains(userAgent, "/") { - return userAgent - } - return strings.SplitN(userAgent, "/", 2)[0] -} - -// CollectCacheRequestMetrics records a cache outcome for a specific path -func CollectCacheRequestMetrics(mode, path, userAgent, tokenHash string) { - cacheCounter.With(prometheus.Labels{"mode": mode, "path": simplifier.Simplify(path), "user_agent": userAgentWithoutVersion(userAgent), "token_hash": tokenHash}).Inc() -} - -func CollectCacheEntryAgeMetrics(age float64, path, userAgent, tokenHash string) { - cacheEntryAge.With(prometheus.Labels{"path": simplifier.Simplify(path), "user_agent": userAgentWithoutVersion(userAgent), "token_hash": tokenHash}).Observe(age) -} - -// CollectRequestTimeoutMetrics publishes the duration of timed-out requests by -// API path to 'github_request_timeouts' on prometheus. -func CollectRequestTimeoutMetrics(tokenHash, path, userAgent string, reqStartTime, responseTime time.Time) { - timeoutDuration.With(prometheus.Labels{"token_hash": tokenHash, "path": simplifier.Simplify(path), "user_agent": userAgentWithoutVersion(userAgent)}).Observe(float64(responseTime.Sub(reqStartTime).Seconds())) -} - -// CollectGitHubRequestWaitDurationMetrics publishes the wait duration of requests -// before sending to respective GitHub API on prometheus. -func CollectGitHubRequestWaitDurationMetrics(tokenHash, requestType, api string, duration time.Duration) { - ghRequestWaitDurationHistVec.With(prometheus.Labels{"token_hash": tokenHash, "request_type": requestType, "api": api}).Observe(duration.Seconds()) -} diff --git a/third_party/k8s.io/test-infra/ghproxy/ghmetrics/ghpath.go b/third_party/k8s.io/test-infra/ghproxy/ghmetrics/ghpath.go deleted file mode 100644 index f06084e..0000000 --- a/third_party/k8s.io/test-infra/ghproxy/ghmetrics/ghpath.go +++ /dev/null @@ -1,181 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ghmetrics - -import ( - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/simplifypath" -) - -func repositoryTree() []simplifypath.Node { - return []simplifypath.Node{ - l("branches", v("branch", l("protection", - l("restrictions", l("users"), l("teams")), - l("required_status_checks", l("contexts")), - l("required_pull_request_reviews"), - l("required_signatures"), - l("enforce_admins")))), - l("issues", - l("comments", v("commentId")), - l("events", v("eventId")), - v("issueId", - l("lock"), - l("comments"), - l("events"), - l("assignees"), - l("reactions"), - l("labels", simplifypath.VGreedy("labelId")))), - l("keys", v("keyId")), - l("labels", v("labelId")), - l("milestones", v("milestone")), - l("pulls", - v("pullId", - l("commits"), - l("files"), - l("comments"), - l("reviews"), - l("requested_reviewers"), - l("merge"))), - l("releases", v("releaseId")), - l("statuses", v("statusId")), - l("subscribers", v("subscriberId")), - l("assignees", v("assigneeId")), - l("archive", v("zip")), - l("collaborators", v("collaboratorId", l("permission"))), - l("comments", v("commentId")), - l("compare", v("sha")), - l("contents", v("contentId")), - l("commits", - v("sha", - l("check-runs"), - l("status")), - ), - l("git", - l("commits", v("sha")), - l("ref", v("refId")), - l("tags", v("tagId")), - l("trees", v("sha")), - l("refs", l("heads", v("ref")))), - l("stars"), - l("merges"), - l("stargazers"), - l("notifications"), - l("hooks"), - l("deployments"), - l("downloads"), - l("events"), - l("forks"), - l("topics"), - l("vulnerability-alerts"), - l("automated-security-fixes"), - l("contributors"), - l("languages"), - l("teams"), - l("tags"), - l("transfer"), - } -} - -func organizationTree() []simplifypath.Node { - return []simplifypath.Node{ - l("credential-authorizations", v("credentialId")), - l("repos"), - l("issues"), - l("invitations"), - l("members", v("login")), - l("memberships", v("login")), - l("teams"), - l("team", v("teamId", - l("repos"), - l("members"))), - } -} - -var simplifier = simplifypath.NewSimplifier(l("", // shadow element mimicing the root - l(""), - l("app", l("installations", v("id", l("access_tokens")))), - l("repos", - v("owner", - v("repo", - repositoryTree()...))), - l("repositories", - v("repoId", - repositoryTree()...)), - l("user", - l("following", v("userId")), - l("keys", v("keyId")), - l("email", l("visibility")), - l("emails"), - l("public_emails"), - l("followers"), - l("starred"), - l("issues"), - v("id", l("repos")), - ), - l("users", - v("username", - l("followers", v("username")), - l("repos"), - l("hovercard"), - l("following"))), - l("orgs", - v("orgname", - organizationTree()...)), - l("organizations", - v("orgId", - organizationTree()...)), - l("organizations", - v("orgId", - l("members"), - l("repos"), - l("teams"))), - l("issues", v("issueId")), - l("search", - l("repositories"), - l("commits"), - l("code"), - l("issues"), - l("users"), - l("topics"), - l("labels")), - l("gists", - l("public"), - l("starred")), - l("notifications", l("threads", v("threadId", l("subscription")))), - l("emojis"), - l("events"), - l("feeds"), - l("hub"), - l("rate_limit"), - l("teams", v("id", - l("members"), - l("memberships", v("user")), - l("repos", v("org", v("repo"))), - l("invitations"), - )), - // end point for gh api v4 - l("graphql"), - l("licenses"))) - -// l and v keep the tree legible - -func l(fragment string, children ...simplifypath.Node) simplifypath.Node { - return simplifypath.L(fragment, children...) -} - -func v(fragment string, children ...simplifypath.Node) simplifypath.Node { - return simplifypath.V(fragment, children...) -} diff --git a/third_party/k8s.io/test-infra/ghproxy/ghmetrics/hash.go b/third_party/k8s.io/test-infra/ghproxy/ghmetrics/hash.go deleted file mode 100644 index 028c314..0000000 --- a/third_party/k8s.io/test-infra/ghproxy/ghmetrics/hash.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ghmetrics - -import ( - "crypto/sha256" - "fmt" - "net/http" - "sync" - - "github.com/sirupsen/logrus" -) - -// Hasher knows how to hash an authorization header from a request -type Hasher interface { - Hash(req *http.Request) string -} - -func NewCachingHasher() Hasher { - return &cachingHasher{ - lock: sync.RWMutex{}, - hashes: map[string]string{}, - } -} - -type cachingHasher struct { - lock sync.RWMutex - hashes map[string]string -} - -func (h *cachingHasher) Hash(req *http.Request) string { - // get authorization header to convert to sha256 - authHeader := req.Header.Get("Authorization") - if authHeader == "" { - logrus.Warn("Couldn't retrieve 'Authorization' header, adding to unknown bucket") - authHeader = "unknown" - } - h.lock.RLock() - hash, cached := h.hashes[authHeader] - h.lock.RUnlock() - if cached { - return hash - } - - h.lock.Lock() - hash = fmt.Sprintf("%x", sha256.Sum256([]byte(authHeader))) // use %x to make this a utf-8 string for use as a label - h.hashes[authHeader] = hash - h.lock.Unlock() - return hash -} diff --git a/third_party/k8s.io/test-infra/prow/config/org/org.go b/third_party/k8s.io/test-infra/prow/config/org/org.go deleted file mode 100644 index bf14dfe..0000000 --- a/third_party/k8s.io/test-infra/prow/config/org/org.go +++ /dev/null @@ -1,176 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package org - -import ( - "fmt" - - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/github" -) - -// FullConfig stores the full configuration to be used by the tool, mapping -// orgs to their configuration at the top level under an `orgs` key. -type FullConfig struct { - Orgs map[string]Config `json:"orgs,omitempty"` -} - -// Metadata declares metadata about the GitHub org. -// -// See https://developer.github.com/v3/orgs/#edit-an-organization -type Metadata struct { - BillingEmail *string `json:"billing_email,omitempty"` - Company *string `json:"company,omitempty"` - Email *string `json:"email,omitempty"` - Name *string `json:"name,omitempty"` - Description *string `json:"description,omitempty"` - Location *string `json:"location,omitempty"` - HasOrganizationProjects *bool `json:"has_organization_projects,omitempty"` - HasRepositoryProjects *bool `json:"has_repository_projects,omitempty"` - DefaultRepositoryPermission *github.RepoPermissionLevel `json:"default_repository_permission,omitempty"` - MembersCanCreateRepositories *bool `json:"members_can_create_repositories,omitempty"` -} - -// RepoCreateOptions declares options for creating new repos -// See https://developer.github.com/v3/repos/#create -type RepoCreateOptions struct { - AutoInit *bool `json:"auto_init,omitempty"` - GitignoreTemplate *string `json:"gitignore_template,omitempty"` - LicenseTemplate *string `json:"license_template,omitempty"` -} - -// Repo declares metadata about the GitHub repository -// -// See https://developer.github.com/v3/repos/#edit -type Repo struct { - Description *string `json:"description,omitempty"` - HomePage *string `json:"homepage,omitempty"` - Private *bool `json:"private,omitempty"` - HasIssues *bool `json:"has_issues,omitempty"` - HasProjects *bool `json:"has_projects,omitempty"` - HasWiki *bool `json:"has_wiki,omitempty"` - AllowSquashMerge *bool `json:"allow_squash_merge,omitempty"` - AllowMergeCommit *bool `json:"allow_merge_commit,omitempty"` - AllowRebaseMerge *bool `json:"allow_rebase_merge,omitempty"` - SquashMergeCommitTitle *string `json:"squash_merge_commit_title,omitempty"` - SquashMergeCommitMessage *string `json:"squash_merge_commit_message,omitempty"` - - DefaultBranch *string `json:"default_branch,omitempty"` - Archived *bool `json:"archived,omitempty"` - - Previously []string `json:"previously,omitempty"` - - OnCreate *RepoCreateOptions `json:"on_create,omitempty"` -} - -// Config declares org metadata as well as its people and teams. -type Config struct { - Metadata - Teams map[string]Team `json:"teams,omitempty"` - Members []string `json:"members,omitempty"` - Admins []string `json:"admins,omitempty"` - Repos map[string]Repo `json:"repos,omitempty"` -} - -// TeamMetadata declares metadata about the github team. -// -// See https://developer.github.com/v3/teams/#edit-team -type TeamMetadata struct { - Description *string `json:"description,omitempty"` - Privacy *Privacy `json:"privacy,omitempty"` -} - -// Team declares metadata as well as its poeple. -type Team struct { - TeamMetadata - Members []string `json:"members,omitempty"` - Maintainers []string `json:"maintainers,omitempty"` - Children map[string]Team `json:"teams,omitempty"` - - Previously []string `json:"previously,omitempty"` - - // This is injected to the Team structure by listing privilege - // levels on dump and if set by users will cause privileges to - // be added on sync. - // https://developer.github.com/v3/teams/#list-team-repos - // https://developer.github.com/v3/teams/#add-or-update-team-repository - Repos map[string]github.RepoPermissionLevel `json:"repos,omitempty"` -} - -// Privacy is secret or closed. -// -// See https://developer.github.com/v3/teams/#edit-team -type Privacy string - -const ( - // Closed means it is only visible to org members - Closed Privacy = "closed" - // Secret means it is only visible to team members. - Secret Privacy = "secret" -) - -var privacySettings = map[Privacy]bool{ - Closed: true, - Secret: true, -} - -// MarshalText returns bytes that equal secret or closed -func (p Privacy) MarshalText() ([]byte, error) { - return []byte(p), nil -} - -// UnmarshalText returns an error if text != secret or closed -func (p *Privacy) UnmarshalText(text []byte) error { - v := Privacy(text) - if _, ok := privacySettings[v]; !ok { - return fmt.Errorf("bad privacy setting: %s", v) - } - *p = v - return nil -} - -// PruneRepoDefaults finds values in org.Repo config that matches the default -// values replaces them with nil pointer. This reduces the size of an org dump -// by omitting the fields that would be set to the same value when not set at all. -// See https://developer.github.com/v3/repos/#edit -func PruneRepoDefaults(repo Repo) Repo { - pruneString := func(p **string, def string) { - if *p != nil && **p == def { - *p = nil - } - } - pruneBool := func(p **bool, def bool) { - if *p != nil && **p == def { - *p = nil - } - } - - pruneString(&repo.Description, "") - pruneString(&repo.HomePage, "") - - pruneBool(&repo.Private, false) - pruneBool(&repo.HasIssues, true) - // Projects' defaults depend on org setting, do not prune - pruneBool(&repo.HasWiki, true) - pruneBool(&repo.AllowRebaseMerge, true) - pruneBool(&repo.AllowSquashMerge, true) - pruneBool(&repo.AllowMergeCommit, true) - - pruneBool(&repo.Archived, false) - pruneString(&repo.DefaultBranch, "master") - - return repo -} diff --git a/third_party/k8s.io/test-infra/prow/config/secret/agent.go b/third_party/k8s.io/test-infra/prow/config/secret/agent.go deleted file mode 100644 index 43e80e3..0000000 --- a/third_party/k8s.io/test-infra/prow/config/secret/agent.go +++ /dev/null @@ -1,183 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package secret implements an agent to read and reload the secrets. -package secret - -import ( - "fmt" - "sync" - - "github.com/sirupsen/logrus" - "k8s.io/apimachinery/pkg/util/sets" - - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/logrusutil" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/secretutil" -) - -// secretAgent is the singleton that loads secrets for us -var secretAgent *agent - -func init() { - secretAgent = &agent{ - secretsMap: map[string]secretReloader{}, - ReloadingCensorer: secretutil.NewCensorer(), - } - logrus.SetFormatter(logrusutil.NewFormatterWithCensor(logrus.StandardLogger().Formatter, secretAgent.ReloadingCensorer)) -} - -// Start creates goroutines to monitor the files that contain the secret value. -// Additionally, Start wraps the current standard logger formatter with a -// censoring formatter that removes secret occurrences from the logs. -func (a *agent) Start(paths []string) error { - a.secretsMap = make(map[string]secretReloader, len(paths)) - a.ReloadingCensorer = secretutil.NewCensorer() - - for _, path := range paths { - if err := a.Add(path); err != nil { - return fmt.Errorf("failed to load secret at %s: %w", path, err) - } - } - - logrus.SetFormatter(logrusutil.NewFormatterWithCensor(logrus.StandardLogger().Formatter, a.ReloadingCensorer)) - - return nil -} - -// Add registers a new path to the agent. -func Add(paths ...string) error { - for _, path := range paths { - if err := secretAgent.Add(path); err != nil { - return err - } - } - return nil -} - -// AddWithParser registers a new path to the agent. The secret will only be updated if it can -// be successfully parsed. The returned getter must be kept, as it is the only way of accessing -// the typed secret. -func AddWithParser[T any](path string, parsingFN func([]byte) (T, error)) (func() T, error) { - loader := &parsingSecretReloader[T]{ - path: path, - parsingFN: parsingFN, - } - return loader.get, secretAgent.add(path, loader) -} - -// GetSecret returns the value of a secret stored in a map. -func GetSecret(secretPath string) []byte { - return secretAgent.GetSecret(secretPath) -} - -// GetTokenGenerator returns a function that gets the value of a given secret. -func GetTokenGenerator(secretPath string) func() []byte { - return func() []byte { - return GetSecret(secretPath) - } -} - -func Censor(content []byte) []byte { - return secretAgent.Censor(content) -} - -// agent watches a path and automatically loads the secrets stored. -type agent struct { - sync.RWMutex - secretsMap map[string]secretReloader - *secretutil.ReloadingCensorer -} - -type secretReloader interface { - getRaw() []byte - start(reloadCensor func()) error -} - -// Add registers a new path to the agent. -func (a *agent) Add(path string) error { - return a.add(path, &parsingSecretReloader[[]byte]{ - path: path, - parsingFN: func(b []byte) ([]byte, error) { return b, nil }, - }) -} - -func (a *agent) add(path string, loader secretReloader) error { - if err := loader.start(a.refreshCensorer); err != nil { - return err - } - - a.setSecret(path, loader) - - return nil -} - -// GetSecret returns the value of a secret stored in a map. -func (a *agent) GetSecret(secretPath string) []byte { - a.RLock() - defer a.RUnlock() - if val, set := a.secretsMap[secretPath]; set { - return val.getRaw() - } - return nil -} - -// setSecret sets a value in a map of secrets. -func (a *agent) setSecret(secretPath string, secretValue secretReloader) { - a.Lock() - a.secretsMap[secretPath] = secretValue - a.Unlock() - a.refreshCensorer() -} - -// refreshCensorer should be called when the secrets map changes -func (a *agent) refreshCensorer() { - var secrets [][]byte - a.RLock() - for _, value := range a.secretsMap { - secrets = append(secrets, value.getRaw()) - } - a.RUnlock() - a.ReloadingCensorer.RefreshBytes(secrets...) -} - -// GetTokenGenerator returns a function that gets the value of a given secret. -func (a *agent) GetTokenGenerator(secretPath string) func() []byte { - return func() []byte { - return a.GetSecret(secretPath) - } -} - -// Censor replaces sensitive parts of the content with a placeholder. -func (a *agent) Censor(content []byte) []byte { - a.RLock() - defer a.RUnlock() - if a.ReloadingCensorer == nil { - // there's no constructor for an agent so we can't ensure that everyone is - // trying to censor *after* actually loading a secret ... - return content - } - return secretutil.AdaptCensorer(a.ReloadingCensorer)(content) -} - -func (a *agent) getSecrets() sets.Set[string] { - a.RLock() - defer a.RUnlock() - secrets := sets.New[string]() - for _, v := range a.secretsMap { - secrets.Insert(string(v.getRaw())) - } - return secrets -} diff --git a/third_party/k8s.io/test-infra/prow/config/secret/reloader.go b/third_party/k8s.io/test-infra/prow/config/secret/reloader.go deleted file mode 100644 index 6734191..0000000 --- a/third_party/k8s.io/test-infra/prow/config/secret/reloader.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package secret - -import ( - "os" - "sync" - "time" - - "github.com/sirupsen/logrus" -) - -type parsingSecretReloader[T any] struct { - lock sync.RWMutex - path string - rawValue []byte - parsed T - parsingFN func([]byte) (T, error) -} - -func (p *parsingSecretReloader[T]) start(reloadCensor func()) error { - raw, parsed, err := loadSingleSecretWithParser(p.path, p.parsingFN) - if err != nil { - return err - } - p.lock.Lock() - p.rawValue = raw - p.parsed = parsed - p.lock.Unlock() - reloadCensor() - - go p.reloadSecret(reloadCensor) - return nil -} - -func (p *parsingSecretReloader[T]) reloadSecret(reloadCensor func()) { - var lastModTime time.Time - logger := logrus.NewEntry(logrus.StandardLogger()) - - skips := 0 - for range time.Tick(1 * time.Second) { - if skips < 600 { - // Check if the file changed to see if it needs to be re-read. - secretStat, err := os.Stat(p.path) - if err != nil { - logger.WithField("secret-path", p.path).WithError(err).Error("Error loading secret file.") - continue - } - - recentModTime := secretStat.ModTime() - if !recentModTime.After(lastModTime) { - skips++ - continue // file hasn't been modified - } - lastModTime = recentModTime - } - - raw, parsed, err := loadSingleSecretWithParser(p.path, p.parsingFN) - if err != nil { - logger.WithField("secret-path", p.path).WithError(err).Error("Error loading secret.") - continue - } - - p.lock.Lock() - p.rawValue = raw - p.parsed = parsed - p.lock.Unlock() - reloadCensor() - - skips = 0 - } - -} - -func (p *parsingSecretReloader[T]) getRaw() []byte { - p.lock.RLock() - defer p.lock.RUnlock() - return p.rawValue -} - -func (p *parsingSecretReloader[T]) get() T { - p.lock.RLock() - defer p.lock.RUnlock() - return p.parsed -} diff --git a/third_party/k8s.io/test-infra/prow/config/secret/secret.go b/third_party/k8s.io/test-infra/prow/config/secret/secret.go deleted file mode 100644 index bd01e85..0000000 --- a/third_party/k8s.io/test-infra/prow/config/secret/secret.go +++ /dev/null @@ -1,41 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package secret - -import ( - "bytes" - "fmt" - "os" -) - -// loadSingleSecret reads and returns the value of a single file. -func loadSingleSecret(path string) ([]byte, error) { - b, err := os.ReadFile(path) - if err != nil { - return nil, fmt.Errorf("error reading %s: %w", path, err) - } - return bytes.TrimSpace(b), nil -} - -func loadSingleSecretWithParser[T any](path string, parsingFN func([]byte) (T, error)) ([]byte, T, error) { - raw, err := loadSingleSecret(path) - if err != nil { - return nil, *(new(T)), err - } - parsed, err := parsingFN(raw) - return raw, parsed, err -} diff --git a/third_party/k8s.io/test-infra/prow/flagutil/bool.go b/third_party/k8s.io/test-infra/prow/flagutil/bool.go deleted file mode 100644 index b97e0ce..0000000 --- a/third_party/k8s.io/test-infra/prow/flagutil/bool.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flagutil - -import ( - "strconv" -) - -// Bool holds a boolean flag value, tracking whether it was set explicitly. -type Bool struct { - Value bool - Explicit bool -} - -// IsBoolFlag causes golang to consider --foo to mean --foo=true -func (b *Bool) IsBoolFlag() bool { - return true -} - -// String value of the string. -func (b *Bool) String() string { - return strconv.FormatBool(b.Value) -} - -// Set the bool according to the string. -func (b *Bool) Set(s string) error { - v, err := strconv.ParseBool(s) - if err != nil { - return err - } - b.Explicit = true - b.Value = v - return nil -} diff --git a/third_party/k8s.io/test-infra/prow/flagutil/doc.go b/third_party/k8s.io/test-infra/prow/flagutil/doc.go deleted file mode 100644 index e9e08a8..0000000 --- a/third_party/k8s.io/test-infra/prow/flagutil/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package flagutil contains utilities and interfaces shared between -// several Prow commands. -package flagutil diff --git a/third_party/k8s.io/test-infra/prow/flagutil/git.go b/third_party/k8s.io/test-infra/prow/flagutil/git.go deleted file mode 100644 index b1ce385..0000000 --- a/third_party/k8s.io/test-infra/prow/flagutil/git.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flagutil - -import ( - "errors" - "flag" - - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/git/v2" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/github" - utilpointer "k8s.io/utils/pointer" -) - -// GitOptions holds options for interacting with git. -type GitOptions struct { - host string - user string - email string - tokenPath string - useSSH bool - useGitHubUser bool -} - -// AddFlags injects Git options into the given FlagSet. -func (o *GitOptions) AddFlags(fs *flag.FlagSet) { - fs.StringVar(&o.host, "git-host", "github.com", "host to contact for git operations.") - fs.StringVar(&o.user, "git-user", "", "User for git commits, optional. Can be derived from GitHub credentials.") - fs.StringVar(&o.email, "git-email", "", "Email for git commits, optional. Can be derived from GitHub credentials.") - fs.StringVar(&o.tokenPath, "git-token-path", "", "Path to the file containing the git token for HTTPS operations, optional. Can be derived from GitHub credentials.") - fs.BoolVar(&o.useSSH, "git-over-ssh", false, "Use SSH when pushing and pulling instead of HTTPS. SSH credentials should be present at ~/.ssh") - fs.BoolVar(&o.useGitHubUser, "git-user-from-github", true, "Use GitHub credentials and user identity for git operations.") -} - -// Validate validates Git options. -func (o *GitOptions) Validate(dryRun bool) error { - if o.host == "" { - return errors.New("--git-host is required") - } - - if !o.useGitHubUser { - switch { - case o.user == "": - return errors.New("--git-user is required, or may be loaded by setting --git-user-from-github") - case o.email == "": - return errors.New("--git-email is required, or may be loaded by setting --git-user-from-github") - } - } - - if !o.useSSH && !o.useGitHubUser && o.tokenPath == "" { - return errors.New("--git-token-path must be provided or defaulted by setting --git-user-from-github or --git-over-ssh") - } - return nil -} - -// GitClient creates a new git client. -func (o *GitOptions) GitClient(userClient github.UserClient, token func() []byte, censor func(content []byte) []byte, dryRun bool) (git.ClientFactory, error) { - gitUser := func() (name, email string, err error) { - name, email = o.user, o.email - if o.useGitHubUser { - user, err := userClient.BotUser() - if err != nil { - return "", "", err - } - name = user.Name - email = user.Email - } - return name, email, nil - } - username := func() (login string, err error) { - user, err := userClient.BotUser() - if err != nil { - return "", err - } - return user.Login, nil - } - opts := git.ClientFactoryOpts{ - Host: o.host, - UseSSH: utilpointer.BoolPtr(o.useSSH), - Username: username, - Token: token, - GitUser: gitUser, - Censor: censor, - } - return git.NewClientFactory(opts.Apply) -} diff --git a/third_party/k8s.io/test-infra/prow/flagutil/github.go b/third_party/k8s.io/test-infra/prow/flagutil/github.go deleted file mode 100644 index 62ab459..0000000 --- a/third_party/k8s.io/test-infra/prow/flagutil/github.go +++ /dev/null @@ -1,420 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flagutil - -import ( - "crypto/rsa" - "errors" - "flag" - "fmt" - "net/url" - "strconv" - "strings" - "time" - - "github.com/dgrijalva/jwt-go/v4" - "github.com/sirupsen/logrus" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/config/secret" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/git" - gitv2 "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/git/v2" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/github" -) - -// GitHubOptions holds options for interacting with GitHub. -// -// Set AllowAnonymous to be true if you want to allow anonymous github access. -// Set AllowDirectAccess to be true if you want to suppress warnings on direct github access (without ghproxy). -type GitHubOptions struct { - Host string - endpoint Strings - graphqlEndpoint string - TokenPath string - AllowAnonymous bool - AllowDirectAccess bool - AppID string - AppPrivateKeyPath string - - ThrottleHourlyTokens int - ThrottleAllowBurst int - - OrgThrottlers Strings - parsedOrgThrottlers map[string]throttlerSettings - - // These will only be set after a github client was retrieved for the first time - tokenGenerator github.TokenGenerator - userGenerator github.UserGenerator - - // the following options determine how the client behaves around retries - maxRequestTime time.Duration - maxRetries int - max404Retries int - initialDelay time.Duration - maxSleepTime time.Duration -} - -type throttlerSettings struct { - hourlyTokens int - burst int -} - -// flagParams struct is used indirectly by users of this package to customize -// the common flags behavior, such as providing their own default values -// or suppressing presence of certain flags. -type flagParams struct { - defaults GitHubOptions - - disableThrottlerOptions bool -} - -type FlagParameter func(options *flagParams) - -// ThrottlerDefaults allows to customize the default values of flags -// that control the throttler behavior. Setting `hourlyTokens` to zero -// disables throttling by default. -func ThrottlerDefaults(hourlyTokens, allowedBursts int) FlagParameter { - return func(o *flagParams) { - o.defaults.ThrottleHourlyTokens = hourlyTokens - o.defaults.ThrottleAllowBurst = allowedBursts - } -} - -// DisableThrottlerOptions suppresses the presence of throttler-related flags, -// effectively disallowing external users to parametrize default throttling -// behavior. This is useful mostly when a program creates multiple GH clients -// with different behavior. -func DisableThrottlerOptions() FlagParameter { - return func(o *flagParams) { - o.disableThrottlerOptions = true - } -} - -// AddCustomizedFlags injects GitHub options into the given FlagSet. Behavior can be customized -// via the functional options. -func (o *GitHubOptions) AddCustomizedFlags(fs *flag.FlagSet, paramFuncs ...FlagParameter) { - o.addFlags(fs, paramFuncs...) -} - -// AddFlags injects GitHub options into the given FlagSet -func (o *GitHubOptions) AddFlags(fs *flag.FlagSet) { - o.addFlags(fs) -} - -func (o *GitHubOptions) addFlags(fs *flag.FlagSet, paramFuncs ...FlagParameter) { - params := flagParams{ - defaults: GitHubOptions{ - Host: github.DefaultHost, - endpoint: NewStrings(github.DefaultAPIEndpoint), - graphqlEndpoint: github.DefaultGraphQLEndpoint, - }, - } - - for _, parametrize := range paramFuncs { - parametrize(¶ms) - } - - defaults := params.defaults - fs.StringVar(&o.Host, "github-host", defaults.Host, "GitHub's default host (may differ for enterprise)") - o.endpoint = NewStrings(defaults.endpoint.Strings()...) - fs.Var(&o.endpoint, "github-endpoint", "GitHub's API endpoint (may differ for enterprise).") - fs.StringVar(&o.graphqlEndpoint, "github-graphql-endpoint", defaults.graphqlEndpoint, "GitHub GraphQL API endpoint (may differ for enterprise).") - fs.StringVar(&o.TokenPath, "github-token-path", defaults.TokenPath, "Path to the file containing the GitHub OAuth secret.") - fs.StringVar(&o.AppID, "github-app-id", defaults.AppID, "ID of the GitHub app. If set, requires --github-app-private-key-path to be set and --github-token-path to be unset.") - fs.StringVar(&o.AppPrivateKeyPath, "github-app-private-key-path", defaults.AppPrivateKeyPath, "Path to the private key of the github app. If set, requires --github-app-id to bet set and --github-token-path to be unset") - - if !params.disableThrottlerOptions { - fs.IntVar(&o.ThrottleHourlyTokens, "github-hourly-tokens", defaults.ThrottleHourlyTokens, "If set to a value larger than zero, enable client-side throttling to limit hourly token consumption. If set, --github-allowed-burst must be positive too.") - fs.IntVar(&o.ThrottleAllowBurst, "github-allowed-burst", defaults.ThrottleAllowBurst, "Size of token consumption bursts. If set, --github-hourly-tokens must be positive too and set to a higher or equal number.") - fs.Var(&o.OrgThrottlers, "github-throttle-org", "Throttler settings for a specific org in org:hourlyTokens:burst format. Can be passed multiple times. Only valid when using github apps auth.") - } - - fs.DurationVar(&o.maxRequestTime, "github-client.request-timeout", github.DefaultMaxSleepTime, "Timeout for any single request to the GitHub API.") - fs.IntVar(&o.maxRetries, "github-client.max-retries", github.DefaultMaxRetries, "Maximum number of retries that will be used for a failing request to the GitHub API.") - fs.IntVar(&o.max404Retries, "github-client.max-404-retries", github.DefaultMax404Retries, "Maximum number of retries that will be used for a 404-ing request to the GitHub API.") - fs.DurationVar(&o.maxSleepTime, "github-client.backoff-timeout", github.DefaultMaxSleepTime, "Largest allowable Retry-After time for requests to the GitHub API.") - fs.DurationVar(&o.initialDelay, "github-client.initial-delay", github.DefaultInitialDelay, "Initial delay before retries begin for requests to the GitHub API.") -} - -func (o *GitHubOptions) parseOrgThrottlers() error { - if len(o.OrgThrottlers.vals) == 0 { - return nil - } - - if o.AppID == "" { - return errors.New("--github-throttle-org was passed, but client doesn't use apps auth") - } - - o.parsedOrgThrottlers = make(map[string]throttlerSettings, len(o.OrgThrottlers.vals)) - var errs []error - for _, orgThrottler := range o.OrgThrottlers.vals { - colonSplit := strings.Split(orgThrottler, ":") - if len(colonSplit) != 3 { - errs = append(errs, fmt.Errorf("-github-throttle-org=%s is not in org:hourlyTokens:burst format", orgThrottler)) - continue - } - org, hourlyTokensString, burstString := colonSplit[0], colonSplit[1], colonSplit[2] - hourlyTokens, err := strconv.ParseInt(hourlyTokensString, 10, 32) - if err != nil { - errs = append(errs, fmt.Errorf("-github-throttle-org=%s is not in org:hourlyTokens:burst format: hourlyTokens is not an int", orgThrottler)) - continue - } - burst, err := strconv.ParseInt(burstString, 10, 32) - if err != nil { - errs = append(errs, fmt.Errorf("-github-throttle-org=%s is not in org:hourlyTokens:burst format: burst is not an int", orgThrottler)) - continue - } - if hourlyTokens < 1 { - errs = append(errs, fmt.Errorf("-github-throttle-org=%s: hourlyTokens must be > 0", orgThrottler)) - continue - } - if burst < 1 { - errs = append(errs, fmt.Errorf("-github-throttle-org=%s: burst must be > 0", orgThrottler)) - continue - } - if burst > hourlyTokens { - errs = append(errs, fmt.Errorf("-github-throttle-org=%s: burst must not be greater than hourlyTokens", orgThrottler)) - continue - } - if _, alreadyExists := o.parsedOrgThrottlers[org]; alreadyExists { - errs = append(errs, fmt.Errorf("got multiple -github-throttle-org for the %s org", org)) - continue - } - o.parsedOrgThrottlers[org] = throttlerSettings{hourlyTokens: int(hourlyTokens), burst: int(burst)} - } - - return utilerrors.NewAggregate(errs) -} - -// Validate validates GitHub options. Note that validate updates the GitHubOptions -// to add default values for TokenPath and graphqlEndpoint. -func (o *GitHubOptions) Validate(bool) error { - endpoints := o.endpoint.Strings() - for i, uri := range endpoints { - if uri == "" { - endpoints[i] = github.DefaultAPIEndpoint - } else if _, err := url.ParseRequestURI(uri); err != nil { - return fmt.Errorf("invalid -github-endpoint URI: %q", uri) - } - } - - if o.TokenPath != "" && (o.AppID != "" || o.AppPrivateKeyPath != "") { - return fmt.Errorf("--token-path is mutually exclusive with --app-id and --app-private-key-path") - } - if o.AppID == "" != (o.AppPrivateKeyPath == "") { - return errors.New("--app-id and --app-private-key-path must be set together") - } - - if o.TokenPath != "" && len(endpoints) == 1 && endpoints[0] == github.DefaultAPIEndpoint && !o.AllowDirectAccess { - logrus.Warn("It doesn't look like you are using ghproxy to cache API calls to GitHub! This has become a required component of Prow and other components will soon be allowed to add features that may rapidly consume API ratelimit without caching. Starting May 1, 2020 use Prow components without ghproxy at your own risk! https://github.com/kubernetes/test-infra/tree/master/ghproxy#ghproxy") - } - - if o.graphqlEndpoint == "" { - o.graphqlEndpoint = github.DefaultGraphQLEndpoint - } else if _, err := url.Parse(o.graphqlEndpoint); err != nil { - return fmt.Errorf("invalid -github-graphql-endpoint URI: %q", o.graphqlEndpoint) - } - - if (o.ThrottleHourlyTokens > 0) != (o.ThrottleAllowBurst > 0) { - if o.ThrottleHourlyTokens == 0 { - // Tolerate `--github-hourly-tokens=0` alone to disable throttling - o.ThrottleAllowBurst = 0 - } else { - return errors.New("--github-hourly-tokens and --github-allowed-burst must be either both higher than zero or both equal to zero") - } - } - if o.ThrottleAllowBurst > o.ThrottleHourlyTokens { - return errors.New("--github-allowed-burst must not be larger than --github-hourly-tokens") - } - - return o.parseOrgThrottlers() -} - -// GitHubClientWithLogFields returns a GitHub client with extra logging fields -func (o *GitHubOptions) GitHubClientWithLogFields(dryRun bool, fields logrus.Fields) (github.Client, error) { - client, err := o.githubClient(dryRun) - if err != nil { - return nil, err - } - return client.WithFields(fields), nil -} - -func (o *GitHubOptions) githubClient(dryRun bool) (github.Client, error) { - fields := logrus.Fields{} - options := o.baseClientOptions() - options.DryRun = dryRun - - if o.TokenPath == "" && o.AppPrivateKeyPath == "" { - logrus.Warn("empty -github-token-path, will use anonymous github client") - } - - if o.TokenPath == "" { - options.GetToken = func() []byte { - return []byte{} - } - } else { - if err := secret.Add(o.TokenPath); err != nil { - return nil, fmt.Errorf("failed to add GitHub token to secret agent: %w", err) - } - options.GetToken = secret.GetTokenGenerator(o.TokenPath) - } - - if o.AppPrivateKeyPath != "" { - apk, err := o.appPrivateKeyGenerator() - if err != nil { - return nil, err - } - options.AppPrivateKey = apk - } - - optionallyThrottled := func(c github.Client) (github.Client, error) { - // Throttle handles zeros as "disable throttling" so we do not need to call it conditionally - if err := c.Throttle(o.ThrottleHourlyTokens, o.ThrottleAllowBurst); err != nil { - return nil, fmt.Errorf("failed to throttle: %w", err) - } - for org, settings := range o.parsedOrgThrottlers { - if err := c.Throttle(settings.hourlyTokens, settings.burst, org); err != nil { - return nil, fmt.Errorf("failed to set up throttling for org %s: %w", org, err) - } - } - return c, nil - } - - tokenGenerator, userGenerator, client, err := github.NewClientFromOptions(fields, options) - if err != nil { - return nil, fmt.Errorf("failed to construct github client: %w", err) - } - o.tokenGenerator = tokenGenerator - o.userGenerator = userGenerator - return optionallyThrottled(client) -} - -// baseClientOptions populates client options that are derived from flags without processing -func (o *GitHubOptions) baseClientOptions() github.ClientOptions { - return github.ClientOptions{ - Censor: secret.Censor, - AppID: o.AppID, - GraphqlEndpoint: o.graphqlEndpoint, - Bases: o.endpoint.Strings(), - MaxRequestTime: o.maxRequestTime, - InitialDelay: o.initialDelay, - MaxSleepTime: o.maxSleepTime, - MaxRetries: o.maxRetries, - Max404Retries: o.max404Retries, - } -} - -// GitHubClient returns a GitHub client. -func (o *GitHubOptions) GitHubClient(dryRun bool) (github.Client, error) { - return o.GitHubClientWithLogFields(dryRun, logrus.Fields{}) -} - -// GitHubClientWithAccessToken creates a GitHub client from an access token. -func (o *GitHubOptions) GitHubClientWithAccessToken(token string) (github.Client, error) { - options := o.baseClientOptions() - options.GetToken = func() []byte { return []byte(token) } - options.AppID = "" // Since we are using a token, we should not use the app auth - _, _, client, err := github.NewClientFromOptions(logrus.Fields{}, options) - return client, err -} - -// GitClientFactory returns git.ClientFactory. Passing non-empty cookieFilePath -// will result in git ClientFactory to work with Gerrit. -// TODO(chaodaiG): move this logic to somewhere more appropriate instead of in -// github.go. -func (o *GitHubOptions) GitClientFactory(cookieFilePath string, cacheDir *string, dryRun bool) (gitv2.ClientFactory, error) { - var gitClientFactory gitv2.ClientFactory - if cookieFilePath != "" && o.TokenPath == "" && o.AppPrivateKeyPath == "" { - opts := gitv2.ClientFactoryOpts{ - CookieFilePath: cookieFilePath, - } - if cacheDir != nil && *cacheDir != "" { - opts.CacheDirBase = cacheDir - } - var err error - gitClientFactory, err = gitv2.NewClientFactory(opts.Apply) - if err != nil { - return nil, fmt.Errorf("failed to create git client from cookieFile: %v\n(cookieFile is only for Gerrit)", err) - } - } else { - gitClient, err := o.GitClient(dryRun) - if err != nil { - return nil, fmt.Errorf("Error getting git client: %w", err) - } - gitClientFactory = gitv2.ClientFactoryFrom(gitClient) - } - - return gitClientFactory, nil -} - -// GitClient returns a Git client. -func (o *GitHubOptions) GitClient(dryRun bool) (client *git.Client, err error) { - client, err = git.NewClientWithHost(o.Host) - if err != nil { - return nil, err - } - - // We must capture the value of client here to prevent issues related - // to the use of named return values when an error is encountered. - // Without this, we risk a nil pointer dereference. - defer func(client *git.Client) { - if err != nil { - client.Clean() - } - }(client) - - user, generator, err := o.getGitAuthentication(dryRun) - if err != nil { - return nil, fmt.Errorf("failed to get git authentication: %w", err) - } - client.SetCredentials(user, generator) - - return client, nil -} - -func (o *GitHubOptions) getGitAuthentication(dryRun bool) (string, git.GitTokenGenerator, error) { - // the client must have been created at least once for us to have generators - if o.userGenerator == nil { - if _, err := o.GitHubClient(dryRun); err != nil { - return "", nil, fmt.Errorf("error getting GitHub client: %w", err) - } - } - - login, err := o.userGenerator() - if err != nil { - return "", nil, fmt.Errorf("error getting bot name: %w", err) - } - return login, git.GitTokenGenerator(o.tokenGenerator), nil -} - -func (o *GitHubOptions) appPrivateKeyGenerator() (func() *rsa.PrivateKey, error) { - generator, err := secret.AddWithParser( - o.AppPrivateKeyPath, - func(raw []byte) (*rsa.PrivateKey, error) { - privateKey, err := jwt.ParseRSAPrivateKeyFromPEM(raw) - if err != nil { - return nil, fmt.Errorf("failed to parse rsa key from pem: %w", err) - } - return privateKey, nil - }, - ) - if err != nil { - return nil, fmt.Errorf("failed to add the key from --app-private-key-path to secret agent: %w", err) - } - - return generator, nil -} diff --git a/third_party/k8s.io/test-infra/prow/flagutil/github_enablement.go b/third_party/k8s.io/test-infra/prow/flagutil/github_enablement.go deleted file mode 100644 index ed5a886..0000000 --- a/third_party/k8s.io/test-infra/prow/flagutil/github_enablement.go +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flagutil - -import ( - "flag" - "fmt" - "strings" - - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/sets" -) - -// GitHubEnablementOptions allows enable/disable functionality on a github org or -// org/repo level. If either EnabledOrgs or EnabledRepos is set, only org/repos in -// those are allowed, otherwise everything that is not in DisabledOrgs or DisabledRepos -// is allowed. -type GitHubEnablementOptions struct { - enabledOrgs Strings - enabledRepos Strings - disabledOrgs Strings - disabledRepos Strings -} - -func (o *GitHubEnablementOptions) AddFlags(fs *flag.FlagSet) { - fs.Var(&o.enabledOrgs, "github-enabled-org", "Enabled github org. Can be passed multiple times. If set, all orgs or repos that are not allowed via --gitbub-enabled-orgs or --github-enabled-repos will be ignored") - fs.Var(&o.enabledRepos, "github-enabled-repo", "Enabled github repo in org/repo format. Can be passed multiple times. If set, all orgs or repos that are not allowed via --gitbub-enabled-orgs or --github-enabled-repos will be ignored") - fs.Var(&o.disabledOrgs, "github-disabled-org", "Disabled github org. Can be passed multiple times. Orgs that are in this list will be ignored.") - fs.Var(&o.disabledRepos, "github-disabled-repo", "Disabled github repo in org/repo format. Can be passed multiple times. Repos that are in this list will be ignored.") -} - -func (o *GitHubEnablementOptions) Validate(_ bool) error { - var errs []error - - for _, enabledRepo := range o.enabledRepos.vals { - if err := validateOrgRepoFormat(enabledRepo); err != nil { - errs = append(errs, fmt.Errorf("--github-enabled-repo=%s is invalid: %w", enabledRepo, err)) - } - } - for _, disabledRepo := range o.disabledRepos.vals { - if err := validateOrgRepoFormat(disabledRepo); err != nil { - errs = append(errs, fmt.Errorf("--github-disabled-repo=%s is invalid: %w", disabledRepo, err)) - } - } - - if intersection := o.enabledOrgs.StringSet().Intersection(o.disabledOrgs.StringSet()); len(intersection) != 0 { - errs = append(errs, fmt.Errorf("%v is in both --github-enabled-org and --github-disabled-org", sets.List(intersection))) - } - - if intersection := o.enabledRepos.StringSet().Intersection(o.disabledRepos.StringSet()); len(intersection) != 0 { - errs = append(errs, fmt.Errorf("%v is in both --github-enabled-repo and --github-disabled-repo", sets.List(intersection))) - } - - return utilerrors.NewAggregate(errs) -} - -func validateOrgRepoFormat(orgRepo string) error { - components := strings.Split(orgRepo, "/") - if n := len(components); n != 2 || components[0] == "" || components[1] == "" { - return fmt.Errorf("%q is not in org/repo format", orgRepo) - } - - return nil -} - -func (o *GitHubEnablementOptions) EnablementChecker() func(org, repo string) bool { - enabledOrgs := o.enabledOrgs.StringSet() - enabledRepos := o.enabledRepos.StringSet() - disabledOrgs := o.disabledOrgs.StringSet() - diabledRepos := o.disabledRepos.StringSet() - return func(org, repo string) bool { - if len(enabledOrgs) > 0 || len(enabledRepos) > 0 { - if !enabledOrgs.Has(org) && !enabledRepos.Has(org+"/"+repo) { - return false - } - } - - return !disabledOrgs.Has(org) && !diabledRepos.Has(org+"/"+repo) - } -} diff --git a/third_party/k8s.io/test-infra/prow/flagutil/instrumentation.go b/third_party/k8s.io/test-infra/prow/flagutil/instrumentation.go deleted file mode 100644 index a482f6c..0000000 --- a/third_party/k8s.io/test-infra/prow/flagutil/instrumentation.go +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flagutil - -import ( - "flag" - "time" -) - -const ( - DefaultMetricsPort = 9090 - DefaultPProfPort = 6060 - DefaultHealthPort = 8081 - - DefaultMemoryProfileInterval = 30 * time.Second -) - -// InstrumentationOptions holds common options which are used across Prow components -type InstrumentationOptions struct { - // MetricsPort is the port which is used to serve metrics - MetricsPort int - // PProfPort is the port which is used to serve pprof - PProfPort int - // HealthPort is the port which is used to serve liveness and readiness - HealthPort int - - // ProfileMemory determines if the process should profile memory - ProfileMemory bool - // MemoryProfileInterval is the interval at which memory profiles should be dumped - MemoryProfileInterval time.Duration -} - -// DefaultInstrumentationOptions returns an initialized options struct, mostly for use in tests. -func DefaultInstrumentationOptions() InstrumentationOptions { - return InstrumentationOptions{ - MetricsPort: DefaultMetricsPort, - PProfPort: DefaultPProfPort, - HealthPort: DefaultHealthPort, - ProfileMemory: false, - MemoryProfileInterval: DefaultMemoryProfileInterval, - } -} - -// AddFlags injects common options into the given FlagSet. -func (o *InstrumentationOptions) AddFlags(fs *flag.FlagSet) { - fs.IntVar(&o.MetricsPort, "metrics-port", DefaultMetricsPort, "port to serve metrics") - fs.IntVar(&o.PProfPort, "pprof-port", DefaultPProfPort, "port to serve pprof") - fs.IntVar(&o.HealthPort, "health-port", DefaultHealthPort, "port to serve liveness and readiness") - fs.BoolVar(&o.ProfileMemory, "profile-memory-usage", false, "profile memory usage for analysis") - fs.DurationVar(&o.MemoryProfileInterval, "memory-profile-interval", DefaultMemoryProfileInterval, "duration at which memory profiles should be dumped") -} - -func (o *InstrumentationOptions) Validate(_ bool) error { - return nil -} diff --git a/third_party/k8s.io/test-infra/prow/flagutil/strings.go b/third_party/k8s.io/test-infra/prow/flagutil/strings.go deleted file mode 100644 index b9ef203..0000000 --- a/third_party/k8s.io/test-infra/prow/flagutil/strings.go +++ /dev/null @@ -1,76 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flagutil - -import ( - "strings" - - "k8s.io/apimachinery/pkg/util/sets" -) - -// Strings represents the value of a flag that accept multiple strings. -type Strings struct { - vals []string - beenSet bool -} - -// NewStrings returns a Strings struct that defaults to the value of def if left unset. -func NewStrings(def ...string) Strings { - return Strings{ - vals: def, - beenSet: false, - } -} - -// NewStringsBeenSet returns a Strings struct with beenSet: true -func NewStringsBeenSet(def ...string) Strings { - return Strings{ - vals: def, - beenSet: true, - } -} - -// Strings returns the slice of strings set for this value instance. -func (s *Strings) Strings() []string { - return s.vals -} - -// StringSet returns a sets.Set[string] of strings set for this value instance. -func (s *Strings) StringSet() sets.Set[string] { - return sets.New[string](s.Strings()...) -} - -// String returns a concatenated string of all the values joined by commas. -func (s *Strings) String() string { - return strings.Join(s.vals, ",") -} - -// Set records the value passed, overwriting the defaults (if any) -func (s *Strings) Set(value string) error { - if !s.beenSet { - s.beenSet = true - // Value is being set, don't use default. - s.vals = nil - } - s.vals = append(s.vals, value) - return nil -} - -// Add records the value passes, adding to the defaults (if any) -func (s *Strings) Add(value string) { - s.vals = append(s.vals, value) -} diff --git a/third_party/k8s.io/test-infra/prow/gerrit/source/source.go b/third_party/k8s.io/test-infra/prow/gerrit/source/source.go deleted file mode 100644 index fc17734..0000000 --- a/third_party/k8s.io/test-infra/prow/gerrit/source/source.go +++ /dev/null @@ -1,106 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package source contains functions that help with Gerrit source control -// specific logics. -package source - -import ( - "fmt" - "strings" -) - -// IsGerritOrg tells whether the org is a Gerrit org or not. It returns true -// when the org string starts with https://. -func IsGerritOrg(org string) bool { - return strings.HasPrefix(org, "https://") || strings.HasPrefix(org, "http://") -} - -// CloneURIFromOrgRepo returns normalized cloneURI from org and repo. The -// returns cloneURI will always have https:// or http:// prefix, and there is no -// trailing slash at the end. -func CloneURIFromOrgRepo(org, repo string) string { - return NormalizeCloneURI(orgRepo(org, repo)) -} - -// NormalizeOrg returns normalized org. It ensures that org always has https:// -// or http:// prefix, and there is no trailing slash at the end. This function -// should be used everywhere that Gerrit org is referenced. -func NormalizeOrg(org string) string { - return strings.TrimRight(ensuresHTTPSPrefix(org), "/") -} - -// NormalizeCloneURI returns normalized cloneURI. It ensures that cloneURI -// always has https:// or http:// prefix, and there is no trailing slash at the -// end. This function should be used everywhere that Gerrit cloneURI is -// referenced. -func NormalizeCloneURI(cloneURI string) string { - return strings.TrimRight(ensuresHTTPSPrefix(cloneURI), "/") -} - -// OrgRepoFromCloneURI returns org and repo from cloneURI. The returned org -// always has https:// or http:// prefix even if cloneURI doesn't have it. -func OrgRepoFromCloneURI(cloneURI string) (string, string, error) { - scheme := "https://" - if strings.HasPrefix(cloneURI, "http://") { - scheme = "http://" - } - cloneURIWithoutPrefix := TrimHTTPSPrefix(cloneURI) - var org, repo string - parts := strings.SplitN(cloneURIWithoutPrefix, "/", 2) - if len(parts) != 2 { - return org, repo, fmt.Errorf("should have 2 parts: %v", parts) - } - return NormalizeOrg(scheme + parts[0]), strings.TrimRight(parts[1], "/"), nil -} - -func ensuresHTTPSPrefix(in string) string { - scheme := "https://" - if strings.HasPrefix(in, "http://") { - scheme = "http://" - } - return fmt.Sprintf("%s%s", scheme, strings.Trim(TrimHTTPSPrefix(in), "/")) -} - -// TrimHTTPSPrefix trims https:// and http:// from input, also remvoes all -// trailing slashes from the end. -func TrimHTTPSPrefix(in string) string { - in = strings.TrimPrefix(in, "https://") - in = strings.TrimPrefix(in, "http://") - return strings.TrimRight(in, "/") -} - -// orgRepo returns /, removes all extra slashs. -func orgRepo(org, repo string) string { - org = strings.Trim(org, "/") - repo = strings.Trim(repo, "/") - return org + "/" + repo -} - -// CodeRootURL converts code review URL into source code URL, simply -// trimming the `-review` suffix from the name of the org. -// -// Gerrit URL for sourcecode looks like -// https://android.googlesource.com, and the code review URL looks like -// https://android-review.googlesource.com/c/platform/frameworks/support/+/2260382. -func CodeRootURL(reviewURL string) (string, error) { - orgParts := strings.Split(reviewURL, ".") - if !strings.HasSuffix(orgParts[0], "-review") { - return "", fmt.Errorf("cannot find '-review' suffix from the first part of url %v", orgParts) - } - orgParts[0] = strings.TrimSuffix(orgParts[0], "-review") - return strings.Join(orgParts, "."), nil -} diff --git a/third_party/k8s.io/test-infra/prow/git/git.go b/third_party/k8s.io/test-infra/prow/git/git.go deleted file mode 100644 index 3d28200..0000000 --- a/third_party/k8s.io/test-infra/prow/git/git.go +++ /dev/null @@ -1,639 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package git provides a client to plugins that can do git operations. -package git - -import ( - "bufio" - "bytes" - "errors" - "fmt" - "os" - "os/exec" - "path/filepath" - "strings" - "sync" - "time" - - "github.com/sirupsen/logrus" - - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/git/types" -) - -const github = "github.com" - -// Client can clone repos. It keeps a local cache, so successive clones of the -// same repo should be quick. Create with NewClient. Be sure to clean it up. -type Client struct { - // logger will be used to log git operations and must be set. - logger *logrus.Entry - - credLock sync.RWMutex - // user is used when pushing or pulling code if specified. - user string - - // needed to generate the token. - tokenGenerator GitTokenGenerator - - // dir is the location of the git cache. - dir string - // git is the path to the git binary. - git string - // base is the base path for git clone calls. For users it will be set to - // GitHub, but for tests set it to a directory with git repos. - base string - // host is the git host. - // TODO: use either base or host. the redundancy here is to help landing - // #14609 easier. - host string - - // The mutex protects repoLocks which protect individual repos. This is - // necessary because Clone calls for the same repo are racy. Rather than - // one lock for all repos, use a lock per repo. - // Lock with Client.lockRepo, unlock with Client.unlockRepo. - rlm sync.Mutex - repoLocks map[string]*sync.Mutex -} - -// Clean removes the local repo cache. The Client is unusable after calling. -func (c *Client) Clean() error { - return os.RemoveAll(c.dir) -} - -// NewClient returns a client that talks to GitHub. It will fail if git is not -// in the PATH. -func NewClient() (*Client, error) { - return NewClientWithHost(github) -} - -// NewClientWithHost creates a client with specified host. -func NewClientWithHost(host string) (*Client, error) { - g, err := exec.LookPath("git") - if err != nil { - return nil, err - } - t, err := os.MkdirTemp("", "git") - if err != nil { - return nil, err - } - return &Client{ - logger: logrus.WithField("client", "git"), - tokenGenerator: func(_ string) (string, error) { return "", nil }, - dir: t, - git: g, - base: fmt.Sprintf("https://%s", host), - host: host, - repoLocks: make(map[string]*sync.Mutex), - }, nil -} - -// SetRemote sets the remote for the client. This is not thread-safe, and is -// useful for testing. The client will clone from remote/org/repo, and Repo -// objects spun out of the client will also hit that path. -// TODO: c.host field needs to be updated accordingly. -func (c *Client) SetRemote(remote string) { - c.base = remote -} - -type GitTokenGenerator func(org string) (string, error) - -// SetCredentials sets credentials in the client to be used for pushing to -// or pulling from remote repositories. -func (c *Client) SetCredentials(user string, tokenGenerator GitTokenGenerator) { - c.credLock.Lock() - defer c.credLock.Unlock() - c.user = user - c.tokenGenerator = tokenGenerator -} - -func (c *Client) getCredentials(org string) (string, string, error) { - c.credLock.RLock() - defer c.credLock.RUnlock() - token, err := c.tokenGenerator(org) - return c.user, token, err -} - -func (c *Client) lockRepo(repo string) { - c.rlm.Lock() - if _, ok := c.repoLocks[repo]; !ok { - c.repoLocks[repo] = &sync.Mutex{} - } - m := c.repoLocks[repo] - c.rlm.Unlock() - m.Lock() -} - -func (c *Client) unlockRepo(repo string) { - c.rlm.Lock() - defer c.rlm.Unlock() - c.repoLocks[repo].Unlock() -} - -func remoteFromBase(base, user, pass, host, org, repo string) string { - baseWithAuth := base - if user != "" && pass != "" { - baseWithAuth = fmt.Sprintf("https://%s:%s@%s", user, pass, host) - } - return fmt.Sprintf("%s/%s/%s", baseWithAuth, org, repo) -} - -// Clone clones a repository. Pass the full repository name, such as -// "kubernetes/test-infra" as the repo. -// This function may take a long time if it is the first time cloning the repo. -// In that case, it must do a full git mirror clone. For large repos, this can -// take a while. Once that is done, it will do a git fetch instead of a clone, -// which will usually take at most a few seconds. -func (c *Client) Clone(organization, repository string) (*Repo, error) { - orgRepo := organization + "/" + repository - c.lockRepo(orgRepo) - defer c.unlockRepo(orgRepo) - - user, pass, err := c.getCredentials(organization) - if err != nil { - return nil, fmt.Errorf("failed to get token: %w", err) - } - cache := filepath.Join(c.dir, orgRepo) + ".git" - remote := remoteFromBase(c.base, user, pass, c.host, organization, repository) - if _, err := os.Stat(cache); os.IsNotExist(err) { - // Cache miss, clone it now. - c.logger.WithField("repo", orgRepo).Info("Cloning for the first time.") - if err := os.MkdirAll(filepath.Dir(cache), os.ModePerm); err != nil && !os.IsExist(err) { - return nil, err - } - if b, err := retryCmd(c.logger, "", c.git, "clone", "--mirror", remote, cache); err != nil { - return nil, fmt.Errorf("git cache clone error: %v. output: %s", err, string(b)) - } - } else if err != nil { - return nil, err - } else { - // Cache hit. Do a git fetch to keep updated. - // Update remote url, if we use apps auth the token changes every hour - if b, err := retryCmd(c.logger, cache, c.git, "remote", "set-url", "origin", remote); err != nil { - return nil, fmt.Errorf("updating remote url failed: %w. output: %s", err, string(b)) - } - c.logger.WithField("repo", orgRepo).Info("Fetching.") - if b, err := retryCmd(c.logger, cache, c.git, "fetch", "--prune"); err != nil { - return nil, fmt.Errorf("git fetch error: %v. output: %s", err, string(b)) - } - } - t, err := os.MkdirTemp("", "git") - if err != nil { - return nil, err - } - if b, err := exec.Command(c.git, "clone", cache, t).CombinedOutput(); err != nil { - return nil, fmt.Errorf("git repo clone error: %v. output: %s", err, string(b)) - } - // Updating remote url to true remote like `git@github.com:kubernetes/test-infra.git`, - // instead of something like `/tmp/12345/test-infra`, so that `git fetch` in this clone makes more sense. - cmd := exec.Command(c.git, "remote", "set-url", "origin", remote) - cmd.Dir = t - if b, err := cmd.CombinedOutput(); err != nil { - return nil, fmt.Errorf("updating remote url failed: %w. output: %s", err, string(b)) - } - r := &Repo{ - dir: t, - logger: c.logger, - git: c.git, - host: c.host, - base: c.base, - org: organization, - repo: repository, - user: user, - pass: pass, - tokenGenerator: c.tokenGenerator, - } - // disable git GC - if err := r.Config("gc.auto", "0"); err != nil { - return nil, err - } - return r, nil -} - -// Repo is a clone of a git repository. Create with Client.Clone, and don't -// forget to clean it up after. -type Repo struct { - // dir is the location of the git repo. - dir string - - // git is the path to the git binary. - git string - // host is the git host. - host string - // base is the base path for remote git fetch calls. - base string - // org is the organization name: "org" in "org/repo". - org string - // repo is the repository name: "repo" in "org/repo". - repo string - // user is used for pushing to the remote repo. - user string - // pass is used for pushing to the remote repo. - pass string - - // needed to generate the token. - tokenGenerator GitTokenGenerator - - credLock sync.RWMutex - - logger *logrus.Entry -} - -// Directory exposes the location of the git repo -func (r *Repo) Directory() string { - return r.dir -} - -// SetLogger sets logger: Do not use except in unit tests -func (r *Repo) SetLogger(logger *logrus.Entry) { - r.logger = logger -} - -// SetGit sets git: Do not use except in unit tests -func (r *Repo) SetGit(git string) { - r.git = git -} - -// Clean deletes the repo. It is unusable after calling. -func (r *Repo) Clean() error { - return os.RemoveAll(r.dir) -} - -// refreshRepoAuth updates Repo client token when current token is going to expire. -// Git client authenticating with PAT(personal access token) doesn't have this problem as it's a single token. -// GitHub app auth will need this for rotating token every hour. -func (r *Repo) refreshRepoAuth() error { - // Lock because we'll update r.pass here - r.credLock.Lock() - defer r.credLock.Unlock() - pass, err := r.tokenGenerator(r.org) - if err != nil { - return fmt.Errorf("failed to get token: %w", err) - } - if pass == r.pass { // Token unchanged, no need to do anything - return nil - } - - r.pass = pass - remote := remoteFromBase(r.base, r.user, r.pass, r.host, r.org, r.repo) - if b, err := r.gitCommand("remote", "set-url", "origin", remote).CombinedOutput(); err != nil { - return fmt.Errorf("updating remote url failed: %w. output: %s", err, string(b)) - } - return nil -} - -// ResetHard runs `git reset --hard` -func (r *Repo) ResetHard(commitlike string) error { - // `git reset --hard` doesn't cleanup untracked file - r.logger.Info("Clean untracked files and dirs.") - if b, err := r.gitCommand("clean", "-df").CombinedOutput(); err != nil { - return fmt.Errorf("error clean -df: %v. output: %s", err, string(b)) - } - r.logger.WithField("commitlike", commitlike).Info("Reset hard.") - co := r.gitCommand("reset", "--hard", commitlike) - if b, err := co.CombinedOutput(); err != nil { - return fmt.Errorf("error reset hard %s: %v. output: %s", commitlike, err, string(b)) - } - return nil -} - -// IsDirty checks whether the repo is dirty or not -func (r *Repo) IsDirty() (bool, error) { - r.logger.Info("Checking is dirty.") - b, err := r.gitCommand("status", "--porcelain").CombinedOutput() - if err != nil { - return false, fmt.Errorf("error add -A: %v. output: %s", err, string(b)) - } - return len(b) > 0, nil -} - -func (r *Repo) gitCommand(arg ...string) *exec.Cmd { - cmd := exec.Command(r.git, arg...) - cmd.Dir = r.dir - r.logger.WithField("args", cmd.Args).WithField("dir", cmd.Dir).Debug("Constructed git command") - return cmd -} - -// Checkout runs git checkout. -func (r *Repo) Checkout(commitlike string) error { - r.logger.WithField("commitlike", commitlike).Info("Checkout.") - co := r.gitCommand("checkout", commitlike) - if b, err := co.CombinedOutput(); err != nil { - return fmt.Errorf("error checking out %s: %v. output: %s", commitlike, err, string(b)) - } - return nil -} - -// RevParse runs git rev-parse. -func (r *Repo) RevParse(commitlike string) (string, error) { - r.logger.WithField("commitlike", commitlike).Info("RevParse.") - b, err := r.gitCommand("rev-parse", commitlike).CombinedOutput() - if err != nil { - return "", fmt.Errorf("error rev-parsing %s: %v. output: %s", commitlike, err, string(b)) - } - return string(b), nil -} - -// BranchExists returns true if branch exists in heads. -func (r *Repo) BranchExists(branch string) bool { - heads := "origin" - r.logger.WithFields(logrus.Fields{"branch": branch, "heads": heads}).Info("Checking if branch exists.") - co := r.gitCommand("ls-remote", "--exit-code", "--heads", heads, branch) - return co.Run() == nil -} - -// CheckoutNewBranch creates a new branch and checks it out. -func (r *Repo) CheckoutNewBranch(branch string) error { - r.logger.WithField("branch", branch).Info("Create and checkout.") - co := r.gitCommand("checkout", "-b", branch) - if b, err := co.CombinedOutput(); err != nil { - return fmt.Errorf("error checking out %s: %v. output: %s", branch, err, string(b)) - } - return nil -} - -// Merge attempts to merge commitlike into the current branch. It returns true -// if the merge completes. It returns an error if the abort fails. -func (r *Repo) Merge(commitlike string) (bool, error) { - return r.MergeWithStrategy(commitlike, types.MergeMerge) -} - -// MergeWithStrategy attempts to merge commitlike into the current branch given the merge strategy. -// It returns true if the merge completes. It returns an error if the abort fails. -func (r *Repo) MergeWithStrategy(commitlike string, mergeStrategy types.PullRequestMergeType) (bool, error) { - r.logger.WithField("commitlike", commitlike).Info("Merging.") - switch mergeStrategy { - case types.MergeMerge: - return r.mergeWithMergeStrategyMerge(commitlike) - case types.MergeSquash: - return r.mergeWithMergeStrategySquash(commitlike) - case types.MergeRebase: - return r.mergeWithMergeStrategyRebase(commitlike) - default: - return false, fmt.Errorf("merge strategy %q is not supported", mergeStrategy) - } -} - -func (r *Repo) mergeWithMergeStrategyMerge(commitlike string) (bool, error) { - co := r.gitCommand("merge", "--no-ff", "--no-stat", "-m merge", commitlike) - - b, err := co.CombinedOutput() - if err == nil { - return true, nil - } - r.logger.WithField("out", string(b)).WithError(err).Infof("Merge failed.") - - if b, err := r.gitCommand("merge", "--abort").CombinedOutput(); err != nil { - return false, fmt.Errorf("error aborting merge for commitlike %s: %v. output: %s", commitlike, err, string(b)) - } - - return false, nil -} - -func (r *Repo) mergeWithMergeStrategySquash(commitlike string) (bool, error) { - co := r.gitCommand("merge", "--squash", "--no-stat", commitlike) - - b, err := co.CombinedOutput() - if err != nil { - r.logger.WithField("out", string(b)).WithError(err).Infof("Merge failed.") - if b, err := r.gitCommand("reset", "--hard", "HEAD").CombinedOutput(); err != nil { - return false, fmt.Errorf("error resetting after failed squash for commitlike %s: %v. output: %s", commitlike, err, string(b)) - } - return false, nil - } - - b, err = r.gitCommand("commit", "--no-stat", "-m", "merge").CombinedOutput() - if err != nil { - r.logger.WithField("out", string(b)).WithError(err).Infof("Commit after squash failed.") - return false, err - } - - return true, nil -} - -func (r *Repo) mergeWithMergeStrategyRebase(commitlike string) (bool, error) { - if commitlike == "" { - return false, errors.New("branch must be set") - } - - headRev, err := r.revParse("HEAD") - if err != nil { - r.logger.WithError(err).Infof("Failed to parse HEAD revision") - return false, err - } - headRev = strings.TrimSuffix(headRev, "\n") - - co := r.gitCommand("rebase", "--no-stat", headRev, commitlike) - b, err := co.CombinedOutput() - if err != nil { - r.logger.WithField("out", string(b)).WithError(err).Infof("Rebase failed.") - if b, err := r.gitCommand("rebase", "--abort").CombinedOutput(); err != nil { - return false, fmt.Errorf("error aborting after failed rebase for commitlike %s: %v. output: %s", commitlike, err, string(b)) - } - return false, nil - } - - return true, nil -} - -func (r *Repo) revParse(args ...string) (string, error) { - fullArgs := append([]string{"rev-parse"}, args...) - co := r.gitCommand(fullArgs...) - b, err := co.CombinedOutput() - if err != nil { - return "", errors.New(string(b)) - } - return string(b), nil -} - -// MergeAndCheckout merges the provided headSHAs in order onto baseSHA using the provided strategy. -// If no headSHAs are provided, it will only checkout the baseSHA and return. -// Only the `merge` and `squash` strategies are supported. -func (r *Repo) MergeAndCheckout(baseSHA string, mergeStrategy types.PullRequestMergeType, headSHAs ...string) error { - if baseSHA == "" { - return errors.New("baseSHA must be set") - } - if err := r.Checkout(baseSHA); err != nil { - return err - } - if len(headSHAs) == 0 { - return nil - } - r.logger.WithFields(logrus.Fields{"headSHAs": headSHAs, "baseSHA": baseSHA, "strategy": mergeStrategy}).Info("Merging.") - for _, headSHA := range headSHAs { - ok, err := r.MergeWithStrategy(headSHA, mergeStrategy) - if err != nil { - return err - } else if !ok { - return fmt.Errorf("failed to merge %q", headSHA) - } - } - return nil -} - -// Am tries to apply the patch in the given path into the current branch -// by performing a three-way merge (similar to git cherry-pick). It returns -// an error if the patch cannot be applied. -func (r *Repo) Am(path string) error { - r.logger.WithField("path", path).Info("Applying.") - co := r.gitCommand("am", "--3way", path) - b, err := co.CombinedOutput() - if err == nil { - return nil - } - output := string(b) - r.logger.WithField("out", output).WithError(err).Infof("Patch apply failed.") - if b, abortErr := r.gitCommand("am", "--abort").CombinedOutput(); abortErr != nil { - r.logger.WithField("out", string(b)).WithError(abortErr).Warning("Aborting patch apply failed.") - } - applyMsg := "The copy of the patch that failed is found in: .git/rebase-apply/patch" - msg := "" - if strings.Contains(output, applyMsg) { - i := strings.Index(output, applyMsg) - msg = string(output[:i]) - } else { - msg = string(output) - } - return errors.New(msg) -} - -// Push pushes over https to the provided owner/repo#branch using a password -// for basic auth. -func (r *Repo) Push(branch string, force bool) error { - return r.PushToNamedFork(r.user, branch, force) -} - -func (r *Repo) PushToNamedFork(forkName, branch string, force bool) error { - if err := r.refreshRepoAuth(); err != nil { - return err - } - if r.user == "" || r.pass == "" { - return errors.New("cannot push without credentials - configure your git client") - } - r.logger.WithFields(logrus.Fields{"user": r.user, "repo": r.repo, "branch": branch}).Info("Pushing.") - remote := remoteFromBase(r.base, r.user, r.pass, r.host, r.user, forkName) - var co *exec.Cmd - if !force { - co = r.gitCommand("push", remote, branch) - } else { - co = r.gitCommand("push", "--force", remote, branch) - } - out, err := co.CombinedOutput() - if err != nil { - r.logger.WithField("out", string(out)).WithError(err).Error("Pushing failed.") - return fmt.Errorf("pushing failed, output: %q, error: %w", string(out), err) - } - return nil -} - -// CheckoutPullRequest does exactly that. -func (r *Repo) CheckoutPullRequest(number int) error { - if err := r.refreshRepoAuth(); err != nil { - return err - } - r.logger.WithFields(logrus.Fields{"org": r.org, "repo": r.repo, "number": number}).Info("Fetching and checking out.") - remote := remoteFromBase(r.base, r.user, r.pass, r.host, r.org, r.repo) - if b, err := retryCmd(r.logger, r.dir, r.git, "fetch", remote, fmt.Sprintf("pull/%d/head:pull%d", number, number)); err != nil { - return fmt.Errorf("git fetch failed for PR %d: %v. output: %s", number, err, string(b)) - } - co := r.gitCommand("checkout", fmt.Sprintf("pull%d", number)) - if b, err := co.CombinedOutput(); err != nil { - return fmt.Errorf("git checkout failed for PR %d: %v. output: %s", number, err, string(b)) - } - return nil -} - -// Config runs git config. -func (r *Repo) Config(args ...string) error { - r.logger.WithField("args", args).Info("Running git config.") - if b, err := r.gitCommand(append([]string{"config"}, args...)