mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-27 10:18:30 +00:00
6844258c67
Fix #31707. Also related to #31715. Some Actions resources could has different types of ownership. It could be: - global: all repos and orgs/users can use it. - org/user level: only the org/user can use it. - repo level: only the repo can use it. There are two ways to distinguish org/user level from repo level: 1. `{owner_id: 1, repo_id: 2}` for repo level, and `{owner_id: 1, repo_id: 0}` for org level. 2. `{owner_id: 0, repo_id: 2}` for repo level, and `{owner_id: 1, repo_id: 0}` for org level. The first way seems more reasonable, but it may not be true. The point is that although a resource, like a runner, belongs to a repo (it can be used by the repo), the runner doesn't belong to the repo's org (other repos in the same org cannot use the runner). So, the second method makes more sense. And the first way is not user-friendly to query, we must set the repo id to zero to avoid wrong results. So, #31715 should be right. And the most simple way to fix #31707 is just: ```diff - shared.GetRegistrationToken(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.ID) + shared.GetRegistrationToken(ctx, 0, ctx.Repo.Repository.ID) ``` However, it is quite intuitive to set both owner id and repo id since the repo belongs to the owner. So I prefer to be compatible with it. If we get both owner id and repo id not zero when creating or finding, it's very clear that the caller want one with repo level, but set owner id accidentally. So it's OK to accept it but fix the owner id to zero. (cherry picked from commit a33e74d40d356e8f628ac06a131cb203a3609dec)
363 lines
11 KiB
Go
363 lines
11 KiB
Go
// Copyright 2021 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package actions
|
|
|
|
import (
|
|
"context"
|
|
"encoding/binary"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"strings"
|
|
"time"
|
|
|
|
auth_model "code.gitea.io/gitea/models/auth"
|
|
"code.gitea.io/gitea/models/db"
|
|
repo_model "code.gitea.io/gitea/models/repo"
|
|
"code.gitea.io/gitea/models/shared/types"
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/modules/optional"
|
|
"code.gitea.io/gitea/modules/timeutil"
|
|
"code.gitea.io/gitea/modules/translation"
|
|
"code.gitea.io/gitea/modules/util"
|
|
|
|
runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
|
|
"xorm.io/builder"
|
|
)
|
|
|
|
// ActionRunner represents runner machines
|
|
//
|
|
// It can be:
|
|
// 1. global runner, OwnerID is 0 and RepoID is 0
|
|
// 2. org/user level runner, OwnerID is org/user ID and RepoID is 0
|
|
// 3. repo level runner, OwnerID is 0 and RepoID is repo ID
|
|
//
|
|
// Please note that it's not acceptable to have both OwnerID and RepoID to be non-zero,
|
|
// or it will be complicated to find runners belonging to a specific owner.
|
|
// For example, conditions like `OwnerID = 1` will also return runner {OwnerID: 1, RepoID: 1},
|
|
// but it's a repo level runner, not an org/user level runner.
|
|
// To avoid this, make it clear with {OwnerID: 0, RepoID: 1} for repo level runners.
