operations: Plumb GitLab action throughpks-gitlab-allowed-action

Plumb the GitLab action through the operations service and adapt all callsites to use an action that matches their respective RPC names.
author: Patrick Steinhardt <psteinhardt@gitlab.com> 2023-08-29 14:29:29 +0300
committer: Patrick Steinhardt <psteinhardt@gitlab.com> 2023-09-01 09:00:31 +0300
commit: 20c25f86198b661be38893fba6a37cb28a0d37e6 (patch)
tree: 7922f63f41c189f9a6f461b688a7afd9a2605c96
parent: ff0520c1f8499dc33918b7e68b23fb007d51b886 (diff)
14 files changed, 53 insertions, 12 deletions
diff --git a/internal/gitaly/service/operations/apply_patch.go b/internal/gitaly/service/operations/apply_patch.go
index 644bcec5f..65b8e2f77 100644
--- a/internal/gitaly/service/operations/apply_patch.go
+++ b/internal/gitaly/service/operations/apply_patch.go
@@ -13,6 +13,7 @@ import (
 	"gitlab.com/gitlab-org/gitaly/v16/internal/git"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/git/localrepo"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/storage"
+	"gitlab.com/gitlab-org/gitaly/v16/internal/gitlab/gitlabaction"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/helper"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/helper/text"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/structerr"
@@ -199,7 +200,7 @@ func (s *Server) userApplyPatch(ctx context.Context, header *gitalypb.UserApplyP
 		}
 	}
 
-	if err := s.updateReferenceWithHooks(ctx, header.Repository, header.User, nil, targetBranch, patchedCommit, currentCommit); err != nil {
+	if err := s.updateReferenceWithHooks(ctx, header.Repository, header.User, nil, gitlabaction.UserApplyPatch, targetBranch, patchedCommit, currentCommit); err != nil {
 		return fmt.Errorf("update reference: %w", err)
 	}
 
diff --git a/internal/gitaly/service/operations/cherry_pick.go b/internal/gitaly/service/operations/cherry_pick.go
index beca52822..83941d13b 100644
--- a/internal/gitaly/service/operations/cherry_pick.go
+++ b/internal/gitaly/service/operations/cherry_pick.go
@@ -10,6 +10,7 @@ import (
 	"gitlab.com/gitlab-org/gitaly/v16/internal/git"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/git/localrepo"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/hook/updateref"
+	"gitlab.com/gitlab-org/gitaly/v16/internal/gitlab/gitlabaction"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/structerr"
 	"gitlab.com/gitlab-org/gitaly/v16/proto/go/gitalypb"
 )
@@ -176,7 +177,7 @@ func (s *Server) UserCherryPick(ctx context.Context, req *gitalypb.UserCherryPic
 		}
 	}
 
-	if err := s.updateReferenceWithHooks(ctx, req.GetRepository(), req.User, quarantineDir, referenceName, newrev, oldrev); err != nil {
+	if err := s.updateReferenceWithHooks(ctx, req.GetRepository(), req.User, quarantineDir, gitlabaction.UserCherryPick, referenceName, newrev, oldrev); err != nil {
 		var customHookErr updateref.CustomHookError
 		if errors.As(err, &customHookErr) {
 			return nil, structerr.NewFailedPrecondition("access check failed").WithDetail(
diff --git a/internal/gitaly/service/operations/commit_files.go b/internal/gitaly/service/operations/commit_files.go
index 46b6008b2..5d0740d0a 100644
--- a/internal/gitaly/service/operations/commit_files.go
+++ b/internal/gitaly/service/operations/commit_files.go
@@ -17,6 +17,7 @@ import (
 	"gitlab.com/gitlab-org/gitaly/v16/internal/git/remoterepo"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/hook/updateref"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/storage"
+	"gitlab.com/gitlab-org/gitaly/v16/internal/gitlab/gitlabaction"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/structerr"
 	"gitlab.com/gitlab-org/gitaly/v16/proto/go/gitalypb"
 )
@@ -720,7 +721,7 @@ func (s *Server) userCommitFiles(
 		}
 	}
 