...).CombinedOutput(); err != nil { - return fmt.Errorf("git config %v failed: %v. output: %s", args, err, string(b)) - } - return nil -} - -// retryCmd will retry the command a few times with backoff. Use this for any -// commands that will be talking to GitHub, such as clones or fetches. -func retryCmd(l *logrus.Entry, dir, cmd string, arg ...string) ([]byte, error) { - var b []byte - var err error - sleepyTime := time.Second - for i := 0; i < 3; i++ { - c := exec.Command(cmd, arg...) - c.Dir = dir - b, err = c.CombinedOutput() - if err != nil { - err = fmt.Errorf("running %q %v returned error %w with output %q", cmd, arg, err, string(b)) - l.WithField("count", i+1).WithError(err).Debug("Retrying, if this is not the 3rd try then this will be retried.") - time.Sleep(sleepyTime) - sleepyTime *= 2 - continue - } - break - } - return b, err -} - -// Diff runs 'git diff HEAD --name-only' and returns a list -// of file names with upcoming changes -func (r *Repo) Diff(head, sha string) (changes []string, err error) { - r.logger.WithField("sha", sha).Info("Diff head.") - output, err := r.gitCommand("diff", head, sha, "--name-only").CombinedOutput() - if err != nil { - return nil, err - } - scan := bufio.NewScanner(bytes.NewReader(output)) - scan.Split(bufio.ScanLines) - for scan.Scan() { - changes = append(changes, scan.Text()) - } - return -} - -// MergeCommitsExistBetween runs 'git log .. --merged' to verify -// if merge commits exist between "target" and "head". -func (r *Repo) MergeCommitsExistBetween(target, head string) (bool, error) { - r.logger.WithFields(logrus.Fields{"target": target, "head": head}).Info("Verifying if merge commits exist.") - b, err := r.gitCommand("log", fmt.Sprintf("%s..%s", target, head), "--oneline", "--merges").CombinedOutput() - if err != nil { - return false, fmt.Errorf("error verifying if merge commits exist between %s and %s: %v. output: %s", target, head, err, string(b)) - } - return len(b) != 0, nil -} - -// ShowRef returns the commit for a commitlike. Unlike rev-parse it does not require a checkout. -func (r *Repo) ShowRef(commitlike string) (string, error) { - r.logger.WithField("commitlike", commitlike).Info("Getting the commit sha.") - out, err := r.gitCommand("show-ref", "-s", commitlike).CombinedOutput() - if err != nil { - return "", fmt.Errorf("failed to get commit sha for commitlike %s: %w", commitlike, err) - } - return strings.TrimSpace(string(out)), nil -} - -// Fetch fetches from remote -func (r *Repo) Fetch(arg ...string) error { - arg = append([]string{"fetch"}, arg...) - if err := r.refreshRepoAuth(); err != nil { - return err - } - r.logger.Infof("Fetching from remote.") - out, err := r.gitCommand(arg...).CombinedOutput() - if err != nil { - return fmt.Errorf("failed to fetch: %v.\nOutput: %s", err, string(out)) - } - return nil -} diff --git a/third_party/k8s.io/test-infra/prow/git/types/types.go b/third_party/k8s.io/test-infra/prow/git/types/types.go deleted file mode 100644 index 93b74e2..0000000 --- a/third_party/k8s.io/test-infra/prow/git/types/types.go +++ /dev/null @@ -1,29 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package types stores types used by all git clients -package types - -// PullRequestMergeType enumerates the types of merges used by Prow for either GitHub or Gerrit API -type PullRequestMergeType string - -// Possible types of merges for the GitHub merge API -const ( - MergeMerge PullRequestMergeType = "merge" - MergeRebase PullRequestMergeType = "rebase" - MergeSquash PullRequestMergeType = "squash" - MergeIfNecessary PullRequestMergeType = "ifNecessary" -) diff --git a/third_party/k8s.io/test-infra/prow/git/v2/adapter.go b/third_party/k8s.io/test-infra/prow/git/v2/adapter.go deleted file mode 100644 index f723795..0000000 --- a/third_party/k8s.io/test-infra/prow/git/v2/adapter.go +++ /dev/null @@ -1,118 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package git - -import ( - "errors" - "fmt" - "strings" - - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/git" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/git/types" -) - -func OrgRepo(full string) (string, string, error) { - if strings.Count(full, "/") != 1 { - return "", "", fmt.Errorf("full repo name %s does not follow the org/repo format", full) - } - parts := strings.Split(full, "/") - return parts[0], parts[1], nil -} - -// ClientFactoryFrom adapts the v1 client to a v2 client -func ClientFactoryFrom(c *git.Client) ClientFactory { - return &clientFactoryAdapter{Client: c} -} - -type clientFactoryAdapter struct { - *git.Client -} - -// ClientFromDir creates a client that operates on a repo that has already -// been cloned to the given directory. -// -// CloneURI is the third arg that's ignored here, it's currently only used for -// cloning Gerrit repos. This client is not used for cloning Gerrit repos yet, -// so leave it unimplemented. -// (TODO: chaodaiG) Either implement or remove this struct. -func (a *clientFactoryAdapter) ClientFromDir(org, repo, dir string) (RepoClient, error) { - return nil, errors.New("no ClientFromDir implementation exists in the v1 git client") -} - -// Repo creates a client that operates on a new clone of the repo. -func (a *clientFactoryAdapter) ClientFor(org, repo string) (RepoClient, error) { - r, err := a.Client.Clone(org, repo) - return &repoClientAdapter{Repo: r}, err -} - -type repoClientAdapter struct { - *git.Repo -} - -func (a *repoClientAdapter) MergeAndCheckout(baseSHA string, mergeStrategy string, headSHAs ...string) error { - return a.Repo.MergeAndCheckout(baseSHA, types.PullRequestMergeType(mergeStrategy), headSHAs...) -} - -func (a *repoClientAdapter) MergeWithStrategy(commitlike, mergeStrategy string, opts ...MergeOpt) (bool, error) { - return a.Repo.MergeWithStrategy(commitlike, types.PullRequestMergeType(mergeStrategy)) -} - -func (a *repoClientAdapter) Clone(from string) error { - return errors.New("no Clone implementation exists in the v1 repo client") -} - -func (a *repoClientAdapter) Commit(title, body string) error { - return errors.New("no Commit implementation exists in the v1 repo client") -} - -func (a *repoClientAdapter) PushToFork(branch string, force bool) error { - return a.Repo.Push(branch, force) -} - -func (a *repoClientAdapter) PushToNamedFork(forkName, branch string, force bool) error { - return a.Repo.PushToNamedFork(forkName, branch, force) -} - -func (a *repoClientAdapter) CommitExists(sha string) (bool, error) { - return false, errors.New("no CommitExists implementation exists in the v1 repo client") -} - -func (a *repoClientAdapter) PushToCentral(branch string, force bool) error { - return errors.New("no PushToCentral implementation exists in the v1 repo client") -} - -func (a *repoClientAdapter) MirrorClone() error { - return errors.New("no MirrorClone implementation exists in the v1 repo client") -} - -func (a *repoClientAdapter) Fetch(arg ...string) error { - // TODO(mpherman): Bring adapter Fetch in line with gitv2 fetch without hard-coding origin as remote. - args := append([]string{"origin"}, arg...) - return a.Repo.Fetch(args...) -} - -func (a *repoClientAdapter) FetchFromRemote(resolver RemoteResolver, branch string) error { - return errors.New("no FetchFromRemote implementation exists in the v1 repo client") -} - -func (a *repoClientAdapter) RemoteUpdate() error { - return errors.New("no RemoteUpdate implementation exists in the v1 repo client") -} - -func (a *repoClientAdapter) FetchRef(refspec string) error { - return errors.New("no FetchRef implementation exists in the v1 repo client") -} diff --git a/third_party/k8s.io/test-infra/prow/git/v2/client_factory.go b/third_party/k8s.io/test-infra/prow/git/v2/client_factory.go deleted file mode 100644 index e2a8d60..0000000 --- a/third_party/k8s.io/test-infra/prow/git/v2/client_factory.go +++ /dev/null @@ -1,314 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package git - -import ( - "fmt" - "os" - "os/exec" - "path" - "runtime" - "sync" - - "github.com/sirupsen/logrus" - utilpointer "k8s.io/utils/pointer" -) - -// ClientFactory knows how to create clientFactory for repos -type ClientFactory interface { - // ClientFromDir creates a client that operates on a repo that has already - // been cloned to the given directory. - ClientFromDir(org, repo, dir string) (RepoClient, error) - // ClientFor creates a client that operates on a new clone of the repo. - ClientFor(org, repo string) (RepoClient, error) - - // Clean removes the caches used to generate clients - Clean() error -} - -// RepoClient exposes interactions with a git repo -type RepoClient interface { - Publisher - Interactor -} - -type repoClient struct { - publisher - interactor -} - -type ClientFactoryOpts struct { - // Host, defaults to "github.com" if unset - Host string - // UseSSH, defaults to false - UseSSH *bool - // The directory in which the cache should be - // created. Defaults to the "/var/tmp" on - // Linux and os.TempDir otherwise - CacheDirBase *string - // If unset, publishing action will error - Username LoginGetter - // If unset, publishing action will error - Token TokenGetter - // The git user to use. - GitUser GitUserGetter - // The censor to use. Not needed for anonymous - // actions. - Censor Censor - // Path to the httpCookieFile that will be used to authenticate client - CookieFilePath string -} - -// Apply allows to use a ClientFactoryOpts as Opt -func (cfo *ClientFactoryOpts) Apply(target *ClientFactoryOpts) { - if cfo.Host != "" { - target.Host = cfo.Host - } - if cfo.UseSSH != nil { - target.UseSSH = cfo.UseSSH - } - if cfo.CacheDirBase != nil { - target.CacheDirBase = cfo.CacheDirBase - } - if cfo.Token != nil { - target.Token = cfo.Token - } - if cfo.GitUser != nil { - target.GitUser = cfo.GitUser - } - if cfo.Censor != nil { - target.Censor = cfo.Censor - } - if cfo.Username != nil { - target.Username = cfo.Username - } - if cfo.CookieFilePath != "" { - target.CookieFilePath = cfo.CookieFilePath - } -} - -// ClientFactoryOpts allows to manipulate the options for a ClientFactory -type ClientFactoryOpt func(*ClientFactoryOpts) - -func defaultClientFactoryOpts(cfo *ClientFactoryOpts) { - if cfo.Host == "" { - cfo.Host = "github.com" - } - if cfo.CacheDirBase == nil { - switch runtime.GOOS { - case "linux": - cfo.CacheDirBase = utilpointer.StringPtr("/var/tmp") - default: - cfo.CacheDirBase = utilpointer.StringPtr("") - } - } - if cfo.Censor == nil { - cfo.Censor = func(in []byte) []byte { return in } - } -} - -// NewClientFactory allows for the creation of repository clients. It uses github.com -// without authentication by default, if UseSSH then returns -// sshRemoteResolverFactory, and if CookieFilePath is provided then returns -// gerritResolverFactory(Assuming that git http.cookiefile is used only by -// Gerrit, this function needs to be updated if it turned out that this -// assumtpion is not correct.) -func NewClientFactory(opts ...ClientFactoryOpt) (ClientFactory, error) { - o := ClientFactoryOpts{} - defaultClientFactoryOpts(&o) - for _, opt := range opts { - opt(&o) - } - - if o.CookieFilePath != "" { - if output, err := exec.Command("git", "config", "--global", "http.cookiefile", o.CookieFilePath).CombinedOutput(); err != nil { - return nil, fmt.Errorf("unable to configure http.cookiefile.\nOutput: %s\nError: %w", string(output), err) - } - } - - cacheDir, err := os.MkdirTemp(*o.CacheDirBase, "gitcache") - if err != nil { - return nil, err - } - var remote RemoteResolverFactory - if o.UseSSH != nil && *o.UseSSH { - remote = &sshRemoteResolverFactory{ - host: o.Host, - username: o.Username, - } - } else if o.CookieFilePath != "" { - remote = &gerritResolverFactory{} - } else { - remote = &httpResolverFactory{ - host: o.Host, - username: o.Username, - token: o.Token, - } - } - return &clientFactory{ - cacheDir: cacheDir, - cacheDirBase: *o.CacheDirBase, - remote: remote, - gitUser: o.GitUser, - censor: o.Censor, - masterLock: &sync.Mutex{}, - repoLocks: map[string]*sync.Mutex{}, - logger: logrus.WithField("client", "git"), - cookieFilePath: o.CookieFilePath, - }, nil -} - -// NewLocalClientFactory allows for the creation of repository clients -// based on a local filepath remote for testing -func NewLocalClientFactory(baseDir string, gitUser GitUserGetter, censor Censor) (ClientFactory, error) { - cacheDir, err := os.MkdirTemp("", "gitcache") - if err != nil { - return nil, err - } - return &clientFactory{ - cacheDir: cacheDir, - remote: &pathResolverFactory{baseDir: baseDir}, - gitUser: gitUser, - censor: censor, - masterLock: &sync.Mutex{}, - repoLocks: map[string]*sync.Mutex{}, - logger: logrus.WithField("client", "git"), - }, nil -} - -type clientFactory struct { - remote RemoteResolverFactory - gitUser GitUserGetter - censor Censor - logger *logrus.Entry - cookieFilePath string - - // cacheDir is the root under which cached clones of repos are created - cacheDir string - // cacheDirBase is the basedir under which create tempdirs - cacheDirBase string - // masterLock guards mutations to the repoLocks records - masterLock *sync.Mutex - // repoLocks guard mutating access to subdirectories under the cacheDir - repoLocks map[string]*sync.Mutex -} - -// bootstrapClients returns a repository client and cloner for a dir. -func (c *clientFactory) bootstrapClients(org, repo, dir string) (cacher, cloner, RepoClient, error) { - if dir == "" { - workdir, err := os.Getwd() - if err != nil { - return nil, nil, nil, err - } - dir = workdir - } - logger := c.logger.WithFields(logrus.Fields{"org": org, "repo": repo}) - logger.WithField("dir", dir).Debug("Creating a pre-initialized client.") - executor, err := NewCensoringExecutor(dir, c.censor, logger) - if err != nil { - return nil, nil, nil, err - } - var remote RemoteResolverFactory - remote = c.remote - client := &repoClient{ - publisher: publisher{ - remotes: remotes{ - publishRemote: remote.PublishRemote(org, repo), - centralRemote: remote.CentralRemote(org, repo), - }, - executor: executor, - info: c.gitUser, - logger: logger, - }, - interactor: interactor{ - dir: dir, - remote: remote.CentralRemote(org, repo), - executor: executor, - logger: logger, - }, - } - return client, client, client, nil -} - -// ClientFromDir returns a repository client for a directory that's already initialized with content. -// If the directory isn't specified, the current working directory is used. -func (c *clientFactory) ClientFromDir(org, repo, dir string) (RepoClient, error) { - _, _, client, err := c.bootstrapClients(org, repo, dir) - return client, err -} - -// ClientFor returns a repository client for the specified repository. -// This function may take a long time if it is the first time cloning the repo. -// In that case, it must do a full git mirror clone. For large repos, this can -// take a while. Once that is done, it will do a git fetch instead of a clone, -// which will usually take at most a few seconds. -// -// org and repo are used for determining where the repo is cloned, cloneURI -// overrides org/repo for cloning. -func (c *clientFactory) ClientFor(org, repo string) (RepoClient, error) { - cacheDir := path.Join(c.cacheDir, org, repo) - c.logger.WithFields(logrus.Fields{"org": org, "repo": repo, "dir": cacheDir}).Debug("Creating a client from the cache.") - cacheClientCacher, _, _, err := c.bootstrapClients(org, repo, cacheDir) - if err != nil { - return nil, err - } - - repoDir, err := os.MkdirTemp(c.cacheDirBase, "gitrepo") - if err != nil { - return nil, err - } - _, repoClientCloner, repoClient, err := c.bootstrapClients(org, repo, repoDir) - if err != nil { - return nil, err - } - c.masterLock.Lock() - if _, exists := c.repoLocks[cacheDir]; !exists { - c.repoLocks[cacheDir] = &sync.Mutex{} - } - c.masterLock.Unlock() - c.repoLocks[cacheDir].Lock() - defer c.repoLocks[cacheDir].Unlock() - if _, err := os.Stat(path.Join(cacheDir, "HEAD")); os.IsNotExist(err) { - // we have not yet cloned this repo, we need to do a full clone - if err := os.MkdirAll(cacheDir, os.ModePerm); err != nil && !os.IsExist(err) { - return nil, err - } - if err := cacheClientCacher.MirrorClone(); err != nil { - return nil, err - } - } else if err != nil { - // something unexpected happened - return nil, err - } else { - // we have cloned the repo previously, but will refresh it - if err := cacheClientCacher.RemoteUpdate(); err != nil { - return nil, err - } - } - - // initialize the new derivative repo from the cache - if err := repoClientCloner.Clone(cacheDir); err != nil { - return nil, err - } - - return repoClient, nil -} - -// Clean removes the caches used to generate clients -func (c *clientFactory) Clean() error { - return os.RemoveAll(c.cacheDir) -} diff --git a/third_party/k8s.io/test-infra/prow/git/v2/executor.go b/third_party/k8s.io/test-infra/prow/git/v2/executor.go deleted file mode 100644 index 9f31c11..0000000 --- a/third_party/k8s.io/test-infra/prow/git/v2/executor.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package git - -import ( - "os/exec" - "strings" - "time" - - "github.com/sirupsen/logrus" -) - -// executor knows how to execute Git commands -type executor interface { - Run(args ...string) ([]byte, error) -} - -// Censor censors content to remove secrets -type Censor func(content []byte) []byte - -func NewCensoringExecutor(dir string, censor Censor, logger *logrus.Entry) (executor, error) { - g, err := exec.LookPath("git") - if err != nil { - return nil, err - } - return &censoringExecutor{ - logger: logger.WithField("client", "git"), - dir: dir, - git: g, - censor: censor, - execute: func(dir, command string, args ...string) ([]byte, error) { - c := exec.Command(command, args...) - c.Dir = dir - return c.CombinedOutput() - }, - }, nil -} - -type censoringExecutor struct { - // logger will be used to log git operations - logger *logrus.Entry - // dir is the location of this repo. - dir string - // git is the path to the git binary. - git string - // censor removes sensitive data from output - censor Censor - // execute executes a command - execute func(dir, command string, args ...string) ([]byte, error) -} - -func (e *censoringExecutor) Run(args ...string) ([]byte, error) { - logger := e.logger.WithField("args", strings.Join(args, " ")) - now := time.Now() - b, err := e.execute(e.dir, e.git, args...) - b = e.censor(b) - if err != nil { - logger.WithError(err).WithField("output", string(b)).Debug("Running command failed.") - } else { - logger.Debug("Running command succeeded.") - } - logger.WithFields(logrus.Fields{"duration": time.Since(now), "dir": e.dir}).Info("Time taken to execute command.") - return b, err -} diff --git a/third_party/k8s.io/test-infra/prow/git/v2/fakes.go b/third_party/k8s.io/test-infra/prow/git/v2/fakes.go deleted file mode 100644 index c4abbf2..0000000 --- a/third_party/k8s.io/test-infra/prow/git/v2/fakes.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package git - -import ( - "fmt" - "strings" -) - -// fakeResolver allows for simple injections in tests -type fakeResolver struct { - out string - err error -} - -func (r *fakeResolver) Resolve() (string, error) { - return r.out, r.err -} - -type execResponse struct { - out []byte - err error -} - -// fakeExecutor is useful in testing for mocking an Executor -type fakeExecutor struct { - records [][]string - responses map[string]execResponse -} - -func (e *fakeExecutor) Run(args ...string) ([]byte, error) { - e.records = append(e.records, args) - key := strings.Join(args, " ") - if response, ok := e.responses[key]; ok { - return response.out, response.err - } - return []byte{}, fmt.Errorf("no response configured for %s", key) -} diff --git a/third_party/k8s.io/test-infra/prow/git/v2/interactor.go b/third_party/k8s.io/test-infra/prow/git/v2/interactor.go deleted file mode 100644 index 1908268..0000000 --- a/third_party/k8s.io/test-infra/prow/git/v2/interactor.go +++ /dev/null @@ -1,461 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package git - -import ( - "bufio" - "bytes" - "errors" - "fmt" - "os" - "strings" - - "github.com/sirupsen/logrus" -) - -// Interactor knows how to operate on a git repository cloned from GitHub -// using a local cache. -type Interactor interface { - // Directory exposes the directory in which the repository has been cloned - Directory() string - // Clean removes the repository. It is up to the user to call this once they are done - Clean() error - // ResetHard runs `git reset --hard` - ResetHard(commitlike string) error - // IsDirty checks whether the repo is dirty or not - IsDirty() (bool, error) - // Checkout runs `git checkout` - Checkout(commitlike string) error - // RevParse runs `git rev-parse` - RevParse(commitlike string) (string, error) - // BranchExists determines if a branch with the name exists - BranchExists(branch string) bool - // CommitExists determines if the commit SHA exists locally - CommitExists(sha string) (bool, error) - // CheckoutNewBranch creates a new branch from HEAD and checks it out - CheckoutNewBranch(branch string) error - // Merge merges the commitlike into the current HEAD - Merge(commitlike string) (bool, error) - // MergeWithStrategy merges the commitlike into the current HEAD with the strategy - MergeWithStrategy(commitlike, mergeStrategy string, opts ...MergeOpt) (bool, error) - // MergeAndCheckout merges all commitlikes into the current HEAD with the appropriate strategy - MergeAndCheckout(baseSHA string, mergeStrategy string, headSHAs ...string) error - // Am calls `git am` - Am(path string) error - // Fetch calls `git fetch arg...` - Fetch(arg ...string) error - // FetchRef fetches the refspec - FetchRef(refspec string) error - // FetchFromRemote fetches the branch of the given remote - FetchFromRemote(remote RemoteResolver, branch string) error - // CheckoutPullRequest fetches and checks out the synthetic refspec from GitHub for a pull request HEAD - CheckoutPullRequest(number int) error - // Config runs `git config` - Config(args ...string) error - // Diff runs `git diff` - Diff(head, sha string) (changes []string, err error) - // MergeCommitsExistBetween determines if merge commits exist between target and HEAD - MergeCommitsExistBetween(target, head string) (bool, error) - // ShowRef returns the commit for a commitlike. Unlike rev-parse it does not require a checkout. - ShowRef(commitlike string) (string, error) -} - -// cacher knows how to cache and update repositories in a central cache -type cacher interface { - // MirrorClone sets up a mirror of the source repository. - MirrorClone() error - // RemoteUpdate fetches all updates from the remote. - RemoteUpdate() error -} - -// cloner knows how to clone repositories from a central cache -type cloner interface { - // Clone clones the repository from a local path. - Clone(from string) error -} - -// MergeOpt holds options for git merge operations. -// Currently only commit message option is supported. -type MergeOpt struct { - CommitMessage string -} - -type interactor struct { - executor executor - remote RemoteResolver - dir string - logger *logrus.Entry -} - -// Directory exposes the directory in which this repository has been cloned -func (i *interactor) Directory() string { - return i.dir -} - -// Clean cleans up the repository from the on-disk cache -func (i *interactor) Clean() error { - return os.RemoveAll(i.dir) -} - -// ResetHard runs `git reset --hard` -func (i *interactor) ResetHard(commitlike string) error { - // `git reset --hard` doesn't cleanup untracked file - i.logger.Info("Clean untracked files and dirs.") - if out, err := i.executor.Run("clean", "-df"); err != nil { - return fmt.Errorf("error clean -df: %v. output: %s", err, string(out)) - } - i.logger.WithField("commitlike", commitlike).Info("Reset hard.") - if out, err := i.executor.Run("reset", "--hard", commitlike); err != nil { - return fmt.Errorf("error reset hard %s: %v. output: %s", commitlike, err, string(out)) - } - return nil -} - -// IsDirty checks whether the repo is dirty or not -func (i *interactor) IsDirty() (bool, error) { - i.logger.Info("Checking is dirty.") - b, err := i.executor.Run("status", "--porcelain") - if err != nil { - return false, fmt.Errorf("error add -A: %v. output: %s", err, string(b)) - } - return len(b) > 0, nil -} - -// Clone clones the repository from a local path. -func (i *interactor) Clone(from string) error { - i.logger.Infof("Creating a clone of the repo at %s from %s", i.dir, from) - if out, err := i.executor.Run("clone", from, i.dir); err != nil { - return fmt.Errorf("error creating a clone: %w %v", err, string(out)) - } - return nil -} - -// MirrorClone sets up a mirror of the source repository. -func (i *interactor) MirrorClone() error { - i.logger.Infof("Creating a mirror of the repo at %s", i.dir) - remote, err := i.remote() - if err != nil { - return fmt.Errorf("could not resolve remote for cloning: %w", err) - } - if out, err := i.executor.Run("clone", "--mirror", remote, i.dir); err != nil { - return fmt.Errorf("error creating a mirror clone: %w %v", err, string(out)) - } - return nil -} - -// Checkout runs git checkout. -func (i *interactor) Checkout(commitlike string) error { - i.logger.Infof("Checking out %q", commitlike) - if out, err := i.executor.Run("checkout", commitlike); err != nil { - return fmt.Errorf("error checking out %q: %w %v", commitlike, err, string(out)) - } - return nil -} - -// RevParse runs git rev-parse. -func (i *interactor) RevParse(commitlike string) (string, error) { - i.logger.Infof("Parsing revision %q", commitlike) - out, err := i.executor.Run("rev-parse", commitlike) - if err != nil { - return "", fmt.Errorf("error parsing %q: %w %v", commitlike, err, string(out)) - } - return string(out), nil -} - -// BranchExists returns true if branch exists in heads. -func (i *interactor) BranchExists(branch string) bool { - i.logger.Infof("Checking if branch %q exists", branch) - _, err := i.executor.Run("ls-remote", "--exit-code", "--heads", "origin", branch) - return err == nil -} - -func (i *interactor) CommitExists(sha string) (bool, error) { - i.logger.WithField("SHA", sha).Info("Checking if SHA exists") - _, err := i.executor.Run("branch", "--contains", sha) - if err != nil && strings.Contains(err.Error(), "no such commit") { - return false, nil - } else if err != nil { - return false, fmt.Errorf("Unable to check if commit exists: %v", err) - } - return true, nil - -} - -// CheckoutNewBranch creates a new branch and checks it out. -func (i *interactor) CheckoutNewBranch(branch string) error { - i.logger.Infof("Checking out new branch %q", branch) - if out, err := i.executor.Run("checkout", "-b", branch); err != nil { - return fmt.Errorf("error checking out new branch %q: %w %v", branch, err, string(out)) - } - return nil -} - -// Merge attempts to merge commitlike into the current branch. It returns true -// if the merge completes. It returns an error if the abort fails. -func (i *interactor) Merge(commitlike string) (bool, error) { - return i.MergeWithStrategy(commitlike, "merge") -} - -// MergeWithStrategy attempts to merge commitlike into the current branch given the merge strategy. -// It returns true if the merge completes. if the merge does not complete successfully, we try to -// abort it and return an error if the abort fails. -func (i *interactor) MergeWithStrategy(commitlike, mergeStrategy string, opts ...MergeOpt) (bool, error) { - i.logger.Infof("Merging %q using the %q strategy", commitlike, mergeStrategy) - switch mergeStrategy { - case "merge": - return i.mergeMerge(commitlike, opts...) - case "squash": - return i.squashMerge(commitlike) - case "rebase": - return i.mergeRebase(commitlike) - case "ifNecessary": - return i.mergeIfNecessary(commitlike, opts...) - default: - return false, fmt.Errorf("merge strategy %q is not supported", mergeStrategy) - } -} - -func (i *interactor) mergeHelper(args []string, commitlike string, opts ...MergeOpt) (bool, error) { - if len(opts) == 0 { - args = append(args, []string{"-m", "merge"}...) - } else { - for _, opt := range opts { - args = append(args, []string{"-m", opt.CommitMessage}...) - } - } - - args = append(args, commitlike) - - out, err := i.executor.Run(args...) - if err == nil { - return true, nil - } - i.logger.WithError(err).Warnf("Error merging %q: %s", commitlike, string(out)) - if out, err := i.executor.Run("merge", "--abort"); err != nil { - return false, fmt.Errorf("error aborting merge of %q: %w %v", commitlike, err, string(out)) - } - return false, nil -} - -func (i *interactor) mergeMerge(commitlike string, opts ...MergeOpt) (bool, error) { - args := []string{"merge", "--no-ff", "--no-stat"} - return i.mergeHelper(args, commitlike, opts...) -} - -func (i *interactor) mergeIfNecessary(commitlike string, opts ...MergeOpt) (bool, error) { - args := []string{"merge", "--ff", "--no-stat"} - return i.mergeHelper(args, commitlike, opts...) -} - -func (i *interactor) squashMerge(commitlike string) (bool, error) { - out, err := i.executor.Run("merge", "--squash", "--no-stat", commitlike) - if err != nil { - i.logger.WithError(err).Warnf("Error staging merge for %q: %s", commitlike, string(out)) - if out, err := i.executor.Run("reset", "--hard", "HEAD"); err != nil { - return false, fmt.Errorf("error aborting merge of %q: %w %v", commitlike, err, string(out)) - } - return false, nil - } - out, err = i.executor.Run("commit", "--no-stat", "-m", "merge") - if err != nil { - i.logger.WithError(err).Warnf("Error committing merge for %q: %s", commitlike, string(out)) - if out, err := i.executor.Run("reset", "--hard", "HEAD"); err != nil { - return false, fmt.Errorf("error aborting merge of %q: %w %v", commitlike, err, string(out)) - } - return false, nil - } - return true, nil -} - -func (i *interactor) mergeRebase(commitlike string) (bool, error) { - if commitlike == "" { - return false, errors.New("branch must be set") - } - - headRev, err := i.revParse("HEAD") - if err != nil { - i.logger.WithError(err).Infof("Failed to parse HEAD revision") - return false, err - } - headRev = strings.TrimSuffix(headRev, "\n") - - b, err := i.executor.Run("rebase", "--no-stat", headRev, commitlike) - if err != nil { - i.logger.WithField("out", string(b)).WithError(err).Infof("Rebase failed.") - if b, err := i.executor.Run("rebase", "--abort"); err != nil { - return false, fmt.Errorf("error aborting after failed rebase for commitlike %s: %v. output: %s", commitlike, err, string(b)) - } - return false, nil - } - return true, nil -} - -func (i *interactor) revParse(args ...string) (string, error) { - fullArgs := append([]string{"rev-parse"}, args...) - b, err := i.executor.Run(fullArgs...) - if err != nil { - return "", errors.New(string(b)) - } - return string(b), nil -} - -// Only the `merge` and `squash` strategies are supported. -func (i *interactor) MergeAndCheckout(baseSHA string, mergeStrategy string, headSHAs ...string) error { - if baseSHA == "" { - return errors.New("baseSHA must be set") - } - if err := i.Checkout(baseSHA); err != nil { - return err - } - for _, headSHA := range headSHAs { - ok, err := i.MergeWithStrategy(headSHA, mergeStrategy) - if err != nil { - return err - } else if !ok { - return fmt.Errorf("failed to merge %q", headSHA) - } - } - return nil -} - -// Am tries to apply the patch in the given path into the current branch -// by performing a three-way merge (similar to git cherry-pick). It returns -// an error if the patch cannot be applied. -func (i *interactor) Am(path string) error { - i.logger.Infof("Applying patch at %s", path) - out, err := i.executor.Run("am", "--3way", path) - if err == nil { - return nil - } - i.logger.WithError(err).Infof("Patch apply failed with output: %s", string(out)) - if abortOut, abortErr := i.executor.Run("am", "--abort"); err != nil { - i.logger.WithError(abortErr).Warningf("Aborting patch apply failed with output: %s", string(abortOut)) - } - return errors.New(string(bytes.TrimPrefix(out, []byte("The copy of the patch that failed is found in: .git/rebase-apply/patch")))) -} - -// RemoteUpdate fetches all updates from the remote. -func (i *interactor) RemoteUpdate() error { - i.logger.Info("Updating from remote") - if out, err := i.executor.Run("remote", "update", "--prune"); err != nil { - return fmt.Errorf("error updating: %w %v", err, string(out)) - } - return nil -} - -// Fetch fetches all updates from the remote. -func (i *interactor) Fetch(arg ...string) error { - remote, err := i.remote() - if err != nil { - return fmt.Errorf("could not resolve remote for fetching: %w", err) - } - arg = append([]string{"fetch", remote}, arg...) - i.logger.Infof("Fetching from %s", remote) - if out, err := i.executor.Run(arg...); err != nil { - return fmt.Errorf("error fetching: %w %v", err, string(out)) - } - return nil -} - -// FetchRef fetches a refspec from the remote and leaves it as FETCH_HEAD. -func (i *interactor) FetchRef(refspec string) error { - remote, err := i.remote() - if err != nil { - return fmt.Errorf("could not resolve remote for fetching: %w", err) - } - i.logger.Infof("Fetching %q from %s", refspec, remote) - if out, err := i.executor.Run("fetch", remote, refspec); err != nil { - return fmt.Errorf("error fetching %q: %w %v", refspec, err, string(out)) - } - return nil -} - -// FetchFromRemote fetches all update from a specific remote and branch and leaves it as FETCH_HEAD. -func (i *interactor) FetchFromRemote(remote RemoteResolver, branch string) error { - r, err := remote() - if err != nil { - return fmt.Errorf("couldn't get remote: %w", err) - } - - i.logger.Infof("Fetching %s from %s", branch, r) - if out, err := i.executor.Run("fetch", r, branch); err != nil { - return fmt.Errorf("error fetching %s from %s: %w %v", branch, r, err, string(out)) - } - return nil -} - -// CheckoutPullRequest fetches the HEAD of a pull request using a synthetic refspec -// available on GitHub remotes and creates a branch at that commit. -func (i *interactor) CheckoutPullRequest(number int) error { - i.logger.Infof("Checking out pull request %d", number) - if err := i.FetchRef(fmt.Sprintf("pull/%d/head", number)); err != nil { - return err - } - if err := i.Checkout("FETCH_HEAD"); err != nil { - return err - } - if err := i.CheckoutNewBranch(fmt.Sprintf("pull%d", number)); err != nil { - return err - } - return nil -} - -// Config runs git config. -func (i *interactor) Config(args ...string) error { - i.logger.WithField("args", args).Info("Configuring.") - if out, err := i.executor.Run(append([]string{"config"}, args...)