|
|
type ActionRunner struct {
|
|
ID int64
|
|
UUID string `xorm:"CHAR(36) UNIQUE"`
|
|
Name string `xorm:"VARCHAR(255)"`
|
|
Version string `xorm:"VARCHAR(64)"`
|
|
OwnerID int64 `xorm:"index"`
|
|
Owner *user_model.User `xorm:"-"`
|
|
RepoID int64 `xorm:"index"`
|
|
Repo *repo_model.Repository `xorm:"-"`
|
|
Description string `xorm:"TEXT"`
|
|
Base int // 0 native 1 docker 2 virtual machine
|
|
RepoRange string // glob match which repositories could use this runner
|
|
|
|
Token string `xorm:"-"`
|
|
TokenHash string `xorm:"UNIQUE"` // sha256 of token
|
|
TokenSalt string
|
|
// TokenLastEight string `xorm:"token_last_eight"` // it's unnecessary because we don't find runners by token
|
|
|
|
LastOnline timeutil.TimeStamp `xorm:"index"`
|
|
LastActive timeutil.TimeStamp `xorm:"index"`
|
|
|
|
// Store labels defined in state file (default: .runner file) of `act_runner`
|
|
AgentLabels []string `xorm:"TEXT"`
|
|
|
|
Created timeutil.TimeStamp `xorm:"created"`
|
|
Updated timeutil.TimeStamp `xorm:"updated"`
|
|
Deleted timeutil.TimeStamp `xorm:"deleted"`
|
|
}
|
|
|
|
const (
|
|
RunnerOfflineTime = time.Minute
|
|
RunnerIdleTime = 10 * time.Second
|
|
)
|
|
|
|
// BelongsToOwnerName before calling, should guarantee that all attributes are loaded
|
|
func (r *ActionRunner) BelongsToOwnerName() string {
|
|
if r.RepoID != 0 {
|
|
return r.Repo.FullName()
|
|
}
|
|
if r.OwnerID != 0 {
|
|
return r.Owner.Name
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (r *ActionRunner) BelongsToOwnerType() types.OwnerType {
|
|
if r.RepoID != 0 {
|
|
return types.OwnerTypeRepository
|
|
}
|
|
if r.OwnerID != 0 {
|
|
if r.Owner.Type == user_model.UserTypeOrganization {
|
|
return types.OwnerTypeOrganization
|
|
} else if r.Owner.Type == user_model.UserTypeIndividual {
|
|
return types.OwnerTypeIndividual
|
|
}
|
|
}
|
|
return types.OwnerTypeSystemGlobal
|
|
}
|
|
|
|
// if the logic here changed, you should also modify FindRunnerOptions.ToCond
|
|
func (r *ActionRunner) Status() runnerv1.RunnerStatus {
|
|
if time.Since(r.LastOnline.AsTime()) > RunnerOfflineTime {
|
|
return runnerv1.RunnerStatus_RUNNER_STATUS_OFFLINE
|
|
}
|
|
if time.Since(r.LastActive.AsTime()) > RunnerIdleTime {
|
|
return runnerv1.RunnerStatus_RUNNER_STATUS_IDLE
|
|
}
|
|
return runnerv1.RunnerStatus_RUNNER_STATUS_ACTIVE
|
|
}
|
|
|
|
func (r *ActionRunner) StatusName() string {
|
|
return strings.ToLower(strings.TrimPrefix(r.Status().String(), "RUNNER_STATUS_"))
|
|
}
|
|
|
|
func (r *ActionRunner) StatusLocaleName(lang translation.Locale) string {
|
|
return lang.TrString("actions.runners.status." + r.StatusName())
|
|
}
|
|
|
|
func (r *ActionRunner) IsOnline() bool {
|
|
status := r.Status()
|
|
if status == runnerv1.RunnerStatus_RUNNER_STATUS_IDLE || status == runnerv1.RunnerStatus_RUNNER_STATUS_ACTIVE {
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
// Editable checks if the runner is editable by the user
|
|
func (r *ActionRunner) Editable(ownerID, repoID int64) bool {
|
|
if ownerID == 0 && repoID == 0 {
|
|
return true
|
|
}
|
|
if ownerID > 0 && r.OwnerID == ownerID {
|
|
return true
|
|
}
|
|
return repoID > 0 && r.RepoID == repoID
|
|
}
|
|
|
|
// LoadAttributes loads the attributes of the runner
|
|
func (r *ActionRunner) LoadAttributes(ctx context.Context) error {
|
|
if r.OwnerID > 0 {
|
|
var user user_model.User
|
|
has, err := db.GetEngine(ctx).ID(r.OwnerID).Get(&user)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if has {
|
|
r.Owner = &user
|
|
}
|
|
}
|
|
if r.RepoID > 0 {
|
|
var repo repo_model.Repository
|
|
has, err := db.GetEngine(ctx).ID(r.RepoID).Get(&repo)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if has {
|
|
r.Repo = &repo
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (r *ActionRunner) GenerateToken() (err error) {
|
|
r.Token, r.TokenSalt, r.TokenHash, _, err = generateSaltedToken()
|
|
return err
|
|
}
|
|
|
|
// UpdateSecret updates the hash based on the specified token. It does not
|
|
// ensure that the runner's UUID matches the first 16 bytes of the token.
