gitlab-triage 1.28.0 → 1.29.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f6db21779b13563c1dd43ffbe571507967c53dc22f4a75b61d84f2c2e5181a06
-  data.tar.gz: 07141e346ff6ab3eca520ed37648b5431dd4ba54307d40358331323cc46b4ddc
+  metadata.gz: 6f594160679b71928b75f5bec0131c846d79b10cdc0cebb33388d1bc907b9769
+  data.tar.gz: 04a02e449720f03ab2820c3be0693c17486e366a7bcfe87a1c1f6e02ee6a02da
 SHA512:
-  metadata.gz: 2acf8bcde530de9eb4365393431266f1acd824cdf48b95b8a557744503ed1af1b0a968256f8756ef337cbd7ad4b54aa330efbac2fa0632fadf628616adf3abdc
-  data.tar.gz: 386c9a45639c9e8603409d573e6b16e42c3cbc8d281e7af5c5faac1fac882be40c38679d9c35dccf424bb5edd284e614287426ba8e0ac1344e6b42009458fd7a
+  metadata.gz: 44cc6360a513c7ad126ee8dbc4e5151fafbb8b4994e5e0ea84a2fdb5a32ec997271bd66ee3b065cbbbfb3e92548a38d599c025a6f32f378339522f836001cadf
+  data.tar.gz: 1177f4e8471c3fbe6606e5e0eeaee384335b327774a94574e9942d1928b7dec03c50b8c90df082091b7873f6f871c70a8b162732fa3740a222c861c1751f3f7a

data/README.md

@@ -586,6 +586,7 @@ Example:
 ```yml
 conditions:
   health_status: Any
+```
 
 > **Note:** This query is not supported using GraphQL yet.
 
@@ -628,9 +629,9 @@ conditions:
     threshold: 15
 ```
 
-##### Protected condition  
+##### Protected condition
 
-** This condition is only applicable for branches** 
+** This condition is only applicable for branches**
 
 Accept a boolean.
 If not specified, default to `false` to filter out protected branches.
@@ -731,6 +732,7 @@ Available action types:
 - [`mention` action](#mention-action)
 - [`move` action](#move-action)
 - [`comment` action](#comment-action)
+  - [`redact_confidential_resources` option](#redact-confidential-resources-option)
 - [`comment_type` action option](#comment-type-action-option)
 - [`summarize` action](#summarize-action)
 - [`comment_on_summary` action](#comment-on-summary-action)
@@ -868,6 +870,22 @@ actions:
     {{author}} Are you still interested in finishing this merge request?
 ```
 
+###### Redact confidential resources option
+
+Determines if the data of confidential resources is redacted.
+
+If the option is set to `true` or not set, data from confidential will appear as `(confidential)`. \
+When it is set to `false`, everything will be revealed and visible.
+
+Example:
+
+```yml
+actions:
+  redact_confidential_resources: false
+  comment: |
+    {{author}} Are you still interested in finishing this merge request?
+```
+
 ##### Comment type action option
 
 Determines the type of comment to be added to the resource.
@@ -1111,11 +1129,11 @@ resource_rules:
 
 **This action is only applicable for branches.**
 
-Delete the resource. 
+Delete the resource.
 
 Accept a boolean. Set to `true` to enable.
 
-Example : 
+Example :
 ```yaml
 resource_rules:
   branches:
@@ -1327,15 +1345,18 @@ Usage: gitlab-triage [options]
 
     -n, --dry-run                    Don't actually update anything, just print
     -f, --policies-file [string]     A valid policies YML file
+        --all-projects               Process all projects the token has access to
     -s, --source [type]              The source type between [ projects or groups ], default value: projects
     -i, --source-id [string]         Source ID or path
     -p, --project-id [string]        [Deprecated] A project ID or path, please use `--source-id`
+        --resource-reference [string]
+                                     Resource short-reference, e.g. #42, !33, or &99
     -t, --token [string]             A valid API token
     -H, --host-url [string]          A valid host url
     -r, --require [string]           Require a file before performing
     -d, --debug                      Print debug information
     -h, --help                       Print help message
-        --all-projects               Process all projects visible to `--token`
+    -v, --version                    Print version
         --init                       Initialize the project with a policy file
         --init-ci                    Initialize the project with a .gitlab-ci.yml file
 ```
@@ -1372,6 +1393,14 @@ For example- after cloning this project, from the root `gitlab-triage` directory
 bundle exec bin/gitlab-triage --dry-run --token $GITLAB_API_TOKEN --source-id gitlab-org/triage
 ```
 
