From 0461a6ce4c9c0b8c4d7e71286e428c50e70fee4e Mon Sep 17 00:00:00 2001 From: Michael Chen Date: Sun, 6 Nov 2022 22:12:47 -0800 Subject: [PATCH] issue #2558: support workflow restrictions in actions_runner_groups --- github/actions_runner_groups.go | 30 +++++++++------ github/actions_runner_groups_test.go | 56 ++++++++++++++++++++-------- github/github-accessors.go | 24 ++++++++++++ github/github-accessors_test.go | 30 +++++++++++++++ 4 files changed, 114 insertions(+), 26 deletions(-) diff --git a/github/actions_runner_groups.go b/github/actions_runner_groups.go index 6d89249150c..dbc63fbd37e 100644 --- a/github/actions_runner_groups.go +++ b/github/actions_runner_groups.go @@ -12,14 +12,16 @@ import ( // RunnerGroup represents a self-hosted runner group configured in an organization. type RunnerGroup struct { - ID *int64 `json:"id,omitempty"` - Name *string `json:"name,omitempty"` - Visibility *string `json:"visibility,omitempty"` - Default *bool `json:"default,omitempty"` - SelectedRepositoriesURL *string `json:"selected_repositories_url,omitempty"` - RunnersURL *string `json:"runners_url,omitempty"` - Inherited *bool `json:"inherited,omitempty"` - AllowsPublicRepositories *bool `json:"allows_public_repositories,omitempty"` + ID *int64 `json:"id,omitempty"` + Name *string `json:"name,omitempty"` + Visibility *string `json:"visibility,omitempty"` + Default *bool `json:"default,omitempty"` + SelectedRepositoriesURL *string `json:"selected_repositories_url,omitempty"` + RunnersURL *string `json:"runners_url,omitempty"` + Inherited *bool `json:"inherited,omitempty"` + AllowsPublicRepositories *bool `json:"allows_public_repositories,omitempty"` + RestrictedToWorkflows *bool `json:"restricted_to_workflows,omitempty"` + SelectedWorkflows []string `json:"selected_workflows,omitempty"` } // RunnerGroups represents a collection of self-hosted runner groups configured for an organization. @@ -38,13 +40,19 @@ type CreateRunnerGroupRequest struct { Runners []int64 `json:"runners,omitempty"` // If set to True, public repos can use this runner group AllowsPublicRepositories *bool `json:"allows_public_repositories,omitempty"` + // If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array + RestrictedToWorkflows *bool `json:"restricted_to_workflows,omitempty"` + // List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true. + SelectedWorkflows []string `json:"selected_workflows,omitempty"` } // UpdateRunnerGroupRequest represents a request to update a Runner group for an organization. type UpdateRunnerGroupRequest struct { - Name *string `json:"name,omitempty"` - Visibility *string `json:"visibility,omitempty"` - AllowsPublicRepositories *bool `json:"allows_public_repositories,omitempty"` + Name *string `json:"name,omitempty"` + Visibility *string `json:"visibility,omitempty"` + AllowsPublicRepositories *bool `json:"allows_public_repositories,omitempty"` + RestrictedToWorkflows *bool `json:"restricted_to_workflows,omitempty"` + SelectedWorkflows []string `json:"selected_workflows,omitempty"` } // SetRepoAccessRunnerGroupRequest represents a request to replace the list of repositories diff --git a/github/actions_runner_groups_test.go b/github/actions_runner_groups_test.go index fc8b2480027..1e8a5ef640a 100644 --- a/github/actions_runner_groups_test.go +++ b/github/actions_runner_groups_test.go @@ -21,7 +21,7 @@ func TestActionsService_ListOrganizationRunnerGroups(t *testing.T) { mux.HandleFunc("/orgs/o/actions/runner-groups", func(w http.ResponseWriter, r *http.Request) { testMethod(t, r, "GET") testFormValues(t, r, values{"per_page": "2", "page": "2"}) - fmt.Fprint(w, `{"total_count":3,"runner_groups":[{"id":1,"name":"Default","visibility":"all","default":true,"runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/1/runners","inherited":false,"allows_public_repositories":true},{"id":2,"name":"octo-runner-group","visibility":"selected","default":false,"selected_repositories_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/repositories","runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners","inherited":true,"allows_public_repositories":true},{"id":3,"name":"expensive-hardware","visibility":"private","default":false,"runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/3/runners