diff options
Diffstat (limited to 'spec/requests/api/ci')
| -rw-r--r-- | spec/requests/api/ci/job_artifacts_spec.rb | 661 | ||||
| -rw-r--r-- | spec/requests/api/ci/jobs_spec.rb | 605 | ||||
| -rw-r--r-- | spec/requests/api/ci/pipelines_spec.rb | 5 | ||||
| -rw-r--r-- | spec/requests/api/ci/runner/jobs_artifacts_spec.rb | 12 | ||||
| -rw-r--r-- | spec/requests/api/ci/runner/jobs_request_post_spec.rb | 4 | ||||
| -rw-r--r-- | spec/requests/api/ci/runner/runners_post_spec.rb | 64 | ||||
| -rw-r--r-- | spec/requests/api/ci/runners_spec.rb | 29 |
7 files changed, 706 insertions, 674 deletions
diff --git a/spec/requests/api/ci/job_artifacts_spec.rb b/spec/requests/api/ci/job_artifacts_spec.rb new file mode 100644 index 00000000000..585fab33708 --- /dev/null +++ b/spec/requests/api/ci/job_artifacts_spec.rb @@ -0,0 +1,661 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe API::Ci::JobArtifacts do + include HttpBasicAuthHelpers + include DependencyProxyHelpers + + include HttpIOHelpers + + let_it_be(:project, reload: true) do + create(:project, :repository, public_builds: false) + end + + let_it_be(:pipeline, reload: true) do + create(:ci_pipeline, project: project, + sha: project.commit.id, + ref: project.default_branch) + end + + let(:user) { create(:user) } + let(:api_user) { user } + let(:reporter) { create(:project_member, :reporter, project: project).user } + let(:guest) { create(:project_member, :guest, project: project).user } + + let!(:job) do + create(:ci_build, :success, :tags, pipeline: pipeline, + artifacts_expire_at: 1.day.since) + end + + before do + project.add_developer(user) + end + + shared_examples 'returns unauthorized' do + it 'returns unauthorized' do + expect(response).to have_gitlab_http_status(:unauthorized) + end + end + + describe 'DELETE /projects/:id/jobs/:job_id/artifacts' do + let!(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user) } + + before do + delete api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) + end + + context 'when user is anonymous' do + let(:api_user) { nil } + + it 'does not delete artifacts' do + expect(job.job_artifacts.size).to eq 2 + end + + it 'returns status 401 (unauthorized)' do + expect(response).to have_gitlab_http_status(:unauthorized) + end + end + + context 'with developer' do + it 'does not delete artifacts' do + expect(job.job_artifacts.size).to eq 2 + end + + it 'returns status 403 (forbidden)' do + expect(response).to have_gitlab_http_status(:forbidden) + end + end + + context 'with authorized user' do + let(:maintainer) { create(:project_member, :maintainer, project: project).user } + let!(:api_user) { maintainer } + + it 'deletes artifacts' do + expect(job.job_artifacts.size).to eq 0 + end + + it 'returns status 204 (no content)' do + expect(response).to have_gitlab_http_status(:no_content) + end + end + end + + describe 'GET /projects/:id/jobs/:job_id/artifacts/:artifact_path' do + context 'when job has artifacts' do + let(:job) { create(:ci_build, :artifacts, pipeline: pipeline) } + + let(:artifact) do + 'other_artifacts_0.1.2/another-subdirectory/banana_sample.gif' + end + + context 'when user is anonymous' do + let(:api_user) { nil } + + context 'when project is public' do + it 'allows to access artifacts' do + project.update_column(:visibility_level, + Gitlab::VisibilityLevel::PUBLIC) + project.update_column(:public_builds, true) + + get_artifact_file(artifact) + + expect(response).to have_gitlab_http_status(:ok) + end + end + + context 'when project is public with artifacts that are non public' do + let(:job) { create(:ci_build, :artifacts, :non_public_artifacts, pipeline: pipeline) } + + it 'rejects access to artifacts' do + project.update_column(:visibility_level, + Gitlab::VisibilityLevel::PUBLIC) + project.update_column(:public_builds, true) + + get_artifact_file(artifact) + + expect(response).to have_gitlab_http_status(:forbidden) + end + + context 'with the non_public_artifacts feature flag disabled' do + before do + stub_feature_flags(non_public_artifacts: false) + end + + it 'allows access to artifacts' do + project.update_column(:visibility_level, + Gitlab::VisibilityLevel::PUBLIC) + project.update_column(:public_builds, true) + + get_artifact_file(artifact) + + expect(response).to have_gitlab_http_status(:ok) + end + end + end + + context 'when project is public with builds access disabled' do + it 'rejects access to artifacts' do + project.update_column(:visibility_level, + Gitlab::VisibilityLevel::PUBLIC) + project.update_column(:public_builds, false) + + get_artifact_file(artifact) + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + + context 'when project is private' do + it 'rejects access and hides existence of artifacts' do + project.update_column(:visibility_level, + Gitlab::VisibilityLevel::PRIVATE) + project.update_column(:public_builds, true) + + get_artifact_file(artifact) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + + context 'when user is authorized' do + it 'returns a specific artifact file for a valid path' do + expect(Gitlab::Workhorse) + .to receive(:send_artifacts_entry) + .and_call_original + + get_artifact_file(artifact) + + expect(response).to have_gitlab_http_status(:ok) + expect(response.headers.to_h) + .to include('Content-Type' => 'application/json', + 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/) + expect(response.parsed_body).to be_empty + end + + context 'when artifacts are locked' do + it 'allows access to expired artifact' do + pipeline.artifacts_locked! + job.update!