+Triaging against specific resource:
+
+```
+gitlab-triage --dry-run --token $API_TOKEN --source-id gitlab-org/triage --resource-reference '#42'
+gitlab-triage --dry-run --token $API_TOKEN --source-id gitlab-org/triage --resource-reference '!33'
+gitlab-triage --dry-run --token $API_TOKEN --source groups --source-id gitlab-org --resource-reference '&99'
+```
+
 #### Running on GitLab CI pipeline
 
 You can enforce policies using a scheduled pipeline:

data/lib/gitlab/triage/action/comment.rb

@@ -45,7 +45,12 @@ module Gitlab
         def build_comment(resource)
           CommandBuilders::CommentCommandBuilder.new(
             [
-              CommandBuilders::TextContentBuilder.new(policy.actions[:comment], resource: resource, network: network).build_command,
+              CommandBuilders::TextContentBuilder.new(
+                policy.actions[:comment],
+                resource: resource,
+                network: network,
+                redact_confidentials: policy.actions.fetch(:redact_confidential_resources, true)
+              ).build_command,
               CommandBuilders::LabelCommandBuilder.new(policy.actions[:labels], resource: resource, network: network).build_command,
               CommandBuilders::RemoveLabelCommandBuilder.new(policy.actions[:remove_labels], resource: resource, network: network).build_command,
               CommandBuilders::CcCommandBuilder.new(policy.actions[:mention]).build_command,

data/lib/gitlab/triage/engine.rb

@@ -44,6 +44,7 @@ module Gitlab
       MILESTONE_TIMEBOX_VALUES = %w[none any upcoming started].freeze
       ITERATION_SELECTION_VALUES = %w[none any].freeze
       EpicsTriagingForProjectImpossibleError = Class.new(StandardError)
+      MultiPolicyInInjectionModeError = Class.new(StandardError)
 
       def initialize(policies:, options:, network_adapter_class: DEFAULT_NETWORK_ADAPTER, graphql_network_adapter_class: DEFAULT_GRAPHQL_ADAPTER)
         options.host_url = policies.delete(:host_url) { options.host_url }
@@ -56,21 +57,23 @@ module Gitlab
         @network_adapter_class = network_adapter_class
         @graphql_network_adapter_class = graphql_network_adapter_class
 
-        assert_all!
-        assert_project_id!
+        assert_options!
+
+        @options.source = @options.source.to_s
+
         require_ruby_files
       end
 
       def perform
         puts "Performing a dry run.\n\n" if options.dry_run
 
-        puts Gitlab::Triage::UI.header("Triaging the `#{options.source_id}` #{options.source.to_s.singularize}", char: '=')
+        puts Gitlab::Triage::UI.header("Triaging the `#{options.source_id}` #{options.source.singularize}", char: '=')
         puts
 
         resource_rules.each do |resource_type, policy_definition|
-          if resource_type == 'epics' && options.source != :groups
-            raise(EpicsTriagingForProjectImpossibleError, "Epics can only be triaged at the group level. Please set the `--source groups` option.")
-          end
+          next unless right_resource_type_for_resource_option?(resource_type)
+
+          assert_epic_rule!(resource_type)
 
           puts Gitlab::Triage::UI.header("Processing summaries & rules for #{resource_type}", char: '-')
           puts
@@ -94,22 +97,86 @@ module Gitlab
 
       private
 
-      def assert_project_id!
+      def assert_options!
+        assert_all!
+        assert_source!
+        assert_source_id!
+        assert_resource_reference!
+      end
+
+      # rubocop:disable Style/IfUnlessModifier
+      def assert_all!
+        return unless options.all
+
+        if options.source
+          raise ArgumentError, '--all-projects option cannot be used in conjunction with --source option!'
+        end
+
+        if options.source_id
+          raise ArgumentError, '--all-projects option cannot be used in conjunction with --source-id option!'
+        end
+
+        if options.resource_reference # rubocop:disable Style/GuardClause
+          raise ArgumentError, '--all-projects option cannot be used in conjunction with --resource-reference option!'
+        end
+      end
+      # rubocop:enable Style/IfUnlessModifier
+
+      def assert_source!
+        return if options.source
+        return if options.all
+
+        raise ArgumentError, 'A source is needed (pass it with the `--source` option)!'
+      end
+
+      def assert_source_id!
         return if options.source_id
         return if options.all
 
-        raise ArgumentError, 'A project_id is needed (pass it with the `--source-id` option)!'
+        raise ArgumentError, 'A project or group ID is needed (pass it with the `--source-id` option)!'
       end
 
