diff --git a/.deadcode-out b/.deadcode-out index f305839cb3..80359e7dbb 100644 --- a/.deadcode-out +++ b/.deadcode-out @@ -22,7 +22,6 @@ package "code.gitea.io/gitea/models/actions" func (ScheduleList).GetRepoIDs func (ScheduleList).LoadTriggerUser func (ScheduleList).LoadRepos - func GetVariableByID package "code.gitea.io/gitea/models/asymkey" func (ErrGPGKeyAccessDenied).Error diff --git a/models/actions/runner.go b/models/actions/runner.go index 67f003387b..2381559c8d 100644 --- a/models/actions/runner.go +++ b/models/actions/runner.go @@ -252,12 +252,8 @@ func UpdateRunner(ctx context.Context, r *ActionRunner, cols ...string) error { } // DeleteRunner deletes a runner by given ID. -func DeleteRunner(ctx context.Context, id int64) error { - if _, err := GetRunnerByID(ctx, id); err != nil { - return err - } - - _, err := db.DeleteByID[ActionRunner](ctx, id) +func DeleteRunner(ctx context.Context, r *ActionRunner) error { + _, err := db.DeleteByID[ActionRunner](ctx, r.ID) return err } diff --git a/models/actions/variable.go b/models/actions/variable.go index 14ded60fac..bf3e28abab 100644 --- a/models/actions/variable.go +++ b/models/actions/variable.go @@ -6,13 +6,11 @@ package actions import ( "context" "errors" - "fmt" "strings" "code.gitea.io/gitea/models/db" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/timeutil" - "code.gitea.io/gitea/modules/util" "xorm.io/builder" ) @@ -55,28 +53,24 @@ type FindVariablesOpts struct { db.ListOptions OwnerID int64 RepoID int64 + Name string } func (opts FindVariablesOpts) ToConds() builder.Cond { cond := builder.NewCond() + // Since we now support instance-level variables, + // there is no need to check for null values for `owner_id` and `repo_id` cond = cond.And(builder.Eq{"owner_id": opts.OwnerID}) cond = cond.And(builder.Eq{"repo_id": opts.RepoID}) + + if opts.Name != "" { + cond = cond.And(builder.Eq{"name": strings.ToUpper(opts.Name)}) + } return cond } -func GetVariableByID(ctx context.Context, variableID int64) (*ActionVariable, error) { - var variable ActionVariable - has, err := db.GetEngine(ctx).Where("id=?", variableID).Get(&variable) - if err != nil { - return nil, err - } else if !has { - return nil, fmt.Errorf("variable with id %d: %w", variableID, util.ErrNotExist) - } - return &variable, nil -} - func UpdateVariable(ctx context.Context, variable *ActionVariable) (bool, error) { - count, err := db.GetEngine(ctx).ID(variable.ID).Cols("name", "data"). + count, err := db.GetEngine(ctx).ID(variable.ID).Where("owner_id = ? AND repo_id = ?", variable.OwnerID, variable.RepoID).Cols("name", "data"). Update(&ActionVariable{ Name: variable.Name, Data: variable.Data, @@ -84,6 +78,11 @@ func UpdateVariable(ctx context.Context, variable *ActionVariable) (bool, error) return count != 0, err } +func DeleteVariable(ctx context.Context, variableID, ownerID, repoID int64) (bool, error) { + count, err := db.GetEngine(ctx).Table("action_variable").Where("id = ? AND owner_id = ? AND repo_id = ?", variableID, ownerID, repoID).Delete() + return count != 0, err +} + func GetVariablesOfRun(ctx context.Context, run *ActionRun) (map[string]string, error) { variables := map[string]string{} diff --git a/modules/util/util.go b/modules/util/util.go index e4d658d7f8..b6ea283551 100644 --- a/modules/util/util.go +++ b/modules/util/util.go @@ -220,3 +220,12 @@ func Iif[T any](condition bool, trueVal, falseVal T) T { } return falseVal } + +func ReserveLineBreakForTextarea(input string) string { + // Since the content is from a form which is a textarea, the line endings are \r\n. + // It's a standard behavior of HTML. + // But we want to store them as \n like what GitHub does. + // And users are unlikely to really need to keep the \r. + // Other than this, we should respect