cyclid 0.2.1 → 0.2.2

data/app/cyclid/plugins/api/github/config.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+# Copyright 2016 Liqwyd Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative 'oauth'
+
+# Top level module for the core Cyclid code.
+module Cyclid
+  # Module for the Cyclid API
+  module API
+    # Module for Cyclid Plugins
+    module Plugins
+      # Container for the Sinatra related controllers modules
+      module ApiExtension
+        # Github plugin method callbacks
+        module GithubMethods
+          # Plugin configuration methods
+          module Config
+            # Load the config for the Github plugin and set defaults if they're not
+            # in the config
+            def load_github_config(config)
+              config.symbolize_keys!
+
+              server_config = config[:github] || {}
+              Cyclid.logger.debug "config=#{server_config}"
+
+              server_config.symbolize_keys
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/cyclid/plugins/api/github/helpers.rb

@@ -0,0 +1,139 @@
+# frozen_string_literal: true
+# Copyright 2016 Liqwyd Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Top level module for the core Cyclid code.
+module Cyclid
+  # Module for the Cyclid API
+  module API
+    # Module for Cyclid Plugins
+    module Plugins
+      # Container for the Sinatra related controllers modules
+      module ApiExtension
+        # Github plugin method callbacks
+        module GithubMethods
+          # Github event handler helper methods
+          module Helpers
+            def pull_request
+              @pr ||= @payload['pull_request']
+            end
+
+            def pr_clone_url
+              pull_request['base']['repo']['html_url']
+            end
+
+            def pr_head
+              @pr_head ||= pull_request['head']
+            end
+
+            def pr_sha
+              pr_head['sha']
+            end
+
+            def pr_ref
+              pr_head['ref']
+            end
+
+            def pr_repo
+              @pr_repo ||= pr_head['repo']
+            end
+
+            def pr_status_url
+              url = pr_repo['statuses_url']
+              @pr_status_url ||= url.gsub('{sha}', pr_sha)
+            end
+
+            def pr_trees_url
+              url = pr_repo['trees_url']
+              @pr_trees_url ||= url.gsub('{/sha}', "/#{pr_sha}")
+            end
+
+            def pr_repository
+              @repo ||= Octokit::Repository.from_url(pr_clone_url)
+            end
+
+            def push_head_commit
+              @head_commit ||= @payload['head_commit']
+            end
+
+            def push_ref
+              @payload['ref']
+            end
+
+            def push_sha
+              @push_sha ||= push_head_commit['id']
+            end
+
+            def push_clone_url
+              @push_clone_url ||= @payload['repository']['html_url']
+            end
+
+            def push_repository
+              @push_repo ||= Octokit::Repository.from_url(push_clone_url)
+            end
+
+            def find_oauth_token(config, clone_url)
+              # Get an OAuth token, if one is set for this repo
+              Cyclid.logger.debug "attempting to find auth token for #{clone_url}"
+              auth_token = nil
+              config['repository_tokens'].each do |entry|
+                entry_url = URI(entry['url'])
+                auth_token = entry['token'] if entry_url.host == clone_url.host && \
+                                               entry_url.path == clone_url.path
+              end
+              # If we didn't find a token specifically for this repository, use
+              # the organization OAuth token
+              auth_token = config['oauth_token'] if auth_token.nil?
+
+              return auth_token
+            end
+
+            def find_job_file(tree)
+              # See if a .cyclid.yml or .cyclid.json file exists in the project
+              # root
+              sha = nil
+              type = nil
+              tree['tree'].each do |file|
+                match = file['path'].match(/\A\.cyclid\.(json|yml)\z/)
+                next unless match
+
+                sha = file['sha']
+                type = match[1]
+                break
+              end
+              [sha, type]
+            end
+
+            def load_job_file(repo, sha, type)
+              blob = @client.blob(repo, sha)
+              case type
+              when 'json'
+                Oj.load(Base64.decode64(blob.content))
+              when 'yml'
+                YAML.load(Base64.decode64(blob.content))
+              end
+            end
+
+            # Generate a "state" key that can be passed to the OAuth endpoints
+            def oauth_state
+              org = retrieve_organization
+              state = "#{org.name}:#{org.salt}:#{org.owner_email}"
+              Base64.urlsafe_encode64(Digest::SHA256.digest(state))
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/cyclid/plugins/api/github/methods.rb

@@ -13,6 +13,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require_relative 'helpers'
+require_relative 'config'
+require_relative 'oauth'
+require_relative 'pull_request'
+require_relative 'push'
+
 # Top level module for the core Cyclid code.
 module Cyclid
   # Module for the Cyclid API
@@ -25,6 +31,12 @@ module Cyclid
         module GithubMethods
           include Methods
 
+          include Helpers
+          include Config
+          include OAuth
+          include PullRequest
+          include Push
+
           # Return a reference to the plugin that is associated with this
           # controller; used by the lower level code.
           def controller_plugin
@@ -32,7 +44,7 @@ module Cyclid
           end
 
           # HTTP POST callback
-          def post(data, headers, config)
+          def post(headers, config)
             return_failure(400, 'no event specified') \
               unless headers.include? 'X-Github-Event'
 
@@ -47,7 +59,9 @@ module Cyclid
 
             case event
             when 'pull_request'
-              result = gh_pull_request(data, config)
+              result = event_pull_request(config)
+            when 'push'
+              result = event_push(config)
             when 'ping'
               result = true
             when 'status'
@@ -58,142 +72,6 @@ module Cyclid
 
             return result
           end
-
-          # Handle a Github Pull Request event
-          def gh_pull_request(data, config)
-            action = data['action'] || nil
-            pr = data['pull_request'] || nil
-
-            Cyclid.logger.debug "action=#{action}"
-            return true unless action == 'opened' \
-                            or action == 'reopened' \
-                            or action == 'synchronize'
-
-            # Get the list of files in the root of the repository in the
-            # Pull Request branch
-            html_url = URI(pr['base']['repo']['html_url'])
-            pr_sha = pr['head']['sha']
-            ref = pr['head']['ref']
-
-            Cyclid.logger.debug "sha=#{pr_sha} ref=#{ref}"
-
-            # Get some useful endpoints & interpolate the SHA for this PR
-            url = pr['head']['repo']['statuses_url']
-            statuses = url.gsub('{sha}', pr_sha)
-
-            url = pr['head']['repo']['trees_url']
-            trees = url.gsub('{/sha}', "/#{pr_sha}")
-
-            # Get an OAuth token, if one is set for this repo
-            Cyclid.logger.debug "attempting to find auth token for #{html_url}"
-            auth_token = nil
-            config['repository_tokens'].each do |entry|
-              entry_url = URI(entry['url'])
-              auth_token = entry['token'] if entry_url.host == html_url.host && \
-                                             entry_url.path == html_url.path
-            end
-
-            # XXX We probably don't want to be logging auth tokens in plain text
-            Cyclid.logger.debug "auth token=#{auth_token}"
-
-            # Set the PR to 'pending'
-            GithubStatus.set_status(statuses, auth_token, 'pending', 'Preparing build')
-
-            # Get the Pull Request
-            begin
-              trees_url = URI(trees)
-              Cyclid.logger.debug "Getting root for #{trees_url}"
-
-              request = Net::HTTP::Get.new(trees_url)
-              request.add_field('Authorization', "token #{auth_token}") \
-                unless auth_token.nil?
-
-              http = Net::HTTP.new(trees_url.hostname, trees_url.port)
-              http.use_ssl = (trees_url.scheme == 'https')
-              response = http.request(request)
-
-              Cyclid.logger.debug response.inspect
-              raise "couldn't get repository root" \
-                unless response.code == '200'
-
-              root = Oj.load response.body
-            rescue StandardError => ex
-              Cyclid.logger.error "failed to retrieve Pull Request root: #{ex}"
-              return_failure(500, 'could not retrieve Pull Request root')
-            end
-
-            # See if a .cyclid.yml or .cyclid.json file exists in the project
-            # root
-            job_url = nil
-            job_type = nil
-            root['tree'].each do |file|
-              match = file['path'].match(/\A\.cyclid\.(json|yml)\z/)
-              next unless match
-
-              job_url = URI(file['url'])
-              job_type = match[1]
-            end
-
-            Cyclid.logger.debug "job_url=#{job_url}"
-
-            if job_url.nil?
-              GithubStatus.set_status(statuses, auth_token, 'error', 'No Cyclid job file found')
-              return_failure(400, 'not a Cyclid repository')
-            end
-
-            # Pull down the job file
-            begin
-              Cyclid.logger.info "Retrieving PR job from #{job_url}"
-
-              request = Net::HTTP::Get.new(job_url)
-              request.add_field('Authorization', "token #{auth_token}") \
-                unless auth_token.nil?
-
-              http = Net::HTTP.new(job_url.hostname, job_url.port)
-              http.use_ssl = (job_url.scheme == 'https')
-              response = http.request(request)
-              raise "couldn't get Cyclid job" unless response.code == '200'
-
-              job_blob = Oj.load response.body
-              case job_type
-              when 'json'
-                job_definition = Oj.load(Base64.decode64(job_blob['content']))
-              when 'yml'
-                job_definition = YAML.load(Base64.decode64(job_blob['content']))
-              end
-
-              # Insert this repository & branch into the sources
-              #
-              # XXX Could this cause collisions between the existing sources in
-              # the job definition? Not entirely sure what the workflow will
-              # look like.
-              job_sources = job_definition['sources'] || []
-              job_sources << { 'type' => 'git',
-                               'url' => html_url.to_s,
-                               'branch' => ref,
-                               'token' => auth_token }
-              job_definition['sources'] = job_sources
-
-              Cyclid.logger.debug "sources=#{job_definition['sources']}"
-            rescue StandardError => ex
-              GithubStatus.set_status(statuses,
-                                      auth_token,
-                                      'error',
-                                      "Couldn't retrieve Cyclid job file")
-              Cyclid.logger.error "failed to retrieve Github Pull Request job: #{ex}"
-              raise
-            end
-
-            Cyclid.logger.debug "job_definition=#{job_definition}"
-
-            begin
-              callback = GithubCallback.new(statuses, auth_token)
-              job_from_definition(job_definition, callback)
-            rescue StandardError => ex
-              GithubStatus.set_status(statuses, auth_token, 'failure', ex)
-              return_failure(500, 'job failed')
-            end
-          end
         end
       end
     end