...); err != nil { - return fmt.Errorf("error configuring %v: %w %v", args, err, string(out)) - } - return nil -} - -// Diff lists the difference between the two references, returning the output -// line by line. -func (i *interactor) Diff(head, sha string) ([]string, error) { - i.logger.Infof("Finding the differences between %q and %q", head, sha) - out, err := i.executor.Run("diff", head, sha, "--name-only") - if err != nil { - return nil, err - } - var changes []string - scan := bufio.NewScanner(bytes.NewReader(out)) - scan.Split(bufio.ScanLines) - for scan.Scan() { - changes = append(changes, scan.Text()) - } - return changes, nil -} - -// MergeCommitsExistBetween runs 'git log .. --merged' to verify -// if merge commits exist between "target" and "head". -func (i *interactor) MergeCommitsExistBetween(target, head string) (bool, error) { - i.logger.Infof("Determining if merge commits exist between %q and %q", target, head) - out, err := i.executor.Run("log", fmt.Sprintf("%s..%s", target, head), "--oneline", "--merges") - if err != nil { - return false, fmt.Errorf("error verifying if merge commits exist between %q and %q: %v %s", target, head, err, string(out)) - } - return len(out) != 0, nil -} - -func (i *interactor) ShowRef(commitlike string) (string, error) { - i.logger.Infof("Getting the commit sha for commitlike %s", commitlike) - out, err := i.executor.Run("show-ref", "-s", commitlike) - if err != nil { - return "", fmt.Errorf("failed to get commit sha for commitlike %s: %w", commitlike, err) - } - return strings.TrimSpace(string(out)), nil -} diff --git a/third_party/k8s.io/test-infra/prow/git/v2/publisher.go b/third_party/k8s.io/test-infra/prow/git/v2/publisher.go deleted file mode 100644 index 72752fd..0000000 --- a/third_party/k8s.io/test-infra/prow/git/v2/publisher.go +++ /dev/null @@ -1,114 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package git - -import ( - "errors" - "fmt" - - "github.com/sirupsen/logrus" -) - -// Publisher knows how to publish local work to a remote -type Publisher interface { - // Commit stages all changes and commits them with the message - Commit(title, body string) error - // PushToFork pushes the local state to the fork remote - PushToFork(branch string, force bool) error - // PushToNamedFork is used for when the fork has a different name than the original repp - PushToNamedFork(forkName, branch string, force bool) error - // PushToCentral pushes the local state to the central remote - PushToCentral(branch string, force bool) error -} - -// GitUserGetter fetches a name and email for us in git commits on-demand -type GitUserGetter func() (name, email string, err error) - -type remotes struct { - publishRemote RemoteResolver - centralRemote RemoteResolver -} - -type publisher struct { - executor executor - remotes remotes - info GitUserGetter - logger *logrus.Entry -} - -// Commit adds all of the current content to the index and creates a commit -func (p *publisher) Commit(title, body string) error { - p.logger.Infof("Committing changes with title %q", title) - name, email, err := p.info() - if err != nil { - return err - } - commands := [][]string{ - {"add", "--all"}, - {"commit", "--message", title, "--message", body, "--author", fmt.Sprintf("%s <%s>", name, email)}, - } - for _, command := range commands { - if out, err := p.executor.Run(command...); err != nil { - return fmt.Errorf("error committing %q: %w %v", title, err, string(out)) - } - } - return nil -} - -func (p *publisher) PushToNamedFork(forkName, branch string, force bool) error { - return errors.New("pushToNamedFork is not implemented in the v2 client") -} - -// PublishPush pushes the local state to the publish remote -func (p *publisher) PushToFork(branch string, force bool) error { - remote, err := p.remotes.publishRemote() - if err != nil { - return err - } - - args := []string{"push"} - if force { - args = append(args, "--force") - } - args = append(args, []string{remote, branch}...) - - p.logger.Infof("Pushing branch %q to %q", branch, remote) - if out, err := p.executor.Run(args...); err != nil { - return fmt.Errorf("error pushing %q: %w %v", branch, err, string(out)) - } - return nil -} - -// CentralPush pushes the local state to the central remote -func (p *publisher) PushToCentral(branch string, force bool) error { - remote, err := p.remotes.centralRemote() - if err != nil { - return err - } - - args := []string{"push"} - if force { - args = append(args, "--force") - } - args = append(args, []string{remote, branch}...) - - p.logger.Infof("Pushing branch %q to %q", branch, remote) - if out, err := p.executor.Run(args...); err != nil { - return fmt.Errorf("error pushing %q: %w %v", branch, err, string(out)) - } - return nil -} diff --git a/third_party/k8s.io/test-infra/prow/git/v2/remote.go b/third_party/k8s.io/test-infra/prow/git/v2/remote.go deleted file mode 100644 index a62e052..0000000 --- a/third_party/k8s.io/test-infra/prow/git/v2/remote.go +++ /dev/null @@ -1,166 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package git - -import ( - "errors" - "fmt" - "net/url" - "path" - - gerritsource "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/gerrit/source" -) - -// RemoteResolverFactory knows how to construct remote resolvers for -// authoritative central remotes (to pull from) and publish remotes -// (to push to) for a repository. These resolvers are called at run-time -// to determine remotes for git commands. -type RemoteResolverFactory interface { - // CentralRemote returns a resolver for a remote server with an - // authoritative version of the repository. This type of remote - // is useful for fetching refs and cloning. - CentralRemote(org, repo string) RemoteResolver - // PublishRemote returns a resolver for a remote server with a - // personal fork of the repository. This type of remote is most - // useful for publishing local changes. - PublishRemote(org, repo string) RemoteResolver -} - -// RemoteResolver knows how to construct a remote URL for git calls -type RemoteResolver func() (string, error) - -// LoginGetter fetches a GitHub login on-demand -type LoginGetter func() (login string, err error) - -// TokenGetter fetches a GitHub OAuth token on-demand -type TokenGetter func() []byte - -type sshRemoteResolverFactory struct { - host string - username LoginGetter -} - -// CentralRemote creates a remote resolver that refers to an authoritative remote -// for the repository. -func (f *sshRemoteResolverFactory) CentralRemote(org, repo string) RemoteResolver { - remote := fmt.Sprintf("git@%s:%s/%s.git", f.host, org, repo) - return func() (string, error) { - return remote, nil - } -} - -// PublishRemote creates a remote resolver that refers to a user's remote -// for the repository that can be published to. -func (f *sshRemoteResolverFactory) PublishRemote(_, repo string) RemoteResolver { - return func() (string, error) { - org, err := f.username() - if err != nil { - return "", err - } - return fmt.Sprintf("git@%s:%s/%s.git", f.host, org, repo), nil - } -} - -type httpResolverFactory struct { - host string - // Optional, either both or none must be set - username LoginGetter - token TokenGetter -} - -// CentralRemote creates a remote resolver that refers to an authoritative remote -// for the repository. -func (f *httpResolverFactory) CentralRemote(org, repo string) RemoteResolver { - return HttpResolver(func() (*url.URL, error) { - return &url.URL{Scheme: "https", Host: f.host, Path: fmt.Sprintf("%s/%s", org, repo)}, nil - }, f.username, f.token) -} - -// PublishRemote creates a remote resolver that refers to a user's remote -// for the repository that can be published to. -func (f *httpResolverFactory) PublishRemote(_, repo string) RemoteResolver { - return HttpResolver(func() (*url.URL, error) { - if f.username == nil { - return nil, errors.New("username not configured, no publish repo available") - } - o, err := f.username() - if err != nil { - return nil, err - } - return &url.URL{Scheme: "https", Host: f.host, Path: fmt.Sprintf("%s/%s", o, repo)}, nil - }, f.username, f.token) -} - -// HttpResolver builds http URLs that may optionally contain simple auth credentials, resolved dynamically. -func HttpResolver(remote func() (*url.URL, error), username LoginGetter, token TokenGetter) RemoteResolver { - return func() (string, error) { - remote, err := remote() - if err != nil { - return "", fmt.Errorf("could not resolve remote: %w", err) - } - - if username != nil { - name, err := username() - if err != nil { - return "", fmt.Errorf("could not resolve username: %w", err) - } - remote.User = url.UserPassword(name, string(token())) - } - - return remote.String(), nil - } -} - -// pathResolverFactory generates resolvers for local path-based repositories, -// used in local integration testing only -type pathResolverFactory struct { - baseDir string -} - -// CentralRemote creates a remote resolver that refers to an authoritative remote -// for the repository. -func (f *pathResolverFactory) CentralRemote(org, repo string) RemoteResolver { - return func() (string, error) { - return path.Join(f.baseDir, org, repo), nil - } -} - -// PublishRemote creates a remote resolver that refers to a user's remote -// for the repository that can be published to. -func (f *pathResolverFactory) PublishRemote(org, repo string) RemoteResolver { - return func() (string, error) { - return path.Join(f.baseDir, org, repo), nil - } -} - -// gerritResolverFactory is meant to be used by Gerrit only. It's so different -// from GitHub that there is no way any of the remotes logic can be shared -// between these two providers. The resulting CentralRemote and PublishRemote -// are both the clone URI. -type gerritResolverFactory struct{} - -func (f *gerritResolverFactory) CentralRemote(org, repo string) RemoteResolver { - return func() (string, error) { - return gerritsource.CloneURIFromOrgRepo(org, repo), nil - } -} - -func (f *gerritResolverFactory) PublishRemote(org, repo string) RemoteResolver { - return func() (string, error) { - return gerritsource.CloneURIFromOrgRepo(org, repo), nil - } -} diff --git a/third_party/k8s.io/test-infra/prow/github/README.md b/third_party/k8s.io/test-infra/prow/github/README.md deleted file mode 100644 index 3a03047..0000000 --- a/third_party/k8s.io/test-infra/prow/github/README.md +++ /dev/null @@ -1,10 +0,0 @@ -DOCUMENTATION DEPRECATION NOTICE: This file is deprecated. Please refer to the -[new migrated -location](https://docs.prow.k8s.io/docs/github/). -Please do not edit this file; instead, make changes to the new location! - -The new location is served on the web at -https://docs.prow.k8s.io/docs/. - -This file will be deleted on 2023-02-28. - diff --git a/third_party/k8s.io/test-infra/prow/github/app_auth_roundtripper.go b/third_party/k8s.io/test-infra/prow/github/app_auth_roundtripper.go deleted file mode 100644 index 8b9af3c..0000000 --- a/third_party/k8s.io/test-infra/prow/github/app_auth_roundtripper.go +++ /dev/null @@ -1,283 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package github - -import ( - "context" - "crypto/rsa" - "fmt" - "net/http" - "net/url" - "reflect" - "regexp" - "runtime/debug" - "strings" - "sync" - "time" - - jwt "github.com/dgrijalva/jwt-go/v4" - - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/ghproxy/ghcache" -) - -const ( - githubOrgHeaderKey = "X-PROW-GITHUB-ORG" -) - -type appGitHubClient interface { - ListAppInstallations() ([]AppInstallation, error) - getAppInstallationToken(installationId int64) (*AppInstallationToken, error) - GetApp() (*App, error) -} - -func newAppsRoundTripper(appID string, privateKey func() *rsa.PrivateKey, upstream http.RoundTripper, githubClient appGitHubClient, v3BaseURLs []string) (*appsRoundTripper, error) { - roundTripper := &appsRoundTripper{ - appID: appID, - privateKey: privateKey, - upstream: upstream, - githubClient: githubClient, - hostPrefixMapping: make(map[string]string, len(v3BaseURLs)), - } - for _, baseURL := range v3BaseURLs { - url, err := url.Parse(baseURL) - if err != nil { - return nil, fmt.Errorf("failed to parse github-endpoint %s as URL: %w", baseURL, err) - } - roundTripper.hostPrefixMapping[url.Host] = url.Path - } - - return roundTripper, nil -} - -type appsRoundTripper struct { - appID string - appSlug string - appSlugLock sync.Mutex - privateKey func() *rsa.PrivateKey - installationLock sync.RWMutex - installations map[string]AppInstallation - tokenLock sync.RWMutex - tokens map[int64]*AppInstallationToken - upstream http.RoundTripper - githubClient appGitHubClient - hostPrefixMapping map[string]string -} - -// appsAuthError is returned by the appsRoundTripper if any issues were encountered -// trying to authorize the request. It signals the client to not retry. -type appsAuthError struct { - error -} - -func (*appsAuthError) Is(target error) bool { - _, ok := target.(*appsAuthError) - return ok -} - -func (arr *appsRoundTripper) canonicalizedPath(url *url.URL) string { - return strings.TrimPrefix(url.Path, arr.hostPrefixMapping[url.Host]) -} - -var installationPath = regexp.MustCompile(`^/repos/[^/]+/[^/]+/installation$`) - -func (arr *appsRoundTripper) RoundTrip(r *http.Request) (*http.Response, error) { - path := arr.canonicalizedPath(r.URL) - // We need to use a JWT when we are getting /app/* endpoints or installation information for a particular repo - if strings.HasPrefix(path, "/app") || installationPath.MatchString(path) { - if err := arr.addAppAuth(r); err != nil { - return nil, err - } - } else if err := arr.addAppInstallationAuth(r); err != nil { - return nil, err - } - - return arr.upstream.RoundTrip(r) -} - -// TimeNow is exposed so that it can be mocked by unit test, to ensure that -// addAppAuth always return consistent token when needed. -// DO NOT use it in prod -var TimeNow = func() time.Time { - return time.Now().UTC() -} - -func (arr *appsRoundTripper) addAppAuth(r *http.Request) *appsAuthError { - now := TimeNow() - expiresAt := now.Add(10 * time.Minute) - token, err := jwt.NewWithClaims(jwt.SigningMethodRS256, &jwt.StandardClaims{ - IssuedAt: jwt.NewTime(float64(now.Unix())), - ExpiresAt: jwt.NewTime(float64(expiresAt.Unix())), - Issuer: arr.appID, - }).SignedString(arr.privateKey()) - if err != nil { - return &appsAuthError{fmt.Errorf("failed to generate jwt: %w", err)} - } - - r.Header.Set("Authorization", "Bearer "+token) - r.Header.Set(ghcache.TokenExpiryAtHeader, expiresAt.Format(time.RFC3339)) - - // We call the /app endpoint to resolve the slug, so we can't set it there - if arr.canonicalizedPath(r.URL) == "/app" { - r.Header.Set(ghcache.TokenBudgetIdentifierHeader, arr.appID) - } else { - slug, err := arr.getSlug() - if err != nil { - return &appsAuthError{err} - } - r.Header.Set(ghcache.TokenBudgetIdentifierHeader, slug) - } - return nil -} - -func extractOrgFromContext(ctx context.Context) string { - var org string - if v := ctx.Value(githubOrgHeaderKey); v != nil { - org = v.(string) - } - return org -} - -func (arr *appsRoundTripper) addAppInstallationAuth(r *http.Request) *appsAuthError { - org := extractOrgFromContext(r.Context()) - if org == "" { - return &appsAuthError{fmt.Errorf("BUG apps auth requested but empty org, please report this to the test-infra repo. Stack: %s", string(debug.Stack()))} - } - - token, expiresAt, err := arr.installationTokenFor(org) - if err != nil { - return &appsAuthError{err} - } - - r.Header.Set("Authorization", "Bearer "+token) - r.Header.Set(ghcache.TokenExpiryAtHeader, expiresAt.Format(time.RFC3339)) - slug, err := arr.getSlug() - if err != nil { - return &appsAuthError{err} - } - - // Token budgets are set on organization level, so include it in the identifier - // to not mess up metrics. - r.Header.Set(ghcache.TokenBudgetIdentifierHeader, slug+" - "+org) - - return nil -} - -func (arr *appsRoundTripper) installationTokenFor(org string) (string, time.Time, error) { - installationID, err := arr.installationIDFor(org) - if err != nil { - return "", time.Time{}, fmt.Errorf("failed to get installation id for org %s: %w", org, err) - } - - token, expiresAt, err := arr.getTokenForInstallation(installationID) - if err != nil { - return "", time.Time{}, fmt.Errorf("failed to get an installation token for org %s: %w", org, err) - } - - return token, expiresAt, nil -} - -// installationIDFor returns the installation id for the given org. Unfortunately, -// GitHub does not expose what repos in that org the app is installed in, it -// only tells us if its all repos or a subset via the repository_selection -// property. -// Ref: https://docs.github.com/en/free-pro-team@latest/rest/reference/apps#list-installations-for-the-authenticated-app -func (arr *appsRoundTripper) installationIDFor(org string) (int64, error) { - arr.installationLock.RLock() - id, found := arr.installations[org] - arr.installationLock.RUnlock() - if found { - return id.ID, nil - } - - arr.installationLock.Lock() - defer arr.installationLock.Unlock() - - // Check again in case a concurrent routine updated it while we waited for the lock - id, found = arr.installations[org] - if found { - return id.ID, nil - } - - installations, err := arr.githubClient.ListAppInstallations() - if err != nil { - return 0, fmt.Errorf("failed to list app installations: %w", err) - } - - installationsMap := make(map[string]AppInstallation, len(installations)) - for _, installation := range installations { - installationsMap[installation.Account.Login] = installation - } - - if equal := reflect.DeepEqual(arr.installations, installationsMap); equal { - return 0, fmt.Errorf("the github app is not installed in organization %s", org) - } - arr.installations = installationsMap - - id, found = installationsMap[org] - if !found { - return 0, fmt.Errorf("the github app is not installed in organization %s", org) - } - - return id.ID, nil -} - -func (arr *appsRoundTripper) getTokenForInstallation(installation int64) (string, time.Time, error) { - arr.tokenLock.RLock() - token, found := arr.tokens[installation] - arr.tokenLock.RUnlock() - - if found && token.ExpiresAt.Add(-time.Minute).After(time.Now()) { - return token.Token, token.ExpiresAt, nil - } - - arr.tokenLock.Lock() - defer arr.tokenLock.Unlock() - - // Check again in case a concurrent routine got a token while we waited for the lock - token, found = arr.tokens[installation] - if found && token.ExpiresAt.Add(-time.Minute).After(time.Now()) { - return token.Token, token.ExpiresAt, nil - } - - token, err := arr.githubClient.getAppInstallationToken(installation) - if err != nil { - return "", time.Time{}, fmt.Errorf("failed to get installation token from GitHub: %w", err) - } - - if arr.tokens == nil { - arr.tokens = map[int64]*AppInstallationToken{} - } - arr.tokens[installation] = token - - return token.Token, token.ExpiresAt, nil -} - -func (arr *appsRoundTripper) getSlug() (string, error) { - arr.appSlugLock.Lock() - defer arr.appSlugLock.Unlock() - - if arr.appSlug != "" { - return arr.appSlug, nil - } - response, err := arr.githubClient.GetApp() - if err != nil { - return "", err - } - - arr.appSlug = response.Slug - return arr.appSlug, nil -} diff --git a/third_party/k8s.io/test-infra/prow/github/client.go b/third_party/k8s.io/test-infra/prow/github/client.go deleted file mode 100644 index 44348a0..0000000 --- a/third_party/k8s.io/test-infra/prow/github/client.go +++ /dev/null @@ -1,5178 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package github - -import ( - "bytes" - "context" - "crypto/rsa" - "crypto/sha256" - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "io" - "net/http" - "net/url" - "regexp" - "strconv" - "strings" - "sync" - "sync/atomic" - "time" - - "github.com/prometheus/client_golang/prometheus" - githubql "github.com/shurcooL/githubv4" - "github.com/sirupsen/logrus" - "golang.org/x/oauth2" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/sets" - - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/ghproxy/ghcache" - "github.com/uwu-tools/peribolos/third_party/k8s.io/test-infra/prow/version" -) - -type timeClient interface { - Sleep(time.Duration) - Until(time.Time) time.Duration -} - -type standardTime struct{} - -func (s *standardTime) Sleep(d time.Duration) { - time.Sleep(d) -} -func (s *standardTime) Until(t time.Time) time.Duration { - return time.Until(t) -} - -// OrganizationClient interface for organisation related API actions -type OrganizationClient interface { - IsMember(org, user string) (bool, error) - GetOrg(name string) (*Organization, error) - EditOrg(name string, config Organization) (*Organization, error) - ListOrgInvitations(org string) ([]OrgInvitation, error) - ListOrgMembers(org, role string) ([]TeamMember, error) - HasPermission(org, repo, user string, roles ...string) (bool, error) - GetUserPermission(org, repo, user string) (string, error) - UpdateOrgMembership(org, user string, admin bool) (*OrgMembership, error) - RemoveOrgMembership(org, user string) error -} - -// HookClient interface for hook related API actions -type HookClient interface { - ListOrgHooks(org string) ([]Hook, error) - ListRepoHooks(org, repo string) ([]Hook, error) - EditRepoHook(org, repo string, id int, req HookRequest) error - EditOrgHook(org string, id int, req HookRequest) error - CreateOrgHook(org string, req HookRequest) (int, error) - CreateRepoHook(org, repo string, req HookRequest) (int, error) - DeleteOrgHook(org string, id int, req HookRequest) error - DeleteRepoHook(org, repo string, id int, req HookRequest) error - ListCurrentUserRepoInvitations() ([]UserRepoInvitation, error) - AcceptUserRepoInvitation(invitationID int) error - ListCurrentUserOrgInvitations() ([]UserOrgInvitation, error) - AcceptUserOrgInvitation(org string) error -} - -// CommentClient interface for comment related API actions -type CommentClient interface { - CreateComment(org, repo string, number int, comment string) error - CreateCommentWithContext(ctx context.Context, org, repo string, number int, comment string) error - DeleteComment(org, repo string, id int) error - DeleteCommentWithContext(ctx context.Context, org, repo string, id int) error - EditComment(org, repo string, id int, comment string) error - EditCommentWithContext(ctx context.Context, org, repo string, id int, comment string) error - CreateCommentReaction(org, repo string, id int, reaction string) error - DeleteStaleComments(org, repo string, number int, comments []IssueComment, isStale func(IssueComment) bool) error - DeleteStaleCommentsWithContext(ctx context.Context, org, repo string, number int, comments []IssueComment, isStale func(IssueComment) bool) error -} - -// IssueClient interface for issue related API actions -type IssueClient interface { - CreateIssue(org, repo, title, body string, milestone int, labels, assignees []string) (int, error) - CreateIssueReaction(org, repo string, id int, reaction string) error - ListIssueComments(org, repo string, number int) ([]IssueComment, error) - ListIssueCommentsWithContext(ctx context.Context, org, repo string, number int) ([]IssueComment, error) - GetIssueLabels(org, repo string, number int) ([]Label, error) - ListIssueEvents(org, repo string, num int) ([]ListedIssueEvent, error) - AssignIssue(org, repo string, number int, logins []string) error - UnassignIssue(org, repo string, number int, logins []string) error - CloseIssue(org, repo string, number int) error - CloseIssueAsNotPlanned(org, repo string, number int) error - ReopenIssue(org, repo string, number int) error - FindIssues(query, sort string, asc bool) ([]Issue, error) - FindIssuesWithOrg(org, query, sort string, asc bool) ([]Issue, error) - ListOpenIssues(org, repo string) ([]Issue, error) - GetIssue(org, repo string, number int) (*Issue, error) - EditIssue(org, repo string, number int, issue *Issue) (*Issue, error) -} - -// PullRequestClient interface for pull request related API actions -type PullRequestClient interface { - GetPullRequests(org, repo string) ([]PullRequest, error) - GetPullRequest(org, repo string, number int) (*PullRequest, error) - EditPullRequest(org, repo string, number int, pr *PullRequest) (*PullRequest, error) - GetPullRequestPatch(org, repo string, number int) ([]byte, error) - CreatePullRequest(org, repo, title, body, head, base string, canModify bool) (int, error) - UpdatePullRequest(org, repo string, number int, title, body *string, open *bool, branch *string, canModify *bool) error - GetPullRequestChanges(org, repo string, number int) ([]PullRequestChange, error) - ListPullRequestComments(org, repo string, number int) ([]ReviewComment, error) - CreatePullRequestReviewComment(org, repo string, number int, rc ReviewComment) error - ListReviews(org, repo string, number int) ([]Review, error) - ClosePR(org, repo string, number int) error - ReopenPR(org, repo string, number int) error - CreateReview(org, repo string, number int, r DraftReview) error - RequestReview(org, repo string, number int, logins []string) error - UnrequestReview(org, repo string, number int, logins []string) error - Merge(org, repo string, pr int, details MergeDetails) error - IsMergeable(org, repo string, number int, SHA string) (bool, error) - ListPRCommits(org, repo string, number int) ([]RepositoryCommit, error) - UpdatePullRequestBranch(org, repo string, number int, expectedHeadSha *string) error -} - -// CommitClient interface for commit related API actions -type CommitClient interface { - CreateStatus(org, repo, SHA string, s Status) error - CreateStatusWithContext(ctx context.Context, org, repo, SHA string, s Status) error - ListStatuses(org, repo, ref string) ([]Status, error) - GetSingleCommit(org, repo, SHA string) (RepositoryCommit, error) - GetCombinedStatus(org, repo, ref string) (*CombinedStatus, error) - ListCheckRuns(org, repo, ref string) (*CheckRunList, error) - GetRef(org, repo, ref string) (string, error) - DeleteRef(org, repo, ref string) error - ListFileCommits(org, repo, path string) ([]RepositoryCommit, error) - CreateCheckRun(org, repo string, checkRun CheckRun) error -} - -// RepositoryClient interface for repository related API actions -type RepositoryClient interface { - GetRepo(owner, name string) (FullRepo, error) - GetRepos(org string, isUser bool) ([]Repo, error) - GetBranches(org, repo string, onlyProtected bool) ([]Branch, error) - GetBranchProtection(org, repo, branch string) (*BranchProtection, error) - RemoveBranchProtection(org, repo, branch string) error - UpdateBranchProtection(org, repo, branch string, config BranchProtectionRequest) error - AddRepoLabel(org, repo, label, description, color string) error - UpdateRepoLabel(org, repo, label, newName, description, color string) error - DeleteRepoLabel(org, repo, label string) error - GetRepoLabels(org, repo string) ([]Label, error) - AddLabel(org, repo string, number int, label string) error - AddLabelWithContext(ctx context.Context, org, repo string, number int, label string) error - AddLabels(org, repo string, number int, labels ...string) error - AddLabelsWithContext(ctx context.Context, org, repo string, number int, labels ...string) error - RemoveLabel(org, repo string, number int, label string) error - RemoveLabelWithContext(ctx context.Context, org, repo string, number int, label string) error - WasLabelAddedByHuman(org, repo string, number int, label string) (bool, error) - GetFile(org, repo, filepath, commit string) ([]byte, error) - GetDirectory(org, repo, dirpath, commit string) ([]DirectoryContent, error) - IsCollaborator(org, repo, user string) (bool, error) - ListCollaborators(org, repo string) ([]User, error) - CreateFork(owner, repo string) (string, error) - EnsureFork(forkingUser, org, repo string) (string, error) - ListRepoTeams(org, repo string) ([]Team, error) - CreateRepo(owner string, isUser bool, repo RepoCreateRequest) (*FullRepo, error) - UpdateRepo(owner, name string, repo RepoUpdateRequest) (*FullRepo, error) -} - -// TeamClient interface for team related API actions -type TeamClient interface { - CreateTeam(org string, team Team) (*Team, error) - EditTeam(org string, t Team) (*Team, error) - DeleteTeam(org string, id int) error - DeleteTeamBySlug(org, teamSlug string) error - ListTeams(org string) ([]Team, error) - UpdateTeamMembership(org string, id int, user string, maintainer bool) (*TeamMembership, error) - UpdateTeamMembershipBySlug(org, teamSlug, user string, maintainer bool) (*TeamMembership, error) - RemoveTeamMembership(org string, id int, user string) error - RemoveTeamMembershipBySlug(org, teamSlug, user string) error - ListTeamMembers(org string, id int, role string) ([]TeamMember, error) - ListTeamMembersBySlug(org, teamSlug, role string) ([]TeamMember, error) - ListTeamRepos(org string, id int) ([]Repo, error) - ListTeamReposBySlug(org, teamSlug string) ([]Repo, error) - UpdateTeamRepo(id int, org, repo string, permission TeamPermission) error - UpdateTeamRepoBySlug(org, teamSlug, repo string, permission TeamPermission) error - RemoveTeamRepo(id int, org, repo string) error - RemoveTeamRepoBySlug(org, teamSlug, repo string) error - ListTeamInvitations(org string, id int) ([]OrgInvitation, error) - ListTeamInvitationsBySlug(org, teamSlug string) ([]OrgInvitation, error) - TeamHasMember(org string, teamID int, memberLogin string) (bool, error) - TeamBySlugHasMember(org string, teamSlug string, memberLogin string) (bool, error) - GetTeamBySlug(slug string, org string) (*Team, error) -} - -// UserClient interface for user related API actions -type UserClient interface { - // BotUser will return details about the user the client runs as. Use BotUserChecker() - // instead when checking for comment authorship, as the Username in comments might have - // a [bot] suffix when using github apps authentication. - BotUser() (*UserData, error) - // BotUserChecker can be used to check if a comment was authored by the bot user. - BotUserChecker() (func(candidate string) bool, error) - BotUserCheckerWithContext(ctx context.Context) (func(candidate string) bool, error) - Email() (string, error) -} - -// ProjectClient interface for project related API actions -type ProjectClient interface { - GetRepoProjects(owner, repo string) ([]Project, error) - GetOrgProjects(org string) ([]Project, error) - GetProjectColumns(org string, projectID int) ([]ProjectColumn, error) - CreateProjectCard(org string, columnID int, projectCard ProjectCard) (*ProjectCard, error) - GetColumnProjectCards(org string, columnID int) ([]ProjectCard, error) - GetColumnProjectCard(org string, columnID int, issueURL string) (*ProjectCard, error) - MoveProjectCard(org string, projectCardID int, newColumnID int) error - DeleteProjectCard(org string, projectCardID int) error -} - -// MilestoneClient interface for milestone related API actions -type MilestoneClient interface { - ClearMilestone(org, repo string, num int) error - SetMilestone(org, repo string, issueNum, milestoneNum int) error - ListMilestones(org, repo string) ([]Milestone, error) -} - -// RerunClient interface for job rerun access check related API actions -type RerunClient interface { - TeamBySlugHasMember(org string, teamSlug string, memberLogin string) (bool, error) - TeamHasMember(org string, teamID int, memberLogin string) (bool, error) - IsCollaborator(org, repo, user string) (bool, error) - IsMember(org, user string) (bool, error) - GetIssueLabels(org, repo string, number int) ([]Label, error) -} - -// Client interface for GitHub API -type Client interface { - PullRequestClient - RepositoryClient - CommitClient - IssueClient - CommentClient - OrganizationClient - TeamClient - ProjectClient - MilestoneClient - UserClient - HookClient - ListAppInstallations() ([]AppInstallation, error) - IsAppInstalled(org, repo string) (bool, error) - UsesAppAuth() bool - ListAppInstallationsForOrg(org string) ([]AppInstallation, error) - GetApp() (*App, error) - GetAppWithContext(ctx context.Context) (*App, error) - GetFailedActionRunsByHeadBranch(org, repo, branchName, headSHA string) ([]WorkflowRun, error) - - Throttle(hourlyTokens, burst int, org ...string) error - QueryWithGitHubAppsSupport(ctx context.Context, q interface{}, vars map[string]interface{}, org string) error - MutateWithGitHubAppsSupport(ctx context.Context, m interface{}, input githubql.Input, vars map[string]interface{}, org string) error - - SetMax404Retries(int) - - WithFields(fields logrus.Fields) Client - ForPlugin(plugin string) Client - ForSubcomponent(subcomponent string) Client - Used() bool - TriggerGitHubWorkflow(org, repo string, id int) error -} - -// client interacts with the github api. It is reconstructed whenever -// ForPlugin/ForSubcomment is called to change the Logger and User-Agent -// header, whereas delegate will stay the same. -type client struct { - // If logger is non-nil, log all method calls with it. - logger *logrus.Entry - // identifier is used to add more identification to the user-agent header - identifier string - gqlc gqlClient - used bool - *delegate -} - -// delegate actually does the work to talk to GitHub -type delegate struct { - time timeClient - - maxRetries int - max404Retries int - maxSleepTime time.Duration - initialDelay time.Duration - - client httpClient - bases []string - dry bool - fake bool - usesAppsAuth bool - throttle throttler - getToken func() []byte - censor func([]byte) []byte - - mut sync.Mutex // protects botName and email - userData *UserData -} - -type UserData struct { - Name string - Login string - Email string -} - -// Used determines whether the client has been used -func (c *client) Used() bool { - return c.used -} - -// ForPlugin clones the client, keeping the underlying delegate the same but adding -// a plugin identifier and log field -func (c *client) ForPlugin(plugin string) Client { - return c.forKeyValue("plugin", plugin) -} - -// ForSubcomponent clones the client, keeping the underlying delegate the same but adding -// an identifier and log field -func (c *client) ForSubcomponent(subcomponent string) Client { - return c.forKeyValue("subcomponent", subcomponent) -} - -func (c *client) forKeyValue(key, value string) Client { - newClient := &client{ - identifier: value, - logger: c.logger.WithField(key, value), - delegate: c.delegate, - } - newClient.gqlc = c.gqlc.forUserAgent(newClient.userAgent()) - return newClient -} - -func (c *client) userAgent() string { - if c.identifier != "" { - return version.UserAgentWithIdentifier(c.identifier) - } - return version.UserAgent() -} - -// WithFields clones the client, keeping the underlying delegate the same but adding -// fields to the logging context -func (c *client) WithFields(fields logrus.Fields) Client { - return &client{ - logger: c.logger.WithFields(fields), - identifier: c.identifier, - gqlc: c.gqlc, - delegate: c.delegate, - } -} - -var ( - teamRe = regexp.MustCompile(`^(.