-      def assert_all!
-        raise ArgumentError, '--all-projects option cannot be used in conjunction with --source and --source-id option!' if
-          options.all && (options.source || options.source_id)
+      def assert_resource_reference!
+        return unless options.resource_reference
+
+        if options.source == 'groups' && !options.resource_reference.start_with?('&')
+          raise ArgumentError, "--resource-reference can only start with '&' when --source=groups is passed ('#{options.resource_reference}' passed)!"
+        end
+
+        if options.source == 'projects' && !options.resource_reference.start_with?('#', '!') # rubocop:disable Style/GuardClause
+          raise(
+            ArgumentError,
+            "--resource-reference can only start with '#' or '!' when --source=projects is passed " \
+            "('#{options.resource_reference}' passed)!"
+          )
+        end
       end
 
       def require_ruby_files
         options.require_files.each(&method(:require))
       end
 
+      def right_resource_type_for_resource_option?(resource_type)
+        return true unless options.resource_reference
+
+        resource_reference = options.resource_reference
+
+        case resource_type
+        when 'issues'
+          resource_reference.start_with?('#')
+        when 'merge_requests'
+          resource_reference.start_with?('!')
+        when 'epics'
+          resource_reference.start_with?('&')
+        end
+      end
+
+      def assert_epic_rule!(resource_type)
+        return if resource_type != 'epics' || options.source == 'groups'
+
+        raise EpicsTriagingForProjectImpossibleError, "Epics can only be triaged at the group level. Please set the `--source groups` option."
+      end
+
       def resource_rules
         @resource_rules ||= policies.delete(:resource_rules) { {} }
       end
@@ -279,20 +346,8 @@ module Gitlab
         ExpandCondition.perform(rule_conditions(rule_definition)) do |expanded_conditions|
           # retrieving the resources for every rule is inefficient
           # however, previous rules may affect those upcoming
-          resources = []
-
-          if rule_definition[:api] == 'graphql'
-            graphql_query = build_graphql_query(resource_type, expanded_conditions, true)
-            resources = graphql_network.query(graphql_query, source: source_full_path)
-          else
-            resources = network.query_api(build_get_url(resource_type, expanded_conditions))
-            iids = resources.pluck('iid').map(&:to_s)
-
-            graphql_query = build_graphql_query(resource_type, expanded_conditions)
-            graphql_resources = graphql_network.query(graphql_query, source: source_full_path, iids: iids) if graphql_query.any?
-
-            decorate_resources_with_graphql_data(resources, graphql_resources)
-          end
+          resources = options.resources ||
+            fetch_resources(resource_type, expanded_conditions, rule_definition)
 
           # In some filters/actions we want to know which resource type it is
           attach_resource_type(resources, resource_type)
@@ -310,6 +365,38 @@ module Gitlab
         end
       end
 
+      def fetch_resources(resource_type, expanded_conditions, rule_definition)
+        resources = []
+
+        if rule_definition[:api] == 'graphql'
+          graphql_query_options = { source: source_full_path }
+
+          if options.resource_reference
+            expanded_conditions[:iids] = options.resource_reference[1..]
+            graphql_query_options[:iids] = [expanded_conditions[:iids]]
+          end
+
+          graphql_query = build_graphql_query(resource_type, expanded_conditions, true)
+
+          resources = graphql_network.query(graphql_query, **graphql_query_options)
+        else
+          # FIXME: Epics listing endpoint doesn't support filtering by `iids`, so instead we
+          # get a single epic when `--resource-reference` is given for epics.
+          # Because of that, the query could return a single epic, so we make sure we get an array.
+          resources = Array(network.query_api(build_get_url(resource_type, expanded_conditions)))
+
+          iids = resources.pluck('iid').map(&:to_s)
+          expanded_conditions[:iids] = iids
+
+          graphql_query = build_graphql_query(resource_type, expanded_conditions)
+          graphql_resources = graphql_network.query(graphql_query, source: source_full_path, iids: iids) if graphql_query.any?
+
+          decorate_resources_with_graphql_data(resources, graphql_resources)
+        end
+
+        resources
+      end
+
       def attach_resource_type(resources, resource_type)
         resources.each { |resource| resource[:type] = resource_type }
       end
@@ -394,6 +481,8 @@ module Gitlab
         end
       end
 
+      # rubocop:disable Metrics/AbcSize
+      # rubocop:disable Metrics/CyclomaticComplexity
       def build_get_url(resource_type, conditions)
         # Example issues query with state and labels
         # https://gitlab.com/api/v4/projects/test-triage%2Fissue-project/issues?state=open&labels=project%20label%20with%20spaces,group_label_no_spaces
@@ -402,6 +491,8 @@ module Gitlab
         }
 
         condition_builders = []
+        condition_builders << APIQueryBuilders::SingleQueryParamBuilder.new('iids', options.resource_reference[1..]) if options.resource_reference
+
         condition_builders << APIQueryBuilders::MultiQueryParamBuilder.new('labels', conditions[:labels], ',') if conditions[:labels]
 
         if conditions[:forbidden_labels]
@@ -434,15 +525,23 @@ module Gitlab
           params[condition_builder.param_name] = condition_builder.param_content
         end
 
-        UrlBuilders::UrlBuilder.new(
+        url_builder_options = {
           network_options: options,
           all: options.all,
           source: options.source,
           source_id: options.source_id,
           resource_type: resource_type,
           params: params
-        ).build
+        }
+
+        # FIXME: Epics listing endpoint doesn't support filtering by `iids`, so instead we
+        # get a single epic when `--resource-reference` is given for epics.
+        url_builder_options[:resource_id] = options.resource_reference[1..] if options.resource_reference && resource_type == 'epics'
+
+        UrlBuilders::UrlBuilder.new(url_builder_options).build
       end
+      # rubocop:enable Metrics/AbcSize
+      # rubocop:enable Metrics/CyclomaticComplexity
 
       def milestone_condition_builder(resource_type, milestone_condition)
         milestone_value = Array(milestone_condition)[0].to_s # back-compatibility

data/lib/gitlab/triage/graphql_queries/query_builder.rb

@@ -11,6 +11,10 @@ module Gitlab
           @resource_type = resource_type
           @conditions = conditions
           @graphql_only = graphql_only
+          @resource_declarations = [
+            '$source: ID!',
+            '$after: String'
+          ]
         end
 
         def resource_path
@@ -26,8 +30,7 @@ module Gitlab
             resource_type: resource_type.to_s.camelize(:lower),
             resource_fields: resource_fields.join(' '),
             resource_query: resource_query,
-            iids_declaration: graphql_only ? nil : ', $iids: [String!]',
-            iids_query: graphql_only ? nil : ', iids: $iids'
+            resource_declarations: resource_declarations.join(', ')
           )
         end
 
@@ -35,13 +38,13 @@ module Gitlab
 
         private
 
-        attr_reader :source_type, :resource_type, :conditions, :graphql_only
+        attr_reader :source_type, :resource_type, :conditions, :graphql_only, :resource_declarations
 
         BASE_QUERY = <<~GRAPHQL.freeze
-          query($source: ID!, $after: String%{iids_declaration}) {
+          query(%{resource_declarations}) {
             %{source_type}(fullPath: $source) {
               id
-              %{resource_type}(after: $after%{iids_query}%{resource_query}) {
+              %{resource_type}(after: $after%{resource_query}) {
                 pageInfo {
                   hasNextPage
                   endCursor
@@ -86,6 +89,11 @@ module Gitlab
             condition_queries << QueryParamBuilders::BaseParamBuilder.new('milestoneTitle', condition_params) if condition.to_s == 'milestone'
             condition_queries << QueryParamBuilders::BaseParamBuilder.new('state', condition_params, with_quotes: false) if condition.to_s == 'state'
 
+            if condition.to_s == 'iids'
+              @resource_declarations << '$iids: [String!]'
+              condition_queries << QueryParamBuilders::BaseParamBuilder.new('iids', '$iids', with_quotes: false)
+            end
+
             case resource_type
             when 'issues'
               condition_queries << issues_label_query(condition, condition_params)

data/lib/gitlab/triage/option_parser.rb

@@ -43,6 +43,10 @@ module Gitlab
               options.source_id = value
             end
 
+            opts.on('--resource-reference [string]', String, 'Resource short-reference, e.g. #42, !33, or &99') do |value|
+              options.resource_reference = value
+            end
+
             opts.on('-t', '--token [string]', String, 'A valid API token') do |value|
               options.token = value
             end

data/lib/gitlab/triage/options.rb

@@ -3,9 +3,11 @@ module Gitlab
     Options = Struct.new(
       :dry_run,
       :policies_files,
+      :resources,
       :all,
       :source,
       :source_id,
+      :resource_reference,
       :token,
       :debug,
       :host_url,

data/lib/gitlab/triage/ui.rb

@@ -14,6 +14,10 @@ module Gitlab
       def self.warn(text)
         "[WARNING] #{text}"
       end
+
+      def self.error(text)
+        "[ERROR] #{text}"
+      end
     end
   end
 end

data/lib/gitlab/triage/version.rb

@@ -2,6 +2,6 @@
 
 module Gitlab
   module Triage
-    VERSION = '1.28.0'
+    VERSION = '1.29.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-triage
 version: !ruby/object:Gem::Version
-  version: 1.28.0
+  version: 1.29.0
 platform: ruby
 authors:
 - GitLab
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-12-29 00:00:00.000000000 Z
+date: 2023-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport