lib/api/ci/triggers.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

# frozen_string_literal: true

module API
  module Ci
    class Triggers < ::API::Base
      include PaginationParams

      HTTP_GITLAB_EVENT_HEADER = "HTTP_#{::Gitlab::WebHooks::GITLAB_EVENT_HEADER}".underscore.upcase

      feature_category :continuous_integration
      urgency :low

      params do
        requires :id, type: String, desc: 'The ID of a project'
      end
      resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
        desc 'Trigger a GitLab project pipeline' do
          success Entities::Ci::Pipeline
        end
        params do
          requires :ref, type: String, desc: 'The commit sha or name of a branch or tag', allow_blank: false
          requires :token, type: String, desc: 'The unique token of trigger or job token'
          optional :variables, type: Hash, desc: 'The list of variables to be injected into build'
        end
        post ":id/(ref/:ref/)trigger/pipeline", requirements: { ref: /.+/ } do
          Gitlab::QueryLimiting.disable!('https://gitlab.com/gitlab-org/gitlab/-/issues/20758')

          forbidden! if gitlab_pipeline_hook_request?

          # validate variables
          params[:variables] = params[:variables].to_h
          unless params[:variables].all? { |key, value| key.is_a?(String) && value.is_a?(String) }
            render_api_error!('variables needs to be a map of key-valued strings', 400)
          end

          project = find_project(params[:id])
          not_found! unless project

          result = ::Ci::PipelineTriggerService.new(project, nil, params).execute
          not_found! unless result

          if result.error?
            render_api_error!(result[:message], result[:http_status])
          else
            present result[:pipeline], with: Entities::Ci::Pipeline
          end
        end

        desc 'Get triggers list' do
          success Entities::Trigger
        end
        params do
          use :pagination
        end
        # rubocop: disable CodeReuse/ActiveRecord
        get ':id/triggers' do
          authenticate!
          authorize! :admin_build, user_project

          triggers = user_project.triggers.includes(:trigger_requests)

          present paginate(triggers), with: Entities::Trigger, current_user: current_user
        end
        # rubocop: enable CodeReuse/ActiveRecord

        desc 'Get specific trigger of a project' do
          success Entities::Trigger
        end
        params do
          requires :trigger_id, type: Integer, desc: 'The trigger ID'
        end
        get ':id/triggers/:trigger_id' do
          authenticate!
          authorize! :admin_build, user_project

          trigger = user_project.triggers.find(params.delete(:trigger_id))
          break not_found!('Trigger') unless trigger

          present trigger, with: Entities::Trigger, current_user: current_user
        end

        desc 'Create a trigger' do
          success Entities::Trigger
        end
        params do
          requires :description, type: String, desc: 'The trigger description'
        end
        post ':id/triggers' do
          authenticate!
          authorize! :admin_build, user_project

          trigger = user_project.triggers.create(
            declared_params(include_missing: false).merge(owner: current_user))

          if trigger.valid?
            present trigger, with: Entities::Trigger, current_user: current_user
          else
            render_validation_error!(trigger)
          end
        end

        desc 'Update a trigger' do
          success Entities::Trigger
        end
        params do
          requires :trigger_id, type: Integer,  desc: 'The trigger ID'
          optional :description, type: String,  desc: 'The trigger description'
        end
        put ':id/triggers/:trigger_id' do
          authenticate!
          authorize! :admin_build, user_project

          trigger = user_project.triggers.find(params.delete(:trigger_id))
          break not_found!('Trigger') unless trigger

          authorize! :admin_trigger, trigger

          if trigger.update(declared_params(include_missing: false))
            present trigger, with: Entities::Trigger, current_user: current_user
          else
            render_validation_error!(trigger)
          end
        end

        desc 'Delete a trigger' do
          success Entities::Trigger
        end
        params do
          requires :trigger_id, type: Integer, desc: 'The trigger ID'
        end
        delete ':id/triggers/:trigger_id' do
          authenticate!
          authorize! :admin_build, user_project

          trigger = user_project.triggers.find(params.delete(:trigger_id))
          break not_found!('Trigger') unless trigger

          destroy_conditionally!(trigger)
        end
      end

      helpers do
        def gitlab_pipeline_hook_request?
          request.get_header(HTTP_GITLAB_EVENT_HEADER) == WebHookService.hook_to_event(:pipeline_hooks)
        end
      end
    end
  end
end