|
|
func (r *ActionRunner) UpdateSecret(token string) error {
|
|
saltBytes, err := util.CryptoRandomBytes(16)
|
|
if err != nil {
|
|
return fmt.Errorf("CryptoRandomBytes %v", err)
|
|
}
|
|
|
|
salt := hex.EncodeToString(saltBytes)
|
|
|
|
r.Token = token
|
|
r.TokenSalt = salt
|
|
r.TokenHash = auth_model.HashToken(token, salt)
|
|
return nil
|
|
}
|
|
|
|
func init() {
|
|
db.RegisterModel(&ActionRunner{})
|
|
}
|
|
|
|
type FindRunnerOptions struct {
|
|
db.ListOptions
|
|
RepoID int64
|
|
OwnerID int64 // it will be ignored if RepoID is set
|
|
Sort string
|
|
Filter string
|
|
IsOnline optional.Option[bool]
|
|
WithAvailable bool // not only runners belong to, but also runners can be used
|
|
}
|
|
|
|
func (opts FindRunnerOptions) ToConds() builder.Cond {
|
|
cond := builder.NewCond()
|
|
|
|
if opts.RepoID > 0 {
|
|
c := builder.NewCond().And(builder.Eq{"repo_id": opts.RepoID})
|
|
if opts.WithAvailable {
|
|
c = c.Or(builder.Eq{"owner_id": builder.Select("owner_id").From("repository").Where(builder.Eq{"id": opts.RepoID})})
|
|
c = c.Or(builder.Eq{"repo_id": 0, "owner_id": 0})
|
|
}
|
|
cond = cond.And(c)
|
|
} else if opts.OwnerID > 0 { // OwnerID is ignored if RepoID is set
|
|
c := builder.NewCond().And(builder.Eq{"owner_id": opts.OwnerID})
|
|
if opts.WithAvailable {
|
|
c = c.Or(builder.Eq{"repo_id": 0, "owner_id": 0})
|
|
}
|
|
cond = cond.And(c)
|
|
}
|
|
|
|
if opts.Filter != "" {
|
|
cond = cond.And(builder.Like{"name", opts.Filter})
|
|
}
|
|
|
|
if opts.IsOnline.Has() {
|
|
if opts.IsOnline.Value() {
|
|
cond = cond.And(builder.Gt{"last_online": time.Now().Add(-RunnerOfflineTime).Unix()})
|
|
} else {
|
|
cond = cond.And(builder.Lte{"last_online": time.Now().Add(-RunnerOfflineTime).Unix()})
|
|
}
|
|
}
|
|
return cond
|
|
}
|
|
|
|
func (opts FindRunnerOptions) ToOrders() string {
|
|
switch opts.Sort {
|
|
case "online":
|
|
return "last_online DESC"
|
|
case "offline":
|
|
return "last_online ASC"
|
|
case "alphabetically":
|
|
return "name ASC"
|
|
case "reversealphabetically":
|
|
return "name DESC"
|
|
case "newest":
|
|
return "id DESC"
|
|
case "oldest":
|
|
return "id ASC"
|
|
}
|
|
return "last_online DESC"
|
|
}
|
|
|
|
// GetRunnerByUUID returns a runner via uuid
|
|
func GetRunnerByUUID(ctx context.Context, uuid string) (*ActionRunner, error) {
|
|
var runner ActionRunner
|
|
has, err := db.GetEngine(ctx).Where("uuid=?", uuid).Get(&runner)
|
|
if err != nil {
|
|
return nil, err
|
|
} else if !has {
|
|
return nil, fmt.Errorf("runner with uuid %s: %w", uuid, util.ErrNotExist)
|
|
}
|
|
return &runner, nil
|
|
}
|
|
|
|
// GetRunnerByID returns a runner via id
|
|
func GetRunnerByID(ctx context.Context, id int64) (*ActionRunner, error) {
|
|
var runner ActionRunner
|
|
has, err := db.GetEngine(ctx).Where("id=?", id).Get(&runner)
|
|
if err != nil {
|
|
return nil, err
|
|
} else if !has {
|
|
return nil, fmt.Errorf("runner with id %d: %w", id, util.ErrNotExist)
|
|
}
|
|
return &runner, nil
|
|
}
|
|
|
|
// UpdateRunner updates runner's information.
