283 lines
10 KiB
Ruby
283 lines
10 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
# The endpoints by default return `404` in preparation for their removal
|
|
# (also see comment above `#reversible_end_of_life!`).
|
|
# https://gitlab.com/gitlab-org/gitlab/-/issues/362168
|
|
#
|
|
# These endpoints partially mimic Github API behavior in order to successfully
|
|
# integrate with Jira Development Panel.
|
|
module API
|
|
module V3
|
|
class Github < ::API::Base
|
|
NO_SLASH_URL_PART_REGEX = %r{[^/]+}.freeze
|
|
ENDPOINT_REQUIREMENTS = {
|
|
namespace: NO_SLASH_URL_PART_REGEX,
|
|
project: NO_SLASH_URL_PART_REGEX,
|
|
username: NO_SLASH_URL_PART_REGEX
|
|
}.freeze
|
|
|
|
# Used to differentiate Jira Cloud requests from Jira Server requests
|
|
# Jira Cloud user agent format: Jira DVCS Connector Vertigo/version
|
|
# Jira Server user agent format: Jira DVCS Connector/version
|
|
JIRA_DVCS_CLOUD_USER_AGENT = 'Jira DVCS Connector Vertigo'
|
|
|
|
GITALY_TIMEOUT_CACHE_KEY = 'api:v3:Gitaly-timeout-cache-key'
|
|
GITALY_TIMEOUT_CACHE_EXPIRY = 1.day
|
|
|
|
include PaginationParams
|
|
|
|
feature_category :integrations
|
|
|
|
before do
|
|
reversible_end_of_life!
|
|
|
|
authorize_jira_user_agent!(request)
|
|
authenticate!
|
|
end
|
|
|
|
helpers do
|
|
params :project_full_path do
|
|
requires :namespace, type: String
|
|
requires :project, type: String
|
|
end
|
|
|
|
# The endpoints in this class have been deprecated since 15.1.
|
|
#
|
|
# Due to uncertainty about the impact of a full removal in 16.0, all endpoints return `404`
|
|
# by default but we allow customers to toggle a flag to reverse this breaking change.
|
|
# See https://gitlab.com/gitlab-org/gitlab/-/issues/362168#note_1347692683.
|
|
#
|
|
# TODO Make the breaking change irreversible https://gitlab.com/gitlab-org/gitlab/-/issues/408148.
|
|
def reversible_end_of_life!
|
|
not_found! unless Feature.enabled?(:jira_dvcs_end_of_life_amnesty)
|
|
end
|
|
|
|
def authorize_jira_user_agent!(request)
|
|
not_found! unless Gitlab::Jira::Middleware.jira_dvcs_connector?(request.env)
|
|
end
|
|
|
|
def update_project_feature_usage_for(project)
|
|
# Prevent errors on GitLab Geo not allowing
|
|
# UPDATE statements to happen in GET requests.
|
|
return if Gitlab::Database.read_only?
|
|
|
|
project.log_jira_dvcs_integration_usage(cloud: jira_cloud?)
|
|
end
|
|
|
|
def jira_cloud?
|
|
request.env['HTTP_USER_AGENT'].include?(JIRA_DVCS_CLOUD_USER_AGENT)
|
|
end
|
|
|
|
def find_project_with_access(params)
|
|
project = find_project!(
|
|
::Gitlab::Jira::Dvcs.restore_full_path(**params.slice(:namespace, :project).symbolize_keys)
|
|
)
|
|
not_found! unless can?(current_user, :read_code, project)
|
|
project
|
|
end
|
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
|
def find_merge_requests
|
|
merge_requests = authorized_merge_requests.reorder(updated_at: :desc)
|
|
paginate(merge_requests)
|
|
end
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
|
def find_merge_request_with_access(id, access_level = :read_merge_request)
|
|
merge_request = authorized_merge_requests.find_by(id: id)
|
|
not_found! unless can?(current_user, access_level, merge_request)
|
|
merge_request
|
|
end
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
|
|
|
def authorized_merge_requests
|
|
MergeRequestsFinder.new(current_user, authorized_only: !current_user.can_read_all_resources?)
|
|
.execute.with_jira_integration_associations
|
|
end
|
|
|
|
def authorized_merge_requests_for_project(project)
|
|
MergeRequestsFinder
|
|
.new(current_user, authorized_only: !current_user.can_read_all_resources?, project_id: project.id)
|
|
.execute.with_jira_integration_associations
|
|
end
|
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
|
def find_notes(noteable)
|
|
# They're not presented on Jira Dev Panel ATM. A comments count with a
|
|
# redirect link is presented.
|
|
notes = paginate(noteable.notes.user.reorder(nil))
|
|
notes.select { |n| n.readable_by?(current_user) }
|
|
end
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
|
|
|
# Returns an empty Array instead of the Commit diff files for a period
|
|
# of time after a Gitaly timeout, to mitigate frequent Gitaly timeouts
|
|
# for some Commit diffs.
|
|
def diff_files(commit)
|
|
cache_key = [
|
|
GITALY_TIMEOUT_CACHE_KEY,
|
|
commit.project.id,
|
|
commit.cache_key
|
|
].join(':')
|
|
|
|
return [] if Rails.cache.read(cache_key).present?
