screwdriver-api 8.0.47 → 8.0.49

package/config/custom-environment-variables.yaml

@@ -361,18 +361,32 @@ scms:
   #         # SCM clone type (https or ssh)
   #         cloneType: SCM_GITLAB_RO_CLONE_TYPE
 webhooks:
-  # Obtains the SCM token for a given user. If a user does not have a valid SCM token registered with Screwdriver, it will use this user's token instead.
-  username: SCM_USERNAME
-  # Ignore commits made by these users
-  ignoreCommitsBy:
-    __name: IGNORE_COMMITS_BY
-    __format: json
-  # Restrict PR: all, none, branch, or fork
-  restrictPR: RESTRICT_PR
-  # Chain PR: true or false
-  chainPR: CHAIN_PR
-  # Upper limit on incoming uploads to builds
-  maxBytes: WEBHOOK_MAX_BYTES
+  # Object keyed by scm name with value webhook settings.
+  # Value of webhook settings is an object with the following properties:
+  # Example:
+  # {
+  #  "github": {
+  #   # Obtains the SCM token for a given user. If a user does not have a valid SCM token registered with Screwdriver, it will use this user's token instead.
+  #   "username": "sd-buildbot",
+  #   # Ignore commits made by these users
+  #   "ignoreCommitsBy": [],
+  #   # Restrict PR: all, none, branch, or fork
+  #   "restrictPR": "none",
+  #   # Chain PR: true or false
+  #   "chainPR": false,
+  #   # Upper limit on incoming uploads to builds
+  #   "maxBytes": 1048576 #1MB
+  #   },
+  #  "github.example.com": {
+  #     "username": "someuser",
+  #     "ignoreCommitsBy": ["someuser", "anotheruser"],
+  #     "restrictPR": "branch",
+  #     "chainPR": true,
+  #     "maxBytes": 2097152 #2MB
+  #   }
+  # }
+  __name: WEBHOOK_SETTINGS
+  __format: json
 
 bookends:
   # Object keyed by cluster name with value setup/teardown bookend.

package/config/default.yaml

@@ -277,18 +277,42 @@ scms: {}
 #         accessToken: headlesstoken
 #         # SCM clone type (https or ssh)
 #         cloneType: https
-webhooks:
-  # Obtains the SCM token for a given user. If a user does not have a valid SCM token registered with Screwdriver, it will use this user's token instead.
-  username: sd-buildbot
-  # Ignore commits made by these users
-  ignoreCommitsBy: []
-  # Restrict PR: all, none, branch, or fork
-  restrictPR: none
-  # Chain PR: true or false
-  chainPR: false
-  # Upper limit on incoming uploads to builds
-  maxBytes: 1048576 # 1MB
-
+webhooks: 
+  github: 
+    # Obtains the SCM token for a given user. If a user does not have a valid SCM token registered with Screwdriver, it will use this user's token instead.
+    username: sd-buildbot
+    # Ignore commits made by these users
+    ignoreCommitsBy: []
+    # Restrict PR: all, none, branch, or fork
+    restrictPR: none
+    # Chain PR: true or false
+    chainPR: false
+    # Upper limit on incoming uploads to builds
+    maxBytes: 1048576 #1MB
+  # Object keyed by scm name with value webhook settings.
+  # Value of webhook settings is an object with the following properties:
+  # Example:
+  # {
+  #  "github:github.com": {
+  #   # Obtains the SCM token for a given user. If a user does not have a valid SCM token registered with Screwdriver, it will use this user's token instead.
+  #   "username": "sd-buildbot",
+  #   # Ignore commits made by these users
+  #   "ignoreCommitsBy": [],
+  #   # Restrict PR: all, none, branch, or fork
+  #   "restrictPR": "none",
+  #   # Chain PR: true or false
+  #   "chainPR": false,
+  #   # Upper limit on incoming uploads to builds
+  #   "maxBytes": 1048576 #1MB
+  #   },
+  #  "github.example.com": {
+  #     "username": "someuser",
+  #     "ignoreCommitsBy": ["someuser", "anotheruser"],
+  #     "restrictPR": "branch",
+  #     "chainPR": true,
+  #     "maxBytes": 2097152 #2MB
+  #   }
+  # }
 coverage:
   default: "false"
   plugin: sonar

package/lib/server.js

@@ -80,8 +80,6 @@ function handlePreResponseLogs(request, h) {
  * @param  {String}      config.httpd.uri           Public routable address
  * @param  {Object}      config.httpd.tls           TLS Configuration
  * @param  {Object}      config.webhooks            Webhooks settings
- * @param  {String}      config.webhooks.restrictPR Restrict PR setting
- * @param  {Boolean}     config.webhooks.chainPR    Chain PR flag
  * @param  {Object}      config.ecosystem           List of hosts in the ecosystem
  * @param  {Object}      config.ecosystem.ui        URL for the User Interface
  * @param  {Factory}     config.pipelineFactory     Pipeline Factory instance