-	if err := s.updateReferenceWithHooks(ctx, header.GetRepository(), header.User, quarantineDir, targetBranchName, commitID, oldRevision); err != nil {
+	if err := s.updateReferenceWithHooks(ctx, header.GetRepository(), header.User, quarantineDir, gitlabaction.UserCommitFiles, targetBranchName, commitID, oldRevision); err != nil {
 		if errors.As(err, &updateref.Error{}) {
 			return structerr.NewFailedPrecondition("%w", err)
 		}
diff --git a/internal/gitaly/service/operations/ff_branch.go b/internal/gitaly/service/operations/ff_branch.go
index 4971bfd67..802813074 100644
--- a/internal/gitaly/service/operations/ff_branch.go
+++ b/internal/gitaly/service/operations/ff_branch.go
@@ -8,6 +8,7 @@ import (
 	"gitlab.com/gitlab-org/gitaly/v16/internal/git"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/hook/updateref"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/storage"
+	"gitlab.com/gitlab-org/gitaly/v16/internal/gitlab/gitlabaction"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/structerr"
 	"gitlab.com/gitlab-org/gitaly/v16/proto/go/gitalypb"
 )
@@ -73,7 +74,7 @@ func (s *Server) UserFFBranch(ctx context.Context, in *gitalypb.UserFFBranchRequ
 		return nil, structerr.NewFailedPrecondition("not fast forward")
 	}
 
-	if err := s.updateReferenceWithHooks(ctx, in.GetRepository(), in.User, quarantineDir, referenceName, commitID, revision); err != nil {
+	if err := s.updateReferenceWithHooks(ctx, in.GetRepository(), in.User, quarantineDir, gitlabaction.UserFFBranch, referenceName, commitID, revision); err != nil {
 		var customHookErr updateref.CustomHookError
 		if errors.As(err, &customHookErr) {
 			return &gitalypb.UserFFBranchResponse{
diff --git a/internal/gitaly/service/operations/merge_branch.go b/internal/gitaly/service/operations/merge_branch.go
index f8dcc6895..023e51097 100644
--- a/internal/gitaly/service/operations/merge_branch.go
+++ b/internal/gitaly/service/operations/merge_branch.go
@@ -9,6 +9,7 @@ import (
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/hook"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/hook/updateref"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/storage"
+	"gitlab.com/gitlab-org/gitaly/v16/internal/gitlab/gitlabaction"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/structerr"
 	"gitlab.com/gitlab-org/gitaly/v16/proto/go/gitalypb"
 )
@@ -126,7 +127,7 @@ func (s *Server) UserMergeBranch(stream gitalypb.OperationService_UserMergeBranc
 		return structerr.NewFailedPrecondition("merge aborted by client")
 	}
 
-	if err := s.updateReferenceWithHooks(ctx, firstRequest.GetRepository(), firstRequest.User, quarantineDir, referenceName, mergeOID, revision); err != nil {
+	if err := s.updateReferenceWithHooks(ctx, firstRequest.GetRepository(), firstRequest.User, quarantineDir, gitlabaction.UserMergeBranch, referenceName, mergeOID, revision); err != nil {
 		var notAllowedError hook.NotAllowedError
 		var customHookErr updateref.CustomHookError
 		var updateRefError updateref.Error
diff --git a/internal/gitaly/service/operations/rebase_confirmable.go b/internal/gitaly/service/operations/rebase_confirmable.go
index 291ba539e..d79c83256 100644
--- a/internal/gitaly/service/operations/rebase_confirmable.go
+++ b/internal/gitaly/service/operations/rebase_confirmable.go
@@ -10,6 +10,7 @@ import (
 	"gitlab.com/gitlab-org/gitaly/v16/internal/git/localrepo"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/hook/updateref"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/storage"
+	"gitlab.com/gitlab-org/gitaly/v16/internal/gitlab/gitlabaction"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/structerr"
 	"gitlab.com/gitlab-org/gitaly/v16/proto/go/gitalypb"
 )
@@ -113,6 +114,7 @@ func (s *Server) UserRebaseConfirmable(stream gitalypb.OperationService_UserReba
 		header.GetRepository(),
 		header.User,
 		quarantineDir,
+		gitlabaction.UserRebaseConfirmable,
 		branch,
 		newrev,
 		oldrev,
diff --git a/internal/gitaly/service/operations/revert.go b/internal/gitaly/service/operations/revert.go
index 36752dca1..2dd9af36e 100644
--- a/internal/gitaly/service/operations/revert.go
+++ b/internal/gitaly/service/operations/revert.go
@@ -10,6 +10,7 @@ import (
 	"gitlab.com/gitlab-org/gitaly/v16/internal/git/localrepo"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/git/remoterepo"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/hook/updateref"
+	"gitlab.com/gitlab-org/gitaly/v16/internal/gitlab/gitlabaction"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/structerr"
 	"gitlab.com/gitlab-org/gitaly/v16/proto/go/gitalypb"
 )
@@ -172,7 +173,7 @@ func (s *Server) UserRevert(ctx context.Context, req *gitalypb.UserRevertRequest
 		}
 	}
 
