mirror of
https://github.com/go-gitea/gitea.git
synced 2025-07-24 22:27:35 +02:00
b8c9a0c323
The merge-upstream route was so far performing any kind of merge, even those that would create merge commits and thus make your branch diverge from upstream, requiring manual intervention via the git cli to undo the damage. With the new optional parameter ff_only, we can instruct gitea to error out, if a non-fast-forward merge would be performed.
1198 lines
34 KiB
Go
1198 lines
34 KiB
Go
// Copyright 2016 The Gogs Authors. All rights reserved.
|
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package repo
|
|
|
|
import (
|
|
"errors"
|
|
"net/http"
|
|
|
|
"code.gitea.io/gitea/models/db"
|
|
git_model "code.gitea.io/gitea/models/git"
|
|
"code.gitea.io/gitea/models/organization"
|
|
repo_model "code.gitea.io/gitea/models/repo"
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/modules/git"
|
|
"code.gitea.io/gitea/modules/gitrepo"
|
|
"code.gitea.io/gitea/modules/optional"
|
|
repo_module "code.gitea.io/gitea/modules/repository"
|
|
api "code.gitea.io/gitea/modules/structs"
|
|
"code.gitea.io/gitea/modules/util"
|
|
"code.gitea.io/gitea/modules/web"
|
|
"code.gitea.io/gitea/routers/api/v1/utils"
|
|
"code.gitea.io/gitea/services/context"
|
|
"code.gitea.io/gitea/services/convert"
|
|
pull_service "code.gitea.io/gitea/services/pull"
|
|
release_service "code.gitea.io/gitea/services/release"
|
|
repo_service "code.gitea.io/gitea/services/repository"
|
|
)
|
|
|
|
// GetBranch get a branch of a repository
|
|
func GetBranch(ctx *context.APIContext) {
|
|
// swagger:operation GET /repos/{owner}/{repo}/branches/{branch} repository repoGetBranch
|
|
// ---
|
|
// summary: Retrieve a specific branch from a repository, including its effective branch protection
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: owner
|
|
// in: path
|
|
// description: owner of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: repo
|
|
// in: path
|
|
// description: name of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: branch
|
|
// in: path
|
|
// description: branch to get
|
|
// type: string
|
|
// required: true
|
|
// responses:
|
|
// "200":
|
|
// "$ref": "#/responses/Branch"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
|
|
branchName := ctx.PathParam("*")
|
|
|
|
exist, err := git_model.IsBranchExist(ctx, ctx.Repo.Repository.ID, branchName)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
} else if !exist {
|
|
ctx.APIErrorNotFound(err)
|
|
return
|
|
}
|
|
|
|
c, err := ctx.Repo.GitRepo.GetBranchCommit(branchName)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
branchProtection, err := git_model.GetFirstMatchProtectedBranchRule(ctx, ctx.Repo.Repository.ID, branchName)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
br, err := convert.ToBranch(ctx, ctx.Repo.Repository, branchName, c, branchProtection, ctx.Doer, ctx.Repo.IsAdmin())
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
ctx.JSON(http.StatusOK, br)
|
|
}
|
|
|
|
// DeleteBranch get a branch of a repository
|
|
func DeleteBranch(ctx *context.APIContext) {
|
|
// swagger:operation DELETE /repos/{owner}/{repo}/branches/{branch} repository repoDeleteBranch
|
|
// ---
|
|
// summary: Delete a specific branch from a repository
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: owner
|
|
// in: path
|
|
// description: owner of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: repo
|
|
// in: path
|
|
// description: name of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: branch
|
|
// in: path
|
|
// description: branch to delete
|
|
// type: string
|
|
// required: true
|
|
// responses:
|
|
// "204":
|
|
// "$ref": "#/responses/empty"
|
|
// "403":
|
|
// "$ref": "#/responses/error"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
// "423":
|
|
// "$ref": "#/responses/repoArchivedError"
|
|
if ctx.Repo.Repository.IsEmpty {
|
|
ctx.APIError(http.StatusNotFound, "Git Repository is empty.")
|
|
return
|
|
}
|
|
|
|
if ctx.Repo.Repository.IsMirror {
|
|
ctx.APIError(http.StatusForbidden, "Git Repository is a mirror.")
