✨ Gitlab: add cron repos (ossf#3208)

* remove experimental flag Signed-off-by: Raghav Kaul <[email protected]> * add gitlab repos to weekly Signed-off-by: Raghav Kaul <[email protected]> * rename selected -> releasetest Signed-off-by: Raghav Kaul <[email protected]> * check repo access level for private repos Signed-off-by: Raghav Kaul <[email protected]> * Move e2e test to unit tests Signed-off-by: Raghav Kaul <[email protected]> * Require token for test Signed-off-by: Raghav Kaul <[email protected]> --------- Signed-off-by: Raghav Kaul <[email protected]>
nokia · Jun 29, 2023 · c8a7324 · c8a7324
1 parent c72cfd5
commit c8a7324
Show file tree

Hide file tree

Showing 10 changed files with 1,114 additions and 60 deletions.
diff --git a/clients/gitlabrepo/client.go b/clients/gitlabrepo/client.go
@@ -58,6 +58,20 @@ type Client struct {
 	commitDepth   int
 }
 
+var errRepoAccess = errors.New("repo inaccessible")
+
+// Raise an error if repository access level is private or disabled.
+func checkRepoInaccessible(repo *gitlab.Project) error {
+	if (repo.RepositoryAccessLevel == gitlab.PrivateAccessControl) ||
+		(repo.RepositoryAccessLevel == gitlab.DisabledAccessControl) {
+		return fmt.Errorf("%w: %s access level %s",
+			errRepoAccess, repo.PathWithNamespace, string(repo.RepositoryAccessLevel),
+		)
+	}
+
+	return nil
+}
+
 // InitRepo sets up the GitLab project in local storage for improving performance and GitLab token usage efficiency.
 func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitDepth int) error {
 	glRepo, ok := inputRepo.(*repoURL)
@@ -71,6 +85,11 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitD
 	if err != nil {
 		return sce.WithMessage(sce.ErrRepoUnreachable, proj+"\t"+err.Error())
 	}
+
+	if err = checkRepoInaccessible(repo); err != nil {
+		return sce.WithMessage(sce.ErrRepoUnreachable, err.Error())
+	}
+
 	if commitDepth <= 0 {
 		client.commitDepth = 30 // default
 	} else {

diff --git a/clients/gitlabrepo/client_e2e_test.go b/clients/gitlabrepo/client_e2e_test.go
@@ -0,0 +1,82 @@
+// Copyright 2023 OpenSSF Scorecard Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package gitlabrepo
+
+import (
+	"context"
+	"fmt"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"github.com/xanzy/go-gitlab"
+)
+
+var _ = Describe("E2E TEST: gitlabrepo.commitsHandler", func() {
+	Context("Test whether commits are listed - GitLab", func() {
+		It("returns that the repo is inaccessible", func() {
+			repo, err := MakeGitlabRepo("https://gitlab.com/fdroid/fdroidclient")
+			Expect(err).Should(BeNil())
+
+			client, err := CreateGitlabClient(context.Background(), repo.Host())
+			Expect(err).Should(BeNil())
+
+			err = client.InitRepo(repo, "a4bbef5c70fd2ac7c15437a22ef0f9ef0b447d08", 20)
+			Expect(err).Should(BeNil())
+
+			c, err := client.ListCommits()
+			Expect(err).Should(BeNil())
+
+			Expect(len(c)).Should(BeNumerically(">", 0))
+		})
+	})
+})
+
+var _ = Describe("E2E TEST: gitlabrepo.client", func() {
+	Context("checkRepoInaccessible", func() {
+		It("returns that the repo is inaccessible - GitLab", func() {
+			skipIfTokenIsNot(gitlabPATTokenType, "GitLab only")
+			repo, err := MakeGitlabRepo("https://gitlab.com/ossf-test/private-project")
+			Expect(err).Should(BeNil())
+
+			client, err := CreateGitlabClient(context.Background(), repo.Host())
+			Expect(err).Should(BeNil())
+
+			glRepo, ok := repo.(*repoURL)
+			Expect(ok).Should(BeTrue())
+
+			// Sanity check.
+			glcl, ok := client.(*Client)
+			Expect(ok).Should(BeTrue())
+
+			path := fmt.Sprintf("%s/%s", glRepo.owner, glRepo.project)
+			proj, _, err := glcl.glClient.Projects.GetProject(path, &gitlab.GetProjectOptions{})
+			Expect(err).Should(BeNil())
+
+			err = checkRepoInaccessible(proj)
+			Expect(err).ShouldNot(BeNil())
+		})
+
+		It("should initialize repos without error - GitLab", func() {
+			repo, err := MakeGitlabRepo("https://gitlab.com/fdroid/fdroidclient")
+			Expect(err).Should(BeNil())
+
+			client, err := CreateGitlabClient(context.Background(), repo.Host())
+			Expect(err).Should(BeNil())
+
+			err = client.InitRepo(repo, "a4bbef5c70fd2ac7c15437a22ef0f9ef0b447d08", 20)
+			Expect(err).Should(BeNil())
+		})
+	})
+})
diff --git a/clients/gitlabrepo/client_test.go b/clients/gitlabrepo/client_test.go
diff --git a/cron/internal/controller/Dockerfile b/cron/internal/controller/Dockerfile
@@ -32,7 +32,8 @@ RUN CGO_ENABLED=0 make build-controller
 
 FROM gcr.io/distroless/base:nonroot@sha256:99133cb0878bb1f84d1753957c6fd4b84f006f2798535de22ebf7ba170bbf434
 COPY ./cron/internal/data/projects*csv cron/internal/data/
-COPY ./cron/internal/data/gitlab-projects-selected.csv cron/internal/data/
+COPY ./cron/internal/data/gitlab-projects-releasetest.csv cron/internal/data/
+COPY ./cron/internal/data/gitlab-projects.csv cron/internal/data/
 COPY --from=shuffle /src/cron/internal/data/projects.release.csv cron/internal/data/projects.release.csv
 COPY --from=controller /src/cron/internal/controller/controller cron/internal/controller/controller
 ENTRYPOINT ["cron/internal/controller/controller"]