-	if err := s.updateReferenceWithHooks(ctx, req.GetRepository(), req.User, quarantineDir, referenceName, newrev, oldrev); err != nil {
+	if err := s.updateReferenceWithHooks(ctx, req.GetRepository(), req.User, quarantineDir, gitlabaction.UserRevert, referenceName, newrev, oldrev); err != nil {
 		var customHookErr updateref.CustomHookError
 		if errors.As(err, &customHookErr) {
 			return &gitalypb.UserRevertResponse{
diff --git a/internal/gitaly/service/operations/submodules.go b/internal/gitaly/service/operations/submodules.go
index 6ba4911bf..e1f97bffe 100644
--- a/internal/gitaly/service/operations/submodules.go
+++ b/internal/gitaly/service/operations/submodules.go
@@ -11,6 +11,7 @@ import (
 	"gitlab.com/gitlab-org/gitaly/v16/internal/git/localrepo"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/hook/updateref"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/storage"
+	"gitlab.com/gitlab-org/gitaly/v16/internal/gitlab/gitlabaction"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/structerr"
 	"gitlab.com/gitlab-org/gitaly/v16/proto/go/gitalypb"
 )
@@ -115,6 +116,7 @@ func (s *Server) UserUpdateSubmodule(ctx context.Context, req *gitalypb.UserUpda
 		req.GetRepository(),
 		req.GetUser(),
 		quarantineDir,
+		gitlabaction.UserUpdateSubmodule,
 		referenceName,
 		commitOID,
 		oldOID,
diff --git a/internal/gitaly/service/operations/tags.go b/internal/gitaly/service/operations/tags.go
index 23fa93d3b..de86a43f1 100644
--- a/internal/gitaly/service/operations/tags.go
+++ b/internal/gitaly/service/operations/tags.go
@@ -14,6 +14,7 @@ import (
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/hook"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/hook/updateref"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/storage"
+	"gitlab.com/gitlab-org/gitaly/v16/internal/gitlab/gitlabaction"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/structerr"
 	"gitlab.com/gitlab-org/gitaly/v16/proto/go/gitalypb"
 )
@@ -69,7 +70,7 @@ func (s *Server) UserDeleteTag(ctx context.Context, req *gitalypb.UserDeleteTagR
 		}
 	}
 
-	if err := s.updateReferenceWithHooks(ctx, req.Repository, req.User, nil, referenceName, objectHash.ZeroOID, revision); err != nil {
+	if err := s.updateReferenceWithHooks(ctx, req.Repository, req.User, nil, gitlabaction.UserDeleteTag, referenceName, objectHash.ZeroOID, revision); err != nil {
 		var customHookErr updateref.CustomHookError
 		if errors.As(err, &customHookErr) {
 			return &gitalypb.UserDeleteTagResponse{
@@ -171,7 +172,7 @@ func (s *Server) UserCreateTag(ctx context.Context, req *gitalypb.UserCreateTagR
 		)
 	}
 
