gitlab-org--gitlab-foss/lib/api/triggers.rb

# frozen_string_literal: true

module API
  class Triggers < Grape::API
    include PaginationParams

    HTTP_GITLAB_EVENT_HEADER = "HTTP_#{WebHookService::GITLAB_EVENT_HEADER}".underscore.upcase

    params do
      requires :id, type: String, desc: 'The ID of a project'
    end
    resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
      desc 'Trigger a GitLab project pipeline' do
        success Entities::Pipeline
      end
      params do
        requires :ref, type: String, desc: 'The commit sha or name of a branch or tag', allow_blank: false
        requires :token, type: String, desc: 'The unique token of trigger or job token'
        optional :variables, type: Hash, desc: 'The list of variables to be injected into build'
      end
      post ":id/(ref/:ref/)trigger/pipeline", requirements: { ref: /.+/ } do
        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42283')

        forbidden! if gitlab_pipeline_hook_request?

        # validate variables
        params[:variables] = params[:variables].to_h
        unless params[:variables].all? { |key, value| key.is_a?(String) && value.is_a?(String) }
          render_api_error!('variables needs to be a map of key-valued strings', 400)
        end

        project = find_project(params[:id])
        not_found! unless project

        result = Ci::PipelineTriggerService.new(project, nil, params).execute
        not_found! unless result

        if result[:http_status]
          render_api_error!(result[:message], result[:http_status])
        else
          present result[:pipeline], with: Entities::Pipeline
        end
      end

      desc 'Get triggers list' do
        success Entities::Trigger
      end
      params do
        use :pagination
      end
      # rubocop: disable CodeReuse/ActiveRecord
      get ':id/triggers' do
        authenticate!
        authorize! :admin_build, user_project

        triggers = user_project.triggers.includes(:trigger_requests)

        present paginate(triggers), with: Entities::Trigger, current_user: current_user
      end
      # rubocop: enable CodeReuse/ActiveRecord

      desc 'Get specific trigger of a project' do
        success Entities::Trigger
      end
      params do
        requires :trigger_id, type: Integer, desc: 'The trigger ID'
      end
      get ':id/triggers/:trigger_id' do
        authenticate!
        authorize! :admin_build, user_project

        trigger = user_project.triggers.find(params.delete(:trigger_id))
        break not_found!('Trigger') unless trigger

        present trigger, with: Entities::Trigger, current_user: current_user
      end

      desc 'Create a trigger' do
        success Entities::Trigger
      end
      params do
        requires :description, type: String, desc: 'The trigger description'
      end
      post ':id/triggers' do
        authenticate!
        authorize! :admin_build, user_project

        trigger = user_project.triggers.create(
          declared_params(include_missing: false).merge(owner: current_user))

        if trigger.valid?
          present trigger, with: Entities::Trigger, current_user: current_user
        else
          render_validation_error!(trigger)
        end
      end

      desc 'Update a trigger' do
        success Entities::Trigger
      end
      params do
        requires :trigger_id, type: Integer,  desc: 'The trigger ID'
        optional :description, type: String,  desc: 'The trigger description'
      end
      put ':id/triggers/:trigger_id' do
        authenticate!
        authorize! :admin_build, user_project

        trigger = user_project.triggers.find(params.delete(:trigger_id))
        break not_found!('Trigger') unless trigger

        authorize! :admin_trigger, trigger

        if trigger.update(declared_params(include_missing: false))
          present trigger, with: Entities::Trigger, current_user: current_user
        else
          render_validation_error!(trigger)
        end
      end

      desc 'Delete a trigger' do
        success Entities::Trigger
      end
      params do
        requires :trigger_id, type: Integer, desc: 'The trigger ID'
      end
      delete ':id/triggers/:trigger_id' do
        authenticate!
        authorize! :admin_build, user_project

        trigger = user_project.triggers.find(params.delete(:trigger_id))
        break not_found!('Trigger') unless trigger

        destroy_conditionally!(trigger)
      end
    end

    helpers do
      def gitlab_pipeline_hook_request?
        request.get_header(HTTP_GITLAB_EVENT_HEADER) == WebHookService.hook_to_event(:pipeline_hooks)
      end
    end
  end
end
Enable frozen string in lib/api and lib/backup Partially addresses #47424. Had to make changes to spec files because stubbing methods on frozen objects is a mess in RSpec and leads to failures: https://github.com/rspec/rspec-mocks/issues/1190 2018-09-29 18:34:47 -04:00			`# frozen_string_literal: true`