|
|
return
|
|
}
|
|
|
|
branchName := ctx.PathParam("*")
|
|
|
|
// check whether branches of this repository has been synced
|
|
totalNumOfBranches, err := db.Count[git_model.Branch](ctx, git_model.FindBranchOptions{
|
|
RepoID: ctx.Repo.Repository.ID,
|
|
IsDeletedBranch: optional.Some(false),
|
|
})
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
if totalNumOfBranches == 0 { // sync branches immediately because non-empty repository should have at least 1 branch
|
|
_, err = repo_module.SyncRepoBranches(ctx, ctx.Repo.Repository.ID, 0)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
}
|
|
|
|
if err := repo_service.DeleteBranch(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.GitRepo, branchName, nil); err != nil {
|
|
switch {
|
|
case git.IsErrBranchNotExist(err):
|
|
ctx.APIErrorNotFound(err)
|
|
case errors.Is(err, repo_service.ErrBranchIsDefault):
|
|
ctx.APIError(http.StatusForbidden, errors.New("can not delete default branch"))
|
|
case errors.Is(err, git_model.ErrBranchIsProtected):
|
|
ctx.APIError(http.StatusForbidden, errors.New("branch protected"))
|
|
default:
|
|
ctx.APIErrorInternal(err)
|
|
}
|
|
return
|
|
}
|
|
|
|
ctx.Status(http.StatusNoContent)
|
|
}
|
|
|
|
// CreateBranch creates a branch for a user's repository
|
|
func CreateBranch(ctx *context.APIContext) {
|
|
// swagger:operation POST /repos/{owner}/{repo}/branches repository repoCreateBranch
|
|
// ---
|
|
// summary: Create a branch
|
|
// consumes:
|
|
// - application/json
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: owner
|
|
// in: path
|
|
// description: owner of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: repo
|
|
// in: path
|
|
// description: name of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: body
|
|
// in: body
|
|
// schema:
|
|
// "$ref": "#/definitions/CreateBranchRepoOption"
|
|
// responses:
|
|
// "201":
|
|
// "$ref": "#/responses/Branch"
|
|
// "403":
|
|
// description: The branch is archived or a mirror.
|
|
// "404":
|
|
// description: The old branch does not exist.
|
|
// "409":
|
|
// description: The branch with the same name already exists.
|
|
// "423":
|
|
// "$ref": "#/responses/repoArchivedError"
|
|
|
|
if ctx.Repo.Repository.IsEmpty {
|
|
ctx.APIError(http.StatusNotFound, "Git Repository is empty.")
|
|
return
|
|
}
|
|
|
|
if ctx.Repo.Repository.IsMirror {
|
|
ctx.APIError(http.StatusForbidden, "Git Repository is a mirror.")
|
|
return
|
|
}
|
|
|
|
opt := web.GetForm(ctx).(*api.CreateBranchRepoOption)
|
|
|
|
var oldCommit *git.Commit
|
|
var err error
|
|
|
|
if len(opt.OldRefName) > 0 {
|
|
oldCommit, err = ctx.Repo.GitRepo.GetCommit(opt.OldRefName)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
} else if len(opt.OldBranchName) > 0 { //nolint
|
|
if gitrepo.IsBranchExist(ctx, ctx.Repo.Repository, opt.OldBranchName) { //nolint
|
|
oldCommit, err = ctx.Repo.GitRepo.GetBranchCommit(opt.OldBranchName) //nolint
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
} else {
|
|
ctx.APIError(http.StatusNotFound, "The old branch does not exist")
|
|
return
|
|
}
|
|
} else {
|
|
oldCommit, err = ctx.Repo.GitRepo.GetBranchCommit(ctx.Repo.Repository.DefaultBranch)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
}
|
|
|
|
err = repo_service.CreateNewBranchFromCommit(ctx, ctx.Doer, ctx.Repo.Repository, ctx.Repo.GitRepo, oldCommit.ID.String(), opt.BranchName)
|
|
if err != nil {
|
|
if git_model.IsErrBranchNotExist(err) {
|
|
ctx.APIError(http.StatusNotFound, "The old branch does not exist")
|
|
} else if release_service.IsErrTagAlreadyExists(err) {
|
|
ctx.APIError(http.StatusConflict, "The branch with the same tag already exists.")
|
|
} else if git_model.IsErrBranchAlreadyExists(err) || git.IsErrPushOutOfDate(err) {
|
|
ctx.APIError(http.StatusConflict, "The branch already exists.")
|
|
} else if git_model.IsErrBranchNameConflict(err) {
|
|
ctx.APIError(http.StatusConflict, "The branch with the same name already exists.")
|
|
} else {
|
|
ctx.APIErrorInternal(err)
|
|
}
|
|
return
|
|
}
|
|
|
|
commit, err := ctx.Repo.GitRepo.GetBranchCommit(opt.BranchName)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
branchProtection, err := git_model.GetFirstMatchProtectedBranchRule(ctx, ctx.Repo.Repository.ID, opt.BranchName)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
br, err := convert.ToBranch(ctx, ctx.Repo.Repository, opt.BranchName, commit, branchProtection, ctx.Doer, ctx.Repo.IsAdmin())
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
ctx.JSON(http.StatusCreated, br)
|
|
}
|
|
|
|
// ListBranches list all the branches of a repository
|
|
func ListBranches(ctx *context.APIContext) {
|
|
// swagger:operation GET /repos/{owner}/{repo}/branches repository repoListBranches
|
|
// ---
|
|
// summary: List a repository's branches
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: owner
|
|
// in: path
|
|
// description: owner of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: repo
|
|
// in: path
|
|
// description: name of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: page
|
|
// in: query
|
|
// description: page number of results to return (1-based)
|
|
// type: integer
|
|
// - name: limit
|
|
// in: query
|
|
// description: page size of results
|
|
// type: integer
|
|
// responses:
|
|
// "200":
|
|
// "$ref": "#/responses/BranchList"
|
|
|
|
var totalNumOfBranches int64
|
|
var apiBranches []*api.Branch
|
|
|
|
listOptions := utils.GetListOptions(ctx)
|
|
|
|
if !ctx.Repo.Repository.IsEmpty {
|
|
if ctx.Repo.GitRepo == nil {
|
|
ctx.APIErrorInternal(nil)
|
|
return
|
|
}
|
|
|
|
branchOpts := git_model.FindBranchOptions{
|
|
ListOptions: listOptions,
|
|
RepoID: ctx.Repo.Repository.ID,
|
|
IsDeletedBranch: optional.Some(false),
|
|
}
|
|
var err error
|
|
totalNumOfBranches, err = db.Count[git_model.Branch](ctx, branchOpts)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
if totalNumOfBranches == 0 { // sync branches immediately because non-empty repository should have at least 1 branch
|
|
totalNumOfBranches, err = repo_module.SyncRepoBranches(ctx, ctx.Repo.Repository.ID, 0)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
}
|
|
|
|
rules, err := git_model.FindRepoProtectedBranchRules(ctx, ctx.Repo.Repository.ID)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
branches, err := db.Find[git_model.Branch](ctx, branchOpts)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
apiBranches = make([]*api.Branch, 0, len(branches))
|
|
for i := range branches {
|
|
c, err := ctx.Repo.GitRepo.GetBranchCommit(branches[i].Name)
|
|
if err != nil {
|
|
// Skip if this branch doesn't exist anymore.
|
|
if git.IsErrNotExist(err) {
|
|
totalNumOfBranches--
|
|
continue
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
branchProtection := rules.GetFirstMatched(branches[i].Name)
|
|
apiBranch, err := convert.ToBranch(ctx, ctx.Repo.Repository, branches[i].Name, c, branchProtection, ctx.Doer, ctx.Repo.IsAdmin())
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
apiBranches = append(apiBranches, apiBranch)
|
|
}
|
|
}
|
|
|
|
ctx.SetLinkHeader(int(totalNumOfBranches), listOptions.PageSize)
|
|
ctx.SetTotalCountHeader(totalNumOfBranches)
|
|
ctx.JSON(http.StatusOK, apiBranches)
|
|
}
|
|
|
|
// UpdateBranch updates a repository's branch.
|
|
func UpdateBranch(ctx *context.APIContext) {
|
|
// swagger:operation PATCH /repos/{owner}/{repo}/branches/{branch} repository repoUpdateBranch
|
|
// ---
|
|
// summary: Update a branch
|
|
// consumes:
|
|
// - application/json
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: owner
|
|
// in: path
|
|
// description: owner of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: repo
|
|
// in: path
|
|
// description: name of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: branch
|
|
// in: path
|
|
// description: name of the branch
|
|
// type: string
|
|
// required: true
|
|
// - name: body
|
|
// in: body
|
|
// schema:
|
|
// "$ref": "#/definitions/UpdateBranchRepoOption"
|
|
// responses:
|
|
// "204":
|
|
// "$ref": "#/responses/empty"
|
|
// "403":
|
|
// "$ref": "#/responses/forbidden"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
// "422":
|
|
// "$ref": "#/responses/validationError"
|
|
|
|
opt := web.GetForm(ctx).(*api.UpdateBranchRepoOption)
|
|
|
|
oldName := ctx.PathParam("*")
|
|
repo := ctx.Repo.Repository
|
|
|
|
if repo.IsEmpty {
|
|
ctx.APIError(http.StatusNotFound, "Git Repository is empty.")
|
|
return
|
|
}
|
|
|
|
if repo.IsMirror {
|
|
ctx.APIError(http.StatusForbidden, "Git Repository is a mirror.")
|
|
return
|
|
}
|
|
|
|
msg, err := repo_service.RenameBranch(ctx, repo, ctx.Doer, ctx.Repo.GitRepo, oldName, opt.Name)
|
|
if err != nil {
|
|
switch {
|
|
case repo_model.IsErrUserDoesNotHaveAccessToRepo(err):
|
|
ctx.APIError(http.StatusForbidden, "User must be a repo or site admin to rename default or protected branches.")
|
|
case errors.Is(err, git_model.ErrBranchIsProtected):
|
|
ctx.APIError(http.StatusForbidden, "Branch is protected by glob-based protection rules.")
|
|
default:
|
|
ctx.APIErrorInternal(err)
|
|
}
|
|
return
|
|
}
|
|
if msg == "target_exist" {
|
|
ctx.APIError(http.StatusUnprocessableEntity, "Cannot rename a branch using the same name or rename to a branch that already exists.")