*)/(.*)$`) -) - -const ( - acceptNone = "" - githubApiVersion = "2022-11-28" - - // MaxRequestTime aborts requests that don't return in 5 mins. Longest graphql - // calls can take up to 2 minutes. This limit should ensure all successful calls - // return but will prevent an indefinite stall if GitHub never responds. - MaxRequestTime = 5 * time.Minute - - DefaultMaxRetries = 8 - DefaultMax404Retries = 2 - DefaultMaxSleepTime = 2 * time.Minute - DefaultInitialDelay = 2 * time.Second -) - -// Force the compiler to check if the TokenSource is implementing correctly. -// Tokensource is needed to dynamically update the token in the GraphQL client. -var _ oauth2.TokenSource = &reloadingTokenSource{} - -type reloadingTokenSource struct { - getToken func() []byte -} - -// Interface for how prow interacts with the http client, which we may throttle. -type httpClient interface { - Do(req *http.Request) (*http.Response, error) -} - -// Interface for how prow interacts with the graphql client, which we may throttle. -type gqlClient interface { - QueryWithGitHubAppsSupport(ctx context.Context, q interface{}, vars map[string]interface{}, org string) error - MutateWithGitHubAppsSupport(ctx context.Context, m interface{}, input githubql.Input, vars map[string]interface{}, org string) error - forUserAgent(userAgent string) gqlClient -} - -// throttler sets a ceiling on the rate of GitHub requests. -// Configure with Client.Throttle(). -// It gets reconstructed whenever forUserAgent() is called, -// whereas its *throttlerDelegate remains. -type throttler struct { - graph gqlClient - *throttlerDelegate -} - -type throttlerDelegate struct { - ticker map[string]*time.Ticker - throttle map[string]chan time.Time - http httpClient - slow map[string]*int32 // Helps log once when requests start/stop being throttled - lock sync.RWMutex -} - -func (t *throttler) Wait(ctx context.Context, org string) error { - start := time.Now() - log := logrus.WithFields(logrus.Fields{"client": "github", "throttled": true}) - defer func() { - waitTime := time.Since(start) - switch { - case waitTime > 15*time.Minute: - log.WithField("throttle-duration", waitTime.String()).Warn("Throttled clientside for more than 15 minutes") - case waitTime > time.Minute: - log.WithField("throttle-duration", waitTime.String()).Debug("Throttled clientside for more than a minute") - } - }() - t.lock.RLock() - defer t.lock.RUnlock() - if _, found := t.ticker[org]; !found { - org = throttlerGlobalKey - } - if _, hasThrottler := t.ticker[org]; !hasThrottler { - return nil - } - - var more bool - select { - case _, more = <-t.throttle[org]: - // If we were throttled and the channel is now somewhat (25%+) full, note this - if len(t.throttle[org]) > cap(t.throttle[org])/4 && atomic.CompareAndSwapInt32(t.slow[org], 1, 0) { - log.Debug("Unthrottled") - } - if !more { - log.Debug("Throttle channel closed") - } - return nil - default: // Do not wait if nothing is available right now - } - // If this is the first time we are waiting, note this - if slow := atomic.SwapInt32(t.slow[org], 1); slow == 0 { - log.Debug("Throttled") - } - - select { - case _, more = <-t.throttle[org]: - if !more { - log.Debug("Throttle channel closed") - } - case <-ctx.Done(): - return ctx.Err() - } - - return nil -} - -const throttlerGlobalKey = "*" - -func (t *throttler) Refund(org string) { - t.lock.RLock() - defer t.lock.RUnlock() - if _, found := t.ticker[org]; !found { - org = throttlerGlobalKey - } - if _, hasThrottler := t.ticker[org]; !hasThrottler { - return - } - select { - case t.throttle[org] <- time.Now(): - default: - } -} - -func (t *throttler) Do(req *http.Request) (*http.Response, error) { - org := extractOrgFromContext(req.Context()) - if err := t.Wait(req.Context(), org); err != nil { - return nil, err - } - resp, err := t.http.Do(req) - if err == nil { - cacheMode := ghcache.CacheResponseMode(resp.Header.Get(ghcache.CacheModeHeader)) - if ghcache.CacheModeIsFree(cacheMode) { - // This request was fulfilled by ghcache without using an API token. - // Refund the throttling token we preemptively consumed. - logrus.WithFields(logrus.Fields{ - "client": "github", - "throttled": true, - "cache-mode": string(cacheMode), - }).Debug("Throttler refunding token for free response from ghcache.") - t.Refund(org) - } else { - logrus.WithFields(logrus.Fields{ - "client": "github", - "throttled": true, - "cache-mode": string(cacheMode), - "path": req.URL.Path, - "method": req.Method, - }).Debug("Used token for request") - - } - } - return resp, err -} - -func (t *throttler) QueryWithGitHubAppsSupport(ctx context.Context, q interface{}, vars map[string]interface{}, org string) error { - if err := t.Wait(ctx, extractOrgFromContext(ctx)); err != nil { - return err - } - return t.graph.QueryWithGitHubAppsSupport(ctx, q, vars, org) -} - -func (t *throttler) MutateWithGitHubAppsSupport(ctx context.Context, m interface{}, input githubql.Input, vars map[string]interface{}, org string) error { - if err := t.Wait(ctx, extractOrgFromContext(ctx)); err != nil { - return err - } - return t.graph.MutateWithGitHubAppsSupport(ctx, m, input, vars, org) -} - -func (t *throttler) forUserAgent(userAgent string) gqlClient { - return &throttler{ - graph: t.graph.forUserAgent(userAgent), - throttlerDelegate: t.throttlerDelegate, - } -} - -// Throttle client to a rate of at most hourlyTokens requests per hour, -// allowing burst tokens. -func (c *client) Throttle(hourlyTokens, burst int, orgs ...string) error { - org := "*" - if len(orgs) > 0 { - if !c.usesAppsAuth { - return errors.New("passing an org to the throttler is only allowed when using github apps auth") - } - if len(orgs) > 1 { - return fmt.Errorf("may only pass one org for throttling, got %d", len(orgs)) - } - org = orgs[0] - } - c.log("Throttle", hourlyTokens, burst, org) - c.throttle.lock.Lock() - defer c.throttle.lock.Unlock() - if hourlyTokens <= 0 || burst <= 0 { // Disable throttle - if c.throttle.throttle[org] != nil { - delete(c.throttle.throttle, org) - delete(c.throttle.slow, org) - c.throttle.ticker[org].Stop() - delete(c.throttle.ticker, org) - } - return nil - } - period := time.Hour / time.Duration(hourlyTokens) // Duration between token refills - ticker := time.NewTicker(period) - throttle := make(chan time.Time, burst) - for i := 0; i < burst; i++ { // Fill up the channel - throttle <- time.Now() - } - go func() { - // Before refilling, wait the amount of time it would have taken to refill the burst channel. - // This prevents granting too many tokens in the first hour due to the initial burst. - for i := 0; i < burst; i++ { - <-ticker.C - } - // Refill the channel - for t := range ticker.C { - select { - case throttle <- t: - default: - } - } - }() - if c.throttle.http == nil { // Wrap clients if we haven't already - c.throttle.http = c.client - c.throttle.graph = c.gqlc - c.client = &c.throttle - c.gqlc = &c.throttle - } - - if c.throttle.ticker == nil { - c.throttle.ticker = map[string]*time.Ticker{} - } - c.throttle.ticker[org] = ticker - - if c.throttle.throttle == nil { - c.throttle.throttle = map[string]chan time.Time{} - } - c.throttle.throttle[org] = throttle - - if c.throttle.slow == nil { - c.throttle.slow = map[string]*int32{} - } - var i int32 - c.throttle.slow[org] = &i - - return nil -} - -func (c *client) SetMax404Retries(max int) { - c.max404Retries = max -} - -// ClientOptions holds options for creating a new client -type ClientOptions struct { - // censor knows how to censor output - Censor func([]byte) []byte - - // the following fields handle auth - GetToken func() []byte - AppID string - AppPrivateKey func() *rsa.PrivateKey - - // the following fields determine which server we talk to - GraphqlEndpoint string - Bases []string - - // the following fields determine client retry behavior - MaxRequestTime, InitialDelay, MaxSleepTime time.Duration - MaxRetries, Max404Retries int - - DryRun bool - // BaseRoundTripper is the last RoundTripper to be called. Used for testing, gets defaulted to http.DefaultTransport - BaseRoundTripper http.RoundTripper -} - -func (o ClientOptions) Default() ClientOptions { - if o.MaxRequestTime == 0 { - o.MaxRequestTime = MaxRequestTime - } - if o.InitialDelay == 0 { - o.InitialDelay = DefaultInitialDelay - } - if o.MaxSleepTime == 0 { - o.MaxSleepTime = DefaultMaxSleepTime - } - if o.MaxRetries == 0 { - o.MaxRetries = DefaultMaxRetries - } - if o.Max404Retries == 0 { - o.Max404Retries = DefaultMax404Retries - } - return o -} - -// TokenGenerator knows how to generate a token for use in git client calls -type TokenGenerator func(org string) (string, error) - -// UserGenerator knows how to identify this user for use in git client calls -type UserGenerator func() (string, error) - -// NewClientWithFields creates a new fully operational GitHub client. With -// added logging fields. -// 'getToken' is a generator for the GitHub access token to use. -// 'bases' is a variadic slice of endpoints to use in order of preference. -// -// An endpoint is used when all preceding endpoints have returned a conn err. -// This should be used when using the ghproxy GitHub proxy cache to allow -// this client to bypass the cache if it is temporarily unavailable. -func NewClientWithFields(fields logrus.Fields, getToken func() []byte, censor func([]byte) []byte, graphqlEndpoint string, bases ...string) (Client, error) { - _, _, client, err := NewClientFromOptions(fields, ClientOptions{ - Censor: censor, - GetToken: getToken, - GraphqlEndpoint: graphqlEndpoint, - Bases: bases, - DryRun: false, - }.Default()) - return client, err -} - -func NewAppsAuthClientWithFields(fields logrus.Fields, censor func([]byte) []byte, appID string, appPrivateKey func() *rsa.PrivateKey, graphqlEndpoint string, bases ...string) (TokenGenerator, UserGenerator, Client, error) { - return NewClientFromOptions(fields, ClientOptions{ - Censor: censor, - AppID: appID, - AppPrivateKey: appPrivateKey, - GraphqlEndpoint: graphqlEndpoint, - Bases: bases, - DryRun: false, - }.Default()) -} - -// NewClientFromOptions creates a new client from the options we expose. This method should be used over the more-specific ones. -func NewClientFromOptions(fields logrus.Fields, options ClientOptions) (TokenGenerator, UserGenerator, Client, error) { - options = options.Default() - - // Will be nil if github app authentication is used - if options.GetToken == nil { - options.GetToken = func() []byte { return nil } - } - if options.BaseRoundTripper == nil { - options.BaseRoundTripper = http.DefaultTransport - } - - httpClient := &http.Client{ - Transport: options.BaseRoundTripper, - Timeout: options.MaxRequestTime, - } - graphQLTransport := newAddHeaderTransport(options.BaseRoundTripper) - c := &client{ - logger: logrus.WithFields(fields).WithField("client", "github"), - gqlc: &graphQLGitHubAppsAuthClientWrapper{Client: githubql.NewEnterpriseClient( - options.GraphqlEndpoint, - &http.Client{ - Timeout: options.MaxRequestTime, - Transport: &oauth2.Transport{ - Source: newReloadingTokenSource(options.GetToken), - Base: graphQLTransport, - }, - })}, - delegate: &delegate{ - time: &standardTime{}, - client: httpClient, - bases: options.Bases, - throttle: throttler{throttlerDelegate: &throttlerDelegate{}}, - getToken: options.GetToken, - censor: options.Censor, - dry: options.DryRun, - usesAppsAuth: options.AppID != "", - maxRetries: options.MaxRetries, - max404Retries: options.Max404Retries, - initialDelay: options.InitialDelay, - maxSleepTime: options.MaxSleepTime, - }, - } - c.gqlc = c.gqlc.forUserAgent(c.userAgent()) - - var tokenGenerator func(_ string) (string, error) - var userGenerator func() (string, error) - if options.AppID != "" { - appsTransport, err := newAppsRoundTripper(options.AppID, options.AppPrivateKey, options.BaseRoundTripper, c, options.Bases) - if err != nil { - return nil, nil, nil, fmt.Errorf("failed to construct apps auth roundtripper: %w", err) - } - httpClient.Transport = appsTransport - graphQLTransport.upstream = appsTransport - - // Use github apps auth for git actions - // https://docs.github.com/en/free-pro-team@latest/developers/apps/authenticating-with-github-apps#http-based-git-access-by-an-installation= - tokenGenerator = func(org string) (string, error) { - res, _, err := appsTransport.installationTokenFor(org) - return res, err - } - userGenerator = func() (string, error) { - return "x-access-token", nil - } - } else { - // Use Personal Access token auth for git actions - tokenGenerator = func(_ string) (string, error) { - return string(options.GetToken()), nil - } - userGenerator = func() (string, error) { - user, err := c.BotUser() - if err != nil { - return "", err - } - return user.Login, nil - } - } - - return tokenGenerator, userGenerator, c, nil -} - -type graphQLGitHubAppsAuthClientWrapper struct { - *githubql.Client - userAgent string -} - -var userAgentContextKey = &struct{}{} - -func (c *graphQLGitHubAppsAuthClientWrapper) QueryWithGitHubAppsSupport(ctx context.Context, q interface{}, vars map[string]interface{}, org string) error { - ctx = context.WithValue(ctx, githubOrgHeaderKey, org) - ctx = context.WithValue(ctx, userAgentContextKey, c.userAgent) - return c.Client.Query(ctx, q, vars) -} - -func (c *graphQLGitHubAppsAuthClientWrapper) MutateWithGitHubAppsSupport(ctx context.Context, m interface{}, input githubql.Input, vars map[string]interface{}, org string) error { - ctx = context.WithValue(ctx, githubOrgHeaderKey, org) - ctx = context.WithValue(ctx, userAgentContextKey, c.userAgent) - return c.Client.Mutate(ctx, m, input, vars) -} - -func (c *graphQLGitHubAppsAuthClientWrapper) forUserAgent(userAgent string) gqlClient { - return &graphQLGitHubAppsAuthClientWrapper{ - Client: c.Client, - userAgent: userAgent, - } -} - -// addHeaderTransport implements http.RoundTripper -var _ http.RoundTripper = &addHeaderTransport{} - -func newAddHeaderTransport(upstream http.RoundTripper) *addHeaderTransport { - return &addHeaderTransport{upstream} -} - -type addHeaderTransport struct { - upstream http.RoundTripper -} - -func (s *addHeaderTransport) RoundTrip(r *http.Request) (*http.Response, error) { - // We have to add this header to enable the Checks scheme preview: - // https://docs.github.com/en/enterprise-server@2.22/graphql/overview/schema-previews - // Any GHE version after 2.22 will enable the Checks types per default - r.Header.Add("Accept", "application/vnd.github.antiope-preview+json") - - // We have to add this header to enable the Merge info scheme preview: - // https://docs.github.com/en/graphql/overview/schema-previews#merge-info-preview - r.Header.Add("Accept", "application/vnd.github.merge-info-preview+json") - - // We use the context to pass the UserAgent through the V4 client we depend on - if v := r.Context().Value(userAgentContextKey); v != nil { - r.Header.Add("User-Agent", v.(string)) - } - - return s.upstream.RoundTrip(r) -} - -// NewClient creates a new fully operational GitHub client. -func NewClient(getToken func() []byte, censor func([]byte) []byte, graphqlEndpoint string, bases ...string) (Client, error) { - return NewClientWithFields(logrus.Fields{}, getToken, censor, graphqlEndpoint, bases...) -} - -// NewDryRunClientWithFields creates a new client that will not perform mutating actions -// such as setting statuses or commenting, but it will still query GitHub and -// use up API tokens. Additional fields are added to the logger. -// 'getToken' is a generator the GitHub access token to use. -// 'bases' is a variadic slice of endpoints to use in order of preference. -// -// An endpoint is used when all preceding endpoints have returned a conn err. -// This should be used when using the ghproxy GitHub proxy cache to allow -// this client to bypass the cache if it is temporarily unavailable. -func NewDryRunClientWithFields(fields logrus.Fields, getToken func() []byte, censor func([]byte) []byte, graphqlEndpoint string, bases ...string) (Client, error) { - _, _, client, err := NewClientFromOptions(fields, ClientOptions{ - Censor: censor, - GetToken: getToken, - GraphqlEndpoint: graphqlEndpoint, - Bases: bases, - DryRun: true, - }.Default()) - return client, err -} - -// NewAppsAuthDryRunClientWithFields creates a new client that will not perform mutating actions -// such as setting statuses or commenting, but it will still query GitHub and -// use up API tokens. Additional fields are added to the logger. -func NewAppsAuthDryRunClientWithFields(fields logrus.Fields, censor func([]byte) []byte, appId string, appPrivateKey func() *rsa.PrivateKey, graphqlEndpoint string, bases ...string) (TokenGenerator, UserGenerator, Client, error) { - return NewClientFromOptions(fields, ClientOptions{ - Censor: censor, - AppID: appId, - AppPrivateKey: appPrivateKey, - GraphqlEndpoint: graphqlEndpoint, - Bases: bases, - DryRun: false, - }.Default()) -} - -// NewDryRunClient creates a new client that will not perform mutating actions -// such as setting statuses or commenting, but it will still query GitHub and -// use up API tokens. -// 'getToken' is a generator the GitHub access token to use. -// 'bases' is a variadic slice of endpoints to use in order of preference. -// -// An endpoint is used when all preceding endpoints have returned a conn err. -// This should be used when using the ghproxy GitHub proxy cache to allow -// this client to bypass the cache if it is temporarily unavailable. -func NewDryRunClient(getToken func() []byte, censor func([]byte) []byte, graphqlEndpoint string, bases ...string) (Client, error) { - return NewDryRunClientWithFields(logrus.Fields{}, getToken, censor, graphqlEndpoint, bases...) -} - -// NewFakeClient creates a new client that will not perform any actions at all. -func NewFakeClient() Client { - return &client{ - logger: logrus.WithField("client", "github"), - gqlc: &graphQLGitHubAppsAuthClientWrapper{}, - delegate: &delegate{ - time: &standardTime{}, - fake: true, - dry: true, - }, - } -} - -func (c *client) log(methodName string, args ...interface{}) (logDuration func()) { - c.used = true - if c.logger == nil { - return func() {} - } - var as []string - for _, arg := range args { - as = append(as, fmt.Sprintf("%v", arg)) - } - start := time.Now() - c.logger.Infof("%s(%s)", methodName, strings.Join(as, ", ")) - return func() { - c.logger.WithField("duration", time.Since(start).String()).Debugf("%s(%s) finished", methodName, strings.Join(as, ", ")) - } -} - -type request struct { - method string - path string - accept string - org string - requestBody interface{} - exitCodes []int -} - -type requestError struct { - StatusCode int - ClientError error - ErrorString string -} - -func (r requestError) Error() string { - return r.ErrorString -} - -func (r requestError) ErrorMessages() []string { - clientErr, isClientError := r.ClientError.(ClientError) - if isClientError { - errors := []string{} - for _, subErr := range clientErr.Errors { - errors = append(errors, subErr.Message) - } - return errors - } - alternativeClientErr, isAlternativeClientError := r.ClientError.(AlternativeClientError) - if isAlternativeClientError { - return alternativeClientErr.Errors - } - return []string{} -} - -// NewNotFound returns a NotFound error which may be useful for tests -func NewNotFound() error { - return requestError{ - ClientError: ClientError{ - Errors: []clientErrorSubError{{Message: "status code 404"}}, - }, - } -} - -func IsNotFound(err error) bool { - if err == nil { - return false - } - - var requestErr requestError - if !errors.As(err, &requestErr) { - return false - } - - if requestErr.StatusCode == http.StatusNotFound { - return true - } - - for _, errorMsg := range requestErr.ErrorMessages() { - if strings.Contains(errorMsg, "status code 404") { - return true - } - } - return false -} - -// Make a request with retries. If ret is not nil, unmarshal the response body -// into it. Returns an error if the exit code is not one of the provided codes. -func (c *client) request(r *request, ret interface{}) (int, error) { - return c.requestWithContext(context.Background(), r, ret) -} - -func (c *client) requestWithContext(ctx context.Context, r *request, ret interface{}) (int, error) { - statusCode, b, err := c.requestRawWithContext(ctx, r) - if err != nil { - return statusCode, err - } - if ret != nil { - if err := json.Unmarshal(b, ret); err != nil { - return statusCode, err - } - } - return statusCode, nil -} - -// requestRaw makes a request with retries and returns the response body. -// Returns an error if the exit code is not one of the provided codes. -func (c *client) requestRaw(r *request) (int, []byte, error) { - return c.requestRawWithContext(context.Background(), r) -} - -func (c *client) requestRawWithContext(ctx context.Context, r *request) (int, []byte, error) { - if c.fake || (c.dry && r.method != http.MethodGet) { - return r.exitCodes[0], nil, nil - } - resp, err := c.requestRetryWithContext(ctx, r.method, r.path, r.accept, r.org, r.requestBody) - if err != nil { - return 0, nil, err - } - defer resp.Body.Close() - b, err := io.ReadAll(resp.Body) - if err != nil { - return 0, nil, err - } - var okCode bool - for _, code := range r.exitCodes { - if code == resp.StatusCode { - okCode = true - break - } - } - if !okCode { - clientError := unmarshalClientError(b) - err = requestError{ - StatusCode: resp.StatusCode, - ClientError: clientError, - ErrorString: fmt.Sprintf("status code %d not one of %v, body: %s", resp.StatusCode, r.exitCodes, string(b)), - } - } - return resp.StatusCode, b, err -} - -// Retry on transport failures. Retries on 500s, retries after sleep on -// ratelimit exceeded, and retries 404s a couple times. -// This function closes the response body iff it also returns an error. -func (c *client) requestRetry(method, path, accept, org string, body interface{}) (*http.Response, error) { - return c.requestRetryWithContext(context.Background(), method, path, accept, org, body) -} - -func (c *client) requestRetryWithContext(ctx context.Context, method, path, accept, org string, body interface{}) (*http.Response, error) { - var hostIndex int - var resp *http.Response - var err error - backoff := c.initialDelay - for retries := 0; retries < c.maxRetries; retries++ { - if retries > 0 && resp != nil { - resp.Body.Close() - } - resp, err = c.doRequest(ctx, method, c.bases[hostIndex]+path, accept, org, body) - if err == nil { - if resp.StatusCode == 404 && retries < c.max404Retries { - // Retry 404s a couple times. Sometimes GitHub is inconsistent in - // the sense that they send us an event such as "PR opened" but an - // immediate request to GET the PR returns 404. We don't want to - // retry more than a couple times in this case, because a 404 may - // be caused by a bad API call and we'll just burn through API - // tokens. - c.logger.WithField("backoff", backoff.String()).Debug("Retrying 404") - c.time.Sleep(backoff) - backoff *= 2 - } else if resp.StatusCode == 403 { - if resp.Header.Get("X-RateLimit-Remaining") == "0" { - // If we are out of API tokens, sleep first. The X-RateLimit-Reset - // header tells us the time at which we can request again. - var t int - if t, err = strconv.Atoi(resp.Header.Get("X-RateLimit-Reset")); err == nil { - // Sleep an extra second plus how long GitHub wants us to - // sleep. If it's going to take too long, then break. - sleepTime := c.time.Until(time.Unix(int64(t), 0)) + time.Second - if sleepTime < c.maxSleepTime { - c.logger.WithField("backoff", sleepTime.String()).WithField("path", path).Debug("Retrying after token budget reset") - c.time.Sleep(sleepTime) - } else { - err = fmt.Errorf("sleep time for token reset exceeds max sleep time (%v > %v)", sleepTime, c.maxSleepTime) - resp.Body.Close() - break - } - } else { - err = fmt.Errorf("failed to parse rate limit reset unix time %q: %w", resp.Header.Get("X-RateLimit-Reset"), err) - resp.Body.Close() - break - } - } else if rawTime := resp.Header.Get("Retry-After"); rawTime != "" && rawTime != "0" { - // If we are getting abuse rate limited, we need to wait or - // else we risk continuing to make the situation worse - var t int - if t, err = strconv.Atoi(rawTime); err == nil { - // Sleep an extra second plus how long GitHub wants us to - // sleep. If it's going to take too long, then break. - sleepTime := time.Duration(t+1) * time.Second - if sleepTime < c.maxSleepTime { - c.logger.WithField("backoff", sleepTime.String()).WithField("path", path).Debug("Retrying after abuse ratelimit reset") - c.time.Sleep(sleepTime) - } else { - err = fmt.Errorf("sleep time for abuse rate limit exceeds max sleep time (%v > %v)", sleepTime, c.maxSleepTime) - resp.Body.Close() - break - } - } else { - err = fmt.Errorf("failed to parse abuse rate limit wait time %q: %w", rawTime, err) - resp.Body.Close() - break - } - } else { - acceptedScopes := resp.Header.Get("X-Accepted-OAuth-Scopes") - authorizedScopes := resp.Header.Get("X-OAuth-Scopes") - if authorizedScopes == "" { - authorizedScopes = "no" - } - - want := sets.New[string]() - for _, acceptedScope := range strings.Split(acceptedScopes, ",") { - want.Insert(strings.TrimSpace(acceptedScope)) - } - var got []string - for _, authorizedScope := range strings.Split(authorizedScopes, ",") { - got = append(got, strings.TrimSpace(authorizedScope)) - } - if acceptedScopes != "" && !want.HasAny(got...) { - err = fmt.Errorf("the account is using %s oauth scopes, please make sure you are using at least one of the following oauth scopes: %s", authorizedScopes, acceptedScopes) - } else { - body, _ := io.ReadAll(resp.Body) - err = fmt.Errorf("the GitHub API request returns a 403 error: %s", string(body)) - } - resp.Body.Close() - break - } - } else if resp.StatusCode < 500 { - // Normal, happy case. - break - } else { - // Retry 500 after a break. - c.logger.WithField("backoff", backoff.String()).Debug("Retrying 5XX") - c.time.Sleep(backoff) - backoff *= 2 - } - } else if errors.Is(err, &appsAuthError{}) { - c.logger.WithError(err).Error("Stopping retry due to appsAuthError") - return resp, err - } else if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) { - return resp, err - } else { - // Connection problem. Try a different host. - oldHostIndex := hostIndex - hostIndex = (hostIndex + 1) % len(c.bases) - c.logger.WithFields(logrus.Fields{ - "err": err, - "backoff": backoff.String(), - "old-endpoint": c.bases[oldHostIndex], - "new-endpoint": c.bases[hostIndex], - }).Debug("Retrying request due to connection problem") - c.time.Sleep(backoff) - backoff *= 2 - } - } - return resp, err -} - -func (c *client) doRequest(ctx context.Context, method, path, accept, org string, body interface{}) (*http.Response, error) { - var buf io.Reader - if body != nil { - b, err := json.Marshal(body) - if err != nil { - return nil, err - } - b = c.censor(b) - buf = bytes.NewBuffer(b) - } - req, err := http.NewRequestWithContext(ctx, method, path, buf) - if err != nil { - return nil, fmt.Errorf("failed creating new request: %w", err) - } - // We do not make use of the Set() method to set this header because - // the header name `X-GitHub-Api-Version` is non-canonical in nature. - // - // See https://pkg.go.dev/net/http#Header.Set for more info. - req.Header["X-GitHub-Api-Version"] = []string{githubApiVersion} - c.logger.Infof("Using GitHub REST API Version: %s", githubApiVersion) - if header := c.authHeader(); len(header) > 0 { - req.Header.Set("Authorization", header) - } - if accept == acceptNone { - req.Header.Add("Accept", "application/vnd.github.v3+json") - } else { - req.Header.Add("Accept", accept) - } - if userAgent := c.userAgent(); userAgent != "" { - req.Header.Add("User-Agent", userAgent) - } - if org != "" { - req = req.WithContext(context.WithValue(req.Context(), githubOrgHeaderKey, org)) - } - // Disable keep-alive so that we don't get flakes when GitHub closes the - // connection prematurely. - // https://go-review.googlesource.com/#/c/3210/ fixed it for GET, but not - // for POST. - req.Close = true - - c.logger.WithField("curl", toCurl(req)).Trace("Executing http request") - return c.client.Do(req) -} - -// toCurl is a slightly adjusted copy of https://github.com/kubernetes/kubernetes/blob/74053d555d71a14e3853b97e204d7d6415521375/staging/src/k8s.io/client-go/transport/round_trippers.go#L339 -func toCurl(r *http.Request) string { - headers := "" - for key, values := range r.Header { - for _, value := range values { - headers += fmt.Sprintf(` -H %q`, fmt.Sprintf("%s: %s", key, maskAuthorizationHeader(key, value))) - } - } - - return fmt.Sprintf("curl -k -v -X%s %s '%s'", r.Method, headers, r.URL.String()) -} - -var knownAuthTypes = sets.New[string]("bearer", "basic", "negotiate") - -// maskAuthorizationHeader masks credential content from authorization headers -// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization -func maskAuthorizationHeader(key string, value string) string { - if !strings.EqualFold(key, "Authorization") { - return value - } - if len(value) == 0 { - return "" - } - var authType string - if i := strings.Index(value, " "); i > 0 { - authType = value[0:i] - } else { - authType = value - } - if !knownAuthTypes.Has(strings.ToLower(authType)) { - return "" - } - if len(value) > len(authType)+1 { - value = authType + " " - } else { - value = authType - } - return value -} - -func (c *client) authHeader() string { - if c.getToken == nil { - return "" - } - token := c.getToken() - if len(token) == 0 { - return "" - } - return fmt.Sprintf("Bearer %s", token) -} - -// userInfo provides the 'github_user_info' vector that is indexed -// by the user's information. -var userInfo = prometheus.NewGaugeVec( - prometheus.GaugeOpts{ - Name: "github_user_info", - Help: "Metadata about a user, tied to their token hash.", - }, - []string{"token_hash", "login", "email"}, -) - -func init() { - prometheus.MustRegister(userInfo) -} - -// Not thread-safe - callers need to hold c.mut. -func (c *client) getUserData(ctx context.Context) error { - if c.delegate.usesAppsAuth { - resp, err := c.GetAppWithContext(ctx) - if err != nil { - return err - } - c.userData = &UserData{ - Name: resp.Name, - Login: resp.Slug, - Email: fmt.Sprintf("%s@users.noreply.github.com", resp.Slug), - } - return nil - } - c.log("User") - var u User - _, err := c.requestWithContext(ctx, &request{ - method: http.MethodGet, - path: "/user", - exitCodes: []int{200}, - }, &u) - if err != nil { - return err - } - c.userData = &UserData{ - Name: u.Name, - Login: u.Login, - Email: u.Email, - } - // email needs to be publicly accessible via the profile - // of the current account. Read below for more info - // https://developer.github.com/v3/users/#get-a-single-user - - // record information for the user - authHeaderHash := fmt.Sprintf("%x", sha256.Sum256([]byte(c.authHeader()))) // use %x to make this a utf-8 string for use as a label - userInfo.With(prometheus.Labels{"token_hash": authHeaderHash, "login": c.userData.Login, "email": c.userData.Email}).Set(1) - return nil -} - -// BotUser returns the user data of the authenticated identity. -// -// See https://developer.github.com/v3/users/#get-the-authenticated-user -func (c *client) BotUser() (*UserData, error) { - c.mut.Lock() - defer c.mut.Unlock() - if c.userData == nil { - if err := c.getUserData(context.Background()); err != nil { - return nil, fmt.Errorf("fetching bot name from GitHub: %w", err) - } - } - return c.userData, nil -} - -func (c *client) BotUserChecker() (func(candidate string) bool, error) { - return c.BotUserCheckerWithContext(context.Background()) -} - -func (c *client) BotUserCheckerWithContext(ctx context.Context) (func(candidate string) bool, error) { - c.mut.Lock() - defer c.mut.Unlock() - if c.userData == nil { - if err := c.getUserData(ctx); err != nil { - return nil, fmt.Errorf("fetching userdata from GitHub: %w", err) - } - } - - botUser := c.userData.Login - return func(candidate string) bool { - if c.usesAppsAuth { - candidate = strings.TrimSuffix(candidate, "[bot]") - } - return candidate == botUser - }, nil -} - -// Email returns the user-configured email for the authenticated identity. -// -// See https://developer.github.com/v3/users/#get-the-authenticated-user -func (c *client) Email() (string, error) { - c.mut.Lock() - defer c.mut.Unlock() - if c.userData == nil { - if err := c.getUserData(context.Background()); err != nil { - return "", fmt.Errorf("fetching e-mail from GitHub: %w", err) - } - } - return c.userData.Email, nil -} - -// IsMember returns whether or not the user is a member of the org. -// -// See https://developer.github.com/v3/orgs/members/#check-membership -func (c *client) IsMember(org, user string) (bool, error) { - c.log("IsMember", org, user) - if org == user { - // Make it possible to run a couple of plugins on personal repos. - return true, nil - } - code, err := c.request(&request{ - method: http.MethodGet, - path: fmt.Sprintf("/orgs/%s/members/%s", org, user), - org: org, - exitCodes: []int{204, 404, 302}, - }, nil) - if err != nil { - return false, err - } - if code == 204 { - return true, nil - } else if code == 404 { - return false, nil - } else if code == 302 { - return false, fmt.Errorf("requester is not %s org member", org) - } - // Should be unreachable. - return false, fmt.Errorf("unexpected status: %d", code) -} - -func (c *client) listHooks(org string, repo *string) ([]Hook, error) { - var ret []Hook - var path string - if repo != nil { - path = fmt.Sprintf("/repos/%s/%s/hooks", org, *repo) - } else { - path = fmt.Sprintf("/orgs/%s/hooks", org) - } - err := c.readPaginatedResults( - path, - acceptNone, - org, - func() interface{} { - return &[]Hook{} - }, - func(obj interface{}) { - ret = append(ret, *(obj.