debian-mirror-gitlab/lib/api/ci/jobs.rb
2023-03-17 16:20:25 +05:30

314 lines
12 KiB
Ruby

# frozen_string_literal: true
module API
module Ci
class Jobs < ::API::Base
include PaginationParams
helpers ::API::Helpers::ProjectStatsRefreshConflictsHelpers
before { authenticate! }
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
params do
requires :id, types: [String, Integer], desc: 'The ID or URL-encoded path of the project'
end
helpers do
params :optional_scope do
optional :scope, type: Array[String], desc: 'The scope of builds to show',
values: ::CommitStatus::AVAILABLE_STATUSES,
coerce_with: ->(scope) {
case scope
when String
[scope]
when ::Hash
scope.values
when ::Array
scope
else
['unknown']
end
},
documentation: { example: %w[pending running] }
end
end
desc 'Get a projects jobs' do
success code: 200, model: Entities::Ci::Job
failure [
{ code: 401, message: 'Unauthorized' },
{ code: 403, message: 'Forbidden' },
{ code: 404, message: 'Not found' }
]
is_array true
end
params do
use :optional_scope
use :pagination
end
# rubocop: disable CodeReuse/ActiveRecord
get ':id/jobs', urgency: :low, feature_category: :continuous_integration do
check_rate_limit!(:jobs_index, scope: current_user) if enforce_jobs_api_rate_limits(@project)
authorize_read_builds!
builds = user_project.builds.order(id: :desc)
builds = filter_builds(builds, params[:scope])
builds = builds.preload(:user, :job_artifacts_archive, :job_artifacts, :runner, :tags, pipeline: :project)
if Feature.enabled?(:jobs_api_keyset_pagination, user_project)
present paginate_with_strategies(builds, paginator_params: { without_count: true }), with: Entities::Ci::Job
else
present paginate(builds, without_count: true), with: Entities::Ci::Job
end
end
# rubocop: enable CodeReuse/ActiveRecord
desc 'Get a specific job of a project' do
success code: 200, model: Entities::Ci::Job
failure [
{ code: 401, message: 'Unauthorized' },
{ code: 403, message: 'Forbidden' },
{ code: 404, message: 'Not found' }
]
end
params do
requires :job_id, type: Integer, desc: 'The ID of a job', documentation: { example: 88 }
end
get ':id/jobs/:job_id', urgency: :low, feature_category: :continuous_integration do
authorize_read_builds!
build = find_build!(params[:job_id])
present build, with: Entities::Ci::Job
end
# TODO: We should use `present_disk_file!` and leave this implementation for backward compatibility (when build trace
# is saved in the DB instead of file). But before that, we need to consider how to replace the value of
# `runners_token` with some mask (like `xxxxxx`) when sending trace file directly by workhorse.
desc 'Get a trace of a specific job of a project' do
success code: 200, model: Entities::Ci::Job
failure [
{ code: 401, message: 'Unauthorized' },
{ code: 403, message: 'Forbidden' },
{ code: 404, message: 'Not found' }
]
end
params do
requires :job_id, type: Integer, desc: 'The ID of a job', documentation: { example: 88 }
end
get ':id/jobs/:job_id/trace', urgency: :low, feature_category: :continuous_integration do
authorize_read_builds!
build = find_build!(params[:job_id])
authorize_read_build_trace!(build) if build
header 'Content-Disposition', "infile; filename=\"#{build.id}.log\""
content_type 'text/plain'
env['api.format'] = :binary
# The trace can be nil bu body method expects a string as an argument.
trace = build.trace.raw || ''
body trace
end
desc 'Cancel a specific job of a project' do
success code: 201, model: Entities::Ci::Job
failure [
{ code: 401, message: 'Unauthorized' },
{ code: 403, message: 'Forbidden' },
{ code: 404, message: 'Not found' }
]
end
params do
requires :job_id, type: Integer, desc: 'The ID of a job', documentation: { example: 88 }
end
post ':id/jobs/:job_id/cancel', urgency: :low, feature_category: :continuous_integration do
authorize_update_builds!
build = find_build!(params[:job_id])
authorize!(:update_build, build)
build.cancel
present build, with: Entities::Ci::Job
end
desc 'Retry a specific build of a project' do
success code: 201, model: Entities::Ci::Job
failure [
{ code: 401, message: 'Unauthorized' },
{ code: 403, message: 'Forbidden' },
{ code: 404, message: 'Not found' }
]
end
params do
requires :job_id, type: Integer, desc: 'The ID of a build', documentation: { example: 88 }
end
post ':id/jobs/:job_id/retry', urgency: :low, feature_category: :continuous_integration do
authorize_update_builds!
build = find_build!(params[:job_id])
authorize!(:update_build, build)
response = ::Ci::RetryJobService.new(@project, current_user).execute(build)
if response.success?
present response[:job], with: Entities::Ci::Job
else
forbidden!('Job is not retryable')
end
end
desc 'Erase job (remove artifacts and the trace)' do
success code: 201, model: Entities::Ci::Job
failure [
{ code: 401, message: 'Unauthorized' },
{ code: 403, message: 'Forbidden' },
{ code: 404, message: 'Not found' },
{ code: 409, message: 'Conflict' }
]
end
params do
requires :job_id, type: Integer, desc: 'The ID of a build', documentation: { example: 88 }
end
post ':id/jobs/:job_id/erase', urgency: :low, feature_category: :continuous_integration do
authorize_update_builds!
build = find_build!(params[:job_id])
authorize!(:erase_build, build)
break forbidden!('Job is not erasable!') unless build.erasable?
reject_if_build_artifacts_size_refreshing!(build.project)
::Ci::BuildEraseService.new(build, current_user).execute
present build, with: Entities::Ci::Job
end
desc 'Trigger an actionable job (manual, delayed, etc)' do
detail 'This feature was added in GitLab 8.11'
success code: 200, model: Entities::Ci::JobBasic
failure [
{ code: 400, message: 'Bad request' },
{ code: 401, message: 'Unauthorized' },
{ code: 403, message: 'Forbidden' },
{ code: 404, message: 'Not found' }
]
end
params do
requires :job_id, type: Integer, desc: 'The ID of a Job', documentation: { example: 88 }
optional :job_variables_attributes,
type: Array, desc: 'User defined variables that will be included when running the job' do
requires :key, type: String, desc: 'The name of the variable', documentation: { example: 'foo' }
requires :value, type: String, desc: 'The value of the variable', documentation: { example: 'bar' }
end
end
post ':id/jobs/:job_id/play', urgency: :low, feature_category: :continuous_integration do
authorize_read_builds!
job = find_job!(params[:job_id])
authorize!(:play_job, job)
bad_request!("Unplayable Job") unless job.playable?
job.play(current_user, params[:job_variables_attributes])
status 200
if job.is_a?(::Ci::Build)
present job, with: Entities::Ci::Job
else
present job, with: Entities::Ci::Bridge
end
end
end
resource :job do
desc 'Get current job using job token' do
success code: 200, model: Entities::Ci::Job
failure [
{ code: 400, message: 'Bad request' },
{ code: 401, message: 'Unauthorized' },
{ code: 404, message: 'Not found' }
]
end
route_setting :authentication, job_token_allowed: true
get '', feature_category: :continuous_integration, urgency: :low do
validate_current_authenticated_job
present current_authenticated_job, with: Entities::Ci::Job
end
desc 'Get current agents' do
detail 'Retrieves a list of agents for the given job token'
success code: 200, model: Entities::Ci::Job
failure [
{ code: 400, message: 'Bad request' },
{ code: 401, message: 'Unauthorized' },
{ code: 404, message: 'Not found' }
]
end
route_setting :authentication, job_token_allowed: true
get '/allowed_agents', urgency: :low, feature_category: :kubernetes_management do
validate_current_authenticated_job
status 200
pipeline = current_authenticated_job.pipeline
project = current_authenticated_job.project
project_groups = project.group&.self_and_ancestor_ids&.map { |id| { id: id } } || []
user_access_level = project.team.max_member_access(current_user.id)
roles_in_project = Gitlab::Access.sym_options_with_owner
.select { |_role, role_access_level| role_access_level <= user_access_level }
.map(&:first)
persisted_environment = current_authenticated_job.actual_persisted_environment
environment = { tier: persisted_environment.tier, slug: persisted_environment.slug } if persisted_environment
agent_authorizations = ::Clusters::Agents::FilterAuthorizationsService.new(
::Clusters::AgentAuthorizationsFinder.new(project).execute,
environment: persisted_environment&.name
).execute
# See https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/blob/master/doc/kubernetes_ci_access.md#apiv4joballowed_agents-api
{
allowed_agents: Entities::Clusters::AgentAuthorization.represent(agent_authorizations),
job: { id: current_authenticated_job.id },
pipeline: { id: pipeline.id },
project: { id: project.id, groups: project_groups },
user: { id: current_user.id, username: current_user.username, roles_in_project: roles_in_project },
environment: environment
}.compact
end
end
helpers do
# rubocop: disable CodeReuse/ActiveRecord
def filter_builds(builds, scope)
return builds if scope.nil? || scope.empty?
available_statuses = ::CommitStatus::AVAILABLE_STATUSES
unknown = scope - available_statuses
render_api_error!('Scope contains invalid value(s)', 400) unless unknown.empty?
builds.where(status: available_statuses && scope)
end
# rubocop: enable CodeReuse/ActiveRecord
def validate_current_authenticated_job
# current_authenticated_job will be nil if user is using
# a valid authentication (like PRIVATE-TOKEN) that is not CI_JOB_TOKEN
not_found!('Job') unless current_authenticated_job
::Gitlab::ApplicationContext.push(job: current_authenticated_job)
end
end
end
end
end