|
|
return
|
|
}
|
|
if msg == "from_not_exist" {
|
|
ctx.APIError(http.StatusNotFound, "Branch doesn't exist.")
|
|
return
|
|
}
|
|
|
|
ctx.Status(http.StatusNoContent)
|
|
}
|
|
|
|
// GetBranchProtection gets a branch protection
|
|
func GetBranchProtection(ctx *context.APIContext) {
|
|
// swagger:operation GET /repos/{owner}/{repo}/branch_protections/{name} repository repoGetBranchProtection
|
|
// ---
|
|
// summary: Get a specific branch protection for the repository
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: owner
|
|
// in: path
|
|
// description: owner of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: repo
|
|
// in: path
|
|
// description: name of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: name
|
|
// in: path
|
|
// description: name of protected branch
|
|
// type: string
|
|
// required: true
|
|
// responses:
|
|
// "200":
|
|
// "$ref": "#/responses/BranchProtection"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
|
|
repo := ctx.Repo.Repository
|
|
bpName := ctx.PathParam("name")
|
|
bp, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, bpName)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
if bp == nil || bp.RepoID != repo.ID {
|
|
ctx.APIErrorNotFound()
|
|
return
|
|
}
|
|
|
|
ctx.JSON(http.StatusOK, convert.ToBranchProtection(ctx, bp, repo))
|
|
}
|
|
|
|
// ListBranchProtections list branch protections for a repo
|
|
func ListBranchProtections(ctx *context.APIContext) {
|
|
// swagger:operation GET /repos/{owner}/{repo}/branch_protections repository repoListBranchProtection
|
|
// ---
|
|
// summary: List branch protections for a repository
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: owner
|
|
// in: path
|
|
// description: owner of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: repo
|
|
// in: path
|
|
// description: name of the repo
|
|
// type: string
|
|
// required: true
|
|
// responses:
|
|
// "200":
|
|
// "$ref": "#/responses/BranchProtectionList"
|
|
|
|
repo := ctx.Repo.Repository
|
|
bps, err := git_model.FindRepoProtectedBranchRules(ctx, repo.ID)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
apiBps := make([]*api.BranchProtection, len(bps))
|
|
for i := range bps {
|
|
apiBps[i] = convert.ToBranchProtection(ctx, bps[i], repo)
|
|
}
|
|
|
|
ctx.JSON(http.StatusOK, apiBps)
|
|
}
|
|
|
|
// CreateBranchProtection creates a branch protection for a repo
|
|
func CreateBranchProtection(ctx *context.APIContext) {
|
|
// swagger:operation POST /repos/{owner}/{repo}/branch_protections repository repoCreateBranchProtection
|
|
// ---
|
|
// summary: Create a branch protections for a repository
|
|
// consumes:
|
|
// - application/json
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: owner
|
|
// in: path
|
|
// description: owner of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: repo
|
|
// in: path
|
|
// description: name of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: body
|
|
// in: body
|
|
// schema:
|
|
// "$ref": "#/definitions/CreateBranchProtectionOption"
|
|
// responses:
|
|
// "201":
|
|
// "$ref": "#/responses/BranchProtection"
|
|
// "403":
|
|
// "$ref": "#/responses/forbidden"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
// "422":
|
|
// "$ref": "#/responses/validationError"
|
|
// "423":
|
|
// "$ref": "#/responses/repoArchivedError"
|
|
|
|
form := web.GetForm(ctx).(*api.CreateBranchProtectionOption)
|
|
repo := ctx.Repo.Repository
|
|
|
|
ruleName := form.RuleName
|
|
if ruleName == "" {
|
|
ruleName = form.BranchName //nolint
|
|
}
|
|
if len(ruleName) == 0 {
|
|
ctx.APIError(http.StatusBadRequest, "both rule_name and branch_name are empty")
|
|
return
|
|
}
|
|
|
|
protectBranch, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, ruleName)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
} else if protectBranch != nil {
|
|
ctx.APIError(http.StatusForbidden, "Branch protection already exist")
|
|
return
|
|
}
|
|
|
|
var requiredApprovals int64
|
|
if form.RequiredApprovals > 0 {
|
|
requiredApprovals = form.RequiredApprovals
|
|
}
|
|
|
|
whitelistUsers, err := user_model.GetUserIDsByNames(ctx, form.PushWhitelistUsernames, false)
|
|
if err != nil {
|
|
if user_model.IsErrUserNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
forcePushAllowlistUsers, err := user_model.GetUserIDsByNames(ctx, form.ForcePushAllowlistUsernames, false)
|
|
if err != nil {
|
|
if user_model.IsErrUserNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
mergeWhitelistUsers, err := user_model.GetUserIDsByNames(ctx, form.MergeWhitelistUsernames, false)
|
|
if err != nil {
|
|
if user_model.IsErrUserNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
approvalsWhitelistUsers, err := user_model.GetUserIDsByNames(ctx, form.ApprovalsWhitelistUsernames, false)
|
|
if err != nil {
|
|
if user_model.IsErrUserNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
var whitelistTeams, forcePushAllowlistTeams, mergeWhitelistTeams, approvalsWhitelistTeams []int64
|
|
if repo.Owner.IsOrganization() {
|
|
whitelistTeams, err = organization.GetTeamIDsByNames(ctx, repo.OwnerID, form.PushWhitelistTeams, false)
|
|
if err != nil {
|
|
if organization.IsErrTeamNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
forcePushAllowlistTeams, err = organization.GetTeamIDsByNames(ctx, repo.OwnerID, form.ForcePushAllowlistTeams, false)
|
|
if err != nil {
|
|
if organization.IsErrTeamNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
mergeWhitelistTeams, err = organization.GetTeamIDsByNames(ctx, repo.OwnerID, form.MergeWhitelistTeams, false)
|
|
if err != nil {
|
|
if organization.IsErrTeamNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
approvalsWhitelistTeams, err = organization.GetTeamIDsByNames(ctx, repo.OwnerID, form.ApprovalsWhitelistTeams, false)
|
|
if err != nil {
|
|
if organization.IsErrTeamNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
}
|
|
|
|
protectBranch = &git_model.ProtectedBranch{
|
|
RepoID: ctx.Repo.Repository.ID,
|
|
RuleName: ruleName,
|
|
Priority: form.Priority,
|
|
CanPush: form.EnablePush,
|
|
EnableWhitelist: form.EnablePush && form.EnablePushWhitelist,
|
|
WhitelistDeployKeys: form.EnablePush && form.EnablePushWhitelist && form.PushWhitelistDeployKeys,
|
|
CanForcePush: form.EnablePush && form.EnableForcePush,
|
|
EnableForcePushAllowlist: form.EnablePush && form.EnableForcePush && form.EnableForcePushAllowlist,
|
|
ForcePushAllowlistDeployKeys: form.EnablePush && form.EnableForcePush && form.EnableForcePushAllowlist && form.ForcePushAllowlistDeployKeys,
|
|
EnableMergeWhitelist: form.EnableMergeWhitelist,
|
|
EnableStatusCheck: form.EnableStatusCheck,
|
|
StatusCheckContexts: form.StatusCheckContexts,
|
|
EnableApprovalsWhitelist: form.EnableApprovalsWhitelist,
|
|
RequiredApprovals: requiredApprovals,
|
|
BlockOnRejectedReviews: form.BlockOnRejectedReviews,
|
|
BlockOnOfficialReviewRequests: form.BlockOnOfficialReviewRequests,
|
|
DismissStaleApprovals: form.DismissStaleApprovals,
|
|
IgnoreStaleApprovals: form.IgnoreStaleApprovals,
|
|
RequireSignedCommits: form.RequireSignedCommits,
|
|
ProtectedFilePatterns: form.ProtectedFilePatterns,
|
|
UnprotectedFilePatterns: form.UnprotectedFilePatterns,
|
|
BlockOnOutdatedBranch: form.BlockOnOutdatedBranch,
|
|
BlockAdminMergeOverride: form.BlockAdminMergeOverride,
|
|
}
|
|
|
|
if err := pull_service.CreateOrUpdateProtectedBranch(ctx, ctx.Repo.Repository, protectBranch, git_model.WhitelistOptions{
|
|
UserIDs: whitelistUsers,
|
|
TeamIDs: whitelistTeams,
|
|
ForcePushUserIDs: forcePushAllowlistUsers,
|
|
ForcePushTeamIDs: forcePushAllowlistTeams,
|
|
MergeUserIDs: mergeWhitelistUsers,
|
|
MergeTeamIDs: mergeWhitelistTeams,
|
|
ApprovalsUserIDs: approvalsWhitelistUsers,
|
|
ApprovalsTeamIDs: approvalsWhitelistTeams,
|
|
}); err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
// Reload from db to get all whitelists
|
|
bp, err := git_model.GetProtectedBranchRuleByName(ctx, ctx.Repo.Repository.ID, ruleName)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
if bp == nil || bp.RepoID != ctx.Repo.Repository.ID {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
ctx.JSON(http.StatusCreated, convert.ToBranchProtection(ctx, bp, repo))
|
|
}
|
|
|
|
// EditBranchProtection edits a branch protection for a repo
|
|
func EditBranchProtection(ctx *context.APIContext) {
|
|
// swagger:operation PATCH /repos/{owner}/{repo}/branch_protections/{name} repository repoEditBranchProtection
|
|
// ---
|
|
// summary: Edit a branch protections for a repository. Only fields that are set will be changed
|
|
// consumes:
|
|
// - application/json
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: owner