(*[]Hook))...) - }, - ) - if err != nil { - return nil, err - } - return ret, nil -} - -// ListOrgHooks returns a list of hooks for the org. -// https://developer.github.com/v3/orgs/hooks/#list-hooks -func (c *client) ListOrgHooks(org string) ([]Hook, error) { - c.log("ListOrgHooks", org) - return c.listHooks(org, nil) -} - -// ListRepoHooks returns a list of hooks for the repo. -// https://developer.github.com/v3/repos/hooks/#list-hooks -func (c *client) ListRepoHooks(org, repo string) ([]Hook, error) { - c.log("ListRepoHooks", org, repo) - return c.listHooks(org, &repo) -} - -func (c *client) editHook(org string, repo *string, id int, req HookRequest) error { - if c.dry { - return nil - } - var path string - if repo != nil { - path = fmt.Sprintf("/repos/%s/%s/hooks/%d", org, *repo, id) - } else { - path = fmt.Sprintf("/orgs/%s/hooks/%d", org, id) - } - - _, err := c.request(&request{ - method: http.MethodPatch, - path: path, - org: org, - exitCodes: []int{200}, - requestBody: &req, - }, nil) - return err -} - -// EditRepoHook updates an existing hook with new info (events/url/secret) -// https://developer.github.com/v3/repos/hooks/#edit-a-hook -func (c *client) EditRepoHook(org, repo string, id int, req HookRequest) error { - c.log("EditRepoHook", org, repo, id) - return c.editHook(org, &repo, id, req) -} - -// EditOrgHook updates an existing hook with new info (events/url/secret) -// https://developer.github.com/v3/orgs/hooks/#edit-a-hook -func (c *client) EditOrgHook(org string, id int, req HookRequest) error { - c.log("EditOrgHook", org, id) - return c.editHook(org, nil, id, req) -} - -func (c *client) createHook(org string, repo *string, req HookRequest) (int, error) { - if c.dry { - return -1, nil - } - var path string - if repo != nil { - path = fmt.Sprintf("/repos/%s/%s/hooks", org, *repo) - } else { - path = fmt.Sprintf("/orgs/%s/hooks", org) - } - var ret Hook - _, err := c.request(&request{ - method: http.MethodPost, - path: path, - org: org, - exitCodes: []int{201}, - requestBody: &req, - }, &ret) - if err != nil { - return 0, err - } - return ret.ID, nil -} - -// CreateOrgHook creates a new hook for the org -// https://developer.github.com/v3/orgs/hooks/#create-a-hook -func (c *client) CreateOrgHook(org string, req HookRequest) (int, error) { - c.log("CreateOrgHook", org) - return c.createHook(org, nil, req) -} - -// CreateRepoHook creates a new hook for the repo -// https://developer.github.com/v3/repos/hooks/#create-a-hook -func (c *client) CreateRepoHook(org, repo string, req HookRequest) (int, error) { - c.log("CreateRepoHook", org, repo) - return c.createHook(org, &repo, req) -} - -func (c *client) deleteHook(org, path string) error { - if c.dry { - return nil - } - - _, err := c.request(&request{ - method: http.MethodDelete, - path: path, - org: org, - exitCodes: []int{204}, - }, nil) - return err -} - -// DeleteRepoHook deletes an existing repo level webhook. -// https://developer.github.com/v3/repos/hooks/#delete-a-hook -func (c *client) DeleteRepoHook(org, repo string, id int, req HookRequest) error { - c.log("DeleteRepoHook", org, repo, id) - path := fmt.Sprintf("/repos/%s/%s/hooks/%d", org, repo, id) - return c.deleteHook(org, path) -} - -// DeleteOrgHook deletes and existing org level webhook. -// https://developer.github.com/v3/orgs/hooks/#edit-a-hook -func (c *client) DeleteOrgHook(org string, id int, req HookRequest) error { - c.log("DeleteOrgHook", org, id) - path := fmt.Sprintf("/orgs/%s/hooks/%d", org, id) - return c.deleteHook(org, path) -} - -// GetOrg returns current metadata for the org -// -// https://developer.github.com/v3/orgs/#get-an-organization -func (c *client) GetOrg(name string) (*Organization, error) { - c.log("GetOrg", name) - var retOrg Organization - _, err := c.request(&request{ - method: http.MethodGet, - path: fmt.Sprintf("/orgs/%s", name), - org: name, - exitCodes: []int{200}, - }, &retOrg) - if err != nil { - return nil, err - } - return &retOrg, nil -} - -// EditOrg will update the metadata for this org. -// -// https://developer.github.com/v3/orgs/#edit-an-organization -func (c *client) EditOrg(name string, config Organization) (*Organization, error) { - c.log("EditOrg", name, config) - if c.dry { - return &config, nil - } - var retOrg Organization - _, err := c.request(&request{ - method: http.MethodPatch, - path: fmt.Sprintf("/orgs/%s", name), - org: name, - exitCodes: []int{200}, - requestBody: &config, - }, &retOrg) - if err != nil { - return nil, err - } - return &retOrg, nil -} - -// ListOrgInvitations lists pending invitations to th org. -// -// https://developer.github.com/v3/orgs/members/#list-pending-organization-invitations -func (c *client) ListOrgInvitations(org string) ([]OrgInvitation, error) { - c.log("ListOrgInvitations", org) - if c.fake { - return nil, nil - } - path := fmt.Sprintf("/orgs/%s/invitations", org) - var ret []OrgInvitation - err := c.readPaginatedResults( - path, - acceptNone, - org, - func() interface{} { - return &[]OrgInvitation{} - }, - func(obj interface{}) { - ret = append(ret, *(obj.(*[]OrgInvitation))...) - }, - ) - if err != nil { - return nil, err - } - return ret, nil -} - -// ListCurrentUserRepoInvitations lists pending invitations for the authenticated user. -// -// https://docs.github.com/en/rest/reference/repos#list-repository-invitations-for-the-authenticated-user -func (c *client) ListCurrentUserRepoInvitations() ([]UserRepoInvitation, error) { - c.log("ListCurrentUserRepoInvitations") - if c.fake { - return nil, nil - } - path := "/user/repository_invitations" - var ret []UserRepoInvitation - err := c.readPaginatedResults( - path, - acceptNone, - "", - func() interface{} { - return &[]UserRepoInvitation{} - }, - func(obj interface{}) { - ret = append(ret, *(obj.(*[]UserRepoInvitation))...) - }, - ) - if err != nil { - return nil, err - } - return ret, nil -} - -// AcceptUserRepoInvitation accepts invitation for the authenticated user. -// -// https://docs.github.com/en/rest/reference/repos#accept-a-repository-invitation -func (c *client) AcceptUserRepoInvitation(invitationID int) error { - c.log("AcceptUserRepoInvitation", invitationID) - - _, err := c.request(&request{ - method: http.MethodPatch, - path: fmt.Sprintf("/user/repository_invitations/%d", invitationID), - org: "", - exitCodes: []int{204}, - }, nil) - - return err -} - -// ListCurrentUserOrgInvitations lists org invitation for the authenticated user. -// -// https://docs.github.com/en/rest/reference/orgs#get-organization-membership-for-a-user -func (c *client) ListCurrentUserOrgInvitations() ([]UserOrgInvitation, error) { - c.log("ListCurrentUserOrgInvitations") - if c.fake { - return nil, nil - } - path := "/user/memberships/orgs" - var ret []UserOrgInvitation - err := c.readPaginatedResultsWithValues( - path, - url.Values{ - "per_page": []string{"100"}, - "state": []string{"pending"}, - }, - acceptNone, - "", - func() interface{} { - return &[]UserOrgInvitation{} - }, - func(obj interface{}) { - for _, uoi := range *(obj.(*[]UserOrgInvitation)) { - if uoi.State == "pending" { - ret = append(ret, uoi) - } - } - }, - ) - if err != nil { - return nil, err - } - return ret, nil -} - -// AcceptUserOrgInvitation accepts org invitation for the authenticated user. -// -// https://docs.github.com/en/rest/reference/orgs#update-an-organization-membership-for-the-authenticated-user -func (c *client) AcceptUserOrgInvitation(org string) error { - c.log("AcceptUserOrgInvitation", org) - - _, err := c.request(&request{ - method: http.MethodPatch, - path: fmt.Sprintf("/user/memberships/orgs/%s", org), - org: org, - requestBody: map[string]string{"state": "active"}, - exitCodes: []int{200}, - }, nil) - - return err -} - -// ListOrgMembers list all users who are members of an organization. If the authenticated -// user is also a member of this organization then both concealed and public members -// will be returned. -// -// Role options are "all", "admin" and "member" -// -// https://developer.github.com/v3/orgs/members/#members-list -func (c *client) ListOrgMembers(org, role string) ([]TeamMember, error) { - c.log("ListOrgMembers", org, role) - if c.fake { - return nil, nil - } - path := fmt.Sprintf("/orgs/%s/members", org) - var teamMembers []TeamMember - err := c.readPaginatedResultsWithValues( - path, - url.Values{ - "per_page": []string{"100"}, - "role": []string{role}, - }, - acceptNone, - org, - func() interface{} { - return &[]TeamMember{} - }, - func(obj interface{}) { - teamMembers = append(teamMembers, *(obj.(*[]TeamMember))...) - }, - ) - if err != nil { - return nil, err - } - return teamMembers, nil -} - -// HasPermission returns true if GetUserPermission() returns any of the roles. -func (c *client) HasPermission(org, repo, user string, roles ...string) (bool, error) { - perm, err := c.GetUserPermission(org, repo, user) - if err != nil { - return false, err - } - for _, r := range roles { - if r == perm { - return true, nil - } - } - return false, nil -} - -// GetUserPermission returns the user's permission level for a repo -// -// https://developer.github.com/v3/repos/collaborators/#review-a-users-permission-level -func (c *client) GetUserPermission(org, repo, user string) (string, error) { - c.log("GetUserPermission", org, repo, user) - - var perm struct { - Perm string `json:"permission"` - } - _, err := c.request(&request{ - method: http.MethodGet, - path: fmt.Sprintf("/repos/%s/%s/collaborators/%s/permission", org, repo, user), - org: org, - exitCodes: []int{200}, - }, &perm) - if err != nil { - return "", err - } - return perm.Perm, nil -} - -// UpdateOrgMembership invites a user to the org and/or updates their permission level. -// -// If the user is not already a member, this will invite them. -// This will also change the role to/from admin, on either the invitation or membership setting. -// -// https://developer.github.com/v3/orgs/members/#add-or-update-organization-membership -func (c *client) UpdateOrgMembership(org, user string, admin bool) (*OrgMembership, error) { - c.log("UpdateOrgMembership", org, user, admin) - om := OrgMembership{} - if admin { - om.Role = RoleAdmin - } else { - om.Role = RoleMember - } - if c.dry { - return &om, nil - } - - _, err := c.request(&request{ - method: http.MethodPut, - path: fmt.Sprintf("/orgs/%s/memberships/%s", org, user), - org: org, - requestBody: &om, - exitCodes: []int{200}, - }, &om) - return &om, err -} - -// RemoveOrgMembership removes the user from the org. -// -// https://developer.github.com/v3/orgs/members/#remove-organization-membership -func (c *client) RemoveOrgMembership(org, user string) error { - c.log("RemoveOrgMembership", org, user) - _, err := c.request(&request{ - method: http.MethodDelete, - org: org, - path: fmt.Sprintf("/orgs/%s/memberships/%s", org, user), - exitCodes: []int{204}, - }, nil) - return err -} - -// CreateComment creates a comment on the issue. -// -// See https://developer.github.com/v3/issues/comments/#create-a-comment -func (c *client) CreateComment(org, repo string, number int, comment string) error { - return c.CreateCommentWithContext(context.Background(), org, repo, number, comment) -} - -func (c *client) CreateCommentWithContext(ctx context.Context, org, repo string, number int, comment string) error { - c.log("CreateComment", org, repo, number, comment) - ic := IssueComment{ - Body: comment, - } - _, err := c.requestWithContext(ctx, &request{ - method: http.MethodPost, - path: fmt.Sprintf("/repos/%s/%s/issues/%d/comments", org, repo, number), - org: org, - requestBody: &ic, - exitCodes: []int{201}, - }, nil) - return err -} - -// DeleteComment deletes the comment. -// -// See https://developer.github.com/v3/issues/comments/#delete-a-comment -func (c *client) DeleteComment(org, repo string, id int) error { - return c.DeleteCommentWithContext(context.Background(), org, repo, id) -} - -func (c *client) DeleteCommentWithContext(ctx context.Context, org, repo string, id int) error { - c.log("DeleteComment", org, repo, id) - _, err := c.requestWithContext(ctx, &request{ - method: http.MethodDelete, - path: fmt.Sprintf("/repos/%s/%s/issues/comments/%d", org, repo, id), - org: org, - exitCodes: []int{204, 404}, - }, nil) - return err -} - -// EditComment changes the body of comment id in org/repo. -// -// See https://developer.github.com/v3/issues/comments/#edit-a-comment -func (c *client) EditComment(org, repo string, id int, comment string) error { - return c.EditCommentWithContext(context.Background(), org, repo, id, comment) -} - -func (c *client) EditCommentWithContext(ctx context.Context, org, repo string, id int, comment string) error { - c.log("EditComment", org, repo, id, comment) - ic := IssueComment{ - Body: comment, - } - _, err := c.requestWithContext(ctx, &request{ - method: http.MethodPatch, - path: fmt.Sprintf("/repos/%s/%s/issues/comments/%d", org, repo, id), - org: org, - requestBody: &ic, - exitCodes: []int{200}, - }, nil) - return err -} - -// CreateCommentReaction responds emotionally to comment id in org/repo. -// -// See https://developer.github.com/v3/reactions/#create-reaction-for-an-issue-comment -func (c *client) CreateCommentReaction(org, repo string, id int, reaction string) error { - c.log("CreateCommentReaction", org, repo, id, reaction) - r := Reaction{Content: reaction} - _, err := c.request(&request{ - method: http.MethodPost, - path: fmt.Sprintf("/repos/%s/%s/issues/comments/%d/reactions", org, repo, id), - accept: "application/vnd.github.squirrel-girl-preview", - org: org, - exitCodes: []int{201}, - requestBody: &r, - }, nil) - return err -} - -// CreateIssue creates a new issue and returns its number if -// the creation is successful, otherwise any error that is encountered. -// -// See https://developer.github.com/v3/issues/#create-an-issue -func (c *client) CreateIssue(org, repo, title, body string, milestone int, labels, assignees []string) (int, error) { - durationLogger := c.log("CreateIssue", org, repo, title) - defer durationLogger() - - data := struct { - Title string `json:"title,omitempty"` - Body string `json:"body,omitempty"` - Milestone int `json:"milestone,omitempty"` - Labels []string `json:"labels,omitempty"` - Assignees []string `json:"assignees,omitempty"` - }{ - Title: title, - Body: body, - Milestone: milestone, - Labels: labels, - Assignees: assignees, - } - var resp struct { - Num int `json:"number"` - } - _, err := c.request(&request{ - // allow the description and draft fields - // https://developer.github.com/changes/2019-02-14-draft-pull-requests/ - accept: "application/vnd.github+json, application/vnd.github.shadow-cat-preview", - method: http.MethodPost, - path: fmt.Sprintf("/repos/%s/%s/issues", org, repo), - org: org, - requestBody: &data, - exitCodes: []int{201}, - }, &resp) - if err != nil { - return 0, err - } - return resp.Num, nil -} - -// CreateIssueReaction responds emotionally to org/repo#id -// -// See https://developer.github.com/v3/reactions/#create-reaction-for-an-issue -func (c *client) CreateIssueReaction(org, repo string, id int, reaction string) error { - c.log("CreateIssueReaction", org, repo, id, reaction) - r := Reaction{Content: reaction} - _, err := c.request(&request{ - method: http.MethodPost, - path: fmt.Sprintf("/repos/%s/%s/issues/%d/reactions", org, repo, id), - accept: "application/vnd.github.squirrel-girl-preview", - org: org, - requestBody: &r, - exitCodes: []int{200, 201}, - }, nil) - return err -} - -// DeleteStaleComments iterates over comments on an issue/PR, deleting those which the 'isStale' -// function identifies as stale. If 'comments' is nil, the comments will be fetched from GitHub. If we don't do that, the next call will go to /api/v3/api/v3/repositories/22/pulls?per_page=100&page=2 var comments []IssueComment - err := c.readPaginatedResultsWithContext( - ctx, - path, - acceptNone, - org, - func() interface{} { - return &[]IssueComment{} - }, - func(obj interface{}) { - comments = append(comments, *(obj.(*[]IssueComment))...) - }, - ) - if err != nil { - return nil, err - } - return comments, nil -} - -// ListOpenIssues returns all open issues, including pull requests -// -// Each page of results consumes one API token. -// -// See https://developer.github.com/v3/issues/#list-issues-for-a-repository -func (c *client) ListOpenIssues(org, repo string) ([]Issue, error) { - c.log("ListOpenIssues", org, repo) - if c.fake { - return nil, nil - } - path := fmt.Sprintf("/repos/%s/%s/issues", org, repo) - var issues []Issue - err := c.readPaginatedResults( - path, - acceptNone, - org, - func() interface{} { - return &[]Issue{} - }, - func(obj interface{}) { - issues = append(issues, *(obj.(*[]Issue))...) - }, - ) - if err != nil { - return nil, err - } - return issues, nil -} - -// GetPullRequests get all open pull requests for a repo. -// -// See https://developer.github.com/v3/pulls/#list-pull-requests -func (c *client) GetPullRequests(org, repo string) ([]PullRequest, error) { - c.log("GetPullRequests", org, repo) - var prs []PullRequest - if c.fake { - return prs, nil - } - path := fmt.Sprintf("/repos/%s/%s/pulls", org, repo) - err := c.readPaginatedResults( - path, - // allow the description and draft fields - // https://developer.github.com/changes/2018-02-22-label-description-search-preview/ - // https://developer.github.com/changes/2019-02-14-draft-pull-requests/ - "application/vnd.github.symmetra-preview+json, application/vnd.github.shadow-cat-preview", - org, - func() interface{} { - return &[]PullRequest{} - }, - func(obj interface{}) { - prs = append(prs, *(obj.(*[]PullRequest))...) - }, - ) - if err != nil { - return nil, err - } - return prs, err -} - -// GetPullRequest gets a pull request. -// -// See https://developer.github.com/v3/pulls/#get-a-single-pull-request -func (c *client) GetPullRequest(org, repo string, number int) (*PullRequest, error) { - durationLogger := c.log("GetPullRequest", org, repo, number) - defer durationLogger() - - var pr PullRequest - _, err := c.request(&request{ - // allow the description and draft fields - // https://developer.github.com/changes/2018-02-22-label-description-search-preview/ - // https://developer.github.com/changes/2019-02-14-draft-pull-requests/ - accept: "application/vnd.github.symmetra-preview+json, application/vnd.github.shadow-cat-preview", - method: http.MethodGet, - path: fmt.Sprintf("/repos/%s/%s/pulls/%d", org, repo, number), - org: org, - exitCodes: []int{200}, - }, &pr) - return &pr, err -} - -func (c *client) GetFailedActionRunsByHeadBranch(org, repo, branchName, headSHA string) ([]WorkflowRun, error) { - durationLogger := c.log("GetJobsByHeadBranch", org, repo) - defer durationLogger() - - var runs WorkflowRuns - - url := url.URL{ - Path: fmt.Sprintf("/repos/%s/%s/actions/runs", org, repo), - } - query := url.Query() - - query.Add("status", "failure") - query.Add("event", "pull_request") - query.Add("branch", branchName) - - url.RawQuery = query.Encode() - - _, err := c.request(&request{ - accept: "application/vnd.github.v3+json", - method: http.MethodGet, - path: url.String(), - org: org, - exitCodes: []int{200}, - }, &runs) - - prRuns := []WorkflowRun{} - - // keep only the runs matching the current PR headSHA - for _, run := range runs.WorflowRuns { - if run.HeadSha == headSHA { - prRuns = append(prRuns, run) - } - } - - return prRuns, err -} - -func (c *client) TriggerGitHubWorkflow(org, repo string, id int) error { - durationLogger := c.log("TriggerGitHubWorkflow", org, repo, id) - defer durationLogger() - _, err := c.request(&request{ - accept: "application/vnd.github.v3+json", - method: http.MethodPost, - path: fmt.Sprintf("/repos/%s/%s/actions/runs/%d/rerun", org, repo, id), - org: org, - exitCodes: []int{201}, - }, nil) - return err -} - -// EditPullRequest will update the pull request. -// -// See https://developer.github.com/v3/pulls/#update-a-pull-request -func (c *client) EditPullRequest(org, repo string, number int, pr *PullRequest) (*PullRequest, error) { - durationLogger := c.log("EditPullRequest", org, repo, number) - defer durationLogger() - - if c.dry { - return pr, nil - } - edit := struct { - Title string `json:"title,omitempty"` - Body string `json:"body,omitempty"` - State string `json:"state,omitempty"` - }{ - Title: pr.Title, - Body: pr.Body, - State: pr.State, - } - var ret PullRequest - _, err := c.request(&request{ - method: http.MethodPatch, - path: fmt.Sprintf("/repos/%s/%s/pulls/%d", org, repo, number), - org: org, - exitCodes: []int{200}, - requestBody: &edit, - }, &ret) - if err != nil { - return nil, err - } - return &ret, nil -} - -// GetIssue gets an issue. -// -// See https://developer.github.com/v3/issues/#get-a-single-issue -func (c *client) GetIssue(org, repo string, number int) (*Issue, error) { - durationLogger := c.log("GetIssue", org, repo, number) - defer durationLogger() - - var i Issue - _, err := c.request(&request{ - // allow emoji - // https://developer.github.com/changes/2018-02-22-label-description-search-preview/ - accept: "application/vnd.github.symmetra-preview+json", - method: http.MethodGet, - path: fmt.Sprintf("/repos/%s/%s/issues/%d", org, repo, number), - org: org, - exitCodes: []int{200}, - }, &i) - return &i, err -} - -// EditIssue will update the issue. -// -// See https://developer.github.com/v3/issues/#edit-an-issue -func (c *client) EditIssue(org, repo string, number int, issue *Issue) (*Issue, error) { - durationLogger := c.log("EditIssue", org, repo, number) - defer durationLogger() - - if c.dry { - return issue, nil - } - edit := struct { - Title string `json:"title,omitempty"` - Body string `json:"body,omitempty"` - State string `json:"state,omitempty"` - }{ - Title: issue.Title, - Body: issue.Body, - State: issue.State, - } - var ret Issue - _, err := c.request(&request{ - method: http.MethodPatch, - path: fmt.Sprintf("/repos/%s/%s/issues/%d", org, repo, number), - org: org, - exitCodes: []int{200}, - requestBody: &edit, - }, &ret) - if err != nil { - return nil, err - } - return &ret, nil -} - -// GetPullRequestPatch gets the patch version of a pull request. -// -// See https://developer.github.com/v3/media/#commits-commit-comparison-and-pull-requests -func (c *client) GetPullRequestPatch(org, repo string, number int) ([]byte, error) { - durationLogger := c.log("GetPullRequestPatch", org, repo, number) - defer durationLogger() - - _, patch, err := c.requestRaw(&request{ - accept: "application/vnd.github.VERSION.patch", - method: http.MethodGet, - path: fmt.Sprintf("/repos/%s/%s/pulls/%d", org, repo, number), - org: org, - exitCodes: []int{200}, - }) - return patch, err -} - -// CreatePullRequest creates a new pull request and returns its number if -// the creation is successful, otherwise any error that is encountered. -// -// See https://developer.github.com/v3/pulls/#create-a-pull-request -func (c *client) CreatePullRequest(org, repo, title, body, head, base string, canModify bool) (int, error) { - durationLogger := c.log("CreatePullRequest", org, repo, title) - defer durationLogger() - - data := struct { - Title string `json:"title"` - Body string `json:"body"` - Head string `json:"head"` - Base string `json:"base"` - // MaintainerCanModify allows maintainers of the repo to modify this - // pull request, eg. push changes to it before merging. - MaintainerCanModify bool `json:"maintainer_can_modify"` - }{ - Title: title, - Body: body, - Head: head, - Base: base, - - MaintainerCanModify: canModify, - } - var resp struct { - Num int `json:"number"` - } - _, err := c.request(&request{ - // allow the description and draft fields - // https://developer.github.com/changes/2018-02-22-label-description-search-preview/ - // https://developer.github.com/changes/2019-02-14-draft-pull-requests/ - accept: "application/vnd.github.symmetra-preview+json, application/vnd.github.shadow-cat-preview", - method: http.MethodPost, - path: fmt.Sprintf("/repos/%s/%s/pulls", org, repo), - org: org, - requestBody: &data, - exitCodes: []int{201}, - }, &resp) - if err != nil { - return 0, fmt.Errorf("failed to create pull request against %s/%s#%s from head %s: %w", org, repo, base, head, err) - } - return resp.Num, nil -} - -// UpdatePullRequest modifies the title, body, open state -func (c *client) UpdatePullRequest(org, repo string, number int, title, body *string, open *bool, branch *string, canModify *bool) error { - durationLogger := c.log("UpdatePullRequest", org, repo, title) - defer durationLogger() - - data := struct { - State *string `json:"state,omitempty"` - Title *string `json:"title,omitempty"` - Body *string `json:"body,omitempty"` - Base *string `json:"base,omitempty"` - // MaintainerCanModify allows maintainers of the repo to modify this - // pull request, eg. push changes to it before merging. - MaintainerCanModify *bool `json:"maintainer_can_modify,omitempty"` - }{ - Title: title, - Body: body, - Base: branch, - MaintainerCanModify: canModify, - } - if open != nil && *open { - op := "open" - data.State = &op - } else if open != nil { - cl := "closed" - data.State = &cl - } - _, err := c.request(&request{ - // allow the description and draft fields - // https://developer.github.com/changes/2018-02-22-label-description-search-preview/ - // https://developer.github.com/changes/2019-02-14-draft-pull-requests/ - accept: "application/vnd.github.symmetra-preview+json, application/vnd.github.shadow-cat-preview", - method: http.MethodPatch, - path: fmt.Sprintf("/repos/%s/%s/pulls/%d", org, repo, number), - org: org, - requestBody: &data, - exitCodes: []int{200}, - }, nil) - return err -} - -// GetPullRequestChanges gets a list of files modified in a pull request. -// -// See https://developer.github.com/v3/pulls/#list-pull-requests-files -func (c *client) GetPullRequestChanges(org, repo string, number int) ([]PullRequestChange, error) { - durationLogger := c.log("GetPullRequestChanges", org, repo, number) - defer durationLogger() - - if c.fake { - return []PullRequestChange{}, nil - } - path := fmt.Sprintf("/repos/%s/%s/pulls/%d/files", org, repo, number) - var changes []PullRequestChange - err := c.readPaginatedResults( - path, - acceptNone, - org, - func() interface{} { - return &[]PullRequestChange{} - }, - func(obj interface{}) { - changes = append(changes, *(obj.(*[]PullRequestChange))...) - }, - ) - if err != nil { - return nil, err - } - return changes, nil -} - -// ListPullRequestComments returns all *review* comments on a pull request. -// -// Multiple-pages of comments consumes multiple API tokens. -// -// See https://developer.github.com/v3/pulls/comments/#list-comments-on-a-pull-request -func (c *client) ListPullRequestComments(org, repo string, number int) ([]ReviewComment, error) { - durationLogger := c.log("ListPullRequestComments", org, repo, number) - defer durationLogger() - - if c.fake { - return nil, nil - } - path := fmt.Sprintf("/repos/%s/%s/pulls/%d/comments", org, repo, number) - var comments []ReviewComment - err := c.readPaginatedResults( - path, - acceptNone, - org, - func() interface{} { - return &[]ReviewComment{} - }, - func(obj interface{}) { - comments = append(comments, *(obj.(*[]ReviewComment))...) - }, - ) - if err != nil { - return nil, err - } - return comments, nil -} - -// ListReviews returns all reviews on a pull request. -// -// Multiple-pages of results consumes multiple API tokens. -// -// See https://developer.github.com/v3/pulls/reviews/#list-reviews-on-a-pull-request -func (c *client) ListReviews(org, repo string, number int) ([]Review, error) { - durationLogger := c.log("ListReviews", org, repo, number) - defer durationLogger() - - if c.fake { - return nil, nil - } - path := fmt.Sprintf("/repos/%s/%s/pulls/%d/reviews", org, repo, number) - var reviews []Review - err := c.readPaginatedResults( - path, - acceptNone, - org, - func() interface{} { - return &[]Review{} - }, - func(obj interface{}) { - reviews = append(reviews, *(obj.(*[]Review))...) - }, - ) - if err != nil { - return nil, err - } - return reviews, nil -} - -// CreateStatus creates or updates the status of a commit. -// -// See https://docs.github.com/en/rest/reference/commits#create-a-commit-status -func (c *client) CreateStatus(org, repo, SHA string, s Status) error { - return c.CreateStatusWithContext(context.Background(), org, repo, SHA, s) -} - -func (c *client) CreateStatusWithContext(ctx context.Context, org, repo, SHA string, s Status) error { - durationLogger := c.log("CreateStatus", org, repo, SHA, s) - defer durationLogger() - _, err := c.requestWithContext(ctx, &request{ - method: http.MethodPost, - path: fmt.Sprintf("/repos/%s/%s/statuses/%s", org, repo, SHA), - org: org, - requestBody: &s, - exitCodes: []int{201}, - }, nil) - return err -} - -// ListStatuses gets commit statuses for a given ref. -// -// See https://developer.github.com/v3/repos/statuses/#list-statuses-for-a-specific-ref -func (c *client) ListStatuses(org, repo, ref string) ([]Status, error) { - durationLogger := c.log("ListStatuses", org, repo, ref) - defer durationLogger() - - path := fmt.Sprintf("/repos/%s/%s/statuses/%s", org, repo, ref) - var statuses []Status - err := c.readPaginatedResults( - path, - acceptNone, - org, - func() interface{} { - return &[]Status{} - }, - func(obj interface{}) { - statuses = append(statuses, *(obj.(*[]Status))...) - }, - ) - return statuses, err -} - -// GetRepo returns the repo for the provided owner/name combination. -// -// See https://developer.github.com/v3/repos/#get -func (c *client) GetRepo(owner, name string) (FullRepo, error) { - durationLogger := c.log("GetRepo", owner, name) - defer durationLogger() - - var repo FullRepo - _, err := c.request(&request{ - method: http.MethodGet, - path: fmt.Sprintf("/repos/%s/%s", owner, name), - org: owner, - exitCodes: []int{200}, - }, &repo) - return repo, err -} - -// CreateRepo creates a new repository -// See https://developer.github.com/v3/repos/#create -func (c *client) CreateRepo(owner string, isUser bool, repo RepoCreateRequest) (*FullRepo, error) { - durationLogger := c.log("CreateRepo", owner, isUser, repo) - defer durationLogger() - - if repo.Name == nil || *repo.Name == "" { - return nil, errors.New("repo.Name must be non-empty") - } - if c.fake { - return nil, nil - } else if c.dry { - return repo.ToRepo(), nil - } - - path := "/user/repos" - if !isUser { - path = fmt.Sprintf("/orgs/%s/repos", owner) - } - var retRepo FullRepo - _, err := c.request(&request{ - method: http.MethodPost, - path: path, - org: owner, - requestBody: &repo, - exitCodes: []int{201}, - }, &retRepo) - return &retRepo, err -} - -// UpdateRepo edits an existing repository -// See https://developer.github.com/v3/repos/#edit -func (c *client) UpdateRepo(owner, name string, repo RepoUpdateRequest) (*FullRepo, error) { - durationLogger := c.log("UpdateRepo", owner, name, repo) - defer durationLogger() - - if c.fake { - return nil, nil - } else if c.dry { - return repo.ToRepo(), nil - } - - path := fmt.Sprintf("/repos/%s/%s", owner, name) - var retRepo FullRepo - _, err := c.request(&request{ - method: http.MethodPatch, - path: path, - org: owner, - requestBody: &repo, - exitCodes: []int{200}, - }, &retRepo) - return &retRepo, err -} - -// GetRepos returns all repos in an org. -// -// This call uses multiple API tokens when results are paginated. -// -// See https://developer.github.com/v3/repos/#list-organization-repositories -func (c *client) GetRepos(org string, isUser bool) ([]Repo, error) { - durationLogger := c.log("GetRepos", org, isUser) - defer durationLogger() - - var ( - repos []Repo - nextURL string - ) - if c.fake { - return repos, nil - } - if isUser { - nextURL = fmt.Sprintf("/users/%s/repos", org) - } else { - nextURL = fmt.Sprintf("/orgs/%s/repos", org) - } - err := c.readPaginatedResults( - nextURL, // path - acceptNone, // accept - org, - func() interface{} { // newObj - return &[]Repo{} - }, - func(obj interface{}) { // accumulate - repos = append(repos, *(obj.