|
|
func UpdateRunner(ctx context.Context, r *ActionRunner, cols ...string) error {
|
|
e := db.GetEngine(ctx)
|
|
var err error
|
|
if len(cols) == 0 {
|
|
_, err = e.ID(r.ID).AllCols().Update(r)
|
|
} else {
|
|
_, err = e.ID(r.ID).Cols(cols...).Update(r)
|
|
}
|
|
return err
|
|
}
|
|
|
|
// DeleteRunner deletes a runner by given ID.
|
|
func DeleteRunner(ctx context.Context, id int64) error {
|
|
runner, err := GetRunnerByID(ctx, id)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Replace the UUID, which was either based on the secret's first 16 bytes or an UUIDv4,
|
|
// with a sequence of 8 0xff bytes followed by the little-endian version of the record's
|
|
// identifier. This will prevent the deleted record's identifier from colliding with any
|
|
// new record.
|
|
b := make([]byte, 8)
|
|
binary.LittleEndian.PutUint64(b, uint64(id))
|
|
runner.UUID = fmt.Sprintf("ffffffff-ffff-ffff-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x",
|
|
b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7])
|
|
|
|
err = UpdateRunner(ctx, runner, "UUID")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = db.DeleteByID[ActionRunner](ctx, id)
|
|
return err
|
|
}
|
|
|
|
// CreateRunner creates new runner.
|
|
func CreateRunner(ctx context.Context, t *ActionRunner) error {
|
|
if t.OwnerID != 0 && t.RepoID != 0 {
|
|
// It's trying to create a runner that belongs to a repository, but OwnerID has been set accidentally.
|
|
// Remove OwnerID to avoid confusion; it's not worth returning an error here.
|
|
t.OwnerID = 0
|
|
}
|
|
return db.Insert(ctx, t)
|
|
}
|
|
|
|
func CountRunnersWithoutBelongingOwner(ctx context.Context) (int64, error) {
|
|
// Only affect action runners were a owner ID is set, as actions runners
|
|
// could also be created on a repository.
|
|
return db.GetEngine(ctx).Table("action_runner").
|
|
Join("LEFT", "`user`", "`action_runner`.owner_id = `user`.id").
|
|
Where("`action_runner`.owner_id != ?", 0).
|
|
And(builder.IsNull{"`user`.id"}).
|
|
Count(new(ActionRunner))
|
|
}
|
|
|
|
func FixRunnersWithoutBelongingOwner(ctx context.Context) (int64, error) {
|
|
subQuery := builder.Select("`action_runner`.id").
|
|
From("`action_runner`").
|
|
Join("LEFT", "`user`", "`action_runner`.owner_id = `user`.id").
|
|
Where(builder.Neq{"`action_runner`.owner_id": 0}).
|
|
And(builder.IsNull{"`user`.id"})
|
|
b := builder.Delete(builder.In("id", subQuery)).From("`action_runner`")
|
|
res, err := db.GetEngine(ctx).Exec(b)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
return res.RowsAffected()
|
|
}
|
|
|
|
func CountRunnersWithoutBelongingRepo(ctx context.Context) (int64, error) {
|
|
return db.GetEngine(ctx).Table("action_runner").
|
|
Join("LEFT", "`repository`", "`action_runner`.repo_id = `repository`.id").
|
|
Where("`action_runner`.repo_id != ?", 0).
|
|
And(builder.IsNull{"`repository`.id"}).
|
|
Count(new(ActionRunner))
|
|
}
|
|
|
|
func FixRunnersWithoutBelongingRepo(ctx context.Context) (int64, error) {
|
|
subQuery := builder.Select("`action_runner`.id").
|
|
From("`action_runner`").
|
|
Join("LEFT", "`repository`", "`action_runner`.repo_id = `repository`.id").
|
|
Where(builder.Neq{"`action_runner`.repo_id": 0}).
|
|
And(builder.IsNull{"`repository`.id"})
|
|
b := builder.Delete(builder.In("id", subQuery)).From("`action_runner`")
|
|
res, err := db.GetEngine(ctx).Exec(b)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
return res.RowsAffected()
|
|
}
|