-	if err := s.updateReferenceWithHooks(ctx, req.Repository, req.User, quarantineDir, referenceName, tagID, objectHash.ZeroOID); err != nil {
+	if err := s.updateReferenceWithHooks(ctx, req.Repository, req.User, quarantineDir, gitlabaction.UserCreateTag, referenceName, tagID, objectHash.ZeroOID); err != nil {
 		var notAllowedError hook.NotAllowedError
 		var customHookErr updateref.CustomHookError
 		var updateRefError updateref.Error
diff --git a/internal/gitaly/service/operations/update_with_hooks.go b/internal/gitaly/service/operations/update_with_hooks.go
index 9718e21a6..ae6447bbf 100644
--- a/internal/gitaly/service/operations/update_with_hooks.go
+++ b/internal/gitaly/service/operations/update_with_hooks.go
@@ -14,9 +14,10 @@ func (s *Server) updateReferenceWithHooks(
 	repo *gitalypb.Repository,
 	user *gitalypb.User,
 	quarantine *quarantine.Dir,
+	action gitlabaction.Action,
 	reference git.ReferenceName,
 	newrev, oldrev git.ObjectID,
 	pushOptions ...string,
 ) error {
-	return s.updater.UpdateReference(ctx, repo, user, quarantine, gitlabaction.ReceivePack, reference, newrev, oldrev, pushOptions...)
+	return s.updater.UpdateReference(ctx, repo, user, quarantine, action, reference, newrev, oldrev, pushOptions...)
 }
diff --git a/internal/gitaly/service/operations/user_create_branch.go b/internal/gitaly/service/operations/user_create_branch.go
index 217e4f5b3..52e6738b4 100644
--- a/internal/gitaly/service/operations/user_create_branch.go
+++ b/internal/gitaly/service/operations/user_create_branch.go
@@ -8,6 +8,7 @@ import (
 	"gitlab.com/gitlab-org/gitaly/v16/internal/git"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/hook/updateref"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/storage"
+	"gitlab.com/gitlab-org/gitaly/v16/internal/gitlab/gitlabaction"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/structerr"
 	"gitlab.com/gitlab-org/gitaly/v16/proto/go/gitalypb"
 )
@@ -62,7 +63,7 @@ func (s *Server) UserCreateBranch(ctx context.Context, req *gitalypb.UserCreateB
 
 	referenceName := git.NewReferenceNameFromBranchName(string(req.BranchName))
 
-	if err := s.updateReferenceWithHooks(ctx, req.GetRepository(), req.User, quarantineDir, referenceName, startPointOID, objectHash.ZeroOID); err != nil {
+	if err := s.updateReferenceWithHooks(ctx, req.GetRepository(), req.User, quarantineDir, gitlabaction.UserCreateBranch, referenceName, startPointOID, objectHash.ZeroOID); err != nil {
 		var customHookErr updateref.CustomHookError
 
 		if errors.As(err, &customHookErr) {
diff --git a/internal/gitaly/service/operations/user_delete_branch.go b/internal/gitaly/service/operations/user_delete_branch.go
index 530a1f921..782336933 100644
--- a/internal/gitaly/service/operations/user_delete_branch.go
+++ b/internal/gitaly/service/operations/user_delete_branch.go
@@ -9,6 +9,7 @@ import (
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/hook"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/hook/updateref"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/storage"
+	"gitlab.com/gitlab-org/gitaly/v16/internal/gitlab/gitlabaction"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/structerr"
 	"gitlab.com/gitlab-org/gitaly/v16/proto/go/gitalypb"
 )
@@ -61,7 +62,7 @@ func (s *Server) UserDeleteBranch(ctx context.Context, req *gitalypb.UserDeleteB
 		}
 	}
 
-	if err := s.updateReferenceWithHooks(ctx, req.Repository, req.User, nil, referenceName, objectHash.ZeroOID, referenceValue); err != nil {
+	if err := s.updateReferenceWithHooks(ctx, req.Repository, req.User, nil, gitlabaction.UserDeleteBranch, referenceName, objectHash.ZeroOID, referenceValue); err != nil {
 		var notAllowedError hook.NotAllowedError
 		var customHookErr updateref.CustomHookError
 		var updateRefError updateref.Error
diff --git a/internal/gitaly/service/operations/user_update_branch.go b/internal/gitaly/service/operations/user_update_branch.go
index d1698bfbd..fd40c7513 100644
--- a/internal/gitaly/service/operations/user_update_branch.go
+++ b/internal/gitaly/service/operations/user_update_branch.go
@@ -8,6 +8,7 @@ import (
 	"gitlab.com/gitlab-org/gitaly/v16/internal/git"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/hook/updateref"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/storage"
+	"gitlab.com/gitlab-org/gitaly/v16/internal/gitlab/gitlabaction"
 	"gitlab.com/gitlab-org/gitaly/v16/internal/structerr"
 	"gitlab.com/gitlab-org/gitaly/v16/proto/go/gitalypb"
 )
@@ -65,7 +66,7 @@ func (s *Server) UserUpdateBranch(ctx context.Context, req *gitalypb.UserUpdateB
 		return nil, err
 	}
 