(artifacts_expire_at: Time.now - 7.days) + + get_artifact_file(artifact) + + expect(response).to have_gitlab_http_status(:ok) + end + end + end + end + + context 'when job does not have artifacts' do + it 'does not return job artifact file' do + get_artifact_file('some/artifact') + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + def get_artifact_file(artifact_path) + get api("/projects/#{project.id}/jobs/#{job.id}/" \ + "artifacts/#{artifact_path}", api_user) + end + end + + describe 'GET /projects/:id/jobs/:job_id/artifacts' do + shared_examples 'downloads artifact' do + let(:download_headers) do + { 'Content-Transfer-Encoding' => 'binary', + 'Content-Disposition' => %q(attachment; filename="ci_build_artifacts.zip"; filename*=UTF-8''ci_build_artifacts.zip) } + end + + it 'returns specific job artifacts' do + subject + + expect(response).to have_gitlab_http_status(:ok) + expect(response.headers.to_h).to include(download_headers) + expect(response.body).to match_file(job.artifacts_file.file.file) + end + end + + context 'normal authentication' do + context 'job with artifacts' do + context 'when artifacts are stored locally' do + let(:job) { create(:ci_build, :artifacts, pipeline: pipeline) } + + subject { get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) } + + context 'authorized user' do + it_behaves_like 'downloads artifact' + end + + context 'when job token is used' do + let(:other_job) { create(:ci_build, :running, user: user) } + + subject { get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", job_token: other_job.token) } + + before do + stub_licensed_features(cross_project_pipelines: true) + end + + it_behaves_like 'downloads artifact' + + context 'when job token scope is enabled' do + before do + other_job.project.ci_cd_settings.update!(job_token_scope_enabled: true) + end + + it 'does not allow downloading artifacts' do + subject + + expect(response).to have_gitlab_http_status(:not_found) + end + + context 'when project is added to the job token scope' do + let!(:link) { create(:ci_job_token_project_scope_link, source_project: other_job.project, target_project: job.project) } + + it_behaves_like 'downloads artifact' + end + end + end + + context 'unauthorized user' do + let(:api_user) { nil } + + it 'does not return specific job artifacts' do + subject + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + + context 'when artifacts are stored remotely' do + let(:proxy_download) { false } + let(:job) { create(:ci_build, pipeline: pipeline) } + let(:artifact) { create(:ci_job_artifact, :archive, :remote_store, job: job) } + + before do + stub_artifacts_object_storage(proxy_download: proxy_download) + + artifact + job.reload + + get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) + end + + context 'when proxy download is enabled' do + let(:proxy_download) { true } + + it 'responds with the workhorse send-url' do + expect(response.headers[Gitlab::Workhorse::SEND_DATA_HEADER]).to start_with("send-url:") + end + end + + context 'when proxy download is disabled' do + it 'returns location redirect' do + expect(response).to have_gitlab_http_status(:found) + end + end + + context 'authorized user' do + it 'returns the file remote URL' do + expect(response).to redirect_to(artifact.file.url) + end + end + + context 'unauthorized user' do + let(:api_user) { nil } + + it 'does not return specific job artifacts' do + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + + context 'when public project guest and artifacts are non public' do + let(:api_user) { guest } + let(:job) { create(:ci_build, :artifacts, :non_public_artifacts, pipeline: pipeline) } + + before do + project.update_column(:visibility_level, + Gitlab::VisibilityLevel::PUBLIC) + project.update_column(:public_builds, true) + get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) + end + + it 'rejects access and hides existence of artifacts' do + expect(response).to have_gitlab_http_status(:forbidden) + end + + context 'with the non_public_artifacts feature flag disabled' do + before do + stub_feature_flags(non_public_artifacts: false) + get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) + end + + it 'allows access to artifacts' do + expect(response).to have_gitlab_http_status(:ok) + end + end + end + + it 'does not return job artifacts if not uploaded' do + get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + end + + describe 'GET /projects/:id/artifacts/:ref_name/download?job=name' do + let(:api_user) { reporter } + let(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user) } + + before do + stub_artifacts_object_storage + job.success + end + + def get_for_ref(ref = pipeline.ref, job_name = job.name) + get api("/projects/#{project.id}/jobs/artifacts/#{ref}/download", api_user), params: { job: job_name } + end + + context 'when not logged in' do + let(:api_user) { nil } + + before do + get_for_ref + end + + it 'does not find a resource in a private project' do + expect(project).to be_private + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'when logging as guest' do + let(:api_user) { guest } + + before do + get_for_ref + end + + it 'gives 403' do + expect(response).to have_gitlab_http_status(:forbidden) + end + end + + context 'non-existing job' do + shared_examples 'not found' do + it { expect(response).to have_gitlab_http_status(:not_found) } + end + + context 'has no such ref' do + before do + get_for_ref('TAIL') + end + + it_behaves_like 'not found' + end + + context 'has no such job' do + before do + get_for_ref(pipeline.ref, 'NOBUILD') + end + + it_behaves_like 'not found' + end + end + + context 'find proper job' do + let(:job_with_artifacts) { job } + + shared_examples 'a valid file' do + context 'when artifacts are stored locally', :sidekiq_might_not_need_inline do + let(:download_headers) do + { 'Content-Transfer-Encoding' => 'binary', + 'Content-Disposition' => + %Q(attachment; filename="#{job_with_artifacts.artifacts_file.filename}"; filename*=UTF-8''#{job.artifacts_file.filename}) } + end + + it { expect(response).to have_gitlab_http_status(:ok) } + it { expect(response.headers.to_h).to include(download_headers) } + end + + context 'when artifacts are stored remotely' do + let(:job) { create(:ci_build, pipeline: pipeline, user: api_user) } + let!