gitlabform 0.0.540a0__py3-none-any.whl

gitlabform/processors/project/project_settings_processor.py

@@ -0,0 +1,239 @@
+import os
+from logging import debug, error, warning, info
+from typing import Callable, Dict, List
+
+from gitlab import GitlabGetError, GitlabUpdateError
+from gitlab.v4.objects import Project
+from gql.transport.exceptions import TransportQueryError
+
+from gitlabform.gitlab import GitLab
+from gitlabform.processors.abstract_processor import AbstractProcessor
+from gitlabform.processors.util.difference_logger import DifferenceLogger
+
+
+class ProjectSettingsProcessor(AbstractProcessor):
+    def __init__(self, gitlab: GitLab, strict: bool):
+        super().__init__("project_settings", gitlab)
+        self.get_entity_in_gitlab: Callable = getattr(self, "get_project_settings")
+
+    def _process_configuration(self, project_path: str, configuration: dict) -> None:
+        debug("Processing project settings...")
+        project: Project = self.gl.get_project_by_path_cached(project_path)
+
+        project_settings_in_config = configuration.get("project_settings", {})
+        project_settings_in_gitlab = project.asdict()
+        debug(project_settings_in_gitlab)
+        debug("project_settings BEFORE: ^^^")
+
+        self._process_project_topics(project_settings_in_config, project_settings_in_gitlab)
+
+        # Remove avatar from config to process it last
+        avatar_config = project_settings_in_config.pop("avatar", None)
+
+        # Remove duo_features_enabled from config as it can't be processed via the REST Api and if it's the only
+        # config defined for a Project, Gitlab will reject with error the REST update() request
+        duo_features_enabled_in_config = project_settings_in_config.pop("duo_features_enabled", None)
+
+        # Process other settings first
+        if self._needs_update(project_settings_in_gitlab, project_settings_in_config):
+            debug("Updating project settings")
+            for key, value in project_settings_in_config.items():
+                debug(f"Updating setting {key} to value {value}")
+                setattr(project, key, value)
+            project.save()
+
+            debug(project.asdict())
+            debug("project_settings AFTER: ^^^")
+        else:
+            debug("No update needed for project settings")
+
+        # Process duo_features_enabled
+        self._process_duo_features_enabled(project, duo_features_enabled_in_config)
+
+        # Process avatar last - with error handling that doesn't stop execution
+        if avatar_config is not None:
+            try:
+                self._process_project_avatar(project, {"avatar": avatar_config})
+            except Exception as e:
+                warning(f"Failed to process project avatar: {e}")
+                raise e
+
+    def get_project_settings(self, project_path: str):
+        """Get project settings from GitLab."""
+        return self.gl.get_project_by_path_cached(project_path).asdict()
+
+    def _print_diff(self, project_or_project_and_group: str, entity_config, diff_only_changed: bool):
+        entity_in_gitlab = self.get_project_settings(project_or_project_and_group)
+
+        DifferenceLogger.log_diff(
+            f"{self.configuration_name} changes",
+            entity_in_gitlab,
+            entity_config,
+            only_changed=diff_only_changed,
+        )
+
+    def _process_project_topics(self, project_settings_in_config: Dict, project_settings_in_gitlab: Dict) -> None:
+        project_settings_topics: Dict = project_settings_in_config.get("topics", [])
+
+        if not project_settings_topics:
+            return
+
+        keep_existing: bool = False
+
+        for i, topic in enumerate(project_settings_topics):
+            if isinstance(topic, dict) and "keep_existing" in topic:
+                value = topic["keep_existing"]
+                if isinstance(value, bool):
+                    keep_existing = value
+                    del project_settings_topics[i]
+                    break
+
+        adjusted_project_topics_to_set: List[str] = []
+
+        if keep_existing:
+            adjusted_project_topics_to_set.extend(project_settings_in_gitlab.get("topics", []))
+
+        # List of topics not having delete = true or no delete attribute at all
+        topics_to_add: List[str] = [
+            list(t.keys())[0] if isinstance(t, dict) else t
+            for t in project_settings_topics
+            if isinstance(t, str) or (isinstance(t, dict) and not list(t.values())[0].get("delete", False))
+        ]
+
+        # List of topics having delete = true
+        topics_to_delete: List[str] = [
+            list(t.keys())[0]
+            for t in project_settings_topics
+            if isinstance(t, dict) and list(t.values())[0].get("delete") is True
+        ]
+
+        adjusted_project_topics_to_set.extend(topics_to_add)
+
+        adjusted_project_topics_to_set = [
+            topic for topic in adjusted_project_topics_to_set if topic not in topics_to_delete
+        ]
+
+        debug(f"topics after adjustment: {adjusted_project_topics_to_set}")
+
+        project_settings_in_config["topics"] = adjusted_project_topics_to_set
+
+    def _process_project_avatar(self, project: Project, project_settings_in_config: dict) -> None:
+        """Process project avatar settings from configuration."""
