[Enhancement] Allow admin to merge pr with protected file changes (#12078)

* [Enhancement] Allow admin to merge pr with protected file changes As tilte, show protected message in diff page and merge box. Signed-off-by: a1012112796 <1012112796@qq.com> * remove unused ver * Update options/locale/locale_en-US.ini Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com> * Add TrN * Apply suggestions from code review * fix lint * Update options/locale/locale_en-US.ini Co-authored-by: zeripath <art27@cantab.net> * Apply suggestions from code review * move pr proteced files check to TestPatch * Call TestPatch when protected branches settings changed * Apply review suggestion @CirnoT * move to service @lunny * slightly restructure routers/private/hook.go Adds a lot of comments and simplifies the logic Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> * skip duplicate protected files check * fix check logic * slight refactor of TestPatch Signed-off-by: Andrew Thornton <art27@cantab.net> * When checking for protected files changes in TestPatch use the temporary repository Signed-off-by: Andrew Thornton <art27@cantab.net> * fix introduced issue with hook Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove the check on PR index being greater than 0 as it unnecessary Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
author: 赵智超 <1012112796@qq.com> 2020-10-14 02:50:57 +0800
committer: GitHub <noreply@github.com> 2020-10-13 14:50:57 -0400
commit: dfa7291f8fafd2aac032ef73a78b588e4d0e9a36 (patch)
tree: fb05581a7b1b15bc4dd5e84bb0a0eb009e6850f9 /services/pull/patch.go
parent: da32d0e72a00892553e4e9a09da19761d792ab84 (diff)
download: gitea-dfa7291f8fafd2aac032ef73a78b588e4d0e9a36.tar.gz
gitea-dfa7291f8fafd2aac032ef73a78b588e4d0e9a36.zip
1 files changed, 145 insertions, 11 deletions
diff --git a/services/pull/patch.go b/services/pull/patch.go
index 9b894b781c..2692d848c4 100644
--- a/services/pull/patch.go
+++ b/services/pull/patch.go
@@ -18,6 +18,8 @@ import (
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/util"
+
+	"github.com/gobwas/glob"
 )
 
 // DownloadDiffOrPatch will write the patch for the pr to the writer
@@ -66,6 +68,7 @@ func TestPatch(pr *models.PullRequest) error {
 	}
 	defer gitRepo.Close()
 
+	// 1. update merge base
 	pr.MergeBase, err = git.NewCommand("merge-base", "--", "base", "tracking").RunInDir(tmpBasePath)
 	if err != nil {
 		var err2 error
@@ -75,10 +78,32 @@ func TestPatch(pr *models.PullRequest) error {
 		}
 	}
 	pr.MergeBase = strings.TrimSpace(pr.MergeBase)
+
+	// 2. Check for conflicts
+	if conflicts, err := checkConflicts(pr, gitRepo, tmpBasePath); err != nil || conflicts {
+		return err
+	}
+
+	// 3. Check for protected files changes
+	if err = checkPullFilesProtection(pr, gitRepo); err != nil {
+		return fmt.Errorf("pr.CheckPullFilesProtection(): %v", err)
+	}
+
+	if len(pr.ChangedProtectedFiles) > 0 {
+		log.Trace("Found %d protected files changed", len(pr.ChangedProtectedFiles))
+	}
+
+	pr.Status = models.PullRequestStatusMergeable
+
+	return nil
+}
+
+func checkConflicts(pr *models.PullRequest, gitRepo *git.Repository, tmpBasePath string) (bool, error) {
+	// 1. Create a plain patch from head to base
 	tmpPatchFile, err := ioutil.TempFile("", "patch")
 	if err != nil {
 		log.Error("Unable to create temporary patch file! Error: %v", err)
-		return fmt.Errorf("Unable to create temporary patch file! Error: %v", err)
+		return false, fmt.Errorf("Unable to create temporary patch file! Error: %v", err)
 	}
 	defer func() {
 		_ = util.Remove(tmpPatchFile.Name())
@@ -87,38 +112,43 @@ func TestPatch(pr *models.PullRequest) error {
 	if err := gitRepo.GetDiff(pr.MergeBase, "tracking", tmpPatchFile); err != nil {
 		tmpPatchFile.Close()
 		log.Error("Unable to get patch file from %s to %s in %s Error: %v", pr.MergeBase, pr.HeadBranch, pr.BaseRepo.FullName(), err)
-		return fmt.Errorf("Unable to get patch file from %s to %s in %s Error: %v", pr.MergeBase, pr.HeadBranch, pr.BaseRepo.FullName(), err)
+		return false, fmt.Errorf("Unable to get patch file from %s to %s in %s Error: %v", pr.MergeBase, pr.HeadBranch, pr.BaseRepo.FullName(), err)
 	}
 	stat, err := tmpPatchFile.Stat()
 	if err != nil {
 		tmpPatchFile.Close()
-		return fmt.Errorf("Unable to stat patch file: %v", err)
+		return false, fmt.Errorf("Unable to stat patch file: %v", err)
 	}
 	patchPath := tmpPatchFile.Name()
 	tmpPatchFile.Close()
 