|
|
// in: path
|
|
// description: owner of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: repo
|
|
// in: path
|
|
// description: name of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: name
|
|
// in: path
|
|
// description: name of protected branch
|
|
// type: string
|
|
// required: true
|
|
// - name: body
|
|
// in: body
|
|
// schema:
|
|
// "$ref": "#/definitions/EditBranchProtectionOption"
|
|
// responses:
|
|
// "200":
|
|
// "$ref": "#/responses/BranchProtection"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
// "422":
|
|
// "$ref": "#/responses/validationError"
|
|
// "423":
|
|
// "$ref": "#/responses/repoArchivedError"
|
|
form := web.GetForm(ctx).(*api.EditBranchProtectionOption)
|
|
repo := ctx.Repo.Repository
|
|
bpName := ctx.PathParam("name")
|
|
protectBranch, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, bpName)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
if protectBranch == nil || protectBranch.RepoID != repo.ID {
|
|
ctx.APIErrorNotFound()
|
|
return
|
|
}
|
|
|
|
if form.EnablePush != nil {
|
|
if !*form.EnablePush {
|
|
protectBranch.CanPush = false
|
|
protectBranch.EnableWhitelist = false
|
|
protectBranch.WhitelistDeployKeys = false
|
|
} else {
|
|
protectBranch.CanPush = true
|
|
if form.EnablePushWhitelist != nil {
|
|
if !*form.EnablePushWhitelist {
|
|
protectBranch.EnableWhitelist = false
|
|
protectBranch.WhitelistDeployKeys = false
|
|
} else {
|
|
protectBranch.EnableWhitelist = true
|
|
if form.PushWhitelistDeployKeys != nil {
|
|
protectBranch.WhitelistDeployKeys = *form.PushWhitelistDeployKeys
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if form.EnableForcePush != nil {
|
|
if !*form.EnableForcePush {
|
|
protectBranch.CanForcePush = false
|
|
protectBranch.EnableForcePushAllowlist = false
|
|
protectBranch.ForcePushAllowlistDeployKeys = false
|
|
} else {
|
|
protectBranch.CanForcePush = true
|
|
if form.EnableForcePushAllowlist != nil {
|
|
if !*form.EnableForcePushAllowlist {
|
|
protectBranch.EnableForcePushAllowlist = false
|
|
protectBranch.ForcePushAllowlistDeployKeys = false
|
|
} else {
|
|
protectBranch.EnableForcePushAllowlist = true
|
|
if form.ForcePushAllowlistDeployKeys != nil {
|
|
protectBranch.ForcePushAllowlistDeployKeys = *form.ForcePushAllowlistDeployKeys
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if form.Priority != nil {
|
|
protectBranch.Priority = *form.Priority
|
|
}
|
|
|
|
if form.EnableMergeWhitelist != nil {
|
|
protectBranch.EnableMergeWhitelist = *form.EnableMergeWhitelist
|
|
}
|
|
|
|
if form.EnableStatusCheck != nil {
|
|
protectBranch.EnableStatusCheck = *form.EnableStatusCheck
|
|
}
|
|
|
|
if form.StatusCheckContexts != nil {
|
|
protectBranch.StatusCheckContexts = form.StatusCheckContexts
|
|
}
|
|
|
|
if form.RequiredApprovals != nil && *form.RequiredApprovals >= 0 {
|
|
protectBranch.RequiredApprovals = *form.RequiredApprovals
|
|
}
|
|
|
|
if form.EnableApprovalsWhitelist != nil {
|
|
protectBranch.EnableApprovalsWhitelist = *form.EnableApprovalsWhitelist
|
|
}
|
|
|
|
if form.BlockOnRejectedReviews != nil {
|
|
protectBranch.BlockOnRejectedReviews = *form.BlockOnRejectedReviews
|
|
}
|
|
|
|
if form.BlockOnOfficialReviewRequests != nil {
|
|
protectBranch.BlockOnOfficialReviewRequests = *form.BlockOnOfficialReviewRequests
|
|
}
|
|
|
|
if form.DismissStaleApprovals != nil {
|
|
protectBranch.DismissStaleApprovals = *form.DismissStaleApprovals
|
|
}
|
|
|
|
if form.IgnoreStaleApprovals != nil {
|
|
protectBranch.IgnoreStaleApprovals = *form.IgnoreStaleApprovals
|
|
}
|
|
|
|
if form.RequireSignedCommits != nil {
|
|
protectBranch.RequireSignedCommits = *form.RequireSignedCommits
|
|
}
|
|
|
|
if form.ProtectedFilePatterns != nil {
|
|
protectBranch.ProtectedFilePatterns = *form.ProtectedFilePatterns
|
|
}
|
|
|
|
if form.UnprotectedFilePatterns != nil {
|
|
protectBranch.UnprotectedFilePatterns = *form.UnprotectedFilePatterns
|
|
}
|
|
|
|
if form.BlockOnOutdatedBranch != nil {
|
|
protectBranch.BlockOnOutdatedBranch = *form.BlockOnOutdatedBranch
|
|
}
|
|
|
|
if form.BlockAdminMergeOverride != nil {
|
|
protectBranch.BlockAdminMergeOverride = *form.BlockAdminMergeOverride
|
|
}
|
|
|
|
var whitelistUsers, forcePushAllowlistUsers, mergeWhitelistUsers, approvalsWhitelistUsers []int64
|
|
if form.PushWhitelistUsernames != nil {
|
|
whitelistUsers, err = user_model.GetUserIDsByNames(ctx, form.PushWhitelistUsernames, false)
|
|
if err != nil {
|
|
if user_model.IsErrUserNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
} else {
|
|
whitelistUsers = protectBranch.WhitelistUserIDs
|
|
}
|
|
if form.ForcePushAllowlistDeployKeys != nil {
|
|
forcePushAllowlistUsers, err = user_model.GetUserIDsByNames(ctx, form.ForcePushAllowlistUsernames, false)
|
|
if err != nil {
|
|
if user_model.IsErrUserNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
} else {
|
|
forcePushAllowlistUsers = protectBranch.ForcePushAllowlistUserIDs
|
|
}
|
|
if form.MergeWhitelistUsernames != nil {
|
|
mergeWhitelistUsers, err = user_model.GetUserIDsByNames(ctx, form.MergeWhitelistUsernames, false)
|
|
if err != nil {
|
|
if user_model.IsErrUserNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
} else {
|
|
mergeWhitelistUsers = protectBranch.MergeWhitelistUserIDs
|
|
}
|
|
if form.ApprovalsWhitelistUsernames != nil {
|
|
approvalsWhitelistUsers, err = user_model.GetUserIDsByNames(ctx, form.ApprovalsWhitelistUsernames, false)
|
|
if err != nil {
|
|
if user_model.IsErrUserNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
} else {
|
|
approvalsWhitelistUsers = protectBranch.ApprovalsWhitelistUserIDs
|
|
}
|
|
|
|
var whitelistTeams, forcePushAllowlistTeams, mergeWhitelistTeams, approvalsWhitelistTeams []int64
|
|
if repo.Owner.IsOrganization() {
|
|
if form.PushWhitelistTeams != nil {
|
|
whitelistTeams, err = organization.GetTeamIDsByNames(ctx, repo.OwnerID, form.PushWhitelistTeams, false)
|
|
if err != nil {
|
|
if organization.IsErrTeamNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
} else {
|
|
whitelistTeams = protectBranch.WhitelistTeamIDs
|
|
}
|
|
if form.ForcePushAllowlistTeams != nil {
|
|
forcePushAllowlistTeams, err = organization.GetTeamIDsByNames(ctx, repo.OwnerID, form.ForcePushAllowlistTeams, false)
|
|
if err != nil {
|
|
if organization.IsErrTeamNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
} else {
|
|
forcePushAllowlistTeams = protectBranch.ForcePushAllowlistTeamIDs
|
|
}
|
|
if form.MergeWhitelistTeams != nil {
|
|
mergeWhitelistTeams, err = organization.GetTeamIDsByNames(ctx, repo.OwnerID, form.MergeWhitelistTeams, false)
|
|
if err != nil {
|
|
if organization.IsErrTeamNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
} else {
|
|
mergeWhitelistTeams = protectBranch.MergeWhitelistTeamIDs
|
|
}
|
|
if form.ApprovalsWhitelistTeams != nil {
|
|
approvalsWhitelistTeams, err = organization.GetTeamIDsByNames(ctx, repo.OwnerID, form.ApprovalsWhitelistTeams, false)
|
|
if err != nil {
|
|
if organization.IsErrTeamNotExist(err) {
|
|
ctx.APIError(http.StatusUnprocessableEntity, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
} else {
|
|
approvalsWhitelistTeams = protectBranch.ApprovalsWhitelistTeamIDs
|
|
}
|
|
}
|
|
|
|
err = git_model.UpdateProtectBranch(ctx, ctx.Repo.Repository, protectBranch, git_model.WhitelistOptions{
|
|
UserIDs: whitelistUsers,
|
|
TeamIDs: whitelistTeams,
|
|
ForcePushUserIDs: forcePushAllowlistUsers,
|
|
ForcePushTeamIDs: forcePushAllowlistTeams,
|
|
MergeUserIDs: mergeWhitelistUsers,
|
|
MergeTeamIDs: mergeWhitelistTeams,
|
|
ApprovalsUserIDs: approvalsWhitelistUsers,
|
|
ApprovalsTeamIDs: approvalsWhitelistTeams,
|
|
})
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
isPlainRule := !git_model.IsRuleNameSpecial(bpName)
|
|
var isBranchExist bool
|
|
if isPlainRule {
|
|
isBranchExist = gitrepo.IsBranchExist(ctx, ctx.Repo.Repository, bpName)
|
|
}
|
|
|
|
if isBranchExist {
|
|
if err = pull_service.CheckPRsForBaseBranch(ctx, ctx.Repo.Repository, bpName); err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
} else {
|
|
if !isPlainRule {
|
|
if ctx.Repo.GitRepo == nil {
|
|
ctx.Repo.GitRepo, err = gitrepo.RepositoryFromRequestContextOrOpen(ctx, ctx.Repo.Repository)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
}
|
|
|
|
// FIXME: since we only need to recheck files protected rules, we could improve this
|
|
matchedBranches, err := git_model.FindAllMatchedBranches(ctx, ctx.Repo.Repository.ID, protectBranch.RuleName)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
for _, branchName := range matchedBranches {
|
|