+        debug("Processing project avatar configuration")
+
+        avatar_path = project_settings_in_config.get("avatar")
+        if avatar_path is None:
+            debug("No avatar configuration provided, skipping avatar processing")
+            return
+
+        debug(f"Avatar configuration found: {avatar_path}")
+
+        # Check current avatar status
+        current_avatar = getattr(project, "avatar_url", None)
+
+        if avatar_path == "":
+            # Want to remove avatar
+            if not current_avatar:
+                debug("Avatar already empty, no update needed")
+                return
+            debug("Deleting project avatar")
+            project.avatar = ""
+            project.save()
+            debug("Project avatar deleted successfully")
+            return
+
+        # Resolve relative paths to absolute paths
+        if not os.path.isabs(avatar_path):
+            # Convert relative path to absolute path relative to current working directory
+            avatar_path = os.path.abspath(avatar_path)
+            debug(f"Resolved relative path to absolute path: {avatar_path}")
+
+        # Want to set avatar from file
+        debug(f"Setting project avatar from file: {avatar_path}")
+        try:
+            with open(avatar_path, "rb") as avatar_file:
+                project.avatar = avatar_file
+                project.save()
+            debug("Project avatar uploaded successfully")
+        except FileNotFoundError:
+            error_msg = f"Project avatar file not found: {avatar_path}"
+            error(error_msg)
+            raise FileNotFoundError(error_msg)
+        except Exception as e:
+            error_msg = f"Error uploading project avatar: {str(e)}"
+            error(error_msg)
+            raise Exception(error_msg) from e
+
+    def _process_duo_features_enabled(self, project: Project, duo_features_enabled_in_config: None | bool):
+        if duo_features_enabled_in_config is None:
+            info(
+                f"duo_features_enabled is not defined in Config for project {project.path_with_namespace}, will not make any changes."
+            )
+            return
+
+        duo_features_enabled_in_gl = self._get_project_duo_features_enabled_from_gitlab(project)
+        if duo_features_enabled_in_gl == duo_features_enabled_in_config:
+            debug("No changes detected for duo_features_enabled")
+            return
+
+        self._set_project_duo_features_enabled(project, duo_features_enabled_in_config)
+
+    def _get_project_duo_features_enabled_from_gitlab(self, project: Project) -> List[Dict[str, str]]:
+        """Query GraphQL using Python Gitlab
+        https://python-gitlab.readthedocs.io/en/stable/api-usage-graphql.html
+
+        GETting and updating of duo_features_enabled is currently only supported through the GraphQL API:
+        https://gitlab.com/gitlab-org/gitlab/-/merge_requests/143972
+        """
+
+        query = (
+            """
+            query ProjectDuoFeatures {
+               project(fullPath: \""""
+            + project.path_with_namespace
+            + """\") 
+              {
+                   duoFeaturesEnabled
+              }
+           }
+        """
+        )
+        result = self.gl.graphql.execute(query)
+
+        if result["project"] is not None and result["project"]["duoFeaturesEnabled"] is not None:
+            return result["project"]["duoFeaturesEnabled"]
+        else:
+            raise GitlabGetError(f"Failed to get duo_features_enabled for Project: {project.path_with_namespace}")
+
+    def _set_project_duo_features_enabled(self, project: Project, duo_features_enabled: bool) -> None:
+        """Mutate Project Settings using GraphQL with Python Gitlab"""
+        duo_features_enabled_str = str(duo_features_enabled).lower()
+        mutation = (
+            """
+           mutation Projects {
+             projectSettingsUpdate(input: { fullPath: \""""
+            + project.path_with_namespace
+            + """\", duoFeaturesEnabled: """
+            + duo_features_enabled_str
+            + """ }) 
+             {
+                errors
+             }
+           }
+        """
+        )
+        try:
+            result = self.gl.graphql.execute(mutation)
+
+            if result["errors"] is not None:
+                raise GitlabUpdateError(
+                    f"Failed to update duo_features_enabled for Project: {project.path_with_namespace}, to: {duo_features_enabled}: {result['errors']}"
+                )
+        except TransportQueryError as e:
+            if e.errors is not None:
+                error_message = e.errors[0].message
+            else:
+                error_message = "Unknown GraphQL error"