data/app/cyclid/plugins/api/github/oauth.rb

@@ -0,0 +1,117 @@
+# frozen_string_literal: true
+# Copyright 2016 Liqwyd Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Top level module for the core Cyclid code.
+module Cyclid
+  # Module for the Cyclid API
+  module API
+    # Module for Cyclid Plugins
+    module Plugins
+      # Container for the Sinatra related controllers modules
+      module ApiExtension
+        # Github plugin method callbacks
+        module GithubMethods
+          # OAuth related methods
+          module OAuth
+            # Begin the OAuth authentication flow
+            def oauth_request(_headers, _config)
+              Cyclid.logger.debug('OAuth request')
+              # authorize('get')
+
+              begin
+                # Retrieve the plugin configuration
+                plugins_config = Cyclid.config.plugins
+                github_config = load_github_config(plugins_config)
+
+                api_url = github_config[:api_url]
+                redirect_uri = "#{api_url}/organizations/#{organization_name}" \
+                               '/plugins/github/oauth/callback'
+
+                # Redirect the user to the Github OAuth authorization endpoint
+                u = URI.parse('https://github.com/login/oauth/authorize')
+                u.query = URI.encode_www_form(client_id: github_config[:client_id],
+                                              scope: 'repo',
+                                              state: oauth_state,
+                                              redirect_uri: redirect_uri)
+                redirect u
+              rescue StandardError => ex
+                Cyclid.logger.debug "OAuth redirect failed: #{ex}"
+                return_failure(500, 'OAuth redirect failed')
+              end
+            end
+
+            # OAuth authentication callback
+            def oauth_callback(_headers, _config)
+              Cyclid.logger.debug('OAuth callback')
+
+              return_failure(500, 'Github OAuth response does not provide a code') \
+                unless params.key? 'code'
+
+              state = oauth_state
+
+              return_failure(500, 'Github OAuth response does not provide a valid state') \
+                unless params.key? 'state' or params['state'] != state
+
+              begin
+                # Retrieve the plugin configuration
+                plugins_config = Cyclid.config.plugins
+                github_config = load_github_config(plugins_config)
+
+                # Exchange the code for a bearer token
+                u = URI.parse('https://github.com/login/oauth/access_token')
+                u.query = URI.encode_www_form(client_id: github_config[:client_id],
+                                              client_secret: github_config[:client_secret],
+                                              state: state,
+                                              code: params['code'])
+
+                request = Net::HTTP::Post.new(u)
+                request['Accept'] = 'application/json'
+                http = Net::HTTP.new(u.hostname, u.port)
+                http.use_ssl = (u.scheme == 'https')
+                response = http.request(request)
+              rescue StandardError => ex
+                Cyclid.logger.debug "failed to request OAuth token: #{ex}"
+                return_failure(500, 'could not complete OAuth token exchange')
+              end
+
+              return_failure(500, "couldn't get OAuth token") \
+                unless response.code == '200'
+
+              # Parse the response and extract the OAuth token
+              begin
+                token = JSON.parse(response.body, symbolize_names: true)
+                access_token = token[:access_token]
+              rescue StandardError => ex
+                Cyclid.logger.debug "failed to parse OAuth response: #{ex}"
+                return_failure(500, 'failed to parse OAuth response')
+              end
+
+              # XXX Encrypt the token
+              begin
+                org = retrieve_organization
+                controller_plugin.set_config({ oauth_token: access_token }, org)
+              rescue StandardError => ex
+                Cyclid.logger.debug "failed to set plugin configuration: #{ex}"
+              end
+
+              # Redirect to something worth looking at
+              redirect github_config[:ui_url]
+            end
+          end
+        end
+      end
+    end
+  end
+end