+	// 1a. if the size of that patch is 0 - there can be no conflicts!
 	if stat.Size() == 0 {
 		log.Debug("PullRequest[%d]: Patch is empty - ignoring", pr.ID)
 		pr.Status = models.PullRequestStatusMergeable
 		pr.ConflictedFiles = []string{}
-		return nil
+		return false, nil
 	}
 
 	log.Trace("PullRequest[%d].testPatch (patchPath): %s", pr.ID, patchPath)
 
+	// 2. preset the pr.Status as checking (this is not save at present)
 	pr.Status = models.PullRequestStatusChecking
 
+	// 3. Read the base branch in to the index of the temporary repository
 	_, err = git.NewCommand("read-tree", "base").RunInDir(tmpBasePath)
 	if err != nil {
-		return fmt.Errorf("git read-tree %s: %v", pr.BaseBranch, err)
+		return false, fmt.Errorf("git read-tree %s: %v", pr.BaseBranch, err)
 	}
 
+	// 4. Now get the pull request configuration to check if we need to ignore whitespace
 	prUnit, err := pr.BaseRepo.GetUnit(models.UnitTypePullRequests)
 	if err != nil {
-		return err
+		return false, err
 	}
 	prConfig := prUnit.PullRequestsConfig()
 
+	// 5. Prepare the arguments to apply the patch against the index
 	args := []string{"apply", "--check", "--cached"}
 	if prConfig.IgnoreWhitespaceConflicts {
 		args = append(args, "--ignore-whitespace")
@@ -126,26 +156,44 @@ func TestPatch(pr *models.PullRequest) error {
 	args = append(args, patchPath)
 	pr.ConflictedFiles = make([]string, 0, 5)
 
+	// 6. Prep the pipe:
+	//   - Here we could do the equivalent of:
+	//  `git apply --check --cached patch_file > conflicts`
+	//     Then iterate through the conflicts. However, that means storing all the conflicts
+	//     in memory - which is very wasteful.
+	//   - alternatively we can do the equivalent of:
+	//  `git apply --check ... | grep ...`
+	//     meaning we don't store all of the conflicts unnecessarily.
 	stderrReader, stderrWriter, err := os.Pipe()
 	if err != nil {
 		log.Error("Unable to open stderr pipe: %v", err)
-		return fmt.Errorf("Unable to open stderr pipe: %v", err)
+		return false, fmt.Errorf("Unable to open stderr pipe: %v", err)
 	}
 	defer func() {
 		_ = stderrReader.Close()
 		_ = stderrWriter.Close()
 	}()
+
+	// 7. Run the check command
 	conflict := false
 	err = git.NewCommand(args...).
 		RunInDirTimeoutEnvFullPipelineFunc(
 			nil, -1, tmpBasePath,
 			nil, stderrWriter, nil,
 			func(ctx context.Context, cancel context.CancelFunc) error {
+				// Close the writer end of the pipe to begin processing
 				_ = stderrWriter.Close()
+				defer func() {
+					// Close the reader on return to terminate the git command if necessary
+					_ = stderrReader.Close()
+				}()
+
 				const prefix = "error: patch failed:"
 				const errorPrefix = "error: "
+
 				conflictMap := map[string]bool{}
 
+				// Now scan the output from the command
 				scanner := bufio.NewScanner(stderrReader)
 				for scanner.Scan() {
 					line := scanner.Text()
@@ -170,25 +218,111 @@ func TestPatch(pr *models.PullRequest) error {
 						break
 					}
 				}
+
 				if len(conflictMap) > 0 {
 					pr.ConflictedFiles = make([]string, 0, len(conflictMap))
 					for key := range conflictMap {
 						pr.ConflictedFiles = append(pr.ConflictedFiles, key)
 					}
 				}
-				_ = stderrReader.Close()
+
 				return nil
 			})
 
