Microsoft/vscode
1
0
Fork 0
mirror of https://github.com/microsoft/vscode.git synced 2026-04-27 12:04:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

GitHub - leveral repository rules for branch protection (#180416)

Browse Source 
* WIP - switching to use repository ruleset information

* Handle includes

* Refactor to add support for exclusion

* Fix exclude condition

* Fix request string

* Add logging

* Update setting description
This commit is contained in:
Ladislau Szomoru
2023-04-20 16:43:42 +02:00
committed by GitHub
parent 3f6a54de51
commit 5ea57c3b48
7 changed files with 182 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
extensions/github/src/branchProtection.ts
View File

@@ -3,11 +3,28 @@
* Licensed under the MIT License. See License.txt in the project root for license information.
*--------------------------------------------------------------------------------------------*/
import { EventEmitter, Memento, Uri, workspace } from 'vscode';
import { EventEmitter, LogOutputChannel, Memento, Uri, workspace } from 'vscode';
import { getOctokit } from './auth';
import { API, BranchProtection, BranchProtectionProvider, Repository } from './typings/git';
import { API, BranchProtection, BranchProtectionProvider, BranchProtectionRule, Repository } from './typings/git';
import { DisposableStore, getRepositoryFromUrl } from './util';
interface RepositoryRuleset {
readonly id: number;
readonly conditions: {
ref_name: {
exclude: string[];
include: string[];
};
};
readonly enforcement: 'active' | 'disabled' | 'evaluate';
readonly rules: RepositoryRule[];
readonly target: 'branch' | 'tag';
}
interface RepositoryRule {
readonly type: string;
}
export class GithubBranchProtectionProviderManager {
private readonly disposables = new DisposableStore();
@@ -21,7 +38,7 @@ export class GithubBranchProtectionProviderManager {
if (enabled) {
for (const repository of this.gitAPI.repositories) {
this.providerDisposables.add(this.gitAPI.registerBranchProtectionProvider(repository.rootUri, new GithubBranchProtectionProvider(repository, this.globalState)));
this.providerDisposables.add(this.gitAPI.registerBranchProtectionProvider(repository.rootUri, new GithubBranchProtectionProvider(repository, this.globalState, this.logger)));
}
} else {
this.providerDisposables.dispose();
@@ -30,10 +47,13 @@ export class GithubBranchProtectionProviderManager {
this._enabled = enabled;
}
constructor(private readonly gitAPI: API, private readonly globalState: Memento) {
constructor(
private readonly gitAPI: API,
private readonly globalState: Memento,
private readonly logger: LogOutputChannel) {
this.disposables.add(this.gitAPI.onDidOpenRepository(repository => {
if (this._enabled) {
this.providerDisposables.add(gitAPI.registerBranchProtectionProvider(repository.rootUri, new GithubBranchProtectionProvider(repository, this.globalState)));
this.providerDisposables.add(gitAPI.registerBranchProtectionProvider(repository.rootUri, new GithubBranchProtectionProvider(repository, this.globalState, this.logger)));
}
}));
@@ -65,7 +85,10 @@ export class GithubBranchProtectionProvider implements BranchProtectionProvider
private branchProtection: BranchProtection[];
private readonly globalStateKey = `branchProtection:${this.repository.rootUri.toString()}`;
constructor(private readonly repository: Repository, private readonly globalState: Memento) {
constructor(
private readonly repository: Repository,
private readonly globalState: Memento,
private readonly logger: LogOutputChannel) {
// Restore branch protection from global state
this.branchProtection = this.globalState.get<BranchProtection[]>(this.globalStateKey, []);
@@ -82,21 +105,76 @@ export class GithubBranchProtectionProvider implements BranchProtectionProvider
await this.updateHEADBranchProtection();
// Branch protection (remotes)
await this.updateBranchProtection();
await this.updateRepositoryBranchProtection();
}
private async checkPushPermission(repository: { owner: string; repo: string }): Promise<boolean> {
private async hasPushPermission(repository: { owner: string; repo: string }): Promise<boolean> {
try {
const octokit = await getOctokit();
const response = await octokit.repos.get({ ...repository });
return response.data.permissions?.push === true;
} catch {
// todo@lszomoru - add logging
} catch (err) {
this.logger.warn(`Failed to get repository permissions for repository (${repository.owner}/${repository.repo}): ${err.message} (${err.status})`);
return false;
}
}
