forgejo-federation/cmd/forgejo/actions.go
Emmanuel BENOÎT fdb1874ada feat(cli): add --keep-labels flag to forgejo actions register (#4610)
This commit adds a new flag, `--keep-labels`, to the runner registration CLI command. If this flag is present and the runner being registered already exists, it will prevent the runners' labels from being reset.

In order to accomplish this, the signature of the `RegisterRunner` function from the `models/actions` package has been modified so that the labels argument can be nil. If it is, the part of the function that updates the record will not change the runner.

Various tests have been added for this function, for the following cases: new runner with labels, new runner without label, existing runner with labels, existing runner without labels.

The flag has been added to the CLI command, the action function has been updated to read the labels parameters through a separate function (`getLabels`), and test cases for this function have been added.

<!--
Before submitting a PR, please read the contributing guidelines:
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING.md
-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4610
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Emmanuel BENOÎT <tseeker@nocternity.net>
Co-committed-by: Emmanuel BENOÎT <tseeker@nocternity.net>
2024-07-22 07:33:45 +00:00

242 lines
6.5 KiB
Go

// Copyright The Forgejo Authors.
// SPDX-License-Identifier: MIT
package forgejo
import (
"context"
"encoding/hex"
"fmt"
"io"
"os"
"strings"
actions_model "code.gitea.io/gitea/models/actions"
"code.gitea.io/gitea/modules/private"
"code.gitea.io/gitea/modules/setting"
private_routers "code.gitea.io/gitea/routers/private"
"github.com/urfave/cli/v2"
)
func CmdActions(ctx context.Context) *cli.Command {
return &cli.Command{
Name: "actions",
Usage: "Commands for managing Forgejo Actions",
Subcommands: []*cli.Command{
SubcmdActionsGenerateRunnerToken(ctx),
SubcmdActionsGenerateRunnerSecret(ctx),
SubcmdActionsRegister(ctx),
},
}
}
func SubcmdActionsGenerateRunnerToken(ctx context.Context) *cli.Command {
return &cli.Command{
Name: "generate-runner-token",
Usage: "Generate a new token for a runner to use to register with the server",
Before: prepareWorkPathAndCustomConf(ctx),
Action: func(cliCtx *cli.Context) error { return RunGenerateActionsRunnerToken(ctx, cliCtx) },
Flags: []cli.Flag{
&cli.StringFlag{
Name: "scope",
Aliases: []string{"s"},
Value: "",
Usage: "{owner}[/{repo}] - leave empty for a global runner",
},
},
}
}
func SubcmdActionsGenerateRunnerSecret(ctx context.Context) *cli.Command {
return &cli.Command{
Name: "generate-secret",
Usage: "Generate a secret suitable for input to the register subcommand",
Action: func(cliCtx *cli.Context) error { return RunGenerateSecret(ctx, cliCtx) },
}
}
func SubcmdActionsRegister(ctx context.Context) *cli.Command {
return &cli.Command{
Name: "register",
Usage: "Idempotent registration of a runner using a shared secret",
Before: prepareWorkPathAndCustomConf(ctx),
Action: func(cliCtx *cli.Context) error { return RunRegister(ctx, cliCtx) },
Flags: []cli.Flag{
&cli.StringFlag{
Name: "secret",
Usage: "the secret the runner will use to connect as a 40 character hexadecimal string",
},
&cli.StringFlag{
Name: "secret-stdin",
Usage: "the secret the runner will use to connect as a 40 character hexadecimal string, read from stdin",
},
&cli.StringFlag{
Name: "secret-file",
Usage: "path to the file containing the secret the runner will use to connect as a 40 character hexadecimal string",
},
&cli.StringFlag{
Name: "scope",
Aliases: []string{"s"},
Value: "",
Usage: "{owner}[/{repo}] - leave empty for a global runner",
},
&cli.StringFlag{
Name: "labels",
Value: "",
Usage: "comma separated list of labels supported by the runner (e.g. docker,ubuntu-latest,self-hosted) (not required since v1.21)",
