npm - screwdriver-api - Versions diffs - 8.0.47 → 8.0.48 - Mend

screwdriver-api 8.0.47 → 8.0.48

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/config/custom-environment-variables.yaml +26 -12
package/config/default.yaml +36 -12
package/lib/server.js +0 -2
package/package.json +1 -1
package/plugins/webhooks/index.js +43 -12

package/config/custom-environment-variables.yaml CHANGED Viewed

@@ -361,18 +361,32 @@ scms:
   #         # SCM clone type (https or ssh)
   #         cloneType: SCM_GITLAB_RO_CLONE_TYPE
 webhooks:
-  # Obtains the SCM token for a given user. If a user does not have a valid SCM token registered with Screwdriver, it will use this user's token instead.
-  username: SCM_USERNAME
-  # Ignore commits made by these users
-  ignoreCommitsBy:
-    __name: IGNORE_COMMITS_BY
-    __format: json
-  # Restrict PR: all, none, branch, or fork
-  restrictPR: RESTRICT_PR
-  # Chain PR: true or false
-  chainPR: CHAIN_PR
-  # Upper limit on incoming uploads to builds
-  maxBytes: WEBHOOK_MAX_BYTES
+  # Object keyed by scm name with value webhook settings.
+  # Value of webhook settings is an object with the following properties:
+  # Example:
+  # {
+  #  "github": {
+  #   # Obtains the SCM token for a given user. If a user does not have a valid SCM token registered with Screwdriver, it will use this user's token instead.
+  #   "username": "sd-buildbot",
+  #   # Ignore commits made by these users
+  #   "ignoreCommitsBy": [],
+  #   # Restrict PR: all, none, branch, or fork
+  #   "restrictPR": "none",
+  #   # Chain PR: true or false
+  #   "chainPR": false,
+  #   # Upper limit on incoming uploads to builds
+  #   "maxBytes": 1048576 #1MB
+  #   },
+  #  "github.example.com": {
+  #     "username": "someuser",
+  #     "ignoreCommitsBy": ["someuser", "anotheruser"],
+  #     "restrictPR": "branch",
+  #     "chainPR": true,
+  #     "maxBytes": 2097152 #2MB
+  #   }
+  # }
+  __name: WEBHOOK_SETTINGS
+  __format: json
 bookends:
   # Object keyed by cluster name with value setup/teardown bookend.

package/config/default.yaml CHANGED Viewed

@@ -277,18 +277,42 @@ scms: {}
 #         accessToken: headlesstoken
 #         # SCM clone type (https or ssh)
 #         cloneType: https
-webhooks:
-  # Obtains the SCM token for a given user. If a user does not have a valid SCM token registered with Screwdriver, it will use this user's token instead.
-  username: sd-buildbot
-  # Ignore commits made by these users
-  ignoreCommitsBy: []
-  # Restrict PR: all, none, branch, or fork
-  restrictPR: none
-  # Chain PR: true or false
-  chainPR: false
-  # Upper limit on incoming uploads to builds
-  maxBytes: 1048576 # 1MB
+webhooks:
+  github:
+    # Obtains the SCM token for a given user. If a user does not have a valid SCM token registered with Screwdriver, it will use this user's token instead.
+    username: sd-buildbot
+    # Ignore commits made by these users
+    ignoreCommitsBy: []
+    # Restrict PR: all, none, branch, or fork
+    restrictPR: none
+    # Chain PR: true or false
+    chainPR: false
+    # Upper limit on incoming uploads to builds
+    maxBytes: 1048576 #1MB
+  # Object keyed by scm name with value webhook settings.
+  # Value of webhook settings is an object with the following properties:
+  # Example:
+  # {
+  #  "github:github.com": {
+  #   # Obtains the SCM token for a given user. If a user does not have a valid SCM token registered with Screwdriver, it will use this user's token instead.
+  #   "username": "sd-buildbot",
+  #   # Ignore commits made by these users
+  #   "ignoreCommitsBy": [],
+  #   # Restrict PR: all, none, branch, or fork
+  #   "restrictPR": "none",
+  #   # Chain PR: true or false
+  #   "chainPR": false,
+  #   # Upper limit on incoming uploads to builds
+  #   "maxBytes": 1048576 #1MB
+  #   },
+  #  "github.example.com": {
+  #     "username": "someuser",
+  #     "ignoreCommitsBy": ["someuser", "anotheruser"],
+  #     "restrictPR": "branch",
+  #     "chainPR": true,
+  #     "maxBytes": 2097152 #2MB
+  #   }
+  # }
 coverage:
   default: "false"
   plugin: sonar

package/lib/server.js CHANGED Viewed

@@ -80,8 +80,6 @@ function handlePreResponseLogs(request, h) {
  * @param  {String}      config.httpd.uri           Public routable address
  * @param  {Object}      config.httpd.tls           TLS Configuration
  * @param  {Object}      config.webhooks            Webhooks settings
- * @param  {String}      config.webhooks.restrictPR Restrict PR setting
- * @param  {Boolean}     config.webhooks.chainPR    Chain PR flag
  * @param  {Object}      config.ecosystem           List of hosts in the ecosystem
  * @param  {Object}      config.ecosystem.ui        URL for the User Interface
  * @param  {Factory}     config.pipelineFactory     Pipeline Factory instance

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "screwdriver-api",
-  "version": "8.0.47",
+  "version": "8.0.48",
   "description": "API server for the Screwdriver.cd service",
   "main": "index.js",
   "scripts": {

package/plugins/webhooks/index.js CHANGED Viewed

@@ -7,6 +7,19 @@ const { ValidationError } = require('joi');
 const { startHookEvent } = require('./helper');
 const DEFAULT_MAX_BYTES = 1048576;
+const MAX_BYTES_UPPER_BOUND = 5242880; // 5MB
+const providerSchema = joi
+    .object({
+        username: joi.string().required(),
+        ignoreCommitsBy: joi.array().items(joi.string()).optional(),
+        restrictPR: joi
+            .string()
+            .valid('all', 'none', 'branch', 'fork', 'all-admin', 'none-admin', 'branch-admin', 'fork-admin')
+            .optional(),
+        chainPR: joi.boolean().optional(),
+        maxBytes: joi.number().integer().optional()
+    })
+    .unknown(false);
 /**
  * Webhook API Plugin
@@ -29,16 +42,7 @@ const webhooksPlugin = {
     async register(server, options) {
         const pluginOptions = joi.attempt(
             options,
-            joi.object().keys({
-                username: joi.string().required(),
-                ignoreCommitsBy: joi.array().items(joi.string()).optional(),
-                restrictPR: joi
-                    .string()
-                    .valid('all', 'none', 'branch', 'fork', 'all-admin', 'none-admin', 'branch-admin', 'fork-admin')
-                    .optional(),
-                chainPR: joi.boolean().optional(),
-                maxBytes: joi.number().integer().optional()
-            }),
+            joi.object().pattern(joi.string(), providerSchema).min(1).required(),
             'Invalid config for plugin-webhooks'
         );
@@ -55,7 +59,9 @@ const webhooksPlugin = {
                     }
                 },
                 payload: {
-                    maxBytes: parseInt(pluginOptions.maxBytes, 10) || DEFAULT_MAX_BYTES
+                    maxBytes: MAX_BYTES_UPPER_BOUND,
+                    parse: false,
+                    output: 'stream'
                 },
                 handler: async (request, h) => {
                     const { pipelineFactory, queueWebhook } = request.server.app;
@@ -63,8 +69,33 @@ const webhooksPlugin = {
                     const { executor, queueWebhookEnabled } = queueWebhook;
                     const message = 'Unable to process this kind of event';
                     let hookId;
+                    let webhookSettings;
                     try {
+                        const scmContexts = await scm.getScmContexts();
+                        scmContexts.forEach(scmContext => {
+                            if (pluginOptions[scmContext]) {
+                                webhookSettings = pluginOptions[scmContext];
+                            }
+                        });
+                        if (!webhookSettings) {
+                            logger.error(`No webhook settings found for scm context: ${scmContexts.join(', ')}`);
+                            throw boom.internal();
+                        }
+                        let size = 0;
+                        for await (const chunk of request.payload) {
+                            size += chunk.length;
+                            if (size > (webhookSettings.maxBytes || DEFAULT_MAX_BYTES)) {
+                                throw boom.entityTooLarge(
+                                    `Payload size exceeds the maximum limit of ${webhookSettings.maxBytes || DEFAULT_MAX_BYTES} bytes`
+                                );
+                            }
+                        }
                         const parsed = await scm.parseHook(request.headers, request.payload);
                         if (!parsed) {
@@ -72,7 +103,7 @@ const webhooksPlugin = {
                             return h.response({ message }).code(204);
                         }
-                        parsed.pluginOptions = pluginOptions;
+                        parsed.pluginOptions = webhookSettings;
                         const { type } = parsed;