(:artifact) { create(:ci_job_artifact, :archive, :remote_store, job: job) } + + before do + job.reload + + get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) + end + + it 'returns location redirect' do + expect(response).to have_gitlab_http_status(:found) + end + end + end + + context 'with regular branch' do + before do + pipeline.reload + pipeline.update!(ref: 'master', + sha: project.commit('master').sha) + + get_for_ref('master') + end + + it_behaves_like 'a valid file' + end + + context 'with branch name containing slash' do + before do + pipeline.reload + pipeline.update!(ref: 'improve/awesome', sha: project.commit('improve/awesome').sha) + get_for_ref('improve/awesome') + end + + it_behaves_like 'a valid file' + end + + context 'with job name in a child pipeline' do + let(:child_pipeline) { create(:ci_pipeline, child_of: pipeline) } + let!(:child_job) { create(:ci_build, :artifacts, :success, name: 'rspec', pipeline: child_pipeline) } + let(:job_with_artifacts) { child_job } + + before do + get_for_ref('master', child_job.name) + end + + it_behaves_like 'a valid file' + end + end + end + + describe 'GET id/jobs/artifacts/:ref_name/raw/*artifact_path?job=name' do + context 'when job has artifacts' do + let(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user) } + let(:artifact) { 'other_artifacts_0.1.2/another-subdirectory/banana_sample.gif' } + let(:visibility_level) { Gitlab::VisibilityLevel::PUBLIC } + let(:public_builds) { true } + + before do + stub_artifacts_object_storage + job.success + + project.update!(visibility_level: visibility_level, + public_builds: public_builds) + + get_artifact_file(artifact) + end + + context 'when user is anonymous' do + let(:api_user) { nil } + + context 'when project is public' do + let(:visibility_level) { Gitlab::VisibilityLevel::PUBLIC } + let(:public_builds) { true } + + it 'allows to access artifacts', :sidekiq_might_not_need_inline do + expect(response).to have_gitlab_http_status(:ok) + expect(response.headers.to_h) + .to include('Content-Type' => 'application/json', + 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/) + end + end + + context 'when project is public with builds access disabled' do + let(:visibility_level) { Gitlab::VisibilityLevel::PUBLIC } + let(:public_builds) { false } + + it 'rejects access to artifacts' do + expect(response).to have_gitlab_http_status(:forbidden) + expect(json_response).to have_key('message') + expect(response.headers.to_h) + .not_to include('Gitlab-Workhorse-Send-Data' => /artifacts-entry/) + end + end + + context 'when project is public with non public artifacts' do + let(:job) { create(:ci_build, :artifacts, :non_public_artifacts, pipeline: pipeline, user: api_user) } + let(:visibility_level) { Gitlab::VisibilityLevel::PUBLIC } + let(:public_builds) { true } + + it 'rejects access and hides existence of artifacts', :sidekiq_might_not_need_inline do + get_artifact_file(artifact) + + expect(response).to have_gitlab_http_status(:forbidden) + expect(json_response).to have_key('message') + expect(response.headers.to_h) + .not_to include('Gitlab-Workhorse-Send-Data' => /artifacts-entry/) + end + + context 'with the non_public_artifacts feature flag disabled' do + before do + stub_feature_flags(non_public_artifacts: false) + end + + it 'allows access to artifacts', :sidekiq_might_not_need_inline do + get_artifact_file(artifact) + + expect(response).to have_gitlab_http_status(:ok) + end + end + end + + context 'when project is private' do + let(:visibility_level) { Gitlab::VisibilityLevel::PRIVATE } + let(:public_builds) { true } + + it 'rejects access and hides existence of artifacts' do + expect(response).to have_gitlab_http_status(:not_found) + expect(json_response).to have_key('message') + expect(response.headers.to_h) + .not_to include('Gitlab-Workhorse-Send-Data' => /artifacts-entry/) + end + end + end + + context 'when user is authorized' do + let(:visibility_level) { Gitlab::VisibilityLevel::PRIVATE } + let(:public_builds) { true } + + it 'returns a specific artifact file for a valid path', :sidekiq_might_not_need_inline do + expect(Gitlab::Workhorse) + .to receive(:send_artifacts_entry) + .and_call_original + + get_artifact_file(artifact) + + expect(response).to have_gitlab_http_status(:ok) + expect(response.headers.to_h) + .to include('Content-Type' => 'application/json', + 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/) + expect(response.parsed_body).to be_empty + end + end + + context 'with branch name containing slash' do + before do + pipeline.reload + pipeline.update!