Reimplement Trigger API 2015-12-10 12:04:40 -05:00			`module API`
Add latest changes from gitlab-org/gitlab@master 2020-04-27 23:09:53 -04:00			`class Triggers < Grape::API`
Use the pagination helper in the API 2016-12-04 12:11:19 -05:00			`include PaginationParams`

Add latest changes from gitlab-org/gitlab@master 2020-03-04 16:07:54 -05:00			`HTTP_GITLAB_EVENT_HEADER = "HTTP_#{WebHookService::GITLAB_EVENT_HEADER}".underscore.upcase`

Grapify token API 2016-11-09 10:47:39 -05:00			`params do`
			`requires :id, type: String, desc: 'The ID of a project'`
			`end`
Enable the Layout/ExtraSpacing cop Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-01-16 07:09:29 -05:00			`resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do`
Update triggers API 2017-03-05 12:49:30 -05:00			`desc 'Trigger a GitLab project pipeline' do`
Introduce tests for pipeline triggers 2017-03-05 14:58:08 -05:00			`success Entities::Pipeline`
Grapify token API 2016-11-09 10:47:39 -05:00			`end`
			`params do`
Resolve "500 Internal Server Error: Cherrypick commit with empty branch name" 2018-09-11 18:02:09 -04:00			`requires :ref, type: String, desc: 'The commit sha or name of a branch or tag', allow_blank: false`
Update Triggers documentation per EE This backports a line from EE so that both the CE and EE code are identical. 2019-03-04 08:28:48 -05:00			`requires :token, type: String, desc: 'The unique token of trigger or job token'`
Grapify token API 2016-11-09 10:47:39 -05:00			`optional :variables, type: Hash, desc: 'The list of variables to be injected into build'`
			`end`
Allow dot in branch name in trigger/builds endpoint in API 2017-03-20 08:49:31 -04:00			`post ":id/(ref/:ref/)trigger/pipeline", requirements: { ref: /.+/ } do`
Add latest changes from gitlab-org/gitlab@master 2019-09-18 10:02:45 -04:00			`Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42283')`
Track and act upon the number of executed queries This ensures that we have more visibility in the number of SQL queries that are executed in web requests. The current threshold is hardcoded to 100 as we will rarely (maybe once or twice) change it. In production and development we use Sentry if enabled, in the test environment we raise an error. This feature is also only enabled in production/staging when running on GitLab.com as it's not very useful to other users. 2018-01-15 10:21:04 -05:00
Add latest changes from gitlab-org/gitlab@master 2020-03-04 16:07:54 -05:00			`forbidden! if gitlab_pipeline_hook_request?`

Reimplement Trigger API 2015-12-10 12:04:40 -05:00			`# validate variables`
init 2017-07-26 05:31:09 -04:00			`params[:variables] = params[:variables].to_h`
			`unless params[:variables].all? { \|key, value\| key.is_a?(String) && value.is_a?(String) }`
Simplyfy variables validation in triggers API 2017-02-24 05:24:40 -05:00			`render_api_error!('variables needs to be a map of key-valued strings', 400)`
Reimplement Trigger API 2015-12-10 12:04:40 -05:00			`end`

init 2017-07-26 05:31:09 -04:00			`project = find_project(params[:id])`
			`not_found! unless project`

			`result = Ci::PipelineTriggerService.new(project, nil, params).execute`
			`not_found! unless result`
Try to report why it's failing and fix tests 2017-06-06 08:23:19 -04:00
init 2017-07-26 05:31:09 -04:00			`if result[:http_status]`
			`render_api_error!(result[:message], result[:http_status])`
Reimplement Trigger API 2015-12-10 12:04:40 -05:00			`else`
init 2017-07-26 05:31:09 -04:00			`present result[:pipeline], with: Entities::Pipeline`
Reimplement Trigger API 2015-12-10 12:04:40 -05:00			`end`
			`end`
Add triggers feature to API 2016-01-04 10:38:32 -05:00
Grapify token API 2016-11-09 10:47:39 -05:00			`desc 'Get triggers list' do`
			`success Entities::Trigger`
			`end`
Use the pagination helper in the API 2016-12-04 12:11:19 -05:00			`params do`
			`use :pagination`
			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: disable CodeReuse/ActiveRecord`
Add triggers feature to API 2016-01-04 10:38:32 -05:00			`get ':id/triggers' do`
			`authenticate!`
Make the CI permission model simpler This MR simplifies CI permission model: - read_build: allows to read a list of builds, artifacts and trace - update_build: allows to cancel and retry builds - create_build: allows to create builds from gitlab-ci.yml (not yet implemented) - admin_build: allows to manage triggers, runners and variables - read_commit_status: allows to read a list of commit statuses (including the overall of builds) - create_commit_status: allows to create a new commit status using API Remove all extra methods to manage permission. Made all controllers to use explicitly the new permissions. 2016-02-01 17:58:04 -05:00			`authorize! :admin_build, user_project`
Add triggers feature to API 2016-01-04 10:38:32 -05:00
			`triggers = user_project.triggers.includes(:trigger_requests)`