+	// 8. If there is a conflict the `git apply` command will return a non-zero error code - so there will be a positive error.
 	if err != nil {
 		if conflict {
 			pr.Status = models.PullRequestStatusConflict
 			log.Trace("Found %d files conflicted: %v", len(pr.ConflictedFiles), pr.ConflictedFiles)
-			return nil
+
+			return true, nil
 		}
-		return fmt.Errorf("git apply --check: %v", err)
+		return false, fmt.Errorf("git apply --check: %v", err)
 	}
-	pr.Status = models.PullRequestStatusMergeable
+	return false, nil
+}
+
+// CheckFileProtection check file Protection
+func CheckFileProtection(oldCommitID, newCommitID string, patterns []glob.Glob, limit int, env []string, repo *git.Repository) ([]string, error) {
+	// 1. If there are no patterns short-circuit and just return nil
+	if len(patterns) == 0 {
+		return nil, nil
+	}
+
+	// 2. Prep the pipe
+	stdoutReader, stdoutWriter, err := os.Pipe()
+	if err != nil {
+		log.Error("Unable to create os.Pipe for %s", repo.Path)
+		return nil, err
+	}
+	defer func() {
+		_ = stdoutReader.Close()
+		_ = stdoutWriter.Close()
+	}()
+
+	changedProtectedFiles := make([]string, 0, limit)
 
+	// 3. Run `git diff --name-only` to get the names of the changed files
+	err = git.NewCommand("diff", "--name-only", oldCommitID, newCommitID).
+		RunInDirTimeoutEnvFullPipelineFunc(env, -1, repo.Path,
+			stdoutWriter, nil, nil,
+			func(ctx context.Context, cancel context.CancelFunc) error {
+				// Close the writer end of the pipe to begin processing
+				_ = stdoutWriter.Close()
+				defer func() {
+					// Close the reader on return to terminate the git command if necessary
+					_ = stdoutReader.Close()
+				}()
+
+				// Now scan the output from the command
+				scanner := bufio.NewScanner(stdoutReader)
+				for scanner.Scan() {
+					path := strings.TrimSpace(scanner.Text())
+					if len(path) == 0 {
+						continue
+					}
+					lpath := strings.ToLower(path)
+					for _, pat := range patterns {
+						if pat.Match(lpath) {
+							changedProtectedFiles = append(changedProtectedFiles, path)
+							break
+						}
+					}
+					if len(changedProtectedFiles) >= limit {
+						break
+					}
+				}
+
+				if len(changedProtectedFiles) > 0 {
+					return models.ErrFilePathProtected{
+						Path: changedProtectedFiles[0],
+					}
+				}
+				return scanner.Err()
+			})
+	// 4. log real errors if there are any...
+	if err != nil && !models.IsErrFilePathProtected(err) {
+		log.Error("Unable to check file protection for commits from %s to %s in %s: %v", oldCommitID, newCommitID, repo.Path, err)
+	}
+
+	return changedProtectedFiles, err
+}
+
+// checkPullFilesProtection check if pr changed protected files and save results
+func checkPullFilesProtection(pr *models.PullRequest, gitRepo *git.Repository) error {
+	if err := pr.LoadProtectedBranch(); err != nil {
+		return err
+	}
+
+	if pr.ProtectedBranch == nil {
+		pr.ChangedProtectedFiles = nil
+		return nil
+	}
+
+	var err error
+	pr.ChangedProtectedFiles, err = CheckFileProtection(pr.MergeBase, "tracking", pr.ProtectedBranch.GetProtectedFilePatterns(), 10, os.Environ(), gitRepo)
+	if err != nil && !models.IsErrFilePathProtected(err) {
+		return err
+	}
 	return nil
 }
author	赵智超 <1012112796@qq.com>	2020-10-14 02:50:57 +0800
committer	GitHub <noreply@github.com>	2020-10-13 14:50:57 -0400
commit	dfa7291f8fafd2aac032ef73a78b588e4d0e9a36 (patch)
tree	fb05581a7b1b15bc4dd5e84bb0a0eb009e6850f9 /services/pull/patch.go
parent	da32d0e72a00892553e4e9a09da19761d792ab84 (diff)
download	gitea-dfa7291f8fafd2aac032ef73a78b588e4d0e9a36.tar.gz gitea-dfa7291f8fafd2aac032ef73a78b588e4d0e9a36.zip