(ref: 'improve/awesome', + sha: project.commit('improve/awesome').sha) + end + + it 'returns a specific artifact file for a valid path', :sidekiq_might_not_need_inline do + get_artifact_file(artifact, 'improve/awesome') + + expect(response).to have_gitlab_http_status(:ok) + expect(response.headers.to_h) + .to include('Content-Type' => 'application/json', + 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/) + end + end + + context 'non-existing job' do + shared_examples 'not found' do + it { expect(response).to have_gitlab_http_status(:not_found) } + end + + context 'has no such ref' do + before do + get_artifact_file('some/artifact', 'wrong-ref') + end + + it_behaves_like 'not found' + end + + context 'has no such job' do + before do + get_artifact_file('some/artifact', pipeline.ref, 'wrong-job-name') + end + + it_behaves_like 'not found' + end + end + end + + context 'when job does not have artifacts' do + let(:job) { create(:ci_build, pipeline: pipeline, user: api_user) } + + it 'does not return job artifact file' do + get_artifact_file('some/artifact') + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + def get_artifact_file(artifact_path, ref = pipeline.ref, job_name = job.name) + get api("/projects/#{project.id}/jobs/artifacts/#{ref}/raw/#{artifact_path}", api_user), params: { job: job_name } + end + end + + describe 'POST /projects/:id/jobs/:job_id/artifacts/keep' do + before do + post api("/projects/#{project.id}/jobs/#{job.id}/artifacts/keep", user) + end + + context 'artifacts did not expire' do + let(:job) do + create(:ci_build, :trace_artifact, :artifacts, :success, + project: project, pipeline: pipeline, artifacts_expire_at: Time.now + 7.days) + end + + it 'keeps artifacts' do + expect(response).to have_gitlab_http_status(:ok) + expect(job.reload.artifacts_expire_at).to be_nil + end + end + + context 'no artifacts' do + let(:job) { create(:ci_build, project: project, pipeline: pipeline) } + + it 'responds with not found' do + expect(response).to have_gitlab_http_status(:not_found) + end + end + end +end diff --git a/spec/requests/api/ci/jobs_spec.rb b/spec/requests/api/ci/jobs_spec.rb index 410020b68cd..7c85cbc31a5 100644 --- a/spec/requests/api/ci/jobs_spec.rb +++ b/spec/requests/api/ci/jobs_spec.rb @@ -428,584 +428,41 @@ RSpec.describe API::Ci::Jobs do end end - context 'when trace artifact record exists with no stored file', :skip_before_request do - before do - create(:ci_job_artifact, :unarchived_trace_artifact, job: job, project: job.project) - end - - it 'returns no artifacts nor trace data' do + context 'when job succeeded' do + it 'does not return failure_reason' do get api("/projects/#{project.id}/jobs/#{job.id}", api_user) - expect(response).to have_gitlab_http_status(:ok) - expect(json_response['artifacts']).to be_an Array - expect(json_response['artifacts'].size).to eq(1) - expect(json_response['artifacts'][0]['file_type']).to eq('trace') - expect(json_response['artifacts'][0]['filename']).to eq('job.log') - end - end - end - - describe 'DELETE /projects/:id/jobs/:job_id/artifacts' do - let!(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user) } - - before do - delete api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) - end - - context 'when user is anonymous' do - let(:api_user) { nil } - - it 'does not delete artifacts' do - expect(job.job_artifacts.size).to eq 2 - end - - it 'returns status 401 (unauthorized)' do - expect(response).to have_gitlab_http_status(:unauthorized) - end - end - - context 'with developer' do - it 'does not delete artifacts' do - expect(job.job_artifacts.size).to eq 2 - end - - it 'returns status 403 (forbidden)' do - expect(response).to have_gitlab_http_status(:forbidden) - end - end - - context 'with authorized user' do - let(:maintainer) { create(:project_member, :maintainer, project: project).user } - let!(:api_user) { maintainer } - - it 'deletes artifacts' do - expect(job.job_artifacts.size).to eq 0 - end - - it 'returns status 204 (no content)' do - expect(response).to have_gitlab_http_status(:no_content) + expect(json_response).not_to include('failure_reason') end end - end - - describe 'GET /projects/:id/jobs/:job_id/artifacts/:artifact_path' do - context 'when job has artifacts' do - let(:job) { create(:ci_build, :artifacts, pipeline: pipeline) } - - let(:artifact) do - 'other_artifacts_0.1.2/another-subdirectory/banana_sample.gif' - end - - context 'when user is anonymous' do - let(:api_user) { nil } - - context 'when project is public' do - it 'allows to access artifacts' do - project.update_column(:visibility_level, - Gitlab::VisibilityLevel::PUBLIC) - project.update_column(:public_builds, true) - - get_artifact_file(artifact) - - expect(response).to have_gitlab_http_status(:ok) - end - end - - context 'when project is public with artifacts that are non public' do - let(:job) { create(:ci_build, :artifacts, :non_public_artifacts, pipeline: pipeline) } - - it 'rejects access to artifacts' do - project.update_column(:visibility_level, - Gitlab::VisibilityLevel::PUBLIC) - project.update_column(:public_builds, true) - - get_artifact_file(artifact) - - expect(response).to have_gitlab_http_status(:forbidden) - end - - context 'with the non_public_artifacts feature flag disabled' do - before do - stub_feature_flags(non_public_artifacts: false) - end - - it 'allows access to artifacts' do - project.update_column(:visibility_level, - Gitlab::VisibilityLevel::PUBLIC) - project.update_column(:public_builds, true) - - get_artifact_file(artifact) - - expect(response).to have_gitlab_http_status(:ok) - end - end - end - - context 'when project is public with builds access disabled' do - it 'rejects access to artifacts' do - project.update_column(:visibility_level, - Gitlab::VisibilityLevel::PUBLIC) - project.update_column(:public_builds, false) - - get_artifact_file(artifact) - - expect(response).to have_gitlab_http_status(:forbidden) - end - end - - context 'when project is private' do - it 'rejects access and hides existence of artifacts' do - project.update_column(:visibility_level, - Gitlab::VisibilityLevel::PRIVATE) - project.update_column(:public_builds, true) - - get_artifact_file(artifact) - - expect(response).to have_gitlab_http_status(:not_found) - end - end - end - context 'when user is authorized' do - it 'returns a specific artifact file for a valid path' do - expect(Gitlab::Workhorse) - .to receive(:send_artifacts_entry) - .and_call_original - - get_artifact_file(artifact) - - expect(response).to have_gitlab_http_status(:ok) - expect(response.headers.to_h) - .to include('Content-Type' => 'application/json', - 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/) - expect(response.parsed_body).to be_empty - end - - context 'when artifacts are locked' do - it 'allows access to expired artifact' do - pipeline.artifacts_locked! - job.update!(artifacts_expire_at: Time.now - 7.days) - - get_artifact_file(artifact) - - expect(response).to have_gitlab_http_status(:ok) - end - end - end - end - - context 'when job does not have artifacts' do - it 'does not return job artifact file' do - get_artifact_file('some/artifact') - - expect(response).to have_gitlab_http_status(:not_found) - end - end - - def get_artifact_file(artifact_path) - get api("/projects/#{project.id}/jobs/#{job.id}/" \ - "artifacts/#{artifact_path}", api_user) - end - end - - describe 'GET /projects/:id/jobs/:job_id/artifacts' do - shared_examples 'downloads artifact' do - let(:download_headers) do - { 'Content-Transfer-Encoding' => 'binary', - 'Content-Disposition' => %q(attachment; filename="ci_build_artifacts.zip"; filename*=UTF-8''ci_build_artifacts.zip) } - end - - it 'returns specific job artifacts' do - expect(response).to have_gitlab_http_status(:ok) - expect(response.headers.to_h).to include(download_headers) - expect(response.body).to match_file(job.artifacts_file.file.file) - end - end - - context 'normal authentication' do - context 'job with artifacts' do - context 'when artifacts are stored locally' do - let(:job) { create(:ci_build, :artifacts, pipeline: pipeline) } - - before do - get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) - end - - context 'authorized user' do - it_behaves_like 'downloads artifact' - end - - context 'unauthorized user' do - let(:api_user) { nil } - - it 'does not return specific job artifacts' do - expect(response).to have_gitlab_http_status(:not_found) - end - end - end - - context 'when artifacts are stored remotely' do - let(:proxy_download) { false } - let(:job) { create(:ci_build, pipeline: pipeline) } - let(:artifact) { create(:ci_job_artifact, :archive, :remote_store, job: job) } - - before do - stub_artifacts_object_storage(proxy_download: proxy_download) - - artifact - job.reload - - get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) - end - - context 'when proxy download is enabled' do - let(:proxy_download) { true } - - it 'responds with the workhorse send-url' do - expect(response.headers[Gitlab::Workhorse::SEND_DATA_HEADER]).to start_with("send-url:") - end - end - - context 'when proxy download is disabled' do - it 'returns location redirect' do - expect(response).to have_gitlab_http_status(:found) - end - end - - context 'authorized user' do - it 'returns the file remote URL' do - expect(response).to redirect_to(artifact.file.url) - end - end - - context 'unauthorized user' do - let(:api_user) { nil } - - it 'does not return specific job artifacts' do - expect(response).to have_gitlab_http_status(:not_found) - end - end - end - - context 'when public project guest and artifacts are non public' do - let(:api_user) { guest } - let(:job) { create(:ci_build, :artifacts, :non_public_artifacts, pipeline: pipeline) } - - before do - project.update_column(:visibility_level, - Gitlab::VisibilityLevel::PUBLIC) - project.update_column(:public_builds, true) - get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) - end - - it 'rejects access and hides existence of artifacts' do - expect(response).to have_gitlab_http_status(:forbidden) - end - - context 'with the non_public_artifacts feature flag disabled' do - before do - stub_feature_flags(non_public_artifacts: false) - get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) - end - - it 'allows access to artifacts' do - expect(response).to have_gitlab_http_status(:ok) - end - end - end - - it 'does not return job artifacts if not uploaded' do - get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) - - expect(response).to have_gitlab_http_status(:not_found) - end - end - end - end - - describe 'GET /projects/:id/artifacts/:ref_name/download?job=name' do - let(:api_user) { reporter } - let(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user) } - - before do - stub_artifacts_object_storage - job.success - end - - def get_for_ref(ref = pipeline.ref, job_name = job.name) - get api("/projects/#{project.id}/jobs/artifacts/#{ref}/download", api_user), params: { job: job_name } - end - - context 'when not logged in' do - let(:api_user) { nil } - - before do - get_for_ref - end - - it 'does not find a resource in a private project' do - expect(project).to be_private - expect(response).to have_gitlab_http_status(:not_found) - end - end - - context 'when logging as guest' do - let(:api_user) { guest } - - before do - get_for_ref - end - - it 'gives 403' do - expect(response).to have_gitlab_http_status(:forbidden) - end - end - - context 'non-existing job' do - shared_examples 'not found' do - it { expect(response).to have_gitlab_http_status(:not_found) } - end - - context 'has no such ref' do - before do - get_for_ref('TAIL') - end - - it_behaves_like 'not found' - end - - context 'has no such job' do - before do - get_for_ref(pipeline.ref, 'NOBUILD') - end - - it_behaves_like 'not found' - end - end - - context 'find proper job' do - let(:job_with_artifacts) { job } - - shared_examples 'a valid file' do - context 'when artifacts are stored locally', :sidekiq_might_not_need_inline do - let(:download_headers) do - { 'Content-Transfer-Encoding' => 'binary', - 'Content-Disposition' => - %Q(attachment; filename="#{job_with_artifacts.artifacts_file.filename}"; filename*=UTF-8''#{job.artifacts_file.filename}) } - end - - it { expect(response).to have_gitlab_http_status(:ok) } - it { expect(response.headers.to_h).to include(download_headers) } - end - - context 'when artifacts are stored remotely' do - let(:job) { create(:ci_build, pipeline: pipeline, user: api_user) } - let!