Commit 2edc0214 authored by Matija Čupić's avatar Matija Čupić

Prevent creating pipelines with ambiguous refs

parent 1bf58068
...@@ -17,7 +17,6 @@ module Gitlab ...@@ -17,7 +17,6 @@ module Gitlab
user: @command.current_user, user: @command.current_user,
pipeline_schedule: @command.schedule, pipeline_schedule: @command.schedule,
merge_request: @command.merge_request, merge_request: @command.merge_request,
protected: @command.protected_ref?,
variables_attributes: Array(@command.variables_attributes) variables_attributes: Array(@command.variables_attributes)
) )
......
...@@ -51,12 +51,6 @@ module Gitlab ...@@ -51,12 +51,6 @@ module Gitlab
def before_sha def before_sha
self[:before_sha] || checkout_sha || Gitlab::Git::BLANK_SHA self[:before_sha] || checkout_sha || Gitlab::Git::BLANK_SHA
end end
def protected_ref?
strong_memoize(:protected_ref) do
project.protected_for?(origin_ref)
end
end
end end
end end
end end
......
...@@ -18,6 +18,11 @@ module Gitlab ...@@ -18,6 +18,11 @@ module Gitlab
# #
@command.seeds_block&.call(pipeline) @command.seeds_block&.call(pipeline)
##
# Populate pipeline protected status
#
pipeline.protected = @command.project.protected_for?(@command.origin_ref)
## ##
# Populate pipeline with all stages, and stages with builds. # Populate pipeline with all stages, and stages with builds.
# #
......
...@@ -31,7 +31,7 @@ module Gitlab ...@@ -31,7 +31,7 @@ module Gitlab
if current_user if current_user
allowed_to_create? allowed_to_create?
else # legacy triggers don't have a corresponding user else # legacy triggers don't have a corresponding user
!@command.protected_ref? !@command.project.protected_for?(@command.origin_ref)
end end
end end
......
...@@ -16,6 +16,12 @@ module Gitlab ...@@ -16,6 +16,12 @@ module Gitlab
unless @command.sha unless @command.sha
return error('Commit not found') return error('Commit not found')
end end
begin
@command.project.resolve_ref(@command.origin_ref)
rescue Project::AmbiguousRef
return error('Ref is ambiguous')
end
end end
def break? def break?
......
...@@ -160,26 +160,4 @@ describe Gitlab::Ci::Pipeline::Chain::Command do ...@@ -160,26 +160,4 @@ describe Gitlab::Ci::Pipeline::Chain::Command do
end end
end end
end end
describe '#protected_ref?' do
let(:command) { described_class.new(project: project, origin_ref: 'my-branch') }
subject { command.protected_ref? }
context 'when a ref is protected' do
before do
expect_any_instance_of(Project).to receive(:protected_for?).with('my-branch').and_return(true)
end
it { is_expected.to eq(true) }
end
context 'when a ref is unprotected' do
before do
expect_any_instance_of(Project).to receive(:protected_for?).with('my-branch').and_return(false)
end
it { is_expected.to eq(false) }
end
end
end end
...@@ -14,6 +14,7 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do ...@@ -14,6 +14,7 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do
Gitlab::Ci::Pipeline::Chain::Command.new( Gitlab::Ci::Pipeline::Chain::Command.new(
project: project, project: project,
current_user: user, current_user: user,
origin_ref: 'master',
seeds_block: nil) seeds_block: nil)
end end
...@@ -106,6 +107,7 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do ...@@ -106,6 +107,7 @@ describe Gitlab::Ci::Pipeline::Chain::Populate do
Gitlab::Ci::Pipeline::Chain::Command.new( Gitlab::Ci::Pipeline::Chain::Command.new(
project: project, project: project,
current_user: user, current_user: user,
origin_ref: 'master',
seeds_block: seeds_block) seeds_block: seeds_block)
end end
......
...@@ -42,6 +42,27 @@ describe Gitlab::Ci::Pipeline::Chain::Validate::Repository do ...@@ -42,6 +42,27 @@ describe Gitlab::Ci::Pipeline::Chain::Validate::Repository do
end end
end end
context 'when ref is ambiguous' do
let(:project) do
p = create(:project, :repository)
p.repository.add_tag(user, 'master', 'master')
p
end
let(:command) do
Gitlab::Ci::Pipeline::Chain::Command.new(
project: project, current_user: user, origin_ref: 'master')
end
it 'breaks the chain' do
expect(step.break?).to be true
end
it 'adds an error about missing ref' do
expect(pipeline.errors.to_a)
.to include 'Ref is ambiguous'
end
end
context 'when does not have existing SHA set' do context 'when does not have existing SHA set' do
let(:command) do let(:command) do
Gitlab::Ci::Pipeline::Chain::Command.new( Gitlab::Ci::Pipeline::Chain::Command.new(
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment