pact_broker 2.108.0 → 2.109.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 79ce9d64a823a800533d3312f75b9e008d621833683e1f1424827fdf146ae855
-  data.tar.gz: 46c802480921553348daf0f3db5af2cbd94dd0a3b40de7db29f7137846768b93
+  metadata.gz: a915f7f2cb962cfc2d315338305f170cc875746ce0567826b54a8245dc06afa9
+  data.tar.gz: 3f2db5d2e4c1a5ece6b6b5fef712f3bbcaf85eae49856b9309632ff525d23173
 SHA512:
-  metadata.gz: 2fc7c186cd8b1174668c97724e9065bf417768ec854726d3651a1ad1c13908adaa6ad36979f17be05483208fab304dad25f19dc8e31c085c685fc73c9539192e
-  data.tar.gz: bbb31b5fde13172358084bd35e3d52161a4440f91c2363ed337f7aa5512e8669cc39a323ae7f970016924a669de4eedb35d891a3ce95cadea850032a97c995dd
+  metadata.gz: 4cc5845f6611967e5a33865b05da2a214d8fa2d28762943ea4f112bab8a02163830acde551342486cb2b03690564b8a33eb3e5242afd93bc5e70249c1416ca56
+  data.tar.gz: 12f531f2a74c399bc48a26b7afb82e68453b35764c3f5aca5434a1fc55c9f377590508ea6ee41840547652ce240cce2dc4d244d88e4fc2b4074b8c8a8f441dfb

data/CHANGELOG.md

@@ -1,3 +1,16 @@
+<a name="v2.109.0"></a>
+### v2.109.0 (2024-02-01)
+
+#### Features
+
+* use SemanticLogger for Padrino (#662)	 ([5d9d7002](/../../commit/5d9d7002))
+* improve performance of publication for very large pacts by calculating the content SHA only once per request	 ([a947e409](/../../commit/a947e409))
+
+#### Bug Fixes
+
+* pass in environment to environment policy when getting an individual environment	 ([5c386a43](/../../commit/5c386a43))
+* Dockerfile to reduce vulnerabilities (#650)	 ([9aaa3484](/../../commit/9aaa3484))
+
 <a name="v2.108.0"></a>
 ### v2.108.0 (2024-01-05)
 

data/Gemfile

@@ -2,8 +2,6 @@ source "https://rubygems.org"
 
 gemspec
 
-# While https://github.com/brandonhilkert/sucker_punch/pull/253 is outstanding
-gem "sucker_punch", git: "https://github.com/pact-foundation/sucker_punch.git", ref: "fix/rename-is-singleton-class-method-2"
 
 gem "rake", "~>12.3.3"
 gem "sqlite3", "~>1.3"

data/lib/pact_broker/api/decorators/publish_contract_decorator.rb

@@ -11,8 +11,13 @@ module PactBroker
         property :provider_name
         property :specification
         property :content_type
-        property :decoded_content
+        property :decoded_content, setter: -> (fragment:, represented:, user_options:, **) {
+          represented.decoded_content = fragment
+          # Set the pact version sha when we set the content
+          represented.pact_version_sha = user_options.fetch(:sha_generator).call(fragment)
+        }
         property :on_conflict, default: "overwrite"
+
       end
     end
   end

data/lib/pact_broker/api/decorators/webhook_decorator.rb

@@ -16,7 +16,7 @@ module PactBroker
           property :name
         end
 
-        property :uuid
+        property :uuid, writeable: false
 
         property :description, getter: lambda { |represented:, **| represented.display_description }
 

data/lib/pact_broker/api/resources/environment.rb

@@ -42,6 +42,10 @@ module PactBroker
           :'deployments::environment'
         end
 
+        def policy_record
+          environment
+        end
+
         def to_json
           decorator_class(:environment_decorator).new(environment).to_json(**decorator_options)
         end

data/lib/pact_broker/api/resources/pact.rb

@@ -71,9 +71,9 @@ module PactBroker
           subscribe(PactBroker::Integrations::EventListener.new) do
             handle_webhook_events do
               if request.patch? && resource_exists?
-                @pact = pact_service.merge_pact(pact_params)
+                @pact = pact_service.merge_pact(pact_params.merge(pact_version_sha: pact_version_sha))
               else
-                @pact = pact_service.create_or_update_pact(pact_params)
+                @pact = pact_service.create_or_update_pact(pact_params.merge(pact_version_sha: pact_version_sha))
               end
             end
           end
@@ -114,7 +114,7 @@ module PactBroker
         end
 