(:artifact) { create(:ci_job_artifact, :archive, :remote_store, job: job) } - - before do - job.reload - - get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) - end - - it 'returns location redirect' do - expect(response).to have_gitlab_http_status(:found) - end - end - end - - context 'with regular branch' do - before do - pipeline.reload - pipeline.update!(ref: 'master', - sha: project.commit('master').sha) - - get_for_ref('master') - end - - it_behaves_like 'a valid file' - end - - context 'with branch name containing slash' do - before do - pipeline.reload - pipeline.update!(ref: 'improve/awesome', sha: project.commit('improve/awesome').sha) - get_for_ref('improve/awesome') - end - - it_behaves_like 'a valid file' + context 'when job failed' do + let(:job) do + create(:ci_build, :failed, :tags, pipeline: pipeline) end - context 'with job name in a child pipeline' do - let(:child_pipeline) { create(:ci_pipeline, child_of: pipeline) } - let!(:child_job) { create(:ci_build, :artifacts, :success, name: 'rspec', pipeline: child_pipeline) } - let(:job_with_artifacts) { child_job } - - before do - get_for_ref('master', child_job.name) - end + it 'returns failure_reason' do + get api("/projects/#{project.id}/jobs/#{job.id}", api_user) - it_behaves_like 'a valid file' + expect(json_response).to include('failure_reason') end end - end - - describe 'GET id/jobs/artifacts/:ref_name/raw/*artifact_path?job=name' do - context 'when job has artifacts' do - let(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user) } - let(:artifact) { 'other_artifacts_0.1.2/another-subdirectory/banana_sample.gif' } - let(:visibility_level) { Gitlab::VisibilityLevel::PUBLIC } - let(:public_builds) { true } + context 'when trace artifact record exists with no stored file', :skip_before_request do before do - stub_artifacts_object_storage - job.success - - project.update!(visibility_level: visibility_level, - public_builds: public_builds) - - get_artifact_file(artifact) - end - - context 'when user is anonymous' do - let(:api_user) { nil } - - context 'when project is public' do - let(:visibility_level) { Gitlab::VisibilityLevel::PUBLIC } - let(:public_builds) { true } - - it 'allows to access artifacts', :sidekiq_might_not_need_inline do - expect(response).to have_gitlab_http_status(:ok) - expect(response.headers.to_h) - .to include('Content-Type' => 'application/json', - 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/) - end - end - - context 'when project is public with builds access disabled' do - let(:visibility_level) { Gitlab::VisibilityLevel::PUBLIC } - let(:public_builds) { false } - - it 'rejects access to artifacts' do - expect(response).to have_gitlab_http_status(:forbidden) - expect(json_response).to have_key('message') - expect(response.headers.to_h) - .not_to include('Gitlab-Workhorse-Send-Data' => /artifacts-entry/) - end - end - - context 'when project is public with non public artifacts' do - let(:job) { create(:ci_build, :artifacts, :non_public_artifacts, pipeline: pipeline, user: api_user) } - let(:visibility_level) { Gitlab::VisibilityLevel::PUBLIC } - let(:public_builds) { true } - - it 'rejects access and hides existence of artifacts', :sidekiq_might_not_need_inline do - get_artifact_file(artifact) - - expect(response).to have_gitlab_http_status(:forbidden) - expect(json_response).to have_key('message') - expect(response.headers.to_h) - .not_to include('Gitlab-Workhorse-Send-Data' => /artifacts-entry/) - end - - context 'with the non_public_artifacts feature flag disabled' do - before do - stub_feature_flags(non_public_artifacts: false) - end - - it 'allows access to artifacts', :sidekiq_might_not_need_inline do - get_artifact_file(artifact) - - expect(response).to have_gitlab_http_status(:ok) - end - end - end - - context 'when project is private' do - let(:visibility_level) { Gitlab::VisibilityLevel::PRIVATE } - let(:public_builds) { true } - - it 'rejects access and hides existence of artifacts' do - expect(response).to have_gitlab_http_status(:not_found) - expect(json_response).to have_key('message') - expect(response.headers.to_h) - .not_to include('Gitlab-Workhorse-Send-Data' => /artifacts-entry/) - end - end - end - - context 'when user is authorized' do - let(:visibility_level) { Gitlab::VisibilityLevel::PRIVATE } - let(:public_builds) { true } - - it 'returns a specific artifact file for a valid path', :sidekiq_might_not_need_inline do - expect(Gitlab::Workhorse) - .to receive(:send_artifacts_entry) - .and_call_original - - get_artifact_file(artifact) - - expect(response).to have_gitlab_http_status(:ok) - expect(response.headers.to_h) - .to include('Content-Type' => 'application/json', - 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/) - expect(response.parsed_body).to be_empty - end - end - - context 'with branch name containing slash' do - before do - pipeline.reload - pipeline.update!