Do not expose trigger token when user should not see it 2018-12-19 08:15:58 -05:00			`present paginate(triggers), with: Entities::Trigger, current_user: current_user`
Add triggers feature to API 2016-01-04 10:38:32 -05:00			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: enable CodeReuse/ActiveRecord`
Add delete feature to triggers API 2016-01-05 05:27:38 -05:00
Grapify token API 2016-11-09 10:47:39 -05:00			`desc 'Get specific trigger of a project' do`
			`success Entities::Trigger`
			`end`
			`params do`
Enable the Layout/ExtraSpacing cop Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-01-16 07:09:29 -05:00			`requires :trigger_id, type: Integer, desc: 'The trigger ID'`
Grapify token API 2016-11-09 10:47:39 -05:00			`end`
Update triggers API 2017-03-05 12:49:30 -05:00			`get ':id/triggers/:trigger_id' do`
Get show details feature to triggers API 2016-01-05 06:25:16 -05:00			`authenticate!`
Make the CI permission model simpler This MR simplifies CI permission model: - read_build: allows to read a list of builds, artifacts and trace - update_build: allows to cancel and retry builds - create_build: allows to create builds from gitlab-ci.yml (not yet implemented) - admin_build: allows to manage triggers, runners and variables - read_commit_status: allows to read a list of commit statuses (including the overall of builds) - create_commit_status: allows to create a new commit status using API Remove all extra methods to manage permission. Made all controllers to use explicitly the new permissions. 2016-02-01 17:58:04 -05:00			`authorize! :admin_build, user_project`
Get show details feature to triggers API 2016-01-05 06:25:16 -05:00
Introduce tests for pipeline triggers 2017-03-05 14:58:08 -05:00			`trigger = user_project.triggers.find(params.delete(:trigger_id))`
Resolve "Make a Rubocop that forbids returning from a block" 2018-04-18 05:19:40 -04:00			`break not_found!('Trigger') unless trigger`
Get show details feature to triggers API 2016-01-05 06:25:16 -05:00
Do not expose trigger token when user should not see it 2018-12-19 08:15:58 -05:00			`present trigger, with: Entities::Trigger, current_user: current_user`
Get show details feature to triggers API 2016-01-05 06:25:16 -05:00			`end`

Grapify token API 2016-11-09 10:47:39 -05:00			`desc 'Create a trigger' do`
			`success Entities::Trigger`
			`end`
Update triggers API 2017-03-05 12:49:30 -05:00			`params do`
Enable the Layout/ExtraSpacing cop Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-01-16 07:09:29 -05:00			`requires :description, type: String, desc: 'The trigger description'`
Update triggers API 2017-03-05 12:49:30 -05:00			`end`
Add create feature to triggers API 2016-01-05 05:44:10 -05:00			`post ':id/triggers' do`
			`authenticate!`
Make the CI permission model simpler This MR simplifies CI permission model: - read_build: allows to read a list of builds, artifacts and trace - update_build: allows to cancel and retry builds - create_build: allows to create builds from gitlab-ci.yml (not yet implemented) - admin_build: allows to manage triggers, runners and variables - read_commit_status: allows to read a list of commit statuses (including the overall of builds) - create_commit_status: allows to create a new commit status using API Remove all extra methods to manage permission. Made all controllers to use explicitly the new permissions. 2016-02-01 17:58:04 -05:00			`authorize! :admin_build, user_project`
Add create feature to triggers API 2016-01-05 05:44:10 -05:00
Update triggers API 2017-03-05 12:49:30 -05:00			`trigger = user_project.triggers.create(`
			`declared_params(include_missing: false).merge(owner: current_user))`