},
&cli.BoolFlag{
Name: "keep-labels",
Value: false,
Usage: "do not affect the labels when updating an existing runner",
},
&cli.StringFlag{
Name: "name",
Value: "runner",
Usage: "name of the runner (default runner)",
},
&cli.StringFlag{
Name: "version",
Value: "",
Usage: "version of the runner (not required since v1.21)",
},
},
}
}
func readSecret(ctx context.Context, cliCtx *cli.Context) (string, error) {
if cliCtx.IsSet("secret") {
return cliCtx.String("secret"), nil
}
if cliCtx.IsSet("secret-stdin") {
buf, err := io.ReadAll(ContextGetStdin(ctx))
if err != nil {
return "", err
}
return string(buf), nil
}
if cliCtx.IsSet("secret-file") {
path := cliCtx.String("secret-file")
buf, err := os.ReadFile(path)
if err != nil {
return "", err
}
return string(buf), nil
}
return "", fmt.Errorf("at least one of the --secret, --secret-stdin, --secret-file options is required")
}
func validateSecret(secret string) error {
secretLen := len(secret)
if secretLen != 40 {
return fmt.Errorf("the secret must be exactly 40 characters long, not %d: generate-secret can provide a secret matching the requirements", secretLen)
}
if _, err := hex.DecodeString(secret); err != nil {
return fmt.Errorf("the secret must be an hexadecimal string: %w", err)
}
return nil
}
func getLabels(cliCtx *cli.Context) (*[]string, error) {
if !cliCtx.Bool("keep-labels") {
lblValue := strings.Split(cliCtx.String("labels"), ",")
return &lblValue, nil
}
if cliCtx.String("labels") != "" {
return nil, fmt.Errorf("--labels and --keep-labels should not be used together")
}
return nil, nil
}
func RunRegister(ctx context.Context, cliCtx *cli.Context) error {
var cancel context.CancelFunc
if !ContextGetNoInit(ctx) {
ctx, cancel = installSignals(ctx)
defer cancel()
if err := initDB(ctx); err != nil {
return err
}
}
setting.MustInstalled()
secret, err := readSecret(ctx, cliCtx)
if err != nil {
return err
}
if err := validateSecret(secret); err != nil {
return err
}
scope := cliCtx.String("scope")
name := cliCtx.String("name")
version := cliCtx.String("version")
labels, err := getLabels(cliCtx)
if err != nil {
return err
}
//
// There are two kinds of tokens
//
// - "registration token" only used when a runner interacts to
// register
//
// - "token" obtained after a successful registration and stored by
// the runner to authenticate
//
// The register subcommand does not need a "registration token", it
// needs a "token". Using the same name is confusing and secret is
// preferred for this reason in the cli.
//
// The ActionsRunnerRegister argument is token to be consistent with
// the internal naming. It is still confusing to the developer but
// not to the user.
//
owner, repo, err := private_routers.ParseScope(ctx, scope)
if err != nil {
return err
}
runner, err := actions_model.RegisterRunner(ctx, owner, repo, secret, labels, name, version)
if err != nil {
return fmt.Errorf("error while registering runner: %v", err)
}
if _, err := fmt.Fprintf(ContextGetStdout(ctx), "%s", runner.UUID); err != nil {
panic(err)
}
return nil
}
func RunGenerateSecret(ctx context.Context, cliCtx *cli.Context) error {
runner := actions_model.ActionRunner{}
if err := runner.GenerateToken(); err != nil {
return err
}
if _, err := fmt.Fprintf(ContextGetStdout(ctx), "%s", runner.Token); err != nil {
panic(err)
}
return nil
}
func RunGenerateActionsRunnerToken(ctx context.Context, cliCtx *cli.Context) error {
if !ContextGetNoInit(ctx) {
var cancel context.CancelFunc
ctx, cancel = installSignals(ctx)
defer cancel()
}
setting.MustInstalled()
scope := cliCtx.String("scope")
respText, extra := private.GenerateActionsRunnerToken(ctx, scope)
if extra.HasError() {
return handleCliResponseExtra(ctx, extra)
}
if _, err := fmt.Fprintf(ContextGetStdout(ctx), "%s", respText.Text); err != nil {
panic(err)
}
return nil
}