(ref: 'improve/awesome', - sha: project.commit('improve/awesome').sha) - end - - it 'returns a specific artifact file for a valid path', :sidekiq_might_not_need_inline do - get_artifact_file(artifact, 'improve/awesome') - - expect(response).to have_gitlab_http_status(:ok) - expect(response.headers.to_h) - .to include('Content-Type' => 'application/json', - 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/) - end - end - - context 'non-existing job' do - shared_examples 'not found' do - it { expect(response).to have_gitlab_http_status(:not_found) } - end - - context 'has no such ref' do - before do - get_artifact_file('some/artifact', 'wrong-ref') - end - - it_behaves_like 'not found' - end - - context 'has no such job' do - before do - get_artifact_file('some/artifact', pipeline.ref, 'wrong-job-name') - end - - it_behaves_like 'not found' - end + create(:ci_job_artifact, :unarchived_trace_artifact, job: job, project: job.project) end - end - context 'when job does not have artifacts' do - let(:job) { create(:ci_build, pipeline: pipeline, user: api_user) } - - it 'does not return job artifact file' do - get_artifact_file('some/artifact') + it 'returns no artifacts nor trace data' do + get api("/projects/#{project.id}/jobs/#{job.id}", api_user) - expect(response).to have_gitlab_http_status(:not_found) + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['artifacts']).to be_an Array + expect(json_response['artifacts'].size).to eq(1) + expect(json_response['artifacts'][0]['file_type']).to eq('trace') + expect(json_response['artifacts'][0]['filename']).to eq('job.log') end end - - def get_artifact_file(artifact_path, ref = pipeline.ref, job_name = job.name) - get api("/projects/#{project.id}/jobs/artifacts/#{ref}/raw/#{artifact_path}", api_user), params: { job: job_name } - end end describe 'GET /projects/:id/jobs/:job_id/trace' do @@ -1249,32 +706,6 @@ RSpec.describe API::Ci::Jobs do end end - describe 'POST /projects/:id/jobs/:job_id/artifacts/keep' do - before do - post api("/projects/#{project.id}/jobs/#{job.id}/artifacts/keep", user) - end - - context 'artifacts did not expire' do - let(:job) do - create(:ci_build, :trace_artifact, :artifacts, :success, - project: project, pipeline: pipeline, artifacts_expire_at: Time.now + 7.days) - end - - it 'keeps artifacts' do - expect(response).to have_gitlab_http_status(:ok) - expect(job.reload.artifacts_expire_at).to be_nil - end - end - - context 'no artifacts' do - let(:job) { create(:ci_build, project: project, pipeline: pipeline) } - - it 'responds with not found' do - expect(response).to have_gitlab_http_status(:not_found) - end - end - end - describe 'POST /projects/:id/jobs/:job_id/play' do before do post api("/projects/#{project.id}/jobs/#{job.id}/play", api_user) diff --git a/spec/requests/api/ci/pipelines_spec.rb b/spec/requests/api/ci/pipelines_spec.rb index 7ae350885f4..13838cffd76 100644 --- a/spec/requests/api/ci/pipelines_spec.rb +++ b/spec/requests/api/ci/pipelines_spec.rb @@ -33,6 +33,7 @@ RSpec.describe API::Ci::Pipelines do expect(json_response).to be_an Array expect(json_response.first['sha']).to match(/\A\h{40}\z/) expect(json_response.first['id']).to eq pipeline.id + expect(json_response.first['iid']).to eq pipeline.iid expect(json_response.first['web_url']).to be_present end @@ -40,7 +41,7 @@ RSpec.describe API::Ci::Pipelines do it 'includes pipeline source' do get api("/projects/#{project.id}/pipelines", user) - expect(json_response.first.keys).to contain_exactly(*%w[id project_id sha ref status web_url created_at updated_at source]) + expect(json_response.first.keys).to contain_exactly(*%w[id iid project_id sha ref status web_url created_at updated_at source]) end end @@ -840,7 +841,7 @@ RSpec.describe API::Ci::Pipelines do it 'exposes the coverage' do get api("/projects/#{project.id}/pipelines/#{pipeline.id}", user) - expect(json_response["coverage"].to_i).to eq(30) + expect(json_response["coverage"]).to eq('30.00') end end end diff --git a/spec/requests/api/ci/runner/jobs_artifacts_spec.rb b/spec/requests/api/ci/runner/jobs_artifacts_spec.rb index 195aac2e5f0..f627f207d98 100644 --- a/spec/requests/api/ci/runner/jobs_artifacts_spec.rb +++ b/spec/requests/api/ci/runner/jobs_artifacts_spec.rb @@ -131,8 +131,8 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do let(:send_request) { subject } end - it 'updates runner info' do - expect { subject }.to change { runner.reload.contacted_at } + it "doesn't update runner info" do + expect { subject }.not_to change { runner.reload.contacted_at } end shared_examples 'authorizes local file' do @@ -280,8 +280,8 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do end end - it 'updates runner info' do - expect { upload_artifacts(file_upload, headers_with_token) }.to change { runner.reload.contacted_at } + it "doesn't update runner info" do + expect { upload_artifacts(file_upload, headers_with_token) }.not_to change { runner.reload.contacted_at } end context 'when the artifact is too large' do @@ -812,8 +812,8 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do let(:send_request) { download_artifact } end - it 'updates runner info' do - expect { download_artifact }.to change { runner.reload.contacted_at } + it "doesn't update runner info" do + expect { download_artifact }.not_to change { runner.reload.contacted_at } end context 'when job has artifacts' do diff --git a/spec/requests/api/ci/runner/jobs_request_post_spec.rb b/spec/requests/api/ci/runner/jobs_request_post_spec.rb index fdf1a278d4c..68f7581bf06 100644 --- a/spec/requests/api/ci/runner/jobs_request_post_spec.rb +++ b/spec/requests/api/ci/runner/jobs_request_post_spec.rb @@ -833,8 +833,8 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do let(:expected_params) { { project: project.full_path, client_id: "runner/#{runner.id}" } } end - it_behaves_like 'not executing any extra queries for the application context', 2 do - # Extra queries: Project, Route + it_behaves_like 'not executing any extra queries for the application context', 3 do + # Extra queries: Project, Route, RunnerProject let(:subject_proc) { proc { request_job } } end end diff --git a/spec/requests/api/ci/runner/runners_post_spec.rb b/spec/requests/api/ci/runner/runners_post_spec.rb index b3a7d591c93..a51d8b458f8 100644 --- a/spec/requests/api/ci/runner/runners_post_spec.rb +++ b/spec/requests/api/ci/runner/runners_post_spec.rb @@ -98,33 +98,14 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do before do create(:ci_runner, runner_type: :project_type, projects: [project], contacted_at: 1.second.ago) create(:plan_limits, :default_plan, ci_registered_project_runners: 1) - - skip_default_enabled_yaml_check - stub_feature_flags(ci_runner_limits_override: ci_runner_limits_override) - end - - context 'with ci_runner_limits_override FF disabled' do - let(:ci_runner_limits_override) { false } - - it 'does not create runner' do - request - - expect(response).to have_gitlab_http_status(:bad_request) - expect(json_response['message']).to include('runner_projects.base' => ['Maximum number of ci registered project runners (1) exceeded']) - expect(project.runners.reload.size).to eq(1) - end end - context 'with ci_runner_limits_override FF enabled' do - let(:ci_runner_limits_override) { true } - - it 'creates runner' do - request + it 'does not create runner' do + request - expect(response).to have_gitlab_http_status(:created) - expect(json_response['message']).to be_nil - expect(project.runners.reload.size).to eq(2) - end + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['message']).to include('runner_projects.base' => ['Maximum number of ci registered project runners (1) exceeded']) + expect(project.runners.reload.size).to eq(1) end end @@ -132,9 +113,6 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do before do create(:ci_runner, runner_type: :project_type, projects: [project], created_at: 14.months.ago, contacted_at: 13.months.ago) create(:plan_limits, :default_plan, ci_registered_project_runners: 1) - - skip_default_enabled_yaml_check - stub_feature_flags(ci_runner_limits_override: false) end it 'creates runner' do @@ -204,33 +182,14 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do before do create(:ci_runner, runner_type: :group_type, groups: [group], contacted_at: nil, created_at: 1.month.ago) create(:plan_limits, :default_plan, ci_registered_group_runners: 1) - - skip_default_enabled_yaml_check - stub_feature_flags(ci_runner_limits_override: ci_runner_limits_override) - end - - context 'with ci_runner_limits_override FF disabled' do - let(:ci_runner_limits_override) { false } - - it 'does not create runner' do - request - - expect(response).to have_gitlab_http_status(:bad_request) - expect(json_response['message']).to include('runner_namespaces.base' => ['Maximum number of ci registered group runners (1) exceeded']) - expect(group.runners.reload.size).to eq(1) - end end - context 'with ci_runner_limits_override FF enabled' do - let(:ci_runner_limits_override) { true } - - it 'creates runner' do - request + it 'does not create runner' do + request - expect(response).to have_gitlab_http_status(:created) - expect(json_response['message']).to be_nil - expect(group.runners.reload.size).to eq(2) - end + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['message']).to include('runner_namespaces.base' => ['Maximum number of ci registered group runners (1) exceeded']) + expect(group.runners.reload.size).to eq(1) end end @@ -239,9 +198,6 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do create(:ci_runner, runner_type: :group_type, groups: [group], created_at: 4.months.ago, contacted_at: 3.months.ago) create(:ci_runner, runner_type: :group_type, groups: [group], contacted_at: nil, created_at: 4.months.ago) create(:plan_limits, :default_plan, ci_registered_group_runners: 1) - - skip_default_enabled_yaml_check - stub_feature_flags(ci_runner_limits_override: false) end it 'creates runner' do diff --git a/spec/requests/api/ci/runners_spec.rb b/spec/requests/api/ci/runners_spec.rb index 6879dfc9572..6ca380a3cb9 100644 --- a/spec/requests/api/ci/runners_spec.rb +++ b/spec/requests/api/ci/runners_spec.rb @@ -254,6 +254,7 @@ RSpec.describe API::Ci::Runners do expect(response).to have_gitlab_http_status(:ok) expect(json_response['description']).to eq(shared_runner.description) expect(json_response['maximum_timeout']).to be_nil + expect(json_response['status']).to eq("not_connected") end end @@ -1101,31 +1102,13 @@ RSpec.describe API::Ci::Runners do context 'when it exceeds the application limits' do before do create(:plan_limits, :default_plan, ci_registered_project_runners: 1) - - skip_default_enabled_yaml_check - stub_feature_flags(ci_runner_limits_override: ci_runner_limits_override) end - context 'with ci_runner_limits_override FF disabled' do - let(:ci_runner_limits_override) { false } - - it 'does not enable specific runner' do - expect do - post api("/projects/#{project.id}/runners", admin), params: { runner_id: new_project_runner.id } - end.not_to change { project.runners.count } - expect(response).to have_gitlab_http_status(:bad_request) - end - end - - context 'with ci_runner_limits_override FF enabled' do - let(:ci_runner_limits_override) { true } - - it 'enables specific runner' do - expect do - post api("/projects/#{project.id}/runners", admin), params: { runner_id: new_project_runner.id } - end.to change { project.runners.count } - expect(response).to have_gitlab_http_status(:created) - end + it 'does not enable specific runner' do + expect do + post api("/projects/#{project.id}/runners", admin), params: { runner_id: new_project_runner.id } + end.not_to change { project.runners.count } + expect(response).to have_gitlab_http_status(:bad_request) end end end |