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "screwdriver-api",
-  "version": "8.0.47",
+  "version": "8.0.49",
   "description": "API server for the Screwdriver.cd service",
   "main": "index.js",
   "scripts": {

package/plugins/builds/helper/updateBuild.js

@@ -374,7 +374,14 @@ async function updateBuildAndTriggerDownstreamJobs(config, build, server, userna
             const stageIsDone = isStageDone(stageJobBuilds);
 
             if (stageIsDone) {
-                const teardownNode = newEvent.workflowGraph.nodes.find(n => n.id === stageTeardownJob.id);
+                // Determine the actual job name in the graph by stripping PR prefix (e.g., "PR-123:")
+                // if this is a PR build, since workflowGraph nodes do not include PR-specific prefixes.
+                const prMatch = stage.name.match(PR_STAGE_NAME);
+                const teardownOriginalJobName = prMatch
+                    ? stageTeardownName.replace(`${prMatch[1]}:`, '')
+                    : stageTeardownName;
+
+                const teardownNode = newEvent.workflowGraph.nodes.find(n => n.name === teardownOriginalJobName);
 
                 // Update teardown build
                 stageTeardownBuild = await createOrUpdateStageTeardownBuild(

package/plugins/webhooks/index.js

@@ -7,6 +7,19 @@ const { ValidationError } = require('joi');
 const { startHookEvent } = require('./helper');
 
 const DEFAULT_MAX_BYTES = 1048576;
+const MAX_BYTES_UPPER_BOUND = 5242880; // 5MB
+const providerSchema = joi
+    .object({
+        username: joi.string().required(),
+        ignoreCommitsBy: joi.array().items(joi.string()).optional(),
+        restrictPR: joi
+            .string()
+            .valid('all', 'none', 'branch', 'fork', 'all-admin', 'none-admin', 'branch-admin', 'fork-admin')
+            .optional(),
+        chainPR: joi.boolean().optional(),
+        maxBytes: joi.number().integer().optional()
+    })
+    .unknown(false);
 
 /**
  * Webhook API Plugin
@@ -29,16 +42,7 @@ const webhooksPlugin = {
     async register(server, options) {
         const pluginOptions = joi.attempt(
             options,
-            joi.object().keys({
-                username: joi.string().required(),
-                ignoreCommitsBy: joi.array().items(joi.string()).optional(),
-                restrictPR: joi
-                    .string()
-                    .valid('all', 'none', 'branch', 'fork', 'all-admin', 'none-admin', 'branch-admin', 'fork-admin')
-                    .optional(),
-                chainPR: joi.boolean().optional(),
-                maxBytes: joi.number().integer().optional()
-            }),
+            joi.object().pattern(joi.string(), providerSchema).min(1).required(),
             'Invalid config for plugin-webhooks'
         );
 
@@ -55,7 +59,9 @@ const webhooksPlugin = {
                     }
                 },
                 payload: {
-                    maxBytes: parseInt(pluginOptions.maxBytes, 10) || DEFAULT_MAX_BYTES
+                    maxBytes: MAX_BYTES_UPPER_BOUND,
+                    parse: false,
+                    output: 'stream'
                 },
                 handler: async (request, h) => {
                     const { pipelineFactory, queueWebhook } = request.server.app;
@@ -63,8 +69,33 @@ const webhooksPlugin = {
                     const { executor, queueWebhookEnabled } = queueWebhook;
                     const message = 'Unable to process this kind of event';
                     let hookId;
+                    let webhookSettings;
 
                     try {
+                        const scmContexts = await scm.getScmContexts();
+
+                        scmContexts.forEach(scmContext => {
+                            if (pluginOptions[scmContext]) {
+                                webhookSettings = pluginOptions[scmContext];
+                            }
+                        });
+
+                        if (!webhookSettings) {
+                            logger.error(`No webhook settings found for scm context: ${scmContexts.join(', ')}`);
+                            throw boom.internal();
+                        }
+
+                        let size = 0;
+
+                        for await (const chunk of request.payload) {
+                            size += chunk.length;
+                            if (size > (webhookSettings.maxBytes || DEFAULT_MAX_BYTES)) {
+                                throw boom.entityTooLarge(
+                                    `Payload size exceeds the maximum limit of ${webhookSettings.maxBytes || DEFAULT_MAX_BYTES} bytes`
+                                );
+                            }
+                        }
+
                         const parsed = await scm.parseHook(request.headers, request.payload);
 
                         if (!parsed) {
@@ -72,7 +103,7 @@ const webhooksPlugin = {
                             return h.response({ message }).code(204);
                         }
 
-                        parsed.pluginOptions = pluginOptions;
+                        parsed.pluginOptions = webhookSettings;
 
                         const { type } = parsed;