private async getBranchRules(repository: { owner: string; repo: string }, branch: string): Promise<RepositoryRule[]> {
try {
const octokit = await getOctokit();
const response = await octokit.request('GET /repos/{owner}/{repo}/rules/branches/{branch}', {
...repository,
branch,
headers: {
'X-GitHub-Api-Version': '2022-11-28'
}
});
return response.data as RepositoryRule[];
} catch (err) {
this.logger.warn(`Failed to get branch rules for repository (${repository.owner}/${repository.repo}), branch (${branch}): ${err.message} (${err.status})`);
return [];
}
}
private async getRepositoryRulesets(repository: { owner: string; repo: string }): Promise<RepositoryRuleset[]> {
try {
const rulesets: RepositoryRuleset[] = [];
const octokit = await getOctokit();
for await (const response of octokit.paginate.iterator('GET /repos/{owner}/{repo}/rulesets', { ...repository, includes_parents: true })) {
if (response.status !== 200) {
continue;
}
for (const ruleset of response.data as RepositoryRuleset[]) {
if (ruleset.target !== 'branch' || ruleset.enforcement !== 'active') {
continue;
}
const response = await octokit.request('GET /repos/{owner}/{repo}/rulesets/{id}', {
...repository,
id: ruleset.id,
headers: {
'X-GitHub-Api-Version': '2022-11-28'
}
});
const rulesetWithDetails = response.data as RepositoryRuleset;
if (rulesetWithDetails?.rules.find(r => r.type === 'pull_request')) {
rulesets.push(rulesetWithDetails);
}
}
}
return rulesets;
}
catch (err) {
this.logger.warn(`Failed to get repository rulesets for repository (${repository.owner}/${repository.repo}): ${err.message} (${err.status})`);
return [];
}
}
private async updateHEADBranchProtection(): Promise<void> {
try {
const HEAD = this.repository.state.HEAD;
@@ -118,25 +196,24 @@ export class GithubBranchProtectionProvider implements BranchProtectionProvider
return;
}
if (!(await this.checkPushPermission(repository))) {
if (!(await this.hasPushPermission(repository))) {
return;
}
const octokit = await getOctokit();
const response = await octokit.repos.getBranch({ ...repository, branch: HEAD.name });
if (!response.data.protected) {
const rules = await this.getBranchRules(repository, HEAD.name);
if (!rules.find(r => r.type === 'pull_request')) {
return;
}
this.branchProtection = [{ remote: remote.name, branches: [HEAD.name] }];
this.branchProtection = [{ remote: remote.name, rules: [{ include: [HEAD.name] }] }];
this._onDidChangeBranchProtection.fire(this.repository.rootUri);
} catch {
// todo@lszomoru - add logging
} catch (err) {
// noop
this.logger.warn(`Failed to update HEAD branch protection: ${err.message} (${err.status})`);
}
}
private async updateBranchProtection(): Promise<void> {
private async updateRepositoryBranchProtection(): Promise<void> {
try {
const branchProtection: BranchProtection[] = [];
@@ -147,27 +224,38 @@ export class GithubBranchProtectionProvider implements BranchProtectionProvider
continue;
}
if (!(await this.checkPushPermission(repository))) {
if (!(await this.hasPushPermission(repository))) {
continue;
}
// Repository details
const octokit = await getOctokit();
const response = await octokit.repos.get({ ...repository });
let page = 1;
const protectedBranches: string[] = [];
// Repository rulesets
const rulesets = await this.getRepositoryRulesets(repository);
while (true) {
const response = await octokit.repos.listBranches({ ...repository, protected: true, per_page: 100, page });
if (response.data.length === 0) {
break;
const parseRef = (ref: string): string => {
if (ref.startsWith('refs/heads/')) {
return ref.substring(11);
} else if (ref === '~DEFAULT_BRANCH') {
return response.data.default_branch;
} else if (ref === '~ALL') {
return '**/*';
}
protectedBranches.push(...response.data.map(b => b.name));
page++;
return ref;
};
const rules: BranchProtectionRule[] = [];
for (const ruleset of rulesets) {
rules.push({
include: ruleset.conditions.ref_name.include.map(r => parseRef(r)),
exclude: ruleset.conditions.ref_name.exclude.map(r => parseRef(r))
});
}
branchProtection.push({ remote: remote.name, branches: protectedBranches });
branchProtection.push({ remote: remote.name, rules });
}
this.branchProtection = branchProtection;
@@ -175,8 +263,9 @@ export class GithubBranchProtectionProvider implements BranchProtectionProvider
// Save branch protection to global state
await this.globalState.update(this.globalStateKey, branchProtection);
} catch {
// todo@lszomoru - add logging
} catch (err) {
// noop
this.logger.warn(`Failed to update repository branch protection: ${err.message} (${err.status})`);
}
}

