forgejo/services/actions/variables.go

// Copyright 2024 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package actions

import (
	"context"
	"regexp"
	"strings"

	actions_model "code.gitea.io/gitea/models/actions"
	"code.gitea.io/gitea/modules/log"
	"code.gitea.io/gitea/modules/util"
	secret_service "code.gitea.io/gitea/services/secrets"
)

func CreateVariable(ctx context.Context, ownerID, repoID int64, name, data string) (*actions_model.ActionVariable, error) {
	if err := secret_service.ValidateName(name); err != nil {
		return nil, err
	}

	if err := envNameCIRegexMatch(name); err != nil {
		return nil, err
	}

	v, err := actions_model.InsertVariable(ctx, ownerID, repoID, name, util.ReserveLineBreakForTextarea(data))
	if err != nil {
		return nil, err
	}

	return v, nil
}

func UpdateVariable(ctx context.Context, variableID int64, name, data string) (bool, error) {
	if err := secret_service.ValidateName(name); err != nil {
		return false, err
	}

	if err := envNameCIRegexMatch(name); err != nil {
		return false, err
	}

	return actions_model.UpdateVariable(ctx, &actions_model.ActionVariable{
		ID:   variableID,
		Name: strings.ToUpper(name),
		Data: util.ReserveLineBreakForTextarea(data),
	})
}

func DeleteVariableByID(ctx context.Context, variableID int64) error {
	return actions_model.DeleteVariable(ctx, variableID)
}

func DeleteVariableByName(ctx context.Context, ownerID, repoID int64, name string) error {
	if err := secret_service.ValidateName(name); err != nil {
		return err
	}

	if err := envNameCIRegexMatch(name); err != nil {
		return err
	}

	v, err := GetVariable(ctx, actions_model.FindVariablesOpts{
		OwnerID: ownerID,
		RepoID:  repoID,
		Name:    name,
	})
	if err != nil {
		return err
	}

	return actions_model.DeleteVariable(ctx, v.ID)
}

func GetVariable(ctx context.Context, opts actions_model.FindVariablesOpts) (*actions_model.ActionVariable, error) {
	vars, err := actions_model.FindVariables(ctx, opts)
	if err != nil {
		return nil, err
	}
	if len(vars) != 1 {
		return nil, util.NewNotExistErrorf("variable not found")
	}
	return vars[0], nil
}

// some regular expression of `variables` and `secrets`
// reference to:
// https://docs.github.com/en/actions/learn-github-actions/variables#naming-conventions-for-configuration-variables
// https://docs.github.com/en/actions/security-guides/encrypted-secrets#naming-your-secrets
var (
	forbiddenEnvNameCIRx = regexp.MustCompile("(?i)^CI")
)

func envNameCIRegexMatch(name string) error {
	if forbiddenEnvNameCIRx.MatchString(name) {
		log.Error("Env Name cannot be ci")
		return util.NewInvalidArgumentErrorf("env name cannot be ci")
	}
	return nil
}
Add API for `Variables` (#29520) close #27801 --------- Co-authored-by: silverwind <me@silverwind.io> (cherry picked from commit 62b073e6f31645e446c7e8d6b5a506f61b47924e) Conflicts: - modules/util/util.go Trivial resolution, only picking the newly introduced function - routers/api/v1/swagger/options.go Trivial resolution. We don't have UserBadges, don't pick that part. - templates/swagger/v1_json.tmpl Regenerated. 2024-03-28 20:40:35 +00:00			`// Copyright 2024 The Gitea Authors. All rights reserved.`
			`// SPDX-License-Identifier: MIT`

			`package actions`

			`import (`
			`"context"`
			`"regexp"`
			`"strings"`

			`actions_model "code.gitea.io/gitea/models/actions"`
			`"code.gitea.io/gitea/modules/log"`
			`"code.gitea.io/gitea/modules/util"`
			`secret_service "code.gitea.io/gitea/services/secrets"`
			`)`

			`func CreateVariable(ctx context.Context, ownerID, repoID int64, name, data string) (*actions_model.ActionVariable, error) {`
			`if err := secret_service.ValidateName(name); err != nil {`
			`return nil, err`
			`}`

			`if err := envNameCIRegexMatch(name); err != nil {`
			`return nil, err`
			`}`

			`v, err := actions_model.InsertVariable(ctx, ownerID, repoID, name, util.ReserveLineBreakForTextarea(data))`
			`if err != nil {`
			`return nil, err`
			`}`

			`return v, nil`
			`}`

			`func UpdateVariable(ctx context.Context, variableID int64, name, data string) (bool, error) {`
			`if err := secret_service.ValidateName(name); err != nil {`
			`return false, err`
			`}`

			`if err := envNameCIRegexMatch(name); err != nil {`
			`return false, err`
			`}`

			`return actions_model.UpdateVariable(ctx, &actions_model.ActionVariable{`
			`ID: variableID,`
			`Name: strings.ToUpper(name),`
			`Data: util.ReserveLineBreakForTextarea(data),`
			`})`
			`}`

			`func DeleteVariableByID(ctx context.Context, variableID int64) error {`
			`return actions_model.DeleteVariable(ctx, variableID)`
			`}`

			`func DeleteVariableByName(ctx context.Context, ownerID, repoID int64, name string) error {`
			`if err := secret_service.ValidateName(name); err != nil {`
			`return err`
			`}`

			`if err := envNameCIRegexMatch(name); err != nil {`
			`return err`
			`}`

			`v, err := GetVariable(ctx, actions_model.FindVariablesOpts{`
			`OwnerID: ownerID,`
			`RepoID: repoID,`
			`Name: name,`
			`})`
			`if err != nil {`
			`return err`
			`}`

			`return actions_model.DeleteVariable(ctx, v.ID)`
			`}`

			`func GetVariable(ctx context.Context, opts actions_model.FindVariablesOpts) (*actions_model.ActionVariable, error) {`
			`vars, err := actions_model.FindVariables(ctx, opts)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if len(vars) != 1 {`
			`return nil, util.NewNotExistErrorf("variable not found")`
			`}`
			`return vars[0], nil`
			`}`

			// some regular expression of `variables` and `secrets`
			`// reference to:`
			`// https://docs.github.com/en/actions/learn-github-actions/variables#naming-conventions-for-configuration-variables`
			`// https://docs.github.com/en/actions/security-guides/encrypted-secrets#naming-your-secrets`
			`var (`
			`forbiddenEnvNameCIRx = regexp.MustCompile("(?i)^CI")`
			`)`

			`func envNameCIRegexMatch(name string) error {`
			`if forbiddenEnvNameCIRx.MatchString(name) {`
			`log.Error("Env Name cannot be ci")`
			`return util.NewInvalidArgumentErrorf("env name cannot be ci")`
			`}`
			`return nil`
			`}`