the original content, even leading or trailing spaces. + return strings.ReplaceAll(input, "\r\n", "\n") +} diff --git a/modules/util/util_test.go b/modules/util/util_test.go index 46c8acd7ad..344f67bb7b 100644 --- a/modules/util/util_test.go +++ b/modules/util/util_test.go @@ -236,3 +236,8 @@ func TestToPointer(t *testing.T) { val123 := 123 assert.NotSame(t, &val123, ToPointer(val123)) } + +func TestReserveLineBreakForTextarea(t *testing.T) { + assert.Equal(t, "test\ndata", ReserveLineBreakForTextarea("test\r\ndata")) + assert.Equal(t, "test\ndata\n", ReserveLineBreakForTextarea("test\r\ndata\r\n")) +} diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 64566ce742..e19b09e165 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -3743,6 +3743,7 @@ variables.deletion.description = Removing a variable is permanent and cannot be variables.description = Variables will be passed to certain actions and cannot be read otherwise. variables.id_not_exist = Variable with ID %d does not exist. variables.edit = Edit Variable +variables.not_found = Failed to find the variable. variables.deletion.failed = Failed to remove variable. variables.deletion.success = The variable has been removed. variables.creation.failed = Failed to add variable. diff --git a/routers/web/repo/setting/runners.go b/routers/web/repo/setting/runners.go index a47d3b45e2..9dce5d13b7 100644 --- a/routers/web/repo/setting/runners.go +++ b/routers/web/repo/setting/runners.go @@ -179,7 +179,7 @@ func RunnerDeletePost(ctx *context.Context) { ctx.ServerError("getRunnersCtx", err) return } - actions_shared.RunnerDeletePost(ctx, ctx.ParamsInt64(":runnerid"), rCtx.RedirectLink, rCtx.RedirectLink+url.PathEscape(ctx.Params(":runnerid"))) + actions_shared.RunnerDeletePost(ctx, ctx.ParamsInt64(":runnerid"), rCtx.OwnerID, rCtx.RepoID, rCtx.RedirectLink, rCtx.RedirectLink+url.PathEscape(ctx.Params(":runnerid"))) } func RedirectToDefaultSetting(ctx *context.Context) { diff --git a/routers/web/repo/setting/variables.go b/routers/web/repo/setting/variables.go index 45b6c0f39a..4fb8c06e84 100644 --- a/routers/web/repo/setting/variables.go +++ b/routers/web/repo/setting/variables.go @@ -127,7 +127,7 @@ func VariableUpdate(ctx *context.Context) { return } - shared.UpdateVariable(ctx, vCtx.RedirectLink) + shared.UpdateVariable(ctx, vCtx.OwnerID, vCtx.RepoID, vCtx.RedirectLink) } func VariableDelete(ctx *context.Context) { @@ -136,5 +136,5 @@ func VariableDelete(ctx *context.Context) { ctx.ServerError("getVariablesCtx", err) return } - shared.DeleteVariable(ctx, vCtx.RedirectLink) + shared.DeleteVariable(ctx, vCtx.OwnerID, vCtx.RepoID, vCtx.RedirectLink) } diff --git a/routers/web/shared/actions/runners.go b/routers/web/shared/actions/runners.go index 34b7969442..733406426b 100644 --- a/routers/web/shared/actions/runners.go +++ b/routers/web/shared/actions/runners.go @@ -143,10 +143,21 @@ func RunnerResetRegistrationToken(ctx *context.Context, ownerID, repoID int64, r } // RunnerDeletePost response for deleting a runner -func RunnerDeletePost(ctx *context.Context, runnerID int64, +func RunnerDeletePost(ctx *context.Context, runnerID, ownerID, repoID int64, successRedirectTo, failedRedirectTo string, ) { - if err := actions_model.DeleteRunner(ctx, runnerID); err != nil { + runner, err := actions_model.GetRunnerByID(ctx, runnerID) + if err != nil { + ctx.ServerError("GetRunnerByID", err) + return + } + + if !runner.Editable(ownerID, repoID) { + ctx.NotFound("Editable", util.NewPermissionDeniedErrorf("no permission to edit this runner")) + return + } + + if err := actions_model.DeleteRunner(ctx, runner); err != nil { log.Warn("DeleteRunnerPost.UpdateRunner failed: %v, url: %s", err, ctx.Req.URL) ctx.Flash.Warning(ctx.Tr("actions.runners.delete_runner_failed")) diff --git a/routers/web/shared/actions/variables.go b/routers/web/shared/actions/variables.go index 0f705399c9..47f1176f46 100644 --- a/routers/web/shared/actions/variables.go +++ b/routers/web/shared/actions/variables.go @@ -4,17 +4,13 @@ package actions import ( - "errors" - "regexp" - "strings" - actions_model "code.gitea.io/gitea/models/actions" "code.gitea.io/gitea/models/db" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/web" + actions_service "code.gitea.io/gitea/services/actions" "code.gitea.io/gitea/services/context" "code.gitea.io/gitea/services/forms" - secret_service "code.gitea.io/gitea/services/secrets" ) func SetVariablesContext(ctx *context.Context, ownerID, repoID int64) { @@ -29,90 +25,49 @@ func SetVariablesContext(ctx *context.Context, ownerID, repoID int64) { ctx.Data["Variables"] = variables } -// some regular expression of `variables` and `secrets` -// reference to: -// https://docs.github.com/en/actions/learn-github-actions/variables#naming-conventions-for-configuration-variables -// https://docs.github.com/en/actions/security-guides/encrypted-secrets#naming-your-secrets -var ( - forbiddenEnvNameCIRx = regexp.MustCompile("(?i)^CI") -) - -func envNameCIRegexMatch(name string) error { - if forbiddenEnvNameCIRx.MatchString(name) { - log.Error("Env Name cannot be ci") - return errors.New("env name cannot be ci") - } - return nil -} - func CreateVariable(ctx *context.Context, ownerID, repoID int64, redirectURL string) { form := web.GetForm(ctx).(*forms.EditVariableForm) - if err := secret_service.ValidateName(form.Name); err != nil { - ctx.JSONError(err.Error()) - return - } - - if err := envNameCIRegexMatch(form.Name); err != nil { - ctx.JSONError(err.Error()) - return - } - - v, err := actions_model.InsertVariable(ctx, ownerID, repoID, form.Name, ReserveLineBreakForTextarea(form.Data)) + v, err := actions_service.CreateVariable(ctx, ownerID, repoID, form.Name, form.Data) if err != nil { - log.Error("InsertVariable error: %v", err) + log.Error("CreateVariable: %v", err) ctx.JSONError(ctx.Tr("actions.variables.creation.failed")) return } + ctx.Flash.Success(ctx.Tr("actions.variables.creation.success", v.Name)) ctx.JSONRedirect(redirectURL) } -func UpdateVariable(ctx *context.Context, redirectURL string) { +func UpdateVariable(ctx *context.Context, ownerID, repoID int64, redirectURL string) { id := ctx.ParamsInt64(":variable_id") form := web.GetForm(ctx).(*forms.EditVariableForm) - if err := secret_service.ValidateName(form.Name); err != nil { - ctx.JSONError(err.Error()) - return - } - - if err := envNameCIRegexMatch(form.Name); err != nil { - ctx.JSONError(err.Error()) - return - } - - ok, err := actions_model.UpdateVariable(ctx, &actions_model.ActionVariable{ - ID: id, - Name: strings.ToUpper(form.Name), - Data: ReserveLineBreakForTextarea(form.Data), - }) - if err != nil || !ok { - log.Error("UpdateVariable error: %v", err) - ctx.JSONError(ctx.Tr("actions.variables.update.failed")) + if ok, err := actions_service.UpdateVariable(ctx, id, ownerID, repoID, form.Name, form.Data); err != nil || !ok { + if !ok { + ctx.JSONError(ctx.Tr("actions.variables.not_found")) + } else { + log.Error("UpdateVariable: %v", err) + ctx.JSONError(ctx.Tr("actions.variables.update.failed")) + } return } ctx.Flash.Success(ctx.Tr("actions.variables.update.success")) ctx.JSONRedirect(redirectURL) } -func DeleteVariable(ctx *context.Context, redirectURL string) { +func DeleteVariable(ctx *context.Context, ownerID, repoID int64, redirectURL string) { id := ctx.ParamsInt64(":variable_id") - if _, err := db.DeleteByBean(ctx, &actions_model.ActionVariable{ID: id}); err != nil { - log.Error("Delete variable [%d] failed: %v", id, err) - ctx.JSONError(ctx.Tr("actions.variables.deletion.failed")) + if