			`if trigger.valid?`
Present all pipeline triggers using trigger presenter 2018-12-19 09:51:02 -05:00			`present trigger, with: Entities::Trigger, current_user: current_user`
Update triggers API 2017-03-05 12:49:30 -05:00			`else`
			`render_validation_error!(trigger)`
			`end`
			`end`

			`desc 'Update a trigger' do`
			`success Entities::Trigger`
			`end`
			`params do`
			`requires :trigger_id, type: Integer, desc: 'The trigger ID'`
			`optional :description, type: String, desc: 'The trigger description'`
			`end`
Introduce tests for pipeline triggers 2017-03-05 14:58:08 -05:00			`put ':id/triggers/:trigger_id' do`
Update triggers API 2017-03-05 12:49:30 -05:00			`authenticate!`
			`authorize! :admin_build, user_project`

Introduce tests for pipeline triggers 2017-03-05 14:58:08 -05:00			`trigger = user_project.triggers.find(params.delete(:trigger_id))`
Resolve "Make a Rubocop that forbids returning from a block" 2018-04-18 05:19:40 -04:00			`break not_found!('Trigger') unless trigger`
Add create feature to triggers API 2016-01-05 05:44:10 -05:00
Add latest changes from gitlab-org/gitlab@master 2020-03-26 14:08:03 -04:00			`authorize! :admin_trigger, trigger`

Introduce tests for pipeline triggers 2017-03-05 14:58:08 -05:00			`if trigger.update(declared_params(include_missing: false))`
Present all pipeline triggers using trigger presenter 2018-12-19 09:51:02 -05:00			`present trigger, with: Entities::Trigger, current_user: current_user`
Introduce tests for pipeline triggers 2017-03-05 14:58:08 -05:00			`else`
			`render_validation_error!(trigger)`
			`end`
Add create feature to triggers API 2016-01-05 05:44:10 -05:00			`end`

Grapify token API 2016-11-09 10:47:39 -05:00			`desc 'Delete a trigger' do`
			`success Entities::Trigger`
			`end`
			`params do`
Enable the Layout/ExtraSpacing cop Signed-off-by: Rémy Coutable <remy@rymai.me> 2019-01-16 07:09:29 -05:00			`requires :trigger_id, type: Integer, desc: 'The trigger ID'`
Grapify token API 2016-11-09 10:47:39 -05:00			`end`
Update triggers API 2017-03-05 12:49:30 -05:00			`delete ':id/triggers/:trigger_id' do`
Add delete feature to triggers API 2016-01-05 05:27:38 -05:00			`authenticate!`
Make the CI permission model simpler This MR simplifies CI permission model: - read_build: allows to read a list of builds, artifacts and trace - update_build: allows to cancel and retry builds - create_build: allows to create builds from gitlab-ci.yml (not yet implemented) - admin_build: allows to manage triggers, runners and variables - read_commit_status: allows to read a list of commit statuses (including the overall of builds) - create_commit_status: allows to create a new commit status using API Remove all extra methods to manage permission. Made all controllers to use explicitly the new permissions. 2016-02-01 17:58:04 -05:00			`authorize! :admin_build, user_project`
Add delete feature to triggers API 2016-01-05 05:27:38 -05:00
Introduce tests for pipeline triggers 2017-03-05 14:58:08 -05:00			`trigger = user_project.triggers.find(params.delete(:trigger_id))`
Resolve "Make a Rubocop that forbids returning from a block" 2018-04-18 05:19:40 -04:00			`break not_found!('Trigger') unless trigger`
Add delete feature to triggers API 2016-01-05 05:27:38 -05:00
Conditionally destroy a ressource 2017-03-02 07:14:13 -05:00			`destroy_conditionally!(trigger)`
Add delete feature to triggers API 2016-01-05 05:27:38 -05:00			`end`
Reimplement Trigger API 2015-12-10 12:04:40 -05:00			`end`
Add latest changes from gitlab-org/gitlab@master 2020-03-04 16:07:54 -05:00
			`helpers do`
			`def gitlab_pipeline_hook_request?`
			`request.get_header(HTTP_GITLAB_EVENT_HEADER) == WebHookService.hook_to_event(:pipeline_hooks)`
			`end`
			`end`
Reimplement Trigger API 2015-12-10 12:04:40 -05:00			`end`
			`end`