(*[]Repo))...) - }, - ) - if err != nil { - return nil, err - } - return repos, nil -} - -// GetSingleCommit returns a single commit. -// -// See https://developer.github.com/v3/repos/#get -func (c *client) GetSingleCommit(org, repo, SHA string) (RepositoryCommit, error) { - durationLogger := c.log("GetSingleCommit", org, repo, SHA) - defer durationLogger() - - var commit RepositoryCommit - _, err := c.request(&request{ - method: http.MethodGet, - path: fmt.Sprintf("/repos/%s/%s/commits/%s", org, repo, SHA), - org: org, - exitCodes: []int{200}, - }, &commit) - return commit, err -} - -// GetBranches returns all branches in the repo. -// -// If onlyProtected is true it will only return repos with protection enabled, -// and branch.Protected will be true. Otherwise Protected is the default value (false). -// -// This call uses multiple API tokens when results are paginated. -// -// See https://developer.github.com/v3/repos/branches/#list-branches -func (c *client) GetBranches(org, repo string, onlyProtected bool) ([]Branch, error) { - durationLogger := c.log("GetBranches", org, repo, onlyProtected) - defer durationLogger() - - var branches []Branch - err := c.readPaginatedResultsWithValues( - fmt.Sprintf("/repos/%s/%s/branches", org, repo), - url.Values{ - "protected": []string{strconv.FormatBool(onlyProtected)}, - "per_page": []string{"100"}, - }, - acceptNone, - org, - func() interface{} { // newObj - return &[]Branch{} - }, - func(obj interface{}) { - branches = append(branches, *(obj.(*[]Branch))...) - }, - ) - if err != nil { - return nil, err - } - return branches, nil -} - -// GetBranchProtection returns current protection object for the branch -// -// See https://developer.github.com/v3/repos/branches/#get-branch-protection -func (c *client) GetBranchProtection(org, repo, branch string) (*BranchProtection, error) { - durationLogger := c.log("GetBranchProtection", org, repo, branch) - defer durationLogger() - - code, body, err := c.requestRaw(&request{ - method: http.MethodGet, - path: fmt.Sprintf("/repos/%s/%s/branches/%s/protection", org, repo, branch), - org: org, - // GitHub returns 404 for this call if either: - // - The branch is not protected - // - The access token used does not have sufficient privileges - // We therefore need to introspect the response body. - exitCodes: []int{200, 404}, - }) - - switch { - case err != nil: - return nil, err - case code == 200: - var bp BranchProtection - if err := json.Unmarshal(body, &bp); err != nil { - return nil, err - } - return &bp, nil - case code == 404: - // continue - default: - return nil, fmt.Errorf("unexpected status code: %d", code) - } - - var ge githubError - if err := json.Unmarshal(body, &ge); err != nil { - return nil, err - } - - // If the error was because the branch is not protected, we return a - // nil pointer to indicate this. - if ge.Message == "Branch not protected" { - return nil, nil - } - - // Otherwise we got some other 404 error. - return nil, fmt.Errorf("getting branch protection 404: %s", ge.Message) -} - -// RemoveBranchProtection unprotects org/repo=branch. -// -// See https://developer.github.com/v3/repos/branches/#remove-branch-protection -func (c *client) RemoveBranchProtection(org, repo, branch string) error { - durationLogger := c.log("RemoveBranchProtection", org, repo, branch) - defer durationLogger() - - _, err := c.request(&request{ - method: http.MethodDelete, - path: fmt.Sprintf("/repos/%s/%s/branches/%s/protection", org, repo, branch), - org: org, - exitCodes: []int{204}, - }, nil) - return err -} - -// UpdateBranchProtection configures org/repo=branch. -// -// See https://developer.github.com/v3/repos/branches/#update-branch-protection -func (c *client) UpdateBranchProtection(org, repo, branch string, config BranchProtectionRequest) error { - durationLogger := c.log("UpdateBranchProtection", org, repo, branch, config) - defer durationLogger() - - _, err := c.request(&request{ - accept: "application/vnd.github.luke-cage-preview+json", // for required_approving_review_count - method: http.MethodPut, - path: fmt.Sprintf("/repos/%s/%s/branches/%s/protection", org, repo, branch), - org: org, - requestBody: config, - exitCodes: []int{200}, - }, nil) - return err -} - -// AddRepoLabel adds a defined label given org/repo -// -// See https://developer.github.com/v3/issues/labels/#create-a-label -func (c *client) AddRepoLabel(org, repo, label, description, color string) error { - durationLogger := c.log("AddRepoLabel", org, repo, label, description, color) - defer durationLogger() - - _, err := c.request(&request{ - method: http.MethodPost, - path: fmt.Sprintf("/repos/%s/%s/labels", org, repo), - accept: "application/vnd.github.symmetra-preview+json", // allow the description field -- https://developer.github.com/changes/2018-02-22-label-description-search-preview/ - org: org, - requestBody: Label{Name: label, Description: description, Color: color}, - exitCodes: []int{201}, - }, nil) - return err -} - -// UpdateRepoLabel updates a org/repo label to new name, description, and color -// -// See https://developer.github.com/v3/issues/labels/#update-a-label -func (c *client) UpdateRepoLabel(org, repo, label, newName, description, color string) error { - durationLogger := c.log("UpdateRepoLabel", org, repo, label, newName, color) - defer durationLogger() - - _, err := c.request(&request{ - method: http.MethodPatch, - path: fmt.Sprintf("/repos/%s/%s/labels/%s", org, repo, label), - accept: "application/vnd.github.symmetra-preview+json", // allow the description field -- https://developer.github.com/changes/2018-02-22-label-description-search-preview/ - org: org, - requestBody: Label{Name: newName, Description: description, Color: color}, - exitCodes: []int{200}, - }, nil) - return err -} - -// DeleteRepoLabel deletes a label in org/repo -// -// See https://developer.github.com/v3/issues/labels/#delete-a-label -func (c *client) DeleteRepoLabel(org, repo, label string) error { - durationLogger := c.log("DeleteRepoLabel", org, repo, label) - defer durationLogger() - - _, err := c.request(&request{ - method: http.MethodDelete, - accept: "application/vnd.github.symmetra-preview+json", // allow the description field -- https://developer.github.com/changes/2018-02-22-label-description-search-preview/ - path: fmt.Sprintf("/repos/%s/%s/labels/%s", org, repo, label), - org: org, - requestBody: Label{Name: label}, - exitCodes: []int{204}, - }, nil) - return err -} - -// GetCombinedStatus returns the latest statuses for a given ref. -// -// See https://developer.github.com/v3/repos/statuses/#get-the-combined-status-for-a-specific-ref -func (c *client) GetCombinedStatus(org, repo, ref string) (*CombinedStatus, error) { - durationLogger := c.log("GetCombinedStatus", org, repo, ref) - defer durationLogger() - - var combinedStatus CombinedStatus - err := c.readPaginatedResults( - fmt.Sprintf("/repos/%s/%s/commits/%s/status", org, repo, ref), - "", - org, - func() interface{} { - return &CombinedStatus{} - }, - func(obj interface{}) { - cs := *(obj.(*CombinedStatus)) - cs.Statuses = append(combinedStatus.Statuses, cs.Statuses...) - combinedStatus = cs - }, - ) - return &combinedStatus, err -} - -// getLabels is a helper function that retrieves a paginated list of labels from a github URI path. -func (c *client) getLabels(path, org string) ([]Label, error) { - var labels []Label - if c.fake { - return labels, nil - } - err := c.readPaginatedResults( - path, - "application/vnd.github.symmetra-preview+json", // allow the description field -- https://developer.github.com/changes/2018-02-22-label-description-search-preview/ - org, - func() interface{} { - return &[]Label{} - }, - func(obj interface{}) { - labels = append(labels, *(obj.(*[]Label))...) - }, - ) - if err != nil { - return nil, err - } - return labels, nil -} - -// GetRepoLabels returns the list of labels accessible to org/repo. -// -// See https://developer.github.com/v3/issues/labels/#list-all-labels-for-this-repository -func (c *client) GetRepoLabels(org, repo string) ([]Label, error) { - durationLogger := c.log("GetRepoLabels", org, repo) - defer durationLogger() - - return c.getLabels(fmt.Sprintf("/repos/%s/%s/labels", org, repo), org) -} - -// GetIssueLabels returns the list of labels currently on issue org/repo#number. -// -// See https://developer.github.com/v3/issues/labels/#list-labels-on-an-issue -func (c *client) GetIssueLabels(org, repo string, number int) ([]Label, error) { - durationLogger := c.log("GetIssueLabels", org, repo, number) - defer durationLogger() - - return c.getLabels(fmt.Sprintf("/repos/%s/%s/issues/%d/labels", org, repo, number), org) -} - -// AddLabel adds label to org/repo#number, returning an error on a bad response code. -// -// See https://developer.github.com/v3/issues/labels/#add-labels-to-an-issue -func (c *client) AddLabel(org, repo string, number int, label string) error { - return c.AddLabelWithContext(context.Background(), org, repo, number, label) -} - -func (c *client) AddLabelWithContext(ctx context.Context, org, repo string, number int, label string) error { - return c.AddLabelsWithContext(ctx, org, repo, number, label) -} - -// AddLabels adds one or more labels to org/repo#number, returning an error on a bad response code. -// -// See https://developer.github.com/v3/issues/labels/#add-labels-to-an-issue -func (c *client) AddLabels(org, repo string, number int, labels ...string) error { - return c.AddLabelsWithContext(context.Background(), org, repo, number, labels...) -} - -func (c *client) AddLabelsWithContext(ctx context.Context, org, repo string, number int, labels ...string) error { - durationLogger := c.log("AddLabels", org, repo, number, labels) - defer durationLogger() - - _, err := c.requestWithContext(ctx, &request{ - method: http.MethodPost, - path: fmt.Sprintf("/repos/%s/%s/issues/%d/labels", org, repo, number), - org: org, - requestBody: labels, - exitCodes: []int{200}, - }, nil) - return err -} - -type githubError struct { - Message string `json:"message,omitempty"` -} - -// RemoveLabel removes label from org/repo#number, returning an error on any failure. -// -// See https://developer.github.com/v3/issues/labels/#remove-a-label-from-an-issue -func (c *client) RemoveLabel(org, repo string, number int, label string) error { - return c.RemoveLabelWithContext(context.Background(), org, repo, number, label) -} - -func (c *client) RemoveLabelWithContext(ctx context.Context, org, repo string, number int, label string) error { - durationLogger := c.log("RemoveLabel", org, repo, number, label) - defer durationLogger() - - code, body, err := c.requestRawWithContext(ctx, &request{ - method: http.MethodDelete, - path: fmt.Sprintf("/repos/%s/%s/issues/%d/labels/%s", org, repo, number, label), - org: org, - // GitHub sometimes returns 200 for this call, which is a bug on their end. - // Do not expect a 404 exit code and handle it separately because we need - // to introspect the request's response body. - exitCodes: []int{200, 204}, - }) - - switch { - case code == 200 || code == 204: - // If our code was 200 or 204, no error info. - return nil - case code == 404: - // continue - case err != nil: - return err - default: - return fmt.Errorf("unexpected status code: %d", code) - } - - ge := &githubError{} - if err := json.Unmarshal(body, ge); err != nil { - return err - } - - // If the error was because the label was not found, we don't really - // care since the label won't exist anyway. - if ge.Message == "Label does not exist" { - return nil - } - - // Otherwise we got some other 404 error. - return fmt.Errorf("deleting label 404: %s", ge.Message) -} - -func (c *client) WasLabelAddedByHuman(org, repo string, number int, label string) (bool, error) { - isBot, err := c.BotUserChecker() - if err != nil { - return false, fmt.Errorf("failed to construct bot user checker: %w", err) - } - - events, err := c.ListIssueEvents(org, repo, number) - if err != nil { - return false, fmt.Errorf("failed to list issue events: %w", err) - } - var lastAdded ListedIssueEvent - for _, event := range events { - if event.Event != IssueActionLabeled || event.Label.Name != label { - continue - } - lastAdded = event - } - - if lastAdded.Actor.Login == "" || isBot(lastAdded.Actor.Login) { - return false, nil - } - - return true, nil -} - -// MissingUsers is an error specifying the users that could not be unassigned. -type MissingUsers struct { - Users []string - action string - apiErr error -} - -func (m MissingUsers) Error() string { - return fmt.Sprintf("could not %s the following user(s): %s; %v.", m.action, strings.Join(m.Users, ", "), m.apiErr) -} - -// AssignIssue adds logins to org/repo#number, returning an error if any login is missing after making the call. -// -// See https://developer.github.com/v3/issues/assignees/#add-assignees-to-an-issue -func (c *client) AssignIssue(org, repo string, number int, logins []string) error { - durationLogger := c.log("AssignIssue", org, repo, number, logins) - defer durationLogger() - - assigned := make(map[string]bool) - var i Issue - _, err := c.request(&request{ - method: http.MethodPost, - path: fmt.Sprintf("/repos/%s/%s/issues/%d/assignees", org, repo, number), - org: org, - requestBody: map[string][]string{"assignees": logins}, - exitCodes: []int{201}, - }, &i) - if err != nil { - return err - } - for _, assignee := range i.Assignees { - assigned[NormLogin(assignee.Login)] = true - } - missing := MissingUsers{action: "assign"} - for _, login := range logins { - if !assigned[NormLogin(login)] { - missing.Users = append(missing.Users, login) - } - } - if len(missing.Users) > 0 { - return missing - } - return nil -} - -// ExtraUsers is an error specifying the users that could not be unassigned. -type ExtraUsers struct { - Users []string - action string -} - -func (e ExtraUsers) Error() string { - return fmt.Sprintf("could not %s the following user(s): %s.", e.action, strings.Join(e.Users, ", ")) -} - -// UnassignIssue removes logins from org/repo#number, returns an error if any login remains assigned. -// -// See https://developer.github.com/v3/issues/assignees/#remove-assignees-from-an-issue -func (c *client) UnassignIssue(org, repo string, number int, logins []string) error { - durationLogger := c.log("UnassignIssue", org, repo, number, logins) - defer durationLogger() - - assigned := make(map[string]bool) - var i Issue - _, err := c.request(&request{ - method: http.MethodDelete, - path: fmt.Sprintf("/repos/%s/%s/issues/%d/assignees", org, repo, number), - org: org, - requestBody: map[string][]string{"assignees": logins}, - exitCodes: []int{200}, - }, &i) - if err != nil { - return err - } - for _, assignee := range i.Assignees { - assigned[NormLogin(assignee.Login)] = true - } - extra := ExtraUsers{action: "unassign"} - for _, login := range logins { - if assigned[NormLogin(login)] { - extra.Users = append(extra.Users, login) - } - } - if len(extra.Users) > 0 { - return extra - } - return nil -} - -// CreateReview creates a review using the draft. -// -// https://developer.github.com/v3/pulls/reviews/#create-a-pull-request-review -func (c *client) CreateReview(org, repo string, number int, r DraftReview) error { - durationLogger := c.log("CreateReview", org, repo, number, r) - defer durationLogger() - - _, err := c.request(&request{ - method: http.MethodPost, - path: fmt.Sprintf("/repos/%s/%s/pulls/%d/reviews", org, repo, number), - accept: "application/vnd.github.black-cat-preview+json", - org: org, - requestBody: r, - exitCodes: []int{200}, - }, nil) - return err -} - -// prepareReviewersBody separates reviewers from team_reviewers and prepares a map -// -// { -// "reviewers": [ -// "octocat", -// "hubot", -// "other_user" -// ], -// "team_reviewers": [ -// "justice-league" -// ] -// } -// -// https://developer.github.com/v3/pulls/review_requests/#create-a-review-request -func prepareReviewersBody(logins []string, org string) (map[string][]string, error) { - body := map[string][]string{} - var errors []error - for _, login := range logins { - mat := teamRe.FindStringSubmatch(login) - if mat == nil { - if _, exists := body["reviewers"]; !exists { - body["reviewers"] = []string{} - } - body["reviewers"] = append(body["reviewers"], login) - } else if mat[1] == org { - if _, exists := body["team_reviewers"]; !exists { - body["team_reviewers"] = []string{} - } - body["team_reviewers"] = append(body["team_reviewers"], mat[2]) - } else { - errors = append(errors, fmt.Errorf("team %s is not part of %s org", login, org)) - If any user in the 'logins' slice is not a contributor of the repo, the entire POST will fail without adding any reviewers. The GitHub API response does not specify which user(s) were invalid so if we fail to request reviews from the members of 'logins' we try to request reviews from each member individually. We try first with all users in 'logins' for efficiency in the common case. Status code: %d, errmsg: %w", statusCode, err) Specifically, if 'logins' contains a user that isn't a requested reviewer, other users that are valid are still removed. Furthermore, the API response lists the set of requested reviewers after the deletion (unlike request creations), so we can determine if each deletion was successful. The API responds with http status code 200 no matter what the content of 'logins' is. accept: "application/vnd.github.symmetra-preview+json", - org: org, - requestBody: body, - exitCodes: []int{http.StatusOK /*200*/}, - }, &pr) - if err != nil { - return err - } - extras := ExtraUsers{action: "remove the PR review request for"} - for _, user := range pr.RequestedReviewers { - found := false - for _, toDelete := range logins { - if NormLogin(user.Login) == NormLogin(toDelete) { - found = true - break - } - } - if found { - extras.Users = append(extras.Users, user.Login) - } - } - if len(extras.Users) > 0 { - return extras - } - return nil -} - -// CloseIssue closes the existing, open issue provided -// CloseIssue also closes the issue with the reason being -// "completed" - default value for the state_reason attribute. -// -// See https://developer.github.com/v3/issues/#edit-an-issue -func (c *client) CloseIssue(org, repo string, number int) error { - durationLogger := c.log("CloseIssue", org, repo, number) - defer durationLogger() - - return c.closeIssue(org, repo, number, "completed") -} - -// CloseIssueAsNotPlanned closes the existing, open issue provided -// CloseIssueAsNotPlanned also closes the issue with the reason being -// "not_planned" - value passed for the state_reason attribute. -// -// See https://developer.github.com/v3/issues/#edit-an-issue -func (c *client) CloseIssueAsNotPlanned(org, repo string, number int) error { - durationLogger := c.log("CloseIssueAsNotPlanned", org, repo, number) - defer durationLogger() - - return c.closeIssue(org, repo, number, "not_planned") -} - -func (c *client) closeIssue(org, repo string, number int, reason string) error { - _, err := c.request(&request{ - method: http.MethodPatch, - path: fmt.Sprintf("/repos/%s/%s/issues/%d", org, repo, number), - org: org, - requestBody: map[string]string{"state": "closed", "state_reason": reason}, - exitCodes: []int{200}, - }, nil) - - return err -} - -// StateCannotBeChanged represents the "custom" GitHub API -// error that occurs when a resource cannot be changed -type StateCannotBeChanged struct { - Message string -} - -func (s StateCannotBeChanged) Error() string { - return s.Message -} - -// StateCannotBeChanged implements error -var _ error = (*StateCannotBeChanged)(nil) - -// convert to a StateCannotBeChanged if appropriate or else return the original error -func stateCannotBeChangedOrOriginalError(err error) error { - requestErr, ok := err.(requestError) - if ok { - for _, errorMsg := range requestErr.ErrorMessages() { - if strings.Contains(errorMsg, stateCannotBeChangedMessagePrefix) { - return StateCannotBeChanged{ - Message: errorMsg, - } - } - } - } - return err -} - -// ReopenIssue re-opens the existing, closed issue provided -// -// See https://developer.github.com/v3/issues/#edit-an-issue -func (c *client) ReopenIssue(org, repo string, number int) error { - durationLogger := c.log("ReopenIssue", org, repo, number) - defer durationLogger() - - _, err := c.request(&request{ - method: http.MethodPatch, - path: fmt.Sprintf("/repos/%s/%s/issues/%d", org, repo, number), - org: org, - requestBody: map[string]string{"state": "open"}, - exitCodes: []int{200}, - }, nil) - return stateCannotBeChangedOrOriginalError(err) -} - -// ClosePR closes the existing, open PR provided -// TODO: Rename to ClosePullRequest -// -// See https://developer.github.com/v3/pulls/#update-a-pull-request -func (c *client) ClosePR(org, repo string, number int) error { - durationLogger := c.log("ClosePR", org, repo, number) - defer durationLogger() - - _, err := c.request(&request{ - method: http.MethodPatch, - path: fmt.Sprintf("/repos/%s/%s/pulls/%d", org, repo, number), - org: org, - requestBody: map[string]string{"state": "closed"}, - exitCodes: []int{200}, - }, nil) - return err -} - -// ReopenPR re-opens the existing, closed PR provided -// TODO: Rename to ReopenPullRequest -// -// See https://developer.github.com/v3/pulls/#update-a-pull-request -func (c *client) ReopenPR(org, repo string, number int) error { - durationLogger := c.log("ReopenPR", org, repo, number) - defer durationLogger() - - _, err := c.request(&request{ - method: http.MethodPatch, - path: fmt.Sprintf("/repos/%s/%s/pulls/%d", org, repo, number), - org: org, - requestBody: map[string]string{"state": "open"}, - exitCodes: []int{200}, - }, nil) - return stateCannotBeChangedOrOriginalError(err) -} - -// GetRef returns the SHA of the given ref, such as "heads/master". -// -// See https://developer.github.com/v3/git/refs/#get-a-reference -// The gitbub api does prefix matching and might return multiple results, -// in which case we will return a GetRefTooManyResultsError -func (c *client) GetRef(org, repo, ref string) (string, error) { - durationLogger := c.log("GetRef", org, repo, ref) - defer durationLogger() - - res := GetRefResponse{} - _, err := c.request(&request{ - method: http.MethodGet, - path: fmt.Sprintf("/repos/%s/%s/git/refs/%s", org, repo, ref), - org: org, - exitCodes: []int{200}, - }, &res) - if err != nil { - return "", nil - } - - if n := len(res); n > 1 { - wantRef := "refs/" + ref - for _, r := range res { - if r.Ref == wantRef { - return r.Object.SHA, nil - } - } - return "", GetRefTooManyResultsError{org: org, repo: repo, ref: ref, resultsRefs: res.RefNames()} - } - return res[0].Object.SHA, nil -} - -type GetRefTooManyResultsError struct { - org, repo, ref string - resultsRefs []string -} - -func (GetRefTooManyResultsError) Is(err error) bool { - _, ok := err.(GetRefTooManyResultsError) - return ok -} - -func (e GetRefTooManyResultsError) Error() string { - return fmt.Sprintf("query for %s/%s ref %q didn't match one but multiple refs: %v", e.org, e.repo, e.ref, e.resultsRefs) -} - -type GetRefResponse []GetRefResult - -// We need a custom unmarshaler because the GetRefResult may either be a -// single GetRefResponse or multiple -func (grr *GetRefResponse) UnmarshalJSON(data []byte) error { - result := &GetRefResult{} - if err := json.Unmarshal(data, result); err == nil { - *(grr) = GetRefResponse{*result} - return nil - } - var response []GetRefResult - if err := json.Unmarshal(data, &response); err != nil { - return fmt.Errorf("failed to unmarshal response %s: %w", string(data), err) - } - *grr = GetRefResponse(response) - return nil -} - -func (grr *GetRefResponse) RefNames() []string { - var result []string - for _, item := range *grr { - result = append(result, item.Ref) - } - return result -} - -type GetRefResult struct { - Ref string `json:"ref,omitempty"` - NodeID string `json:"node_id,omitempty"` - URL string `json:"url,omitempty"` - Object struct { - Type string `json:"type,omitempty"` - SHA string `json:"sha,omitempty"` - URL string `json:"url,omitempty"` - } `json:"object,omitempty"` -} - -// DeleteRef deletes the given ref -// -// See https://developer.github.com/v3/git/refs/#delete-a-reference -func (c *client) DeleteRef(org, repo, ref string) error { - durationLogger := c.log("DeleteRef", org, repo, ref) - defer durationLogger() - - _, err := c.request(&request{ - method: http.MethodDelete, - path: fmt.Sprintf("/repos/%s/%s/git/refs/%s", org, repo, ref), - org: org, - exitCodes: []int{204}, - This helps in iterating all issues and PRs that are under a column This method is not working in contexts where "github-app-id" is set. "q": []string{query}, - } - var issues []Issue - - if sort != "" { - values["sort"] = []string{sort} - if asc { - values["order"] = []string{"asc"} - } - } - err := c.readPaginatedResultsWithValues( - fmt.Sprintf("/search/issues"), - values, - acceptNone, - org, - func() interface{} { // newObj - return &IssuesSearchResult{} - }, - func(obj interface{}) { - issues = append(issues, obj.(*IssuesSearchResult).Issues...) - }, - ) - if err != nil { - return nil, err - } - return issues, err -} - -// FileNotFound happens when github cannot find the file requested by GetFile(). -type FileNotFound struct { - org, repo, path, commit string -} - -func (e *FileNotFound) Error() string { - return fmt.Sprintf("%s/%s/%s @ %s not found", e.org, e.repo, e.path, e.commit) -} - -// GetFile uses GitHub repo contents API to retrieve the content of a file with commit SHA. -// If commit is empty, it will grab content from repo's default branch, usually master. -// Use GetDirectory() method to retrieve a directory. -// -// See https://developer.github.com/v3/repos/contents/#get-contents -func (c *client) GetFile(org, repo, filepath, commit string) ([]byte, error) { - durationLogger := c.log("GetFile", org, repo, filepath, commit) - defer durationLogger() - - path := fmt.Sprintf("/repos/%s/%s/contents/%s", org, repo, filepath) - if commit != "" { - path = fmt.Sprintf("%s?ref=%s", path, url.QueryEscape(commit)) - } - - var res Content - code, err := c.request(&request{ - method: http.MethodGet, - path: path, - org: org, - exitCodes: []int{200, 404}, - }, &res) - - if err != nil { - return nil, err - } - - if code == 404 { - return nil, &FileNotFound{ - org: org, - repo: repo, - path: filepath, - commit: commit, - } - } - - decoded, err := base64.StdEncoding.DecodeString(res.Content) - if err != nil { - return nil, fmt.Errorf("error decoding %s : %w", res.Content, err) - } - - return decoded, nil -} - -// QueryWithGitHubAppsSupport runs a GraphQL query using shurcooL/githubql's client. -func (c *client) QueryWithGitHubAppsSupport(ctx context.Context, q interface{}, vars map[string]interface{}, org string) error { - // Don't log query here because Query is typically called multiple times to get all pages. - // Instead log once per search and include total search cost. - return c.gqlc.QueryWithGitHubAppsSupport(ctx, q, vars, org) -} - -// MutateWithGitHubAppsSupport runs a GraphQL mutation using shurcooL/githubql's client. -func (c *client) MutateWithGitHubAppsSupport(ctx context.Context, m interface{}, input githubql.Input, vars map[string]interface{}, org string) error { - return c.gqlc.MutateWithGitHubAppsSupport(ctx, m, input, vars, org) -} - -// CreateTeam adds a team with name to the org, returning a struct with the new ID. -// -// See https://developer.github.com/v3/teams/#create-team -func (c *client) CreateTeam(org string, team Team) (*Team, error) { - durationLogger := c.log("CreateTeam", org, team) - defer durationLogger() - - if team.Name == "" { - return nil, errors.New("team.Name must be non-empty") - } - if c.fake { - return nil, nil - } else if c.dry { - // When in dry mode we need a believable slug to call corresponding methods for this team - team.Slug = strings.ToLower(strings.ReplaceAll(team.Name, " ", "-")) - return &team, nil - } - path := fmt.Sprintf("/orgs/%s/teams", org) - var retTeam Team - _, err := c.request(&request{ - method: http.MethodPost, - path: path, - accept: "application/vnd.github+json", - org: org, - requestBody: &team, - exitCodes: []int{201}, - }, &retTeam) - return &retTeam, err -} - -// EditTeam patches team.Slug to contain the specified: -// name, description, privacy, permission, and parentTeamId values. -// -// See https://docs.github.com/en/rest/reference/teams#update-a-team -func (c *client) EditTeam(org string, t Team) (*Team, error) { - durationLogger := c.log("EditTeam", t) - defer durationLogger() - - if t.Slug == "" { - return nil, errors.New("team.Slug must be populated") - } - if c.dry { - return &t, nil - } - t.ID = 0 - // Need to send parent_team_id: null - team := struct { - Team - ParentTeamID *int `json:"parent_team_id"` - }{ - Team: t, - ParentTeamID: t.ParentTeamID, - } - var retTeam Team - path := fmt.Sprintf("/orgs/%s/teams/%s", org, t.Slug) - _, err := c.request(&request{ - method: http.MethodPatch, - path: path, - accept: "application/vnd.github+json", - org: org, - requestBody: &team, - exitCodes: []int{200, 201}, - }, &retTeam) - return &retTeam, err -} - -// DeleteTeam removes team.ID from GitHub. -// -// See https://developer.github.com/v3/teams/#delete-team -// Deprecated: please use DeleteTeamBySlug -func (c *client) DeleteTeam(org string, id int) error { - c.logger.WithField("methodName", "DeleteTeam"). - Warn("method is deprecated, and will result in multiple api calls to achieve result") - durationLogger := c.log("DeleteTeam", org, id) - defer durationLogger() - - organization, err := c.GetOrg(org) - if err != nil { - return err - } - - path := fmt.Sprintf("/organizations/%d/team/%d", organization.Id, id) - _, err = c.request(&request{ - method: http.MethodDelete, - path: path, - org: org, - exitCodes: []int{204}, - }, nil) - return err -} - -// DeleteTeamBySlug removes team.Slug from GitHub. -// -// See https://docs.github.com/en/rest/reference/teams#delete-a-team -func (c *client) DeleteTeamBySlug(org, teamSlug string) error { - durationLogger := c.log("DeleteTeamBySlug", org, teamSlug) - defer durationLogger() - path := fmt.Sprintf("/orgs/%s/teams/%s", org, teamSlug) - _, err := c.request(&request{ - method: http.MethodDelete, - path: path, - org: org, - exitCodes: []int{204}, - }, nil) - return err -} - -// ListTeams gets a list of teams for the given org -// -// See https://developer.github.com/v3/teams/#list-teams -func (c *client) ListTeams(org string) ([]Team, error) { - durationLogger := c.log("ListTeams", org) - defer durationLogger() - - if c.fake { - return nil, nil - } - path := fmt.Sprintf("/orgs/%s/teams", org) - var teams []Team - err := c.readPaginatedResults( - path, - "application/vnd.github+json", - org, - func() interface{} { - return &[]Team{} - }, - func(obj interface{}) { - teams = append(teams, *(obj.(*[]Team))...) - }, - ) - if err != nil { - return nil, err - } - return teams, nil -} - -// UpdateTeamMembership adds the user to the team and/or updates their role in that team. -// -// If the user is not a member of the org, GitHub will invite them to become an outside collaborator, setting their status to pending. -// -// https://developer.github.com/v3/teams/members/#add-or-update-team-membership -// Deprecated: please use UpdateTeamMembershipBySlug -func (c *client) UpdateTeamMembership(org string, id int, user string, maintainer bool) (*TeamMembership, error) { - c.logger.WithField("methodName", "UpdateTeamMembership"). - Warn("method is deprecated, and will result in multiple api calls to achieve result") - durationLogger := c.log("UpdateTeamMembership", org, id, user, maintainer) - defer durationLogger() - - if c.fake { - return nil, nil - } - tm := TeamMembership{} - if maintainer { - tm.Role = RoleMaintainer - } else { - tm.Role = RoleMember - } - - if c.dry { - return &tm, nil - } - - organization, err := c.GetOrg(org) - if err != nil { - return nil, err - } - - _, err = c.request(&request{ - method: http.MethodPut, - path: fmt.Sprintf("/organizations/%d/team/%d/memberships/%s", organization.Id, id, user), - org: org, - requestBody: &tm, - exitCodes: []int{200}, - }, &tm) - return &tm, err -} - -// UpdateTeamMembershipBySlug adds the user to the team and/or updates their role in that team. -// -// If the user is not a member of the org, GitHub will invite them to become an outside collaborator, setting their status to pending. -// -// https://docs.github.com/en/rest/reference/teams#add-or-update-team-membership-for-a-user -func (c *client) UpdateTeamMembershipBySlug(org, teamSlug, user string, maintainer bool) (*TeamMembership, error) { - durationLogger := c.log("UpdateTeamMembershipBySlug", org, teamSlug, user, maintainer) - defer durationLogger() - - if c.fake { - return nil, nil - } - tm := TeamMembership{} - if maintainer { - tm.Role = RoleMaintainer - } else { - tm.Role = RoleMember - } - - if c.dry { - return &tm, nil - } - - _, err := c.request(&request{ - method: http.MethodPut, - path: fmt.Sprintf("/orgs/%s/teams/%s/memberships/%s", org, teamSlug, user), - org: org, - requestBody: &tm, - exitCodes: []int{200}, - }, &tm) - return &tm, err -} - -// RemoveTeamMembership removes the user from the team (but not the org). -// -// https://developer.github.com/v3/teams/members/#remove-team-member -// Deprecated: please use RemoveTeamMembershipBySlug -func (c *client) RemoveTeamMembership(org string, id int, user string) error { - c.logger.WithField("methodName", "RemoveTeamMembership"). - Warn("method is deprecated, and will result in multiple api calls to achieve result") - durationLogger := c.log("RemoveTeamMembership", org, id, user) - defer durationLogger() - - if c.fake { - return nil - } - - organization, err := c.GetOrg(org) - if err != nil { - return err - } - - _, err = c.request(&request{ - method: http.MethodDelete, - path: fmt.Sprintf("/organizations/%d/team/%d/memberships/%s", organization.Id, id, user), - org: org, - exitCodes: []int{204}, - }, nil) - return err -} - -// RemoveTeamMembershipBySlug removes the user from the team (but not the org). -// -// https://docs.github.com/en/rest/reference/teams#remove-team-membership-for-a-user -func (c *client) RemoveTeamMembershipBySlug(org, teamSlug, user string) error { - durationLogger := c.log("RemoveTeamMembershipBySlug", org, teamSlug, user) - defer durationLogger() - - if c.fake { - return nil - } - _, err := c.request(&request{ - method: http.MethodDelete, - path: fmt.Sprintf("/orgs/%s/teams/%s/memberships/%s", org, teamSlug, user), - org: org, - exitCodes: []int{204}, - }, nil) - return err -} - -// ListTeamMembers gets a list of team members for the given team id -// -// Role options are "all", "maintainer" and "member" -// -// https://developer.github.com/v3/teams/members/#list-team-members -// Deprecated: please use ListTeamMembersBySlug -func (c *client) ListTeamMembers(org string, id int, role string) ([]TeamMember, error) { - c.logger.WithField("methodName", "ListTeamMembers"). - Warn("method is deprecated, please use ListTeamMembersBySlug") - durationLogger := c.log("ListTeamMembers", id, role) - defer durationLogger() - - if c.fake { - return nil, nil - } - path := fmt.Sprintf("/teams/%d/members", id) - var teamMembers []TeamMember - err := c.readPaginatedResultsWithValues( - path, - url.Values{ - "per_page": []string{"100"}, - "role": []string{role}, - }, - "application/vnd.github+json", - org, - func() interface{} { - return &[]TeamMember{} - }, - func(obj interface{}) { - teamMembers = append(teamMembers, *(obj.