         def disallowed_modification?
-          if request.really_put? && pact_service.disallowed_modification?(pact, pact_params.json_content)
+          if request.really_put? && pact_service.disallowed_modification?(pact, pact_version_sha)
             message_params = { consumer_name: pact_params.consumer_name, consumer_version_number: pact_params.consumer_version_number, provider_name: pact_params.provider_name }
             set_json_error_message(message("errors.validation.pact_content_modification_not_allowed", message_params))
             true
@@ -126,6 +126,10 @@ module PactBroker
         def schema
           api_contract_class(:put_pact_params_contract)
         end
+
+        def pact_version_sha
+          @pact_version_sha ||= pact_service.generate_sha(pact_params.json_content)
+        end
       end
     end
   end

data/lib/pact_broker/api/resources/publish_contracts.rb

@@ -53,7 +53,7 @@ module PactBroker
         private
 
         def parsed_contracts
-          @parsed_contracts ||= decorator_class(:publish_contracts_decorator).new(PactBroker::Contracts::ContractsToPublish.new).from_hash(params)
+          @parsed_contracts ||= decorator_class(:publish_contracts_decorator).new(PactBroker::Contracts::ContractsToPublish.new).from_hash(params, { user_options: { sha_generator: PactBroker.configuration.sha_generator } } )
         end
 
         def params

data/lib/pact_broker/app.rb

@@ -1,8 +1,3 @@
-# Must be defined before loading Padrino
-PADRINO_LOGGER ||= {
-  ENV.fetch("RACK_ENV", "production").to_sym =>  { log_level: :error, stream: :stdout, format_datetime: "%Y-%m-%dT%H:%M:%S.000%:z" }
-}
-
 require "pact_broker/configuration"
 require "pact_broker/db"
 require "pact_broker/initializers/database_connection"

data/lib/pact_broker/contracts/contract_to_publish.rb

@@ -1,11 +1,10 @@
 module PactBroker
   module Contracts
-    ContractToPublish = Struct.new(:consumer_name, :provider_name, :decoded_content, :content_type, :specification, :on_conflict) do
-      # rubocop: disable Metrics/ParameterLists
-      def self.from_hash(consumer_name: nil, provider_name: nil, decoded_content: nil, content_type: nil, specification: nil, on_conflict: nil)
-        new(consumer_name, provider_name, decoded_content, content_type, specification, on_conflict)
+    ContractToPublish = Struct.new(:consumer_name, :provider_name, :decoded_content, :content_type, :specification, :on_conflict, :pact_version_sha, keyword_init: true) do
+
+      def self.from_hash(hash)
+        new(**hash)
       end
-      # rubocop: enable Metrics/ParameterLists
 
       def pact?
         specification == "pact"

data/lib/pact_broker/contracts/service.rb

@@ -57,7 +57,7 @@ module PactBroker
         parsed_contracts.contracts.collect do | contract_to_publish |
           pact_params = create_pact_params(parsed_contracts, contract_to_publish)
           existing_pact = pact_service.find_pact(pact_params)
-          if existing_pact && pact_service.disallowed_modification?(existing_pact, contract_to_publish.decoded_content)
+          if existing_pact && pact_service.disallowed_modification?(existing_pact, contract_to_publish.pact_version_sha)
             add_pact_conflict_notice(notices, parsed_contracts, contract_to_publish, existing_pact.json_content, contract_to_publish.decoded_content)
           end
         end
@@ -134,7 +134,7 @@ module PactBroker
           pact_params = create_pact_params(parsed_contracts, contract_to_publish)
           existing_pact = pact_service.find_pact(pact_params)
           listener = TriggeredWebhooksCreatedListener.new
-          created_pact = create_or_merge_pact(contract_to_publish.merge?, existing_pact, pact_params, listener)
+          created_pact = create_or_merge_pact(contract_to_publish.merge?, existing_pact, pact_params.merge(pact_version_sha: contract_to_publish.pact_version_sha), listener)
           notices.concat(notices_for_pact(parsed_contracts, contract_to_publish, existing_pact, created_pact, listener, base_url))
           created_pact
         end

data/lib/pact_broker/logging.rb

@@ -42,6 +42,16 @@ module PactBroker
       end
     end
 
+    def measure_info(message, payload: {})
+      if logger.respond_to?(:measure_info)
+        logger.measure_info(message, payload: payload) do
+          yield
+        end
+      else
+        yield
+      end
+    end
+
     def log_error e, description = nil
       if logger.instance_of?(SemanticLogger::Logger)
         if description

data/lib/pact_broker/pacts/generate_sha.rb

@@ -3,22 +3,27 @@ require "pact_broker/configuration"
 require "pact_broker/pacts/sort_content"
 require "pact_broker/pacts/parse"
 require "pact_broker/pacts/content"
+require "pact_broker/logging"
 
 module PactBroker
   module Pacts
     class GenerateSha
+      include PactBroker::Logging
+
       # @param [String] json_content
-      def self.call json_content, _options = {}
+      def self.call(json_content, _options = {})
         content_for_sha = if PactBroker.configuration.base_equality_only_on_content_that_affects_verification_results
                             extract_verifiable_content_for_sha(json_content)
                           else
                             json_content
                           end
-        Digest::SHA1.hexdigest(content_for_sha)
+        measure_info("Generating SHA1 hexdigest for pact", payload: { length: content_for_sha.length } ){ Digest::SHA1.hexdigest(content_for_sha) }
       end
 
-      def self.extract_verifiable_content_for_sha json_content
-        Content.from_json(json_content).sort.content_that_affects_verification_results.to_json
+      def self.extract_verifiable_content_for_sha(json_content)
+        objects = Content.from_json(json_content)
+        sorted_content = measure_info("Sorting content", payload: { length: json_content.length }){ objects.sort }
+        sorted_content.content_that_affects_verification_results.to_json
       end
     end
   end

data/lib/pact_broker/pacts/pact_params.rb

@@ -20,7 +20,7 @@ module PactBroker
         )
       end
 
-      def self.from_request request, path_info
+      def self.from_request(request, path_info)
         json_content = request.body.to_s
         parsed_content = begin
           parsed = JSON.parse(json_content, PACT_PARSING_OPTIONS)

data/lib/pact_broker/pacts/service.rb

@@ -22,6 +22,10 @@ module PactBroker
       extend PactBroker::Messages
       extend SquashPactsForVerification
 
+      def generate_sha(json_content)
+        PactBroker.configuration.sha_generator.call(json_content)
+      end
+
       def find_latest_pact params
         pact_repository.find_latest_pact(params[:consumer_name], params[:provider_name], params[:tag], params[:branch_name])
       end
@@ -154,10 +158,12 @@ module PactBroker
       end
 
       # Overwriting an existing pact with the same consumer/provider/consumer version number
+      # by creating a new revision (that is, a new PactPublication with an incremented revision number)
+      # Modifing pacts is strongly discouraged now, and support for it will be dropped in the next major version of the Pact Broker
       def create_pact_revision params, existing_pact
         logger.info("Updating existing pact publication", params.without(:json_content))
         logger.debug("Content #{params[:json_content]}")
-        pact_version_sha = generate_sha(params[:json_content])
+        pact_version_sha = params.fetch(:pact_version_sha)
         json_content = add_interaction_ids(params[:json_content])
         update_params = { pact_version_sha: pact_version_sha, json_content: json_content }
         updated_pact = pact_repository.update(existing_pact.id, update_params)
@@ -178,21 +184,20 @@ module PactBroker
 
       private :create_pact_revision
 
-      def disallowed_modification?(existing_pact, new_json_content)
-        !PactBroker.configuration.allow_dangerous_contract_modification && existing_pact && existing_pact.pact_version_sha != generate_sha(new_json_content)
+      def disallowed_modification?(existing_pact, new_pact_version_sha)
+        !PactBroker.configuration.allow_dangerous_contract_modification && existing_pact && existing_pact.pact_version_sha != new_pact_version_sha
       end
 
       # When no publication for the given consumer/provider/consumer version number exists
-      def create_pact params, version, provider
+      def create_pact(params, version, provider)
         logger.info("Creating new pact publication", params.without(:json_content))
         logger.debug("Content #{params[:json_content]}")
-        pact_version_sha = generate_sha(params[:json_content])
         json_content = add_interaction_ids(params[:json_content])
         pact = pact_repository.create(
           version_id: version.id,
           provider_id: provider.id,
           consumer_id: version.pacticipant_id,
-          pact_version_sha: pact_version_sha,
+          pact_version_sha: params.fetch(:pact_version_sha),
           json_content: json_content,
           version: version
         )
@@ -212,12 +217,6 @@ module PactBroker
 
       private :create_pact
 
-      def generate_sha(json_content)
-        PactBroker.configuration.sha_generator.call(json_content)
-      end
-
-      private :generate_sha
-
       def add_interaction_ids(json_content)
         Content.from_json(json_content).with_ids.to_json
       end