-	if err := s.updateReferenceWithHooks(ctx, req.GetRepository(), req.User, quarantineDir, referenceName, newOID, oldOID); err != nil {
+	if err := s.updateReferenceWithHooks(ctx, req.GetRepository(), req.User, quarantineDir, gitlabaction.UserUpdateBranch, referenceName, newOID, oldOID); err != nil {
 		var customHookErr updateref.CustomHookError
 		if errors.As(err, &customHookErr) {
 			return &gitalypb.UserUpdateBranchResponse{
diff --git a/internal/gitlab/gitlabaction/action.go b/internal/gitlab/gitlabaction/action.go
index 2cda251fa..07122f638 100644
--- a/internal/gitlab/gitlabaction/action.go
+++ b/internal/gitlab/gitlabaction/action.go
@@ -15,4 +15,30 @@ const (
 	ReceivePack = "git-receive-pack"
 	// ResolveConflicts indicates that a change has been performed by the ResolveConflicts RPC.
 	ResolveConflicts = "ResolveConflicts"
+	// UserApplyPatch indicates that a change has been performed by the UserApplyPatch RPC.
+	UserApplyPatch = "UserApplyPatch"
+	// UserCherryPick indicates that a change has been performed by the UserCherryPick RPC.
+	UserCherryPick = "UserCherryPick"
+	// UserCommitFiles indicates that a change has been performed by the UserCommitFiles RPC.
+	UserCommitFiles = "UserCommitFiles"
+	// UserCreateBranch indicates that a change has been performed by the UserCreateBranch RPC.
+	UserCreateBranch = "UserCreateBranch"
+	// UserCreateTag indicates that a change has been performed by the UserCreateTag RPC.
+	UserCreateTag = "UserCreateTag"
+	// UserDeleteBranch indicates that a change has been performed by the UserDeleteBranch RPC.
+	UserDeleteBranch = "UserDeleteBranch"
+	// UserDeleteTag indicates that a change has been performed by the UserDeleteTag RPC.
+	UserDeleteTag = "UserDeleteTag"
+	// UserFFBranch indicates that a change has been performed by the UserFFBranch RPC.
+	UserFFBranch = "UserFFBranch"
+	// UserMergeBranch indicates that a change has been performed by the UserMergeBranch RPC.
+	UserMergeBranch = "UserMergeBranch"
+	// UserRebaseConfirmable indicates that a change has been performed by the UserRebaseConfirmable RPC.
+	UserRebaseConfirmable = "UserRebaseConfirmable"
+	// UserRevert indicates that a change has been performed by the UserRevert RPC.
+	UserRevert = "UserRevert"
+	// UserUpdateBranch indicates that a change has been performed by the UserUpdateBranch RPC.
+	UserUpdateBranch = "UserUpdateBranch"
+	// UserUpdateSubmodule indicates that a change has been performed by the UserUpdateSubmodule RPC.
+	UserUpdateSubmodule = "UserUpdateSubmodule"
 )
author	Patrick Steinhardt <psteinhardt@gitlab.com>	2023-08-29 14:29:29 +0300
committer	Patrick Steinhardt <psteinhardt@gitlab.com>	2023-09-01 09:00:31 +0300
commit	20c25f86198b661be38893fba6a37cb28a0d37e6 (patch)
tree	7922f63f41c189f9a6f461b688a7afd9a2605c96
parent	ff0520c1f8499dc33918b7e68b23fb007d51b886 (diff)