(*[]TeamMember))...) - }, - ) - if err != nil { - return nil, err - } - return teamMembers, nil -} - -// ListTeamMembersBySlug gets a list of team members for the given team slug -// -// Role options are "all", "maintainer" and "member" -// -// https://docs.github.com/en/rest/reference/teams#list-team-members -func (c *client) ListTeamMembersBySlug(org, teamSlug, role string) ([]TeamMember, error) { - durationLogger := c.log("ListTeamMembersBySlug", org, teamSlug, role) - defer durationLogger() - - if c.fake { - return nil, nil - } - path := fmt.Sprintf("/orgs/%s/teams/%s/members", org, teamSlug) - var teamMembers []TeamMember - err := c.readPaginatedResultsWithValues( - path, - url.Values{ - "per_page": []string{"100"}, - "role": []string{role}, - }, - "application/vnd.github.v3+json", - org, - func() interface{} { - return &[]TeamMember{} - }, - func(obj interface{}) { - teamMembers = append(teamMembers, *(obj.(*[]TeamMember))...) - }, - ) - if err != nil { - return nil, err - } - return teamMembers, nil -} - -// ListTeamRepos gets a list of team repos for the given team id -// -// https://developer.github.com/v3/teams/#list-team-repos -// Deprecated: please use ListTeamReposBySlug -func (c *client) ListTeamRepos(org string, id int) ([]Repo, error) { - c.logger.WithField("methodName", "ListTeamRepos"). - Warn("method is deprecated, and will result in multiple api calls to achieve result") - durationLogger := c.log("ListTeamRepos", org, id) - defer durationLogger() - - if c.fake { - return nil, nil - } - - organization, err := c.GetOrg(org) - if err != nil { - return nil, err - } - - path := fmt.Sprintf("/organizations/%d/team/%d/repos", organization.Id, id) - var repos []Repo - err = c.readPaginatedResultsWithValues( - path, - url.Values{ - "per_page": []string{"100"}, - }, - "application/vnd.github+json", - org, - func() interface{} { - return &[]Repo{} - }, - func(obj interface{}) { - for _, repo := range *obj.(*[]Repo) { - // Currently, GitHub API returns false for all permission levels - // for a repo on which the team has 'Maintain' or 'Triage' role. - // This check is to avoid listing a repo under the team but - // showing the permission level as none. - if LevelFromPermissions(repo.Permissions) != None { - repos = append(repos, repo) - } - } - }, - ) - if err != nil { - return nil, err - } - return repos, nil -} - -// ListTeamReposBySlug gets a list of team repos for the given team slug -// -// https://docs.github.com/en/rest/reference/teams#list-team-repositories -func (c *client) ListTeamReposBySlug(org, teamSlug string) ([]Repo, error) { - durationLogger := c.log("ListTeamReposBySlug", org, teamSlug) - defer durationLogger() - - if c.fake { - return nil, nil - } - path := fmt.Sprintf("/orgs/%s/teams/%s/repos", org, teamSlug) - var repos []Repo - err := c.readPaginatedResultsWithValues( - path, - url.Values{ - "per_page": []string{"100"}, - }, - "application/vnd.github.v3+json", - org, - func() interface{} { - return &[]Repo{} - }, - func(obj interface{}) { - for _, repo := range *obj.(*[]Repo) { - // Currently, GitHub API returns false for all permission levels - // for a repo on which the team has 'Maintain' or 'Triage' role. - // This check is to avoid listing a repo under the team but - // showing the permission level as none. - if LevelFromPermissions(repo.Permissions) != None { - repos = append(repos, repo) - } - } - }, - ) - if err != nil { - return nil, err - } - return repos, nil -} - -// UpdateTeamRepo adds the repo to the team with the provided role. -// -// https://developer.github.com/v3/teams/#add-or-update-team-repository -// Deprecated: please use UpdateTeamRepoBySlug -func (c *client) UpdateTeamRepo(id int, org, repo string, permission TeamPermission) error { - c.logger.WithField("methodName", "UpdateTeamRepo"). - Warn("method is deprecated, and will result in multiple api calls to achieve result") - durationLogger := c.log("UpdateTeamRepo", id, org, repo, permission) - defer durationLogger() - - if c.fake || c.dry { - return nil - } - - organization, err := c.GetOrg(org) - if err != nil { - return err - } - - data := struct { - Permission string `json:"permission"` - }{ - Permission: string(permission), - } - - _, err = c.request(&request{ - method: http.MethodPut, - path: fmt.Sprintf("/organizations/%d/team/%d/repos/%s/%s", organization.Id, id, org, repo), - org: org, - requestBody: &data, - exitCodes: []int{204}, - }, nil) - return err -} - -// UpdateTeamRepoBySlug adds the repo to the team with the provided role. -// -// https://docs.github.com/en/rest/reference/teams#add-or-update-team-repository-permissions -func (c *client) UpdateTeamRepoBySlug(org, teamSlug, repo string, permission TeamPermission) error { - durationLogger := c.log("UpdateTeamRepoBySlug", org, teamSlug, repo, permission) - defer durationLogger() - - if c.fake || c.dry { - return nil - } - - data := struct { - Permission string `json:"permission"` - }{ - Permission: string(permission), - } - - _, err := c.request(&request{ - method: http.MethodPut, - path: fmt.Sprintf("/orgs/%s/teams/%s/repos/%s/%s", org, teamSlug, org, repo), - org: org, - requestBody: &data, - exitCodes: []int{204}, - }, nil) - return err -} - -// RemoveTeamRepo removes the team from the repo. -// -// https://docs.github.com/en/rest/reference/teams#remove-a-repository-from-a-team-legacy -// Deprecated: please use RemoveTeamRepoBySlug -func (c *client) RemoveTeamRepo(id int, org, repo string) error { - c.logger.WithField("methodName", "RemoveTeamRepo"). - Warn("method is deprecated, and will result in multiple api calls to achieve result") - durationLogger := c.log("RemoveTeamRepo", id, org, repo) - defer durationLogger() - - if c.fake || c.dry { - return nil - } - - organization, err := c.GetOrg(org) - if err != nil { - return err - } - - _, err = c.request(&request{ - method: http.MethodDelete, - path: fmt.Sprintf("/organizations/%d/team/%d/repos/%s/%s", organization.Id, id, org, repo), - org: org, - exitCodes: []int{204}, - }, nil) - return err -} - -// RemoveTeamRepoBySlug removes the team from the repo. -// -// https://docs.github.com/en/rest/reference/teams#remove-a-repository-from-a-team -func (c *client) RemoveTeamRepoBySlug(org, teamSlug, repo string) error { - durationLogger := c.log("RemoveTeamRepoBySlug", org, teamSlug, repo) - defer durationLogger() - - if c.fake || c.dry { - return nil - } - - _, err := c.request(&request{ - method: http.MethodDelete, - path: fmt.Sprintf("/orgs/%s/teams/%s/repos/%s/%s", org, teamSlug, org, repo), - org: org, - exitCodes: []int{204}, - }, nil) - return err -} - -// ListTeamInvitations gets a list of team members with pending invitations for the -// given team id -// -// https://developer.github.com/v3/teams/members/#list-pending-team-invitations -// Deprecated: please use ListTeamInvitationsBySlug -func (c *client) ListTeamInvitations(org string, id int) ([]OrgInvitation, error) { - c.logger.WithField("methodName", "ListTeamInvitations"). - Warn("method is deprecated, and will result in multiple api calls to achieve result") - durationLogger := c.log("ListTeamInvitations", org, id) - defer durationLogger() - - if c.fake { - return nil, nil - } - - organization, err := c.GetOrg(org) - if err != nil { - return nil, err - } - path := fmt.Sprintf("/organizations/%d/team/%d/invitations", organization.Id, id) - var ret []OrgInvitation - err = c.readPaginatedResults( - path, - acceptNone, - org, - func() interface{} { - return &[]OrgInvitation{} - }, - func(obj interface{}) { - ret = append(ret, *(obj.(*[]OrgInvitation))...) - }, - ) - if err != nil { - return nil, err - } - return ret, nil -} - -// ListTeamInvitationsBySlug gets a list of team members with pending invitations for the given team slug -// -// https://docs.github.com/en/rest/reference/teams#list-pending-team-invitations -func (c *client) ListTeamInvitationsBySlug(org, teamSlug string) ([]OrgInvitation, error) { - durationLogger := c.log("ListTeamInvitationsBySlug", org, teamSlug) - defer durationLogger() - - if c.fake { - return nil, nil - } - - path := fmt.Sprintf("/orgs/%s/teams/%s/invitations", org, teamSlug) - var ret []OrgInvitation - err := c.readPaginatedResults( - path, - "application/vnd.github.v3+json", - org, - func() interface{} { - return &[]OrgInvitation{} - }, - func(obj interface{}) { - ret = append(ret, *(obj.(*[]OrgInvitation))...) - }, - ) - if err != nil { - return nil, err - } - return ret, nil -} - -// MergeDetails contains desired properties of the merge. -// -// See https://developer.github.com/v3/pulls/#merge-a-pull-request-merge-button -type MergeDetails struct { - // CommitTitle defaults to the automatic message. - CommitTitle string `json:"commit_title,omitempty"` - // CommitMessage defaults to the automatic message. - CommitMessage string `json:"commit_message,omitempty"` - // The PR HEAD must match this to prevent races. - SHA string `json:"sha,omitempty"` - // Can be "merge", "squash", or "rebase". Defaults to merge. If we can detect that we're using ghproxy, however, we can make a more expensive but cache-able call instead. Detecting that we are pointed at a ghproxy instance is not high fidelity, but a best-effort approach here is guaranteed to make a positive impact and no negative one. Forking a repository happens asynchronously. Therefore, we may have to wait a short period before accessing the git objects. If this takes longer than 5 minutes, GitHub recommends contacting their support. forkedRepo == nil || forkedRepo.Parent.FullName != fmt.Sprintf("%s/%s", org, repo) { forkedRepo != nil { try < maxTries; try++ { - pr, err := c.GetPullRequest(org, repo, number) - if err != nil { - return false, err - } - if pr.Head.SHA != SHA { - return false, fmt.Errorf("pull request head changed while checking mergeability (%s -> %s)", SHA, pr.Head.SHA) - } - if pr.Merged { - return false, errors.New("pull request was merged while checking mergeability") - } - if pr.Mergable != nil { - return *pr.Mergable, nil - } - if try+1 < maxTries { - c.time.Sleep(backoff) - backoff *= 2 - } - } - return false, fmt.Errorf("reached maximum number of retries (%d) checking mergeability", maxTries) -} - -// ClearMilestone clears the milestone from the specified issue -// -// See https://developer.github.com/v3/issues/#edit-an-issue -func (c *client) ClearMilestone(org, repo string, num int) error { - durationLogger := c.log("ClearMilestone", org, repo, num) - defer durationLogger() - - issue := &struct { - // Clearing the milestone requires providing a null value, and - // interface{} will serialize to null. - Milestone interface{} `json:"milestone"` - }{} - _, err := c.request(&request{ - method: http.MethodPatch, - path: fmt.Sprintf("/repos/%v/%v/issues/%d", org, repo, num), - org: org, - requestBody: &issue, - exitCodes: []int{200}, - }, nil) - return err -} - -// SetMilestone sets the milestone from the specified issue (if it is a valid milestone) -// -// See https://developer.github.com/v3/issues/#edit-an-issue -func (c *client) SetMilestone(org, repo string, issueNum, milestoneNum int) error { - durationLogger := c.log("SetMilestone", org, repo, issueNum, milestoneNum) - defer durationLogger() - - issue := &struct { - Milestone int `json:"milestone"` - }{Milestone: milestoneNum} - - _, err := c.request(&request{ - method: http.MethodPatch, - path: fmt.Sprintf("/repos/%v/%v/issues/%d", org, repo, issueNum), - org: org, - requestBody: &issue, - exitCodes: []int{200}, - }, nil) - return err -} - -// ListMilestones list all milestones in a repo -// -// See https://developer.github.com/v3/issues/milestones/#list-milestones-for-a-repository/ -func (c *client) ListMilestones(org, repo string) ([]Milestone, error) { - durationLogger := c.log("ListMilestones", org) - defer durationLogger() - - if c.fake { - return nil, nil - } - path := fmt.Sprintf("/repos/%s/%s/milestones", org, repo) - var milestones []Milestone - err := c.readPaginatedResults( - path, - acceptNone, - org, - func() interface{} { - return &[]Milestone{} - }, - func(obj interface{}) { - milestones = append(milestones, *(obj.(*[]Milestone))...) - }, - ) - if err != nil { - return nil, err - } - return milestones, nil -} - -// ListPRCommits lists the commits in a pull request. -// -// GitHub API docs: https://developer.github.com/v3/pulls/#list-commits-on-a-pull-request -func (c *client) ListPRCommits(org, repo string, number int) ([]RepositoryCommit, error) { - durationLogger := c.log("ListPRCommits", org, repo, number) - defer durationLogger() - - if c.fake { - return nil, nil - } - var commits []RepositoryCommit - err := c.readPaginatedResults( - fmt.Sprintf("/repos/%v/%v/pulls/%d/commits", org, repo, number), - acceptNone, - org, - func() interface{} { // newObj returns a pointer to the type of object to create - return &[]RepositoryCommit{} - }, - func(obj interface{}) { // accumulate is the accumulation function for paginated results - commits = append(commits, *(obj.(*[]RepositoryCommit))...) - }, - ) - if err != nil { - return nil, err - } - return commits, nil -} - -// UpdatePullRequestBranch updates the pull request branch with the latest upstream changes by merging HEAD from the base branch into the pull request branch. -// -// GitHub API docs: https://developer.github.com/v3/pulls#update-a-pull-request-branch -func (c *client) UpdatePullRequestBranch(org, repo string, number int, expectedHeadSha *string) error { - durationLogger := c.log("UpdatePullRequestBranch", org, repo) - defer durationLogger() - - data := struct { - // The expected SHA of the pull request's HEAD ref. This is the most recent commit on the pull request's branch. If the expected SHA does not match the pull request's HEAD, you will receive a 422 Unprocessable Entity status. You can use the "List commits" endpoint to find the most recent commit SHA. Default: SHA of the pull request's current HEAD ref. GetColumnProjectCards(org string, columnID int) ([]ProjectCard, error) { See https://developer.github.com/v3/projects/cards/#list-project-cards err != nil { err != nil { err != nil { err != nil { sc != http.StatusOK { err != nil { However if no token is present for repo, we will try to match with org level. Parsing as single token format") Only understands the URI and "rel" parameter. This is just used so that we can lower bound dates related to PRs and issues. See also: If the value is null, this means that the mergeability hasn't been computed yet, and a background job was started to compute it. When the job is complete, the response will include a non-null value for the mergeable attribute. Use FullRepo struct for "Get" method. https://developer.github.com/v3/repos/#create RepoRequest `json:",omitempty"` - - AutoInit *bool `json:"auto_init,omitempty"` - GitignoreTemplate *string `json:"gitignore_template,omitempty"` - LicenseTemplate *string `json:"license_template,omitempty"` -} - -func (r RepoRequest) ToRepo() *FullRepo { - setString := func(dest, src *string) { - if src != nil { - *dest = *src - } - } - setBool := func(dest, src *bool) { - if src != nil { - *dest = *src - } - } - - var repo FullRepo - setString(&repo.Name, r.Name) - setString(&repo.Description, r.Description) - setString(&repo.Homepage, r.Homepage) - setBool(&repo.Private, r.Private) - setBool(&repo.HasIssues, r.HasIssues) - setBool(&repo.HasProjects, r.HasProjects) - setBool(&repo.HasWiki, r.HasWiki) - setBool(&repo.AllowSquashMerge, r.AllowSquashMerge) - setBool(&repo.AllowMergeCommit, r.AllowMergeCommit) - setBool(&repo.AllowRebaseMerge, r.AllowRebaseMerge) - setString(&repo.SquashMergeCommitTitle, r.SquashMergeCommitTitle) - setString(&repo.SquashMergeCommitMessage, r.SquashMergeCommitMessage) - - return &repo -} - -// Defined returns true if at least one of the pointer fields are not nil -func (r RepoRequest) Defined() bool { - return r.Name != nil || r.Description != nil || r.Homepage != nil || r.Private != nil || - r.HasIssues != nil || r.HasProjects != nil || r.HasWiki != nil || r.AllowSquashMerge != nil || - r.AllowMergeCommit != nil || r.AllowRebaseMerge != nil -} - -// RepoUpdateRequest contains metadata used for updating a repository -// See also: https://developer.github.com/v3/repos/#edit -type RepoUpdateRequest struct { - RepoRequest `json:",omitempty"` - - DefaultBranch *string `json:"default_branch,omitempty"` - Archived *bool `json:"archived,omitempty"` -} - -func (r RepoUpdateRequest) ToRepo() *FullRepo { - repo := r.RepoRequest.ToRepo() - if r.DefaultBranch != nil { - repo.DefaultBranch = *r.DefaultBranch - } - if r.Archived != nil { - repo.Archived = *r.Archived - } - - return repo -} - -func (r RepoUpdateRequest) Defined() bool { - return r.RepoRequest.Defined() || r.DefaultBranch != nil || r.Archived != nil -} - RepoPermissions describes which permission level an entity has in a repo. At most one of the booleans here should be true. repository without access to sensitive or destructive instructions. RepoMaintain TeamPermission = "maintain" - RepoPush TeamPermission = "push" - RepoAdmin TeamPermission = "admin" -) - -// Branch contains general branch information. -type Branch struct { - Name string `json:"name"` - Protected bool `json:"protected"` // only included for ?protection=true requests - // TODO(fejta): consider including undocumented protection key -} - -// BranchProtection represents protections -// currently in place for a branch -// See also: https://developer.github.com/v3/repos/branches/#get-branch-protection -type BranchProtection struct { - RequiredStatusChecks *RequiredStatusChecks `json:"required_status_checks"` - EnforceAdmins EnforceAdmins `json:"enforce_admins"` - RequiredPullRequestReviews *RequiredPullRequestReviews `json:"required_pull_request_reviews"` - Restrictions *Restrictions `json:"restrictions"` - AllowForcePushes AllowForcePushes `json:"allow_force_pushes"` - RequiredLinearHistory RequiredLinearHistory `json:"required_linear_history"` - AllowDeletions AllowDeletions `json:"allow_deletions"` -} - -// AllowDeletions specifies whether to permit users with push access to delete matching branches. -type AllowDeletions struct { - Enabled bool `json:"enabled"` -} - -// RequiredLinearHistory specifies whether to prevent merge commits from being pushed to matching branches. -type RequiredLinearHistory struct { - Enabled bool `json:"enabled"` -} - -// AllowForcePushes specifies whether to permit force pushes for all users with push access. -type AllowForcePushes struct { - Enabled bool `json:"enabled"` -} - -// EnforceAdmins specifies whether to enforce the -// configured branch restrictions for administrators. -type EnforceAdmins struct { - Enabled bool `json:"enabled"` -} - -// RequiredPullRequestReviews exposes the state of review rights. -type RequiredPullRequestReviews struct { - DismissalRestrictions *DismissalRestrictions `json:"dismissal_restrictions"` - DismissStaleReviews bool `json:"dismiss_stale_reviews"` - RequireCodeOwnerReviews bool `json:"require_code_owner_reviews"` - RequiredApprovingReviewCount int `json:"required_approving_review_count"` - BypassRestrictions *BypassRestrictions `json:"bypass_pull_request_allowances"` -} - -// DismissalRestrictions exposes restrictions in github for an activity to people/teams. -type DismissalRestrictions struct { - Users []User `json:"users,omitempty"` - Teams []Team `json:"teams,omitempty"` -} - -// BypassRestrictions exposes bypass option in github for a pull request to people/teams. -type BypassRestrictions struct { - Users []User `json:"users,omitempty"` - Teams []Team `json:"teams,omitempty"` -} - -// Restrictions exposes restrictions in github for an activity to apps/people/teams. -type Restrictions struct { - Apps []App `json:"apps,omitempty"` - Users []User `json:"users,omitempty"` - Teams []Team `json:"teams,omitempty"` -} - -// BranchProtectionRequest represents -// protections to put in place for a branch. -// See also: https://developer.github.com/v3/repos/branches/#update-branch-protection -type BranchProtectionRequest struct { - RequiredStatusChecks *RequiredStatusChecks `json:"required_status_checks"` - EnforceAdmins *bool `json:"enforce_admins"` - RequiredPullRequestReviews *RequiredPullRequestReviewsRequest `json:"required_pull_request_reviews"` - Restrictions *RestrictionsRequest `json:"restrictions"` - RequiredLinearHistory bool `json:"required_linear_history"` - AllowForcePushes bool `json:"allow_force_pushes"` - AllowDeletions bool `json:"allow_deletions"` -} - -func (r BranchProtectionRequest) String() string { - bytes, err := json.Marshal(&r) - if err != nil { - return fmt.Sprintf("%#v", r) - } - return string(bytes) -} - -// RequiredStatusChecks specifies which contexts must pass to merge. -type RequiredStatusChecks struct { - Strict bool `json:"strict"` // PR must be up to date (include latest base branch commit). - Contexts []string `json:"contexts"` -} - -// RequiredPullRequestReviewsRequest controls a request for review rights. -type RequiredPullRequestReviewsRequest struct { - DismissalRestrictions DismissalRestrictionsRequest `json:"dismissal_restrictions"` - DismissStaleReviews bool `json:"dismiss_stale_reviews"` - RequireCodeOwnerReviews bool `json:"require_code_owner_reviews"` - RequiredApprovingReviewCount int `json:"required_approving_review_count"` - BypassRestrictions BypassRestrictionsRequest `json:"bypass_pull_request_allowances"` -} - -// DismissalRestrictionsRequest tells github to restrict an activity to people/teams. -// -// Use *[]string in order to distinguish unset and empty list. -// This is needed by dismissal_restrictions to distinguish -// do not restrict (empty object) and restrict everyone (nil user/teams list) -type DismissalRestrictionsRequest struct { - // Users is a list of user logins - Users *[]string `json:"users,omitempty"` - // Teams is a list of team slugs - Teams *[]string `json:"teams,omitempty"` -} - -// BypassRestrictionsRequest tells github to restrict PR bypass activity to people/teams. -// -// Use *[]string in order to distinguish unset and empty list. -// This is needed by bypass_pull_request_allowances to distinguish -// do not restrict (empty object) and restrict everyone (nil user/teams list) -type BypassRestrictionsRequest struct { - // Users is a list of user logins - Users *[]string `json:"users,omitempty"` - // Teams is a list of team slugs - Teams *[]string `json:"teams,omitempty"` -} - -// RestrictionsRequest tells github to restrict an activity to apps/people/teams. -// -// Use *[]string in order to distinguish unset and empty list. -// do not restrict (empty object) and restrict everyone (nil apps/user/teams list) -type RestrictionsRequest struct { - // Apps is a list of app names - Apps *[]string `json:"apps,omitempty"` - // Users is a list of user logins - Users *[]string `json:"users,omitempty"` - // Teams is a list of team slugs - Teams *[]string `json:"teams,omitempty"` -} - -// HookConfig holds the endpoint and its secret. -type HookConfig struct { - URL string `json:"url"` - ContentType *string `json:"content_type,omitempty"` - Secret *string `json:"secret,omitempty"` -} - -// Hook holds info about the webhook configuration. -type Hook struct { - ID int `json:"id"` - Name string `json:"name"` - Events []string `json:"events"` - Active bool `json:"active"` - Config HookConfig `json:"config"` -} - -// HookRequest can create and/or edit a webhook. -// -// AddEvents and RemoveEvents are only valid during an edit, and only for a repo -type HookRequest struct { - Name string `json:"name,omitempty"` // must be web or "", only create - Active *bool `json:"active,omitempty"` - AddEvents []string `json:"add_events,omitempty"` // only repo edit - Config *HookConfig `json:"config,omitempty"` - Events []string `json:"events,omitempty"` - RemoveEvents []string `json:"remove_events,omitempty"` // only repo edit -} - -// AllHookEvents causes github to send all events. -// https://developer.github.com/v3/activity/events/types/ -var AllHookEvents = []string{"*"} - -// IssueEventAction enumerates the triggers for this -// webhook payload type. Leave Action blank for a pending review. This is different than what we receive when we ask for a Review. See also: !ok { Only filled in during GetCommit! Only filled in during GetCommit! This is only populated for requests that fetch GitHub data like Pulls.ListCommits, Repositories.ListCommits, etc. The commit author may not correspond to a GitHub User. ContentURL string `json:"content_url"` -} - -type CheckRunList struct { - Total int `json:"total_count,omitempty"` - CheckRuns []CheckRun `json:"check_runs,omitempty"` -} - -type CheckRun struct { - ID int64 `json:"id,omitempty"` - NodeID string `json:"node_id,omitempty"` - HeadSHA string `json:"head_sha,omitempty"` - ExternalID string `json:"external_id,omitempty"` - URL string `json:"url,omitempty"` - HTMLURL string `json:"html_url,omitempty"` - DetailsURL string `json:"details_url,omitempty"` - Status string `json:"status,omitempty"` - Conclusion string `json:"conclusion,omitempty"` - StartedAt string `json:"started_at,omitempty"` - CompletedAt string `json:"completed_at,omitempty"` - Output CheckRunOutput `json:"output,omitempty"` - Name string `json:"name,omitempty"` - CheckSuite CheckSuite `json:"check_suite,omitempty"` - App App `json:"app,omitempty"` - PullRequests []PullRequest `json:"pull_requests,omitempty"` -} - -type CheckRunOutput struct { - Title string `json:"title,omitempty"` - Summary string `json:"summary,omitempty"` - Text string `json:"text,omitempty"` - AnnotationsCount int `json:"annotations_count,omitempty"` - AnnotationsURL string `json:"annotations_url,omitempty"` - Annotations []CheckRunAnnotation `json:"annotations,omitempty"` - Images []CheckRunImage `json:"images,omitempty"` -} - -type CheckRunAnnotation struct { - Path string `json:"path,omitempty"` - StartLine int `json:"start_line,omitempty"` - EndLine int `json:"end_line,omitempty"` - StartColumn int `json:"start_column,omitempty"` - EndColumn int `json:"end_column,omitempty"` - AnnotationLevel string `json:"annotation_level,omitempty"` - Message string `json:"message,omitempty"` - Title string `json:"title,omitempty"` - RawDetails string `json:"raw_details,omitempty"` -} - -type CheckRunImage struct { - Alt string `json:"alt,omitempty"` - ImageURL string `json:"image_url,omitempty"` - Caption string `json:"caption,omitempty"` -} - -type CheckSuite struct { - ID int64 `json:"id,omitempty"` - NodeID string `json:"node_id,omitempty"` - HeadBranch string `json:"head_branch,omitempty"` - HeadSHA string `json:"head_sha,omitempty"` - URL string `json:"url,omitempty"` - BeforeSHA string `json:"before,omitempty"` - AfterSHA string `json:"after,omitempty"` - Status string `json:"status,omitempty"` - Conclusion string `json:"conclusion,omitempty"` - App *App `json:"app,omitempty"` - Repository *Repo `json:"repository,omitempty"` - PullRequests []PullRequest `json:"pull_requests,omitempty"` - - // The following fields are only populated by Webhook events. - HeadCommit *Commit `json:"head_commit,omitempty"` -} - -type App struct { - ID int64 `json:"id,omitempty"` - Slug string `json:"slug,omitempty"` - NodeID string `json:"node_id,omitempty"` - Owner User `json:"owner,omitempty"` - Name string `json:"name,omitempty"` - Description string `json:"description,omitempty"` - ExternalURL string `json:"external_url,omitempty"` - HTMLURL string `json:"html_url,omitempty"` - CreatedAt string `json:"created_at,omitempty"` - UpdatedAt string `json:"updated_at,omitempty"` - Permissions *InstallationPermissions `json:"permissions,omitempty"` - Events []string `json:"events,omitempty"` -} - -type InstallationPermissions struct { - Administration string `json:"administration,omitempty"` - Blocking string `json:"blocking,omitempty"` - Checks string `json:"checks,omitempty"` - Contents string `json:"contents,omitempty"` - ContentReferences string `json:"content_references,omitempty"` - Deployments string `json:"deployments,omitempty"` - Emails string `json:"emails,omitempty"` - Followers string `json:"followers,omitempty"` - Issues string `json:"issues,omitempty"` - Metadata string `json:"metadata,omitempty"` - Members string `json:"members,omitempty"` - OrganizationAdministration string `json:"organization_administration,omitempty"` - OrganizationHooks string `json:"organization_hooks,omitempty"` - OrganizationPlan string `json:"organization_plan,omitempty"` - OrganizationPreReceiveHooks string `json:"organization_pre_receive_hooks,omitempty"` - OrganizationProjects string `json:"organization_projects,omitempty"` - OrganizationUserBlocking string `json:"organization_user_blocking,omitempty"` - Packages string `json:"packages,omitempty"` - Pages string `json:"pages,omitempty"` - PullRequests string `json:"pull_requests,omitempty"` - RepositoryHooks string `json:"repository_hooks,omitempty"` - RepositoryProjects string `json:"repository_projects,omitempty"` - RepositoryPreReceiveHooks string `json:"repository_pre_receive_hooks,omitempty"` - SingleFile string `json:"single_file,omitempty"` - Statuses string `json:"statuses,omitempty"` - TeamDiscussions string `json:"team_discussions,omitempty"` - VulnerabilityAlerts string `json:"vulnerability_alerts,omitempty"` -} - -// AppInstallation represents a GitHub Apps installation. -type AppInstallation struct { - ID int64 `json:"id,omitempty"` - AppSlug string `json:"app_slug,omitempty"` - NodeID string `json:"node_id,omitempty"` - AppID int64 `json:"app_id,omitempty"` - TargetID int64 `json:"target_id,omitempty"` - Account User `json:"account,omitempty"` - AccessTokensURL string `json:"access_tokens_url,omitempty"` - RepositoriesURL string `json:"repositories_url,omitempty"` - HTMLURL string `json:"html_url,omitempty"` - TargetType string `json:"target_type,omitempty"` - SingleFileName string `json:"single_file_name,omitempty"` - RepositorySelection string `json:"repository_selection,omitempty"` - Events []string `json:"events,omitempty"` - Permissions InstallationPermissions `json:"permissions,omitempty"` - CreatedAt string `json:"created_at,omitempty"` - UpdatedAt string `json:"updated_at,omitempty"` -} - -// AppInstallationList represents the result of an AppInstallationList search. -type AppInstallationList struct { - Total int `json:"total_count,omitempty"` - Installations []AppInstallation `json:"installations,omitempty"` -} - -// AppInstallationToken is the response when retrieving an app installation -// token. -type AppInstallationToken struct { - Token string `json:"token,omitempty"` - ExpiresAt time.Time `json:"expires_at,omitempty"` - Permissions InstallationPermissions `json:"permissions,omitempty"` - Repositories []Repo `json:"repositories,omitempty"` -} - -// DirectoryContent contains information about a github directory. -// It include selected fields available in content records returned by -// GH "GET" method. the payload of the request, whether the webhook is valid or not, and finally the resultant HTTP status code We allocate a new Fields map in order to not modify the caller's Entry, as that is not a thread safe operation. In order to catch this, we need to pre-censor the message. This is thread-safe, will mutate the input and will never change the overall size of the input. This is thread-safe, will mutate the input and will never change the overall size of the input. Censoring will attempt to be intelligent about how content is removed from the input - when the ReloadingCensorer is given secrets to censor, we: - handle the case where whitespace is needed to be trimmed - censor not only the plaintext representation of the secret but also the base64-encoded representation of it, as it's common for k8s Secrets to contain information in this way This is a bug, please open an issue against the kubernetes/test-infra repository with this error message.") Since the version would not change for the running binary, doing this once when binary starts should be fine.