+            raise GitlabUpdateError(
+                f"Failed to update duo_features_enabled for Project: {project.path_with_namespace}, to: {duo_features_enabled}: {error_message}"
+            )

gitlabform/processors/project/project_variables_processor.py

@@ -0,0 +1,94 @@
+from typing import Dict, Any, List, cast
+from logging import warning, info
+
+import copy
+import textwrap
+import ez_yaml
+
+from gitlab.exceptions import GitlabGetError
+from gitlab.v4.objects import Project, ProjectVariable
+from gitlabform.gitlab import GitLab
+from gitlabform.processors.util.difference_logger import hide
+from gitlabform.processors.abstract_processor import AbstractProcessor
+from gitlabform.processors.util.variables_processor import VariablesProcessor
+
+
+class ProjectVariablesProcessor(AbstractProcessor):
+    def __init__(self, gitlab: GitLab):
+        super().__init__("variables", gitlab)
+        self._variables_processor = VariablesProcessor(self._needs_update)
+
+    def _process_configuration(self, project_and_group: str, configuration: Dict[str, Any]) -> None:
+        project: Project = self.gl.get_project_by_path_cached(project_and_group)
+
+        configured_variables = configuration.get("variables", {})
+        enforce_mode: bool = configured_variables.get("enforce", False)
+
+        if enforce_mode:
+            info(f"Enforce mode enabled for variables in {project_and_group}")
+            # Remove 'enforce' key from the config so that it's not treated as a variable
+            configured_variables.pop("enforce")
+
+        self._variables_processor.process_variables(project, configured_variables, enforce_mode)
+
+    def _can_proceed(self, project_or_group: str, configuration: Dict[str, Any]) -> bool:
+        """Check if builds are enabled for the project."""
+        try:
+            project: Project = self.gl.get_project_by_path_cached(project_or_group)
+            if project.builds_access_level == "disabled":
+                warning("Builds disabled in this project so I can't set variables here.")
+                return False
+            return True
+        except GitlabGetError:
+            warning(f"Cannot get project settings for {project_or_group}")
+            return False
+
+    def _print_diff(
+        self,
+        project_and_group: str,
+        configuration: Dict[str, Any],
+        diff_only_changed: bool = False,
+    ) -> None:
+        """Print current and configured variables for comparison."""
+        try:
+            project: Project = self.gl.get_project_by_path_cached(project_and_group)
+            current_variables: List[ProjectVariable] = self._variables_processor.get_variables_from_gitlab(project)
+            variables_list: list[Dict[str, str]] = []
+
+            for variable in current_variables:
+                var_dict = {
+                    "key": variable.key,
+                    "value": hide(variable.value),
+                }
+                if hasattr(variable, "environment_scope"):
+                    var_dict["environment_scope"] = variable.environment_scope
+                variables_list.append(var_dict)
+
+            info(f"Variables for {project_and_group} in GitLab:")
+            info(
+                textwrap.indent(
+                    ez_yaml.to_string(variables_list),
+                    "  ",
+                )
+            )
+        except GitlabGetError:
+            info(f"Variables for {project_and_group} in GitLab cannot be checked.")
+
+        info(f"Variables in {project_and_group} in configuration:")
+
+        configured_variables = copy.deepcopy(configuration)
+        enforce_variables = configured_variables.get("enforce", False)
+
+        # Remove 'enforce' key from the config so that it's not treated as a "variable"
+        if enforce_variables:
+            configured_variables.pop("enforce")
+
+        for key in configured_variables.keys():
+            configured_variables[key]["value"] = hide(configured_variables[key]["value"])
+
+        info(
+            textwrap.indent(
+                ez_yaml.to_string(configured_variables),
+                "  ",
+            )
+        )

gitlabform/processors/project/remote_mirrors_processor.py

@@ -0,0 +1,278 @@
+from typing import Any, cast, Dict, Set, List, Optional
+from logging import info, warning
+
+from gitlab.exceptions import GitlabCreateError, GitlabUpdateError, GitlabDeleteError
+from gitlab.v4.objects import Project, ProjectRemoteMirror
+from gitlabform.gitlab import GitLab
+from gitlabform.processors.abstract_processor import AbstractProcessor
+
+
+class RemoteMirrorsProcessor(AbstractProcessor):
+    """
+    A processor for the "remote_mirrors" configuration section.