ok, err := actions_model.DeleteVariable(ctx, id, ownerID, repoID); err != nil || !ok { + if !ok { + ctx.JSONError(ctx.Tr("actions.variables.not_found")) + } else { + log.Error("Delete variable [%d] failed: %v", id, err) + ctx.JSONError(ctx.Tr("actions.variables.deletion.failed")) + } return } ctx.Flash.Success(ctx.Tr("actions.variables.deletion.success")) ctx.JSONRedirect(redirectURL) } - -func ReserveLineBreakForTextarea(input string) string { - // Since the content is from a form which is a textarea, the line endings are \r\n. - // It's a standard behavior of HTML. - // But we want to store them as \n like what GitHub does. - // And users are unlikely to really need to keep the \r. - // Other than this, we should respect the original content, even leading or trailing spaces. - return strings.ReplaceAll(input, "\r\n", "\n") -} diff --git a/routers/web/shared/secrets/secrets.go b/routers/web/shared/secrets/secrets.go index 73505ec372..3bd421f86a 100644 --- a/routers/web/shared/secrets/secrets.go +++ b/routers/web/shared/secrets/secrets.go @@ -7,8 +7,8 @@ import ( "code.gitea.io/gitea/models/db" secret_model "code.gitea.io/gitea/models/secret" "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/web" - "code.gitea.io/gitea/routers/web/shared/actions" "code.gitea.io/gitea/services/context" "code.gitea.io/gitea/services/forms" secret_service "code.gitea.io/gitea/services/secrets" @@ -27,7 +27,7 @@ func SetSecretsContext(ctx *context.Context, ownerID, repoID int64) { func PerformSecretsPost(ctx *context.Context, ownerID, repoID int64, redirectURL string) { form := web.GetForm(ctx).(*forms.AddSecretForm) - s, _, err := secret_service.CreateOrUpdateSecret(ctx, ownerID, repoID, form.Name, actions.ReserveLineBreakForTextarea(form.Data)) + s, _, err := secret_service.CreateOrUpdateSecret(ctx, ownerID, repoID, form.Name, util.ReserveLineBreakForTextarea(form.Data)) if err != nil { log.Error("CreateOrUpdateSecret failed: %v", err) ctx.JSONError(ctx.Tr("secrets.creation.failed")) diff --git a/services/actions/variables.go b/services/actions/variables.go new file mode 100644 index 0000000000..2824073336 --- /dev/null +++ b/services/actions/variables.go @@ -0,0 +1,66 @@ +// Copyright 2024 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package actions + +import ( + "context" + "regexp" + "strings" + + actions_model "code.gitea.io/gitea/models/actions" + "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/util" + secret_service "code.gitea.io/gitea/services/secrets" +) + +func CreateVariable(ctx context.Context, ownerID, repoID int64, name, data string) (*actions_model.ActionVariable, error) { + if err := secret_service.ValidateName(name); err != nil { + return nil, err + } + + if err := envNameCIRegexMatch(name); err != nil { + return nil, err + } + + v, err := actions_model.InsertVariable(ctx, ownerID, repoID, name, util.ReserveLineBreakForTextarea(data)) + if err != nil { + return nil, err + } + + return v, nil +} + +func UpdateVariable(ctx context.Context, variableID, ownerID, repoID int64, name, data string) (bool, error) { + if err := secret_service.ValidateName(name); err != nil { + return false, err + } + + if err := envNameCIRegexMatch(name); err != nil { + return false, err + } + + return actions_model.UpdateVariable(ctx, &actions_model.ActionVariable{ + ID: variableID, + Name: strings.ToUpper(name), + Data: util.ReserveLineBreakForTextarea(data), + OwnerID: ownerID, + RepoID: repoID, + }) +} + +// some regular expression of `variables` and `secrets` +// reference to: +// https://docs.github.com/en/actions/learn-github-actions/variables#naming-conventions-for-configuration-variables +// https://docs.github.com/en/actions/security-guides/encrypted-secrets#naming-your-secrets +var ( + forbiddenEnvNameCIRx = regexp.MustCompile("(?i)^CI") +) + +func envNameCIRegexMatch(name string) error { + if forbiddenEnvNameCIRx.MatchString(name) { + log.Error("Env Name cannot be ci") + return util.NewInvalidArgumentErrorf("env name cannot be ci") + } + return nil +} diff --git a/tests/integration/actions_variables_test.go b/tests/integration/actions_variables_test.go new file mode 100644 index 0000000000..0179a543dc --- /dev/null +++ b/tests/integration/actions_variables_test.go @@ -0,0 +1,150 @@ +// Copyright 2025 The Forgejo Authors. All rights reserved. +// SPDX-License-Identifier: GPL-3.0-or-later + +package integration + +import ( + "fmt" + "net/http" + "testing" + + actions_model "code.gitea.io/gitea/models/actions" + repo_model "code.gitea.io/gitea/models/repo" + "code.gitea.io/gitea/models/unittest" + user_model "code.gitea.io/gitea/models/user" + forgejo_context "code.gitea.io/gitea/services/context" + "code.gitea.io/gitea/tests" + + "github.com/stretchr/testify/assert" +) + +func TestActionVariablesModification(t *testing.T) { + defer tests.AddFixtures("tests/integration/fixtures/TestActionVariablesModification")() + defer tests.PrepareTestEnv(t)() + + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) + userVariable := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionVariable{ID: 1001, OwnerID: user.ID}) + userURL := "/user/settings/actions/variables" + org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization}) + orgVariable := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionVariable{ID: 1002, OwnerID: org.ID}) + orgURL := "/org/" + org.Name + "/settings/actions/variables" + repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user.ID}) + repoVariable := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionVariable{ID: 1003, RepoID: repo.ID}) + repoURL := "/" + repo.FullName() + "/settings/actions/variables" + admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{IsAdmin: true}) + globalVariable := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionVariable{ID: 1004}, "owner_id = 0 AND repo_id = 0") + adminURL := "/admin/actions/variables" + + adminSess := loginUser(t, admin.Name) + adminCSRF := GetCSRF(t, adminSess, "/") + sess := loginUser(t, user.Name) + csrf := GetCSRF(t, sess, "/") + + type errorJSON struct { + Error string `json:"errorMessage"` + } + + test := func(t *testing.T, fail bool, baseURL string, id int64) { + defer tests.PrintCurrentTest(t, 1)() + t.Helper() + + sess := sess + csrf := csrf + if baseURL == adminURL { + sess = adminSess + csrf = adminCSRF + } + + req := NewRequestWithValues(t, "POST", baseURL+fmt.Sprintf("/%d/edit", id), map[string]string{ + "_csrf": csrf, + "name": "glados_quote", + "data": "I'm fine. Two plus two is...ten, in base four, I'm fine!", + }) + if fail { + resp := sess.MakeRequest(t, req, http.StatusBadRequest) + var error errorJSON + DecodeJSON(t, resp, &error) + assert.EqualValues(t, "Failed to find the variable.", error.Error) + } else { + sess.MakeRequest(t, req, http.StatusOK) + flashCookie := sess.GetCookie(forgejo_context.CookieNameFlash) + assert.NotNil(t, flashCookie) + assert.EqualValues(t, "success%3DThe%2Bvariable%2Bhas%2Bbeen%2Bedited.", flashCookie.Value) + } + + req = NewRequestWithValues(t, "POST", baseURL+fmt.Sprintf("/%d/delete", id), map[string]string{ + "_csrf": csrf, + }) + if fail { + resp := sess.MakeRequest(t, req, http.StatusBadRequest) + var error errorJSON + DecodeJSON(t, resp, &error) + assert.EqualValues(t, "Failed to find the variable.", error.Error) + } else { + sess.MakeRequest(t, req, http.StatusOK) + flashCookie := sess.GetCookie(forgejo_context.CookieNameFlash) + assert.NotNil(t, flashCookie) + assert.EqualValues(t, "success%3DThe%2Bvariable%2Bhas%2Bbeen%2Bremoved.", flashCookie.Value) + } + } + + t.Run("User