diff --git a/action/repo/add.go b/action/repo/add.go index ffad19ac..9aafdabd 100644 --- a/action/repo/add.go +++ b/action/repo/add.go @@ -39,6 +39,7 @@ func (c *Config) Add(client *vela.Client) error { Trusted: vela.Bool(c.Trusted), Active: vela.Bool(c.Active), PipelineType: vela.String(c.PipelineType), + ApproveBuild: vela.String(c.ApproveBuild), } logrus.Tracef("adding repo %s/%s", c.Org, c.Name) diff --git a/action/repo/add_test.go b/action/repo/add_test.go index f2a1bcbd..7e292b34 100644 --- a/action/repo/add_test.go +++ b/action/repo/add_test.go @@ -47,6 +47,7 @@ func TestRepo_Config_Add(t *testing.T) { Active: true, Events: []string{"push", "pull_request", "comment", "deployment", "tag"}, PipelineType: "yaml", + ApproveBuild: "fork-always", Output: "", }, }, @@ -88,6 +89,7 @@ func TestRepo_Config_Add(t *testing.T) { Active: true, Events: []string{"push", "pull_request", "comment", "deployment", "tag"}, PipelineType: "yaml", + ApproveBuild: "fork-no-write", Output: "json", }, }, @@ -130,6 +132,7 @@ func TestRepo_Config_Add(t *testing.T) { Active: true, Events: []string{"push", "pull_request", "comment", "deployment", "tag"}, PipelineType: "yaml", + ApproveBuild: "never", Output: "yaml", }, }, diff --git a/action/repo/repo.go b/action/repo/repo.go index 9157fc28..afcaa359 100644 --- a/action/repo/repo.go +++ b/action/repo/repo.go @@ -20,6 +20,7 @@ type Config struct { Active bool Events []string PipelineType string + ApproveBuild string Page int PerPage int Output string diff --git a/action/repo/update.go b/action/repo/update.go index 027338f1..0d767271 100644 --- a/action/repo/update.go +++ b/action/repo/update.go @@ -37,6 +37,7 @@ func (c *Config) Update(client *vela.Client) error { Trusted: vela.Bool(c.Trusted), Active: vela.Bool(c.Active), PipelineType: vela.String(c.PipelineType), + ApproveBuild: vela.String(c.ApproveBuild), } if len(c.Events) > 0 { diff --git a/action/repo/update_test.go b/action/repo/update_test.go index bba236d7..05a27cc7 100644 --- a/action/repo/update_test.go +++ b/action/repo/update_test.go @@ -43,6 +43,7 @@ func TestRepo_Config_Update(t *testing.T) { Active: true, Events: []string{"push", "pull_request", "comment", "deployment", "tag"}, PipelineType: "yaml", + ApproveBuild: "fork-always", Output: "", }, }, @@ -82,6 +83,7 @@ func TestRepo_Config_Update(t *testing.T) { Active: true, Events: []string{"push", "pull_request", "comment", "deployment", "tag"}, PipelineType: "yaml", + ApproveBuild: "fork-no-write", Output: "json", }, }, @@ -122,6 +124,7 @@ func TestRepo_Config_Update(t *testing.T) { Active: true, Events: []string{"push", "pull_request", "comment", "deployment", "tag"}, PipelineType: "yaml", + ApproveBuild: "never", Output: "yaml", }, }, diff --git a/action/repo/validate.go b/action/repo/validate.go index 0096f0f5..ac996431 100644 --- a/action/repo/validate.go +++ b/action/repo/validate.go @@ -5,6 +5,7 @@ package repo import ( "fmt" + "github.com/go-vela/types/constants" "github.com/sirupsen/logrus" ) @@ -28,5 +29,20 @@ func (c *Config) Validate() error { } } + // check if approve build setting is valid if supplied + if c.Action == "add" || c.Action == "update" { + if len(c.ApproveBuild) > 0 && + c.ApproveBuild != constants.ApproveForkAlways && + c.ApproveBuild != constants.ApproveForkNoWrite && + c.ApproveBuild != constants.ApproveNever { + return fmt.Errorf( + "invalid input for approve-build: must be `%s`, `%s`, or `%s`", + constants.ApproveForkAlways, + constants.ApproveForkNoWrite, + constants.ApproveNever, + ) + } + } + return nil } diff --git a/action/repo/validate_test.go b/action/repo/validate_test.go index 56c3321a..b0948015 100644 --- a/action/repo/validate_test.go +++ b/action/repo/validate_test.go @@ -30,6 +30,16 @@ func TestRepo_Config_Validate(t *testing.T) { Output: "", }, }, + { + failure: true, + config: &Config{ + Action: "add", + Org: "github", + Name: "octocat", + ApproveBuild: "invalid", + Events: []string{"push", "pull_request", "comment", "deployment", "tag"}, + }, + }, { failure: false, config: &Config{ @@ -70,19 +80,30 @@ func TestRepo_Config_Validate(t *testing.T) { { failure: false, config: &Config{ - Action: "update", - Org: "github", - Name: "octocat", - Link: "https://github.com/github/octocat", - Clone: "https://github.com/github/octocat.git", - Branch: "main", - Timeout: 60, - Visibility: "public", - Private: false, - Trusted: false, - Active: true, - Events: []string{"push", "pull_request", "comment", "deployment", "tag"}, - Output: "", + Action: "update", + Org: "github", + Name: "octocat", + Link: "https://github.com/github/octocat", + Clone: "https://github.com/github/octocat.git", + Branch: "main", + Timeout: 60, + Visibility: "public", + Private: false, + Trusted: false, + Active: true, + Events: []string{"push", "pull_request", "comment", "deployment", "tag"}, + ApproveBuild: "fork-no-write", + Output: "", + }, + }, + { + failure: true, + config: &Config{ + Action: "update", + Org: "github", + Name: "octocat", + ApproveBuild: "invalid", + Events: []string{"push", "pull_request", "comment", "deployment", "tag"}, }, }, { diff --git a/command/repo/add.go b/command/repo/add.go index 94a4e9c0..c2d78b96 100644 --- a/command/repo/add.go +++ b/command/repo/add.go @@ -1,5 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 +//nolint:dupl // ignore duplicate of update package repo import ( @@ -115,6 +116,12 @@ var CommandAdd = &cli.Command{ Usage: "type of base pipeline for the compiler to render", Value: constants.PipelineTypeYAML, }, + &cli.StringFlag{ + EnvVars: []string{"VELA_APPROVE_BUILD", "REPO_APPROVE_BUILD"}, + Name: "approve-build", + Aliases: []string{"ab", "approve-build-setting"}, + Usage: "when to require admin approval to run builds from outside contributors (`fork-always`, `fork-no-write`, or `never`)", + }, // Output Flags @@ -139,6 +146,8 @@ EXAMPLES: $ {{.HelpName}} --org MyOrg --repo MyRepo --counter 90 6. Add a repository with a starlark pipeline file. $ {{.HelpName}} --org MyOrg --repo MyRepo --pipeline-type starlark + 7. Add a repository with approve build setting set to fork-no-write. + $ {{.HelpName}} --org MyOrg --repo MyRepo --approve-build fork-no-write DOCUMENTATION: @@ -182,6 +191,7 @@ func add(c *cli.Context) error { Active: c.Bool("active"), Events: c.StringSlice("event"), PipelineType: c.String("pipeline-type"), + ApproveBuild: c.String("approve-build"), Output: c.String(internal.FlagOutput), } diff --git a/command/repo/update.go b/command/repo/update.go index 244acf9e..6228988c 100644 --- a/command/repo/update.go +++ b/command/repo/update.go @@ -1,5 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 +//nolint:dupl // ignore duplicate of add package repo import ( @@ -115,6 +116,12 @@ var CommandUpdate = &cli.Command{ Usage: "type of base pipeline for the compiler to render", Value: constants.PipelineTypeYAML, }, + &cli.StringFlag{ + EnvVars: []string{"VELA_APPROVE_BUILD", "REPO_APPROVE_BUILD"}, + Name: "approve-build", + Aliases: []string{"ab", "approve-build-setting"}, + Usage: "when to require admin approval to run builds from outside contributors (`fork-always`, `fork-no-write`, or `never`)", + }, // Output Flags @@ -137,6 +144,8 @@ EXAMPLES: $ {{.HelpName}} 5. Update a repository with a new build number. $ {{.HelpName}} --org MyOrg --repo MyRepo --counter 200 + 6. Update a repository with approve build setting set to fork-always. + $ {{.HelpName}} --org MyOrg --repo MyRepo --approve-build fork-always DOCUMENTATION: @@ -180,6 +189,7 @@ func update(c *cli.Context) error { Active: c.Bool("active"), Events: c.StringSlice("event"), PipelineType: c.String("pipeline-type"), + ApproveBuild: c.String("approve-build"), Output: c.String(internal.FlagOutput), }