|
|
|
|
begin
|
|
commit.diffs.diff_files
|
|
rescue GRPC::DeadlineExceeded => error
|
|
# Gitaly fails to load diffs consistently for some commits. The other information
|
|
# is still valuable for Jira. So we skip the loading and respond with a 200 excluding diffs
|
|
# Remove this when https://gitlab.com/gitlab-org/gitaly/-/issues/3741 is fixed.
|
|
Rails.cache.write(cache_key, 1, expires_in: GITALY_TIMEOUT_CACHE_EXPIRY)
|
|
Gitlab::ErrorTracking.track_exception(error)
|
|
[]
|
|
end
|
|
end
|
|
end
|
|
|
|
resource :orgs do
|
|
get ':namespace/repos' do
|
|
present []
|
|
end
|
|
end
|
|
|
|
resource :user do
|
|
get :repos do
|
|
present []
|
|
end
|
|
end
|
|
|
|
resource :users do
|
|
params do
|
|
use :pagination
|
|
end
|
|
|
|
get ':namespace/repos' do
|
|
namespace = Namespace.find_by_full_path(params[:namespace])
|
|
not_found!('Namespace') unless namespace
|
|
|
|
projects = current_user.can_read_all_resources? ? Project.all : current_user.authorized_projects
|
|
projects = projects.in_namespace(namespace.self_and_descendants)
|
|
|
|
projects_cte = Project.wrap_with_cte(projects)
|
|
.eager_load_namespace_and_owner
|
|
.with_route
|
|
|
|
present paginate(projects_cte),
|
|
with: ::API::Github::Entities::Repository,
|
|
root_namespace: namespace.root_ancestor
|
|
end
|
|
|
|
get ':username' do
|
|
forbidden! unless can?(current_user, :read_users_list)
|
|
user = UsersFinder.new(current_user, { username: params[:username] }).execute.first
|
|
not_found! unless user
|
|
present user, with: ::API::Github::Entities::User
|
|
end
|
|
end
|
|
|
|
# Jira dev panel integration weirdly requests for "/-/jira/pulls" instead
|
|
# "/api/v3/repos/<namespace>/<project>/pulls". This forces us into
|
|
# returning _all_ Merge Requests from authorized projects (user is a member),
|
|
# instead just the authorized MRs from a project.
|
|
# Jira handles the filtering, presenting just MRs mentioning the Jira
|
|
# issue ID on the MR title / description.
|
|
resource :repos do
|
|
# Keeping for backwards compatibility with old Jira integration instructions
|
|
# so that users that do not change it will not suddenly have a broken integration
|
|
get '/-/jira/pulls' do
|
|
present find_merge_requests, with: ::API::Github::Entities::PullRequest
|
|
end
|
|
|
|
get '/-/jira/events' do
|
|
present []
|
|
end
|
|
|
|
params do
|
|
use :project_full_path
|
|
end
|
|
# TODO Remove the custom Apdex SLO target `urgency: :low` when this endpoint has been optimised.
|
|
# https://gitlab.com/gitlab-org/gitlab/-/issues/337269
|
|
get ':namespace/:project/pulls', urgency: :low do
|
|
user_project = find_project_with_access(params)
|
|
|
|
merge_requests = authorized_merge_requests_for_project(user_project)
|
|
|
|
present paginate(merge_requests), with: ::API::Github::Entities::PullRequest
|
|
end
|
|
|
|
params do
|
|
use :project_full_path
|
|
end
|
|
get ':namespace/:project/pulls/:id' do
|
|
merge_request = find_merge_request_with_access(params[:id])
|
|
|
|
present merge_request, with: ::API::Github::Entities::PullRequest
|
|
end
|
|
|
|
# In Github, each Merge Request is automatically also an issue.
|
|
# Therefore we return its comments here.
|
|
# It'll present _just_ the comments counting with a link to GitLab on
|
|
# Jira dev panel, not the actual note content.
|
|
get ':namespace/:project/issues/:id/comments' do
|
|
merge_request = find_merge_request_with_access(params[:id])
|
|
|
|
present find_notes(merge_request), with: ::API::Github::Entities::NoteableComment
|
|
end
|
|
|
|
# This refer to "review" comments but Jira dev panel doesn't seem to
|
|
# present it accordingly.
|
|
get ':namespace/:project/pulls/:id/comments' do
|
|
present []
|
|
end
|
|
|
|
# Commits are not presented within "Pull Requests" modal on Jira dev
|
|
# panel.
|
|
get ':namespace/:project/pulls/:id/commits' do
|
|
present []
|
|
end
|
|
|
|
# Self-hosted Jira (tested on 7.11.1) requests this endpoint right
|
|
# after fetching branches.
|
|
get ':namespace/:project/events' do
|
|
user_project = find_project_with_access(params)
|
|
|
|
merge_requests = authorized_merge_requests_for_project(user_project)
|
|
|
|
present paginate(merge_requests), with: ::API::Github::Entities::PullRequestEvent
|
|
end
|
|
|
|
params do
|
|
use :project_full_path
|
|
use :pagination
|
|
end
|
|
# TODO Remove the custom Apdex SLO target `urgency: :low` when this endpoint has been optimised.
|
|
# https://gitlab.com/gitlab-org/gitlab/-/issues/337268
|
|
get ':namespace/:project/branches', urgency: :low do
|
|
user_project = find_project_with_access(params)
|
|
|
|
update_project_feature_usage_for(user_project)
|
|
|
|
next [] unless user_project.repo_exists?
|
|
|
|
branches = ::Kaminari.paginate_array(user_project.repository.branches.sort_by(&:name))
|
|
|
|
present paginate(branches), with: ::API::Github::Entities::Branch, project: user_project
|
|
end
|
|
|
|
params do
|
|
use :project_full_path
|
|
end
|
|
get ':namespace/:project/commits/:sha' do
|
|
user_project = find_project_with_access(params)
|
|
|
|
commit = user_project.commit(params[:sha])
|
|
not_found! 'Commit' unless commit
|
|
|
|
present commit, with: ::API::Github::Entities::RepoCommit, diff_files: diff_files(commit)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|