gitlab-org--gitlab-foss/lib/api/lint.rb

# frozen_string_literal: true

module API
  class Lint < ::API::Base
    feature_category :pipeline_authoring

    helpers do
      def can_lint_ci?
        signup_unrestricted = Gitlab::CurrentSettings.signup_enabled? && !Gitlab::CurrentSettings.signup_limited?
        internal_user = current_user.present? && !current_user.external?
        is_developer = current_user.present? && current_user.projects.any? { |p| p.team.member?(current_user, Gitlab::Access::DEVELOPER) }

        signup_unrestricted || internal_user || is_developer
      end
    end

    namespace :ci do
      desc 'Validates the .gitlab-ci.yml content' do
        detail 'Checks if CI/CD YAML configuration is valid'
        success code: 200, model: Entities::Ci::Lint::Result
        tags %w[ci_lint]
      end
      params do
        requires :content, type: String, desc: 'The CI/CD configuration content'
        optional :include_merged_yaml, type: Boolean, desc: 'If the expanded CI/CD configuration should be included in the response'
        optional :include_jobs, type: Boolean, desc: 'If the list of jobs should be included in the response. This is
        false by default'
      end

      post '/lint', urgency: :low do
        unauthorized! unless can_lint_ci?

        result = Gitlab::Ci::Lint.new(project: nil, current_user: current_user)
          .validate(params[:content], dry_run: false)

        status 200
        Entities::Ci::Lint::Result.represent(result, current_user: current_user, include_jobs: params[:include_jobs]).serializable_hash.tap do |presented_result|
          presented_result[:status] = presented_result[:valid] ? 'valid' : 'invalid'
          presented_result.delete(:merged_yaml) unless params[:include_merged_yaml]
        end
      end
    end

    resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
      desc 'Validates a CI YAML configuration with a namespace' do
        detail 'Checks if a project’s latest (HEAD of the project’s default branch) .gitlab-ci.yml configuration is
        valid'
        success Entities::Ci::Lint::Result
        tags %w[ci_lint]
      end
      params do
        optional :dry_run, type: Boolean, default: false, desc: 'Run pipeline creation simulation, or only do static check. This is false by default'
        optional :include_jobs, type: Boolean, desc: 'If the list of jobs that would exist in a static check or pipeline
        simulation should be included in the response. This is false by default'
        optional :ref, type: String, desc: 'Branch or tag used to execute a dry run. Defaults to the default branch of the project. Only used when dry_run is true'
      end

      get ':id/ci/lint', urgency: :low do
        authorize! :download_code, user_project

        if user_project.commit.present?
          content = user_project.repository.gitlab_ci_yml_for(user_project.commit.id, user_project.ci_config_path_or_default)
        end

        result = Gitlab::Ci::Lint
          .new(project: user_project, current_user: current_user)
          .validate(content, dry_run: params[:dry_run], ref: params[:ref] || user_project.default_branch)

        present result, with: Entities::Ci::Lint::Result, current_user: current_user, include_jobs: params[:include_jobs]
      end
    end

    resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
      desc 'Validate a CI YAML configuration with a namespace' do
        detail 'Checks if CI/CD YAML configuration is valid. This endpoint has namespace specific context'
        success code: 200, model: Entities::Ci::Lint::Result
        tags %w[ci_lint]
      end
      params do
        requires :content, type: String, desc: 'Content of .gitlab-ci.yml'
        optional :dry_run, type: Boolean, default: false, desc: 'Run pipeline creation simulation, or only do static check. This is false by default'
        optional :include_jobs, type: Boolean, desc: 'If the list of jobs that would exist in a static check or pipeline
        simulation should be included in the response. This is false by default'
        optional :ref, type: String, desc: 'When dry_run is true, sets the branch or tag to use. Defaults to the project’s default branch when not set'
      end

      post ':id/ci/lint', urgency: :low do
        authorize! :create_pipeline, user_project

        result = Gitlab::Ci::Lint
          .new(project: user_project, current_user: current_user)
          .validate(params[:content], dry_run: params[:dry_run], ref: params[:ref] || user_project.default_branch)

        status 200
        present result, with: Entities::Ci::Lint::Result, current_user: current_user, include_jobs: params[:include_jobs]
      end
    end
  end
end