53 lines
1.6 KiB
Ruby
53 lines
1.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class DisableJobTokenScopeWhenUnused < Gitlab::Database::Migration[1.0]
|
|
disable_ddl_transaction!
|
|
|
|
class ProjectCiCdSetting < ApplicationRecord
|
|
include EachBatch
|
|
|
|
self.table_name = 'project_ci_cd_settings'
|
|
end
|
|
|
|
module Ci
|
|
module JobToken
|
|
class ProjectScopeLink < ApplicationRecord
|
|
self.table_name = 'ci_job_token_project_scope_links'
|
|
end
|
|
end
|
|
end
|
|
|
|
def up
|
|
# Disabling job token scope after db/migrate/20210902171808_set_default_job_token_scope_false.rb
|
|
# if users haven't configured it.
|
|
ProjectCiCdSetting.each_batch(of: 10_000) do |settings|
|
|
with_enabled_but_unused_scope(settings).each_batch(of: 500) do |settings_to_update|
|
|
settings_to_update.update_all(job_token_scope_enabled: false)
|
|
end
|
|
end
|
|
end
|
|
|
|
def down
|
|
# irreversible data migration
|
|
|
|
# The migration relies on the state of `job_token_scope_enabled` and
|
|
# updates it based on whether the feature is used or not.
|
|
#
|
|
# The inverse migration would be to set `job_token_scope_enabled: true`
|
|
# for those projects that have the feature disabled and unused. But there
|
|
# could be also existing cases where the feature is disabled and unused.
|
|
# For example, old projects.
|
|
end
|
|
|
|
private
|
|
|
|
# The presence of ProjectScopeLinks means that the job token scope
|
|
# is configured and we need to leave it enabled. Unused job token scope
|
|
# can be disabled since they weren't configured.
|
|
def with_enabled_but_unused_scope(settings)
|
|
settings
|
|
.where(job_token_scope_enabled: true)
|
|
.where.not(project_id: Ci::JobToken::ProjectScopeLink.select(:source_project_id))
|
|
end
|
|
end
|