variable", func(t *testing.T) { + t.Run("Organisation", func(t *testing.T) { + test(t, true, orgURL, userVariable.ID) + }) + t.Run("Repository", func(t *testing.T) { + test(t, true, repoURL, userVariable.ID) + }) + t.Run("Admin", func(t *testing.T) { + test(t, true, adminURL, userVariable.ID) + }) + t.Run("User", func(t *testing.T) { + test(t, false, userURL, userVariable.ID) + }) + }) + + t.Run("Organisation variable", func(t *testing.T) { + t.Run("Repository", func(t *testing.T) { + test(t, true, repoURL, orgVariable.ID) + }) + t.Run("User", func(t *testing.T) { + test(t, true, userURL, orgVariable.ID) + }) + t.Run("Admin", func(t *testing.T) { + test(t, true, adminURL, userVariable.ID) + }) + t.Run("Organisation", func(t *testing.T) { + test(t, false, orgURL, orgVariable.ID) + }) + }) + + t.Run("Repository variable", func(t *testing.T) { + t.Run("Organisation", func(t *testing.T) { + test(t, true, orgURL, repoVariable.ID) + }) + t.Run("User", func(t *testing.T) { + test(t, true, userURL, repoVariable.ID) + }) + t.Run("Admin", func(t *testing.T) { + test(t, true, adminURL, userVariable.ID) + }) + t.Run("Repository", func(t *testing.T) { + test(t, false, repoURL, repoVariable.ID) + }) + }) + + t.Run("Global variable", func(t *testing.T) { + t.Run("Organisation", func(t *testing.T) { + test(t, true, orgURL, globalVariable.ID) + }) + t.Run("User", func(t *testing.T) { + test(t, true, userURL, globalVariable.ID) + }) + t.Run("Repository", func(t *testing.T) { + test(t, true, repoURL, globalVariable.ID) + }) + t.Run("Admin", func(t *testing.T) { + test(t, false, adminURL, globalVariable.ID) + }) + }) +} diff --git a/tests/integration/fixtures/TestActionVariablesModification/action_variable.yml b/tests/integration/fixtures/TestActionVariablesModification/action_variable.yml new file mode 100644 index 0000000000..925838d0f0 --- /dev/null +++ b/tests/integration/fixtures/TestActionVariablesModification/action_variable.yml @@ -0,0 +1,31 @@ +- + id: 1001 + name: GLADOS_QUOTE + owner_id: 2 + repo_id: 0 + data: "" + created_unix: 1737000000 + +- + id: 1002 + name: GLADOS_QUOTE + owner_id: 3 + repo_id: 0 + data: "" + created_unix: 1737000001 + +- + id: 1003 + name: GLADOS_QUOTE + owner_id: 0 + repo_id: 1 + data: "" + created_unix: 1737000002 + +- + id: 1004 + name: GLADOS_QUOTE + owner_id: 0 + repo_id: 0 + data: "" + created_unix: 1737000003 diff --git a/tests/integration/fixtures/TestRunnerModification/action_runner.yml b/tests/integration/fixtures/TestRunnerModification/action_runner.yml new file mode 100644 index 0000000000..95599b19bd --- /dev/null +++ b/tests/integration/fixtures/TestRunnerModification/action_runner.yml @@ -0,0 +1,31 @@ +- + id: 1001 + uuid: "43b5d4d3-401b-42f9-94df-a9d45b447b82" + name: "User runner" + owner_id: 2 + repo_id: 0 + deleted: 0 + +- + id: 1002 + uuid: "bdc77f4f-2b2b-442d-bd44-e808f4306347" + name: "Organisation runner" + owner_id: 3 + repo_id: 0 + deleted: 0 + +- + id: 1003 + uuid: "9268bc8c-efbf-4dbe-aeb5-945733cdd098" + name: "Repository runner" + owner_id: 0 + repo_id: 1 + deleted: 0 + +- + id: 1004 + uuid: "fb857e63-c0ce-4571-a6c9-fde26c128073" + name: "Global runner" + owner_id: 0 + repo_id: 0 + deleted: 0 diff --git a/tests/integration/runner_test.go b/tests/integration/runner_test.go new file mode 100644 index 0000000000..bab2a67230 --- /dev/null +++ b/tests/integration/runner_test.go @@ -0,0 +1,130 @@ +// Copyright 2025 The Forgejo Authors. All rights reserved. +// SPDX-License-Identifier: GPL-3.0-or-later + +package integration + +import ( + "fmt" + "net/http" + "testing" + + actions_model "code.gitea.io/gitea/models/actions" + repo_model "code.gitea.io/gitea/models/repo" + "code.gitea.io/gitea/models/unittest" + user_model "code.gitea.io/gitea/models/user" + forgejo_context "code.gitea.io/gitea/services/context" + "code.gitea.io/gitea/tests" + + "github.com/stretchr/testify/assert" +) + +func TestRunnerModification(t *testing.T) { + defer tests.AddFixtures("tests/integration/fixtures/TestRunnerModification")() + defer tests.PrepareTestEnv(t)() + + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) + userRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 1001, OwnerID: user.ID}) + userURL := "/user/settings/actions/runners" + org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization}) + orgRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 1002, OwnerID: org.ID}) + orgURL := "/org/" + org.Name + "/settings/actions/runners" + repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user.ID}) + repoRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 1003, RepoID: repo.ID}) + repoURL := "/" + repo.FullName() + "/settings/actions/runners" + admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{IsAdmin: true}) + globalRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 1004}, "owner_id = 0 AND repo_id = 0") + adminURL := "/admin/actions/runners" + + adminSess := loginUser(t, admin.Name) + adminCSRF := GetCSRF(t, adminSess, "/") + sess := loginUser(t, user.Name) + csrf := GetCSRF(t, sess, "/") + + test := func(t *testing.T, fail bool, baseURL string, id int64) { + defer tests.PrintCurrentTest(t, 1)() + t.Helper() + + sess := sess + csrf := csrf + if baseURL == adminURL { + sess = adminSess + csrf = adminCSRF + } + + req := NewRequestWithValues(t, "POST", baseURL+fmt.Sprintf("/%d", id), map[string]string{ + "_csrf": csrf, + "description": "New Description", + }) + if fail { + sess.MakeRequest(t, req, http.StatusNotFound) + } else { + sess.MakeRequest(t, req, http.StatusSeeOther) + flashCookie := sess.GetCookie(forgejo_context.CookieNameFlash) + assert.NotNil(t, flashCookie) + assert.EqualValues(t, "success%3DRunner%2Bupdated%2Bsuccessfully", flashCookie.Value) + } + + req = NewRequestWithValues(t, "POST", baseURL+fmt.Sprintf("/%d/delete", id), map[string]string{ + "_csrf": csrf, + }) + if fail { + sess.MakeRequest(t, req, http.StatusNotFound) + } else { + sess.MakeRequest(t, req, http.StatusOK) + flashCookie := sess.GetCookie(forgejo_context.CookieNameFlash) + assert.NotNil(t, flashCookie) + assert.EqualValues(t, "success%3DRunner%2Bdeleted%2Bsuccessfully", flashCookie.Value) + } + } + + t.Run("User runner", func(t *testing.T) { + t.Run("Organisation", func(t *testing.T) { + test(t, true, orgURL, userRunner.ID) + }) + t.Run("Repository", func(t *testing.T) { + test(t, true, repoURL, userRunner.ID) + }) + t.Run("User", func(t *testing.T) { + test(t, false, userURL, userRunner.ID) + }) + }) + + t.Run("Organisation runner", func(t *testing.T) { + t.Run("Repository", func(t *testing.T) { + test(t, true, repoURL, orgRunner.ID) + }) + t.Run("User", func(t *testing.T) { + test(t, true, userURL, orgRunner.ID) + }) + t.Run("Organisation", func(t *testing.T) { + test(t, false, orgURL, orgRunner.ID) + }) + }) + + t.Run("Repository runner", func(t *testing.T) { + t.Run("Organisation", func(t *testing.T) { + test(t, true, orgURL, repoRunner.ID) + }) + t.Run("User", func(t *testing.T) { + test(t, true, userURL, repoRunner.ID) + }) + t.Run("Repository", func(t *testing.T) { + test(t, false, repoURL, repoRunner.ID) + }) + }) + + t.Run("Global runner", func(t *testing.T) { + t.Run("Organisation", func(t *testing.T) { + test(t, true, orgURL, globalRunner.ID) + }) + t.Run("User", func(t *testing.T) { + test(t, true, userURL, globalRunner.ID) + }) + t.Run("Repository", func(t *testing.T) { + test(t, true, repoURL, globalRunner.ID) + }) + t.Run("Admin", func(t *testing.T) { + test(t, false, adminURL, globalRunner.ID) + }) + }) +}