Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bugfix: handle mixing of job and normal tokens #3415

Merged
merged 5 commits into from Sep 29, 2022
Merged

bugfix: handle mixing of job and normal tokens #3415

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c2c14ba
bugfix: handle mixing of job and normal tokens
drewstinnett Sep 28, 2022
3c56f7b
refactor: streamline return bool
drewstinnett Sep 28, 2022
fc9d017
refactor: streamline useJobClient
drewstinnett Sep 28, 2022
aeb1959
refactor: better testing environment set
drewstinnett Sep 28, 2022
7947eff
Merge branch 'bugfix-ci-token-brew-push' of github.com:drewstinnett/g…
drewstinnett Sep 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
23 changes: 22 additions & 1 deletion internal/client/gitlab.go
View file
Open in desktop
Expand Up @@ -47,7 +47,7 @@ func NewGitLab(ctx *context.Context, token string) (Client, error) {

var client *gitlab.Client
var err error
if ctx.Config.GitLabURLs.UseJobToken {
if checkUseJobToken(*ctx, token) {
client, err = gitlab.NewJobClient(token, options...)
} else {
client, err = gitlab.NewClient(token, options...)
Expand Down Expand Up @@ -495,3 +495,24 @@ func (c *gitlabClient) getMilestoneByTitle(repo Repo, title string) (*gitlab.Mil

return nil, nil
}

// checkUseJobToken examines the context and given token, and determines if We should use NewJobClient vs NewClient
func checkUseJobToken(ctx context.Context, token string) bool {
// The CI_JOB_TOKEN env var is set automatically in all GitLab runners.
// If this comes back as empty, we aren't in a functional GitLab runner
ciToken := os.Getenv("CI_JOB_TOKEN")
if ciToken == "" {
return false
}

// We only want to use the JobToken client if we have specified
// UseJobToken. Older versions of GitLab don't work with this, so we
// want to be specific
if ctx.Config.GitLabURLs.UseJobToken {
// We may be creating a new client with a non-CI_JOB_TOKEN, for
// things like Homebrew publishing. We can't use the
// CI_JOB_TOKEN there
return token == ciToken
}
return false
}
55 changes: 55 additions & 0 deletions internal/client/gitlab_test.go
View file
Open in desktop
Expand Up @@ -546,3 +546,58 @@ func TestCloseMileston(t *testing.T) {
err = client.CloseMilestone(ctx, repo, "never-will-exist")
require.Error(t, err)
}

func TestCheckUseJobToken(t *testing.T) {
tests := []struct {
ctx context.Context
token string
ciToken string
want bool
desc string
}{
{
ctx: context.Context{
Config: config.Project{
GitLabURLs: config.GitLabURLs{
UseJobToken: true,
},
},
},
token: "real-ci-token",
ciToken: "real-ci-token",
desc: "token and CI_JOB_TOKEN match so should return true",
want: true,
},
{
ctx: context.Context{
Config: config.Project{
GitLabURLs: config.GitLabURLs{
UseJobToken: true,
},
},
},
token: "some-random-token",
ciToken: "real-ci-token",
desc: "token and CI_JOB_TOKEN do NOT match so should return false",
want: false,
},
{
ctx: context.Context{
Config: config.Project{
GitLabURLs: config.GitLabURLs{
UseJobToken: false,
},
},
},
token: "real-ci-token",
ciToken: "real-ci-token",
desc: "token and CI_JOB_TOKEN match, however UseJobToken is set to false, so return false",
want: false,
},
}
for _, tt := range tests {
t.Setenv("CI_JOB_TOKEN", tt.ciToken)
got := checkUseJobToken(tt.ctx, tt.token)
require.Equal(t, tt.want, got, tt.desc)
}
}