22
extensions/github/src/extension.ts
View File

@@ -3,7 +3,7 @@
* Licensed under the MIT License. See License.txt in the project root for license information.
*--------------------------------------------------------------------------------------------*/
import { commands, Disposable, ExtensionContext, extensions } from 'vscode';
import { commands, Disposable, ExtensionContext, extensions, l10n, LogLevel, LogOutputChannel, window } from 'vscode';
import { GithubRemoteSourceProvider } from './remoteSourceProvider';
import { API, GitExtension } from './typings/git';
import { registerCommands } from './commands';
@@ -15,8 +15,20 @@ import { GithubRemoteSourcePublisher } from './remoteSourcePublisher';
import { GithubBranchProtectionProviderManager } from './branchProtection';
export function activate(context: ExtensionContext): void {
context.subscriptions.push(initializeGitBaseExtension());
context.subscriptions.push(initializeGitExtension(context));
const disposables: Disposable[] = [];
context.subscriptions.push(new Disposable(() => Disposable.from(...disposables).dispose()));
const logger = window.createOutputChannel('GitHub', { log: true });
disposables.push(logger);
const onDidChangeLogLevel = (logLevel: LogLevel) => {
logger.appendLine(l10n.t('Log level: {0}', LogLevel[logLevel]));
};
disposables.push(logger.onDidChangeLogLevel(onDidChangeLogLevel));
onDidChangeLogLevel(logger.logLevel);
disposables.push(initializeGitBaseExtension());
disposables.push(initializeGitExtension(context, logger));
}
function initializeGitBaseExtension(): Disposable {
@@ -64,7 +76,7 @@ function setGitHubContext(gitAPI: API, disposables: DisposableStore) {
}
}
function initializeGitExtension(context: ExtensionContext): Disposable {
function initializeGitExtension(context: ExtensionContext, logger: LogOutputChannel): Disposable {
const disposables = new DisposableStore();
let gitExtension = extensions.getExtension<GitExtension>('vscode.git');
@@ -78,7 +90,7 @@ function initializeGitExtension(context: ExtensionContext): Disposable {
disposables.add(registerCommands(gitAPI));
disposables.add(new GithubCredentialProviderManager(gitAPI));
disposables.add(new GithubBranchProtectionProviderManager(gitAPI, context.globalState));
disposables.add(new GithubBranchProtectionProviderManager(gitAPI, context.globalState, logger));
disposables.add(gitAPI.registerPushErrorHandler(new GithubPushErrorHandler()));
disposables.add(gitAPI.registerRemoteSourcePublisher(new GithubRemoteSourcePublisher(gitAPI)));
setGitHubContext(gitAPI, disposables);

7
extensions/github/src/typings/git.d.ts vendored
View File

@@ -270,7 +270,12 @@ export interface PushErrorHandler {
export interface BranchProtection {
readonly remote: string;
readonly branches: string[];
readonly rules: BranchProtectionRule[];
}
export interface BranchProtectionRule {
readonly include?: string[];
readonly exclude?: string[];
}
export interface BranchProtectionProvider {