data/lib/pact_broker/test/test_data_builder.rb

@@ -256,7 +256,13 @@ module PactBroker
       def publish_pact(consumer_name:, provider_name:, consumer_version_number: , tags: nil, branch: nil, build_url: nil, json_content: nil)
         json_content = json_content || random_json_content(consumer_name, provider_name)
         contracts = [
-          PactBroker::Contracts::ContractToPublish.from_hash(consumer_name: consumer_name, provider_name: provider_name, decoded_content: json_content, content_type: "application/json", specification: "pact")
+          PactBroker::Contracts::ContractToPublish.from_hash(
+            consumer_name: consumer_name,
+            provider_name: provider_name,
+            decoded_content: json_content,
+            content_type: "application/json",
+            specification: "pact",
+            pact_version_sha: PactBroker::Pacts::GenerateSha.call(json_content))
         ]
         contracts_to_publish = PactBroker::Contracts::ContractsToPublish.from_hash(
           pacticipant_name: consumer_name,

data/lib/pact_broker/ui/controllers/base_controller.rb

@@ -10,8 +10,10 @@ module PactBroker
         using PactBroker::StringRefinements
 
         set :root, File.join(File.dirname(__FILE__), "..")
-        set :show_exceptions, ENV["RACK_ENV"] != "production"
-        set :dump_errors, false # The padrino logger logs these for us. If this is enabled we get duplicate logging.
+        set :show_exceptions, ENV["RACK_ENV"] == "development"
+        # The padrino logger logs these for us, but only in production. If this is enabled we get duplicate logging.
+        set :dump_errors, ENV["RACK_ENV"] != "production"
+        set :raise_errors, ENV["RACK_ENV"] == "test"
 
         def base_url
           # Using the X-Forwarded headers in the UI can leave the app vulnerable

data/lib/pact_broker/ui.rb

@@ -1,14 +1,25 @@
-require "pact_broker/configuration"
+# Must be defined before loading Padrino
 # Stop Padrino creating a log file, as it will try to create it in the gems directory
 # http://www.padrinorb.com/api/Padrino/Logger.html
-unless defined? PADRINO_LOGGER
-  log_path = File.join(PactBroker.configuration.log_dir, "ui.log")
-  PADRINO_LOGGER = {
-    production:  { log_level: :error, stream: :to_file, log_path: log_path },
-    staging:     { log_level: :error, stream: :to_file, log_path: log_path },
-    test:        { log_level: :warn,  stream: :to_file, log_path: log_path },
-    development: { log_level: :warn,  stream: :to_file, log_path: log_path }
-  }
+# This configuration will be replaced by the SemanticLogger later on.
+PADRINO_LOGGER ||= {
+  ENV.fetch("RACK_ENV", "production").to_sym =>  { stream: :stdout }
+}
+
+require "padrino-core"
+
+class PactBrokerPadrinoLogger < SemanticLogger::Logger
+  include Padrino::Logger::Extensions
+
+  # Padrino expects level to return an integer, not a symbol
+  def level
+    Padrino::Logger::Levels[SemanticLogger.default_level]
+  end
 end
 
+Padrino.logger = PactBrokerPadrinoLogger.new("Padrino")
+# Log a test message to ensure that the logger works properly, as it only
+# seems to be used in production.
+Padrino.logger.info("Padrino has been configured with SemanticLogger")
+
 require "pact_broker/ui/app"

data/lib/pact_broker/version.rb

@@ -1,3 +1,3 @@
 module PactBroker
-  VERSION = "2.108.0"
+  VERSION = "2.109.0"
 end

data/pact_broker.gemspec

@@ -64,7 +64,7 @@ Gem::Specification.new do |gem|
   gem.add_runtime_dependency "padrino-core", ">= 0.14.3", "~> 0.14"
   gem.add_runtime_dependency "sinatra", "~> 3.0"
   gem.add_runtime_dependency "haml", "~>5.0"
-  gem.add_runtime_dependency "sucker_punch", "~>2.0"
+  gem.add_runtime_dependency "sucker_punch", "~>3.0"
   gem.add_runtime_dependency "rack-protection", "~> 3.0"
   gem.add_runtime_dependency "table_print", "~> 1.5"
   gem.add_runtime_dependency "semantic_logger", "~> 4.11"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pact_broker
 version: !ruby/object:Gem::Version
-  version: 2.108.0
+  version: 2.109.0
 platform: ruby
 authors:
 - Bethany Skurrie
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-05 00:00:00.000000000 Z
+date: 2024-02-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -258,14 +258,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rack-protection
   requirement: !ruby/object:Gem::Requirement
@@ -1260,7 +1260,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.4
+rubygems_version: 3.5.5
 signing_key:
 specification_version: 4
 summary: See description