","inherited":false,"allows_public_repositories":true}]}`) + fmt.Fprint(w, `{"total_count":3,"runner_groups":[{"id":1,"name":"Default","visibility":"all","default":true,"runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/1/runners","inherited":false,"allows_public_repositories":true,"restricted_to_workflows":true,"selected_workflows":["a","b"]},{"id":2,"name":"octo-runner-group","visibility":"selected","default":false,"selected_repositories_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/repositories","runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners","inherited":true,"allows_public_repositories":true,"restricted_to_workflows":false,"selected_workflows":[]},{"id":3,"name":"expensive-hardware","visibility":"private","default":false,"runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/3/runners","inherited":false,"allows_public_repositories":true,"restricted_to_workflows":false,"selected_workflows":[]}]}`) }) opts := &ListOrgRunnerGroupOptions{ListOptions: ListOptions{Page: 2, PerPage: 2}} @@ -34,9 +34,9 @@ func TestActionsService_ListOrganizationRunnerGroups(t *testing.T) { want := &RunnerGroups{ TotalCount: 3, RunnerGroups: []*RunnerGroup{ - {ID: Int64(1), Name: String("Default"), Visibility: String("all"), Default: Bool(true), RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/1/runners"), Inherited: Bool(false), AllowsPublicRepositories: Bool(true)}, - {ID: Int64(2), Name: String("octo-runner-group"), Visibility: String("selected"), Default: Bool(false), SelectedRepositoriesURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/2/repositories"), RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners"), Inherited: Bool(true), AllowsPublicRepositories: Bool(true)}, - {ID: Int64(3), Name: String("expensive-hardware"), Visibility: String("private"), Default: Bool(false), RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/3/runners"), Inherited: Bool(false), AllowsPublicRepositories: Bool(true)}, + {ID: Int64(1), Name: String("Default"), Visibility: String("all"), Default: Bool(true), RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/1/runners"), Inherited: Bool(false), AllowsPublicRepositories: Bool(true), RestrictedToWorkflows: Bool(true), SelectedWorkflows: []string{"a","b"}}, + {ID: Int64(2), Name: String("octo-runner-group"), Visibility: String("selected"), Default: Bool(false), SelectedRepositoriesURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/2/repositories"), RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners"), Inherited: Bool(true), AllowsPublicRepositories: Bool(true), RestrictedToWorkflows: Bool(false), SelectedWorkflows: []string{}}, + {ID: Int64(3), Name: String("expensive-hardware"), Visibility: String("private"), Default: Bool(false), RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/3/runners"), Inherited: Bool(false), AllowsPublicRepositories: Bool(true), RestrictedToWorkflows: Bool(false), SelectedWorkflows: []string{}}, }, } if !cmp.Equal(groups, want) { @@ -65,7 +65,7 @@ func TestActionsService_ListOrganizationRunnerGroupsVisibleToRepo(t *testing.T) mux.HandleFunc("/orgs/o/actions/runner-groups", func(w http.ResponseWriter, r *http.Request) { testMethod(t, r, "GET") testFormValues(t, r, values{"per_page": "2", "page": "2", "visible_to_repository": "github"}) - fmt.Fprint(w, `{"total_count":3,"runner_groups":[{"id":1,"name":"Default","visibility":"all","default":true,"runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/1/runners","inherited":false,"allows_public_repositories":true},{"id":2,"name":"octo-runner-group","visibility":"selected","default":false,"selected_repositories_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/repositories","runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners","inherited":true,"allows_public_repositories":true},{"id":3,"name":"expensive-hardware","visibility":"private","default":false,"runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/3/runners","inherited":false,"allows_public_repositories":true}]}`) + fmt.Fprint(w, `{"total_count":3,"runner_groups":[{"id":1,"name":"Default","visibility":"all","default":true,"runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/1/runners","inherited":false,"allows_public_repositories":true,"restricted_to_workflows":false,"selected_workflows":[]},{"id":2,"name":"octo-runner-group","visibility":"selected","default":false,"selected_repositories_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/repositories","runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners","inherited":true,"allows_public_repositories":true,"restricted_to_workflows":false,"selected_workflows":[]},{"id":3,"name":"expensive-hardware","visibility":"private","default":false,"runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/3/runners","inherited":false,"allows_public_repositories":true,"restricted_to_workflows":false,"selected_workflows":[]}]}`) }) opts := &ListOrgRunnerGroupOptions{ListOptions: ListOptions{Page: 2, PerPage: 2}, VisibleToRepository: "github"} @@ -78,9 +78,9 @@ func TestActionsService_ListOrganizationRunnerGroupsVisibleToRepo(t *testing.T) want := &RunnerGroups{ TotalCount: 3, RunnerGroups: []*RunnerGroup{ - {ID: Int64(1), Name: String("Default"), Visibility: String("all"), Default: Bool(true), RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/1/runners"), Inherited: Bool(false), AllowsPublicRepositories: Bool(true)}, - {ID: Int64(2), Name: String("octo-runner-group"), Visibility: String("selected"), Default: Bool(false), SelectedRepositoriesURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/2/repositories"), RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners"), Inherited: Bool(true), AllowsPublicRepositories: Bool(true)}, - {ID: Int64(3), Name: String("expensive-hardware"), Visibility: String("private"), Default: Bool(false), RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/3/runners"), Inherited: Bool(false), AllowsPublicRepositories: Bool(true)}, + {ID: Int64(1), Name: String("Default"), Visibility: String("all"), Default: Bool(true), RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/1/runners"), Inherited: Bool(false), AllowsPublicRepositories: Bool(true), RestrictedToWorkflows: Bool(false), SelectedWorkflows: []string{}}, + {ID: Int64(2), Name: String("octo-runner-group"), Visibility: String("selected"), Default: Bool(false), SelectedRepositoriesURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/2/repositories"), RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners"), Inherited: Bool(true), AllowsPublicRepositories: Bool(true), RestrictedToWorkflows: Bool(false), SelectedWorkflows: []string{}}, + {ID: Int64(3), Name: String("expensive-hardware"), Visibility: String("private"), Default: Bool(false), RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/3/runners"), Inherited: Bool(false), AllowsPublicRepositories: Bool(true), RestrictedToWorkflows: Bool(false), SelectedWorkflows: []string{}}, }, } if !cmp.Equal(groups, want) { @@ -108,7 +108,7 @@ func TestActionsService_GetOrganizationRunnerGroup(t *testing.T) { mux.HandleFunc("/orgs/o/actions/runner-groups/2", func(w http.ResponseWriter, r *http.Request) { testMethod(t, r, "GET") - fmt.Fprint(w, `{"id":2,"name":"octo-runner-group","visibility":"selected","default":false,"selected_repositories_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/repositories","runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners","inherited":false,"allows_public_repositories":true}`) + fmt.Fprint(w, `{"id":2,"name":"octo-runner-group","visibility":"selected","default":false,"selected_repositories_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/repositories","runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners","inherited":false,"allows_public_repositories":true,"restricted_to_workflows":false,"selected_workflows":[]}`) }) ctx := context.Background() @@ -126,6 +126,8 @@ func TestActionsService_GetOrganizationRunnerGroup(t *testing.T) { RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners"), Inherited: Bool(false), AllowsPublicRepositories: Bool(true), + RestrictedToWorkflows: Bool(false), + SelectedWorkflows: []string{}, } if !cmp.Equal(group, want) { @@ -178,7 +180,7 @@ func TestActionsService_CreateOrganizationRunnerGroup(t *testing.T) { mux.HandleFunc("/orgs/o/actions/runner-groups", func(w http.ResponseWriter, r *http.Request) { testMethod(t, r, "POST") - fmt.Fprint(w, `{"id":2,"name":"octo-runner-group","visibility":"selected","default":false,"selected_repositories_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/repositories","runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners","inherited":false,"allows_public_repositories":true}`) + fmt.Fprint(w, `{"id":2,"name":"octo-runner-group","visibility":"selected","default":false,"selected_repositories_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/repositories","runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners","inherited":false,"allows_public_repositories":true,"restricted_to_workflows":false,"selected_workflows":[]}`) }) ctx := context.Background() @@ -186,6 +188,8 @@ func TestActionsService_CreateOrganizationRunnerGroup(t *testing.T) { Name: String("octo-runner-group"), Visibility: String("selected"), AllowsPublicRepositories: Bool(true), + RestrictedToWorkflows: Bool(false), + SelectedWorkflows: []string{}, } group, _, err := client.Actions.CreateOrganizationRunnerGroup(ctx, "o", req) if err != nil { @@ -201,6 +205,8 @@ func TestActionsService_CreateOrganizationRunnerGroup(t *testing.T) { RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners"), Inherited: Bool(false), AllowsPublicRepositories: Bool(true), + RestrictedToWorkflows: Bool(false), + SelectedWorkflows: []string{}, } if !cmp.Equal(group, want) { @@ -228,7 +234,7 @@ func TestActionsService_UpdateOrganizationRunnerGroup(t *testing.T) { mux.HandleFunc("/orgs/o/actions/runner-groups/2", func(w http.ResponseWriter, r *http.Request) { testMethod(t, r, "PATCH") - fmt.Fprint(w, `{"id":2,"name":"octo-runner-group","visibility":"selected","default":false,"selected_repositories_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/repositories","runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners","inherited":false,"allows_public_repositories":true}`) + fmt.Fprint(w, `{"id":2,"name":"octo-runner-group","visibility":"selected","default":false,"selected_repositories_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/repositories","runners_url":"https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners","inherited":false,"allows_public_repositories":true,"restricted_to_workflows":false,"selected_workflows":[]}`) }) ctx := context.Background() @@ -236,6 +242,8 @@ func TestActionsService_UpdateOrganizationRunnerGroup(t *testing.T) { Name: String("octo-runner-group"), Visibility: String("selected"), AllowsPublicRepositories: Bool(true), + RestrictedToWorkflows: Bool(false), + SelectedWorkflows: []string{}, } group, _, err := client.Actions.UpdateOrganizationRunnerGroup(ctx, "o", 2, req) if err != nil { @@ -251,6 +259,8 @@ func TestActionsService_UpdateOrganizationRunnerGroup(t *testing.T) { RunnersURL: String("https://api.github.com/orgs/octo-org/actions/runner_groups/2/runners"), Inherited: Bool(false), AllowsPublicRepositories: Bool(true), + RestrictedToWorkflows: Bool(false), + SelectedWorkflows: []string{}, } if !cmp.Equal(group, want) { @@ -533,6 +543,8 @@ func TestRunnerGroup_Marshal(t *testing.T) { RunnersURL: String("r"), Inherited: Bool(true), AllowsPublicRepositories: Bool(true), + RestrictedToWorkflows: Bool(false), + SelectedWorkflows: []string{}, } want := `{ @@ -543,7 +555,9 @@ func TestRunnerGroup_Marshal(t *testing.T) { "selected_repositories_url": "s", "runners_url": "r", "inherited": true, - "allows_public_repositories": true + "allows_public_repositories": true, + "restricted_to_workflows": false, + "selected_workflows": [] }` testJSONMarshal(t, u, want) @@ -564,6 +578,8 @@ func TestRunnerGroups_Marshal(t *testing.T) { RunnersURL: String("r"), Inherited: Bool(true), AllowsPublicRepositories: Bool(true), + RestrictedToWorkflows: Bool(false), + SelectedWorkflows: []string{}, }, }, } @@ -578,7 +594,9 @@ func TestRunnerGroups_Marshal(t *testing.T) { "selected_repositories_url": "s", "runners_url": "r", "inherited": true, - "allows_public_repositories": true + "allows_public_repositories": true, + "restricted_to_workflows": false, + "selected_workflows": [] }] }` @@ -594,6 +612,8 @@ func TestCreateRunnerGroupRequest_Marshal(t *testing.T) { SelectedRepositoryIDs: []int64{1}, Runners: []int64{1}, AllowsPublicRepositories: Bool(true), + RestrictedToWorkflows: Bool(true), + SelectedWorkflows: []string{"a","b"}, } want := `{ @@ -601,7 +621,9 @@ func TestCreateRunnerGroupRequest_Marshal(t *testing.T) { "visibility": "v", "selected_repository_ids": [1], "runners": [1], - "allows_public_repositories": true + "allows_public_repositories": true, + "restricted_to_workflows": true, + "selected_workflows": ["a","b"] }` testJSONMarshal(t, u, want) @@ -614,12 +636,16 @@ func TestUpdateRunnerGroupRequest_Marshal(t *testing.T) { Name: String("n"), Visibility: String("v"), AllowsPublicRepositories: Bool(true), + RestrictedToWorkflows: Bool(false), + SelectedWorkflows: []string{}, } want := `{ "name": "n", "visibility": "v", - "allows_public_repositories": true + "allows_public_repositories": true, + "restricted_to_workflows": false, + "selected_workflows": [] }` testJSONMarshal(t, u, want) diff --git a/github/github-accessors.go b/github/github-accessors.go index ca558f63951..2976c2eb44e 100644 --- a/github/github-accessors.go +++ b/github/github-accessors.go @@ -3622,6 +3622,14 @@ func (c *CreateRunnerGroupRequest) GetName() string { return *c.Name } +// GetRestrictedToWorkflows returns the RestrictedToWorkflows field if it's non-nil, zero value otherwise. +func (c *CreateRunnerGroupRequest) GetRestrictedToWorkflows() bool { + if c == nil || c.RestrictedToWorkflows == nil { + return false + } + return *c.RestrictedToWorkflows +} + // GetVisibility returns the Visibility field if it's non-nil, zero value otherwise. func (c *CreateRunnerGroupRequest) GetVisibility() string { if c == nil || c.Visibility == nil { @@ -16686,6 +16694,14 @@ func (r *RunnerGroup) GetName() string { return *r.Name } +// GetRestrictedToWorkflows returns the RestrictedToWorkflows field if it's non-nil, zero value otherwise. +func (r *RunnerGroup) GetRestrictedToWorkflows() bool { + if r == nil || r.RestrictedToWorkflows == nil { + return false + } + return *r.RestrictedToWorkflows +} + // GetRunnersURL returns the RunnersURL field if it's non-nil, zero value otherwise. func (r *RunnerGroup) GetRunnersURL() string { if r == nil || r.RunnersURL == nil { @@ -19174,6 +19190,14 @@ func (u *UpdateRunnerGroupRequest) GetName() string { return *u.Name } +// GetRestrictedToWorkflows returns the RestrictedToWorkflows field if it's non-nil, zero value otherwise. +func (u *UpdateRunnerGroupRequest) GetRestrictedToWorkflows() bool { + if u == nil || u.RestrictedToWorkflows == nil { + return false + } + return *u.RestrictedToWorkflows +} + // GetVisibility returns the Visibility field if it's non-nil, zero value otherwise. func (u *UpdateRunnerGroupRequest) GetVisibility() string { if u == nil || u.Visibility == nil { diff --git a/github/github-accessors_test.go b/github/github-accessors_test.go index 7cc7834acb0..658f16e1fcc 100644 --- a/github/github-accessors_test.go +++ b/github/github-accessors_test.go @@ -4243,6 +4243,16 @@ func TestCreateRunnerGroupRequest_GetName(tt *testing.T) { c.GetName() } +func TestCreateRunnerGroupRequest_GetRestrictedToWorkflows(tt *testing.T) { + var zeroValue bool + c := &CreateRunnerGroupRequest{RestrictedToWorkflows: &zeroValue} + c.GetRestrictedToWorkflows() + c = &CreateRunnerGroupRequest{} + c.GetRestrictedToWorkflows() + c = nil + c.GetRestrictedToWorkflows() +} + func TestCreateRunnerGroupRequest_GetVisibility(tt *testing.T) { var zeroValue string c := &CreateRunnerGroupRequest{Visibility: &zeroValue} @@ -19427,6 +19437,16 @@ func TestRunnerGroup_GetName(tt *testing.T) { r.GetName() } +func TestRunnerGroup_GetRestrictedToWorkflows(tt *testing.T) { + var zeroValue bool + r := &RunnerGroup{RestrictedToWorkflows: &zeroValue} + r.GetRestrictedToWorkflows() + r = &RunnerGroup{} + r.GetRestrictedToWorkflows() + r = nil + r.GetRestrictedToWorkflows() +} + func TestRunnerGroup_GetRunnersURL(tt *testing.T) { var zeroValue string r := &RunnerGroup{RunnersURL: &zeroValue} @@ -22342,6 +22362,16 @@ func TestUpdateRunnerGroupRequest_GetName(tt *testing.T) { u.GetName() } +func TestUpdateRunnerGroupRequest_GetRestrictedToWorkflows(tt *testing.T) { + var zeroValue bool + u := &UpdateRunnerGroupRequest{RestrictedToWorkflows: &zeroValue} + u.GetRestrictedToWorkflows() + u = &UpdateRunnerGroupRequest{} + u.GetRestrictedToWorkflows() + u = nil + u.GetRestrictedToWorkflows() +} + func TestUpdateRunnerGroupRequest_GetVisibility(tt *testing.T) { var zeroValue string u := &UpdateRunnerGroupRequest{Visibility: &zeroValue}