if err = pull_service.CheckPRsForBaseBranch(ctx, ctx.Repo.Repository, branchName); err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Reload from db to ensure get all whitelists
|
|
bp, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, bpName)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
if bp == nil || bp.RepoID != ctx.Repo.Repository.ID {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
ctx.JSON(http.StatusOK, convert.ToBranchProtection(ctx, bp, repo))
|
|
}
|
|
|
|
// DeleteBranchProtection deletes a branch protection for a repo
|
|
func DeleteBranchProtection(ctx *context.APIContext) {
|
|
// swagger:operation DELETE /repos/{owner}/{repo}/branch_protections/{name} repository repoDeleteBranchProtection
|
|
// ---
|
|
// summary: Delete a specific branch protection for the repository
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: owner
|
|
// in: path
|
|
// description: owner of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: repo
|
|
// in: path
|
|
// description: name of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: name
|
|
// in: path
|
|
// description: name of protected branch
|
|
// type: string
|
|
// required: true
|
|
// responses:
|
|
// "204":
|
|
// "$ref": "#/responses/empty"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
|
|
repo := ctx.Repo.Repository
|
|
bpName := ctx.PathParam("name")
|
|
bp, err := git_model.GetProtectedBranchRuleByName(ctx, repo.ID, bpName)
|
|
if err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
if bp == nil || bp.RepoID != repo.ID {
|
|
ctx.APIErrorNotFound()
|
|
return
|
|
}
|
|
|
|
if err := git_model.DeleteProtectedBranch(ctx, ctx.Repo.Repository, bp.ID); err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
ctx.Status(http.StatusNoContent)
|
|
}
|
|
|
|
// UpdateBranchProtectionPriories updates the priorities of branch protections for a repo
|
|
func UpdateBranchProtectionPriories(ctx *context.APIContext) {
|
|
// swagger:operation POST /repos/{owner}/{repo}/branch_protections/priority repository repoUpdateBranchProtectionPriories
|
|
// ---
|
|
// summary: Update the priorities of branch protections for a repository.
|
|
// consumes:
|
|
// - application/json
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: owner
|
|
// in: path
|
|
// description: owner of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: repo
|
|
// in: path
|
|
// description: name of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: body
|
|
// in: body
|
|
// schema:
|
|
// "$ref": "#/definitions/UpdateBranchProtectionPriories"
|
|
// responses:
|
|
// "204":
|
|
// "$ref": "#/responses/empty"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
// "422":
|
|
// "$ref": "#/responses/validationError"
|
|
// "423":
|
|
// "$ref": "#/responses/repoArchivedError"
|
|
form := web.GetForm(ctx).(*api.UpdateBranchProtectionPriories)
|
|
repo := ctx.Repo.Repository
|
|
|
|
if err := git_model.UpdateProtectBranchPriorities(ctx, repo, form.IDs); err != nil {
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
|
|
ctx.Status(http.StatusNoContent)
|
|
}
|
|
|
|
func MergeUpstream(ctx *context.APIContext) {
|
|
// swagger:operation POST /repos/{owner}/{repo}/merge-upstream repository repoMergeUpstream
|
|
// ---
|
|
// summary: Merge a branch from upstream
|
|
// produces:
|
|
// - application/json
|
|
// parameters:
|
|
// - name: owner
|
|
// in: path
|
|
// description: owner of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: repo
|
|
// in: path
|
|
// description: name of the repo
|
|
// type: string
|
|
// required: true
|
|
// - name: body
|
|
// in: body
|
|
// schema:
|
|
// "$ref": "#/definitions/MergeUpstreamRequest"
|
|
// responses:
|
|
// "200":
|
|
// "$ref": "#/responses/MergeUpstreamResponse"
|
|
// "400":
|
|
// "$ref": "#/responses/error"
|
|
// "404":
|
|
// "$ref": "#/responses/notFound"
|
|
form := web.GetForm(ctx).(*api.MergeUpstreamRequest)
|
|
mergeStyle, err := repo_service.MergeUpstream(ctx, ctx.Doer, ctx.Repo.Repository, form.Branch, form.FfOnly)
|
|
if err != nil {
|
|
if errors.Is(err, util.ErrInvalidArgument) {
|
|
ctx.APIError(http.StatusBadRequest, err)
|
|
return
|
|
} else if errors.Is(err, util.ErrNotExist) {
|
|
ctx.APIError(http.StatusNotFound, err)
|
|
return
|
|
}
|
|
ctx.APIErrorInternal(err)
|
|
return
|
|
}
|
|
ctx.JSON(http.StatusOK, &api.MergeUpstreamResponse{MergeStyle: mergeStyle})
|
|
}
|