+
+    Allows creating, updating, and deleting remote mirrors (push mirrors) for a project.
+
+    GitLabForm follows "raw parameter passing" pattern, which means that any parameter
+    supported by the GitLab API for remote mirrors can be used here.
+    The URL containing credentials (if any) is used as the config key for each mirror.
+    All other attributes are passed as-is to the GitLab API.
+    See: https://docs.gitlab.com/ee/api/remote_mirrors.html
+
+    Additionally, the following GitLabForm-specific keys are supported:
+    * enforce: (boolean) If true, mirrors not defined in the config will be deleted. This is a global option, not per-mirror.
+    * print_details: (boolean) If true, prints the full details of all mirrors found in GitLab for the project. This is a global option.
+    * force_push: (boolean) If true, triggers an immediate push sync.
+    * force_update: (boolean) If true, forces an update call even if the config looks unchanged (useful for updating credentials).
+    * print_public_key: (boolean) If true, retrieves and prints the SSH public key for the mirror (if applicable).
+    * delete: (boolean) If true, deletes the specified mirror.
+
+    Configuration example:
+
+    remote_mirrors:
+      enforce: true
+      "https://username:password@example.com/gitlab/project.git":
+        enabled: true
+        auth_method: password
+        only_protected_branches: true
+        force_push: true
+    """
+
+    def __init__(self, gitlab: GitLab):
+        super().__init__("remote_mirrors", gitlab)
+
+    @staticmethod
+    def _normalize_url_for_comparison(url: str) -> str:
+        """Normalize URL for comparison by removing credentials.
+
+        Given a mirror URL for password-based authentication,
+        this method returns the corresponding URL without credentials.
+
+        Example:
+        http://username:password@host/path.git -> http://host/path.git
+
+        This can be used to compare mirror URLs without credentials to
+        find matching mirrors.
+        """
+        from urllib.parse import urlparse
+
+        parsed = urlparse(url)
+        # Remove credentials (user:pass@) from netloc
+        clean_netloc = parsed.netloc.split("@")[-1]
+        return parsed._replace(netloc=clean_netloc).geturl()
+
+    def _process_configuration(self, project_and_group: str, configuration: Dict[str, Any]) -> None:
+        project: Project = self.gl.get_project_by_path_cached(project_and_group)
+
+        # 1. PREPARATION & OPTIMIZATION
+        mirrors_in_gitlab: List[ProjectRemoteMirror] = project.remote_mirrors.list(get_all=True)
+        gitlab_mirrors_map: Dict[str, ProjectRemoteMirror] = {
+            self._normalize_url_for_comparison(m.url): cast(ProjectRemoteMirror, m) for m in mirrors_in_gitlab
+        }
+
+        mirrors_in_config: Dict[str, Any] = configuration.get("remote_mirrors", {}).copy()
+
+        # --- GLOBAL OPTIONS ---
+        enforce_mirrors: bool = mirrors_in_config.pop("enforce", False)
+        print_details: bool = mirrors_in_config.pop("print_details", False)
+
+        urls_to_keep: Set[str] = set()
+
+        # 2. PROCESS CONFIGURATION (Create / Update / Delete)
+        for mirror_url in sorted(mirrors_in_config.keys()):
+            mirror_settings: Dict[str, Any] = mirrors_in_config[mirror_url]
+            norm_url: str = self._normalize_url_for_comparison(mirror_url)
+            mirror_in_gitlab = gitlab_mirrors_map.get(norm_url)
+
+            # --- CASE: EXPLICIT DELETE ---
+            if mirror_settings.get("delete"):
+                if mirror_in_gitlab:
+                    self._delete_remote_mirror(mirror_in_gitlab)
+                    gitlab_mirrors_map.pop(norm_url, None)
+                else:
+                    info(f"Skip deleting remote mirror '{norm_url}', because it doesn't exist")
+                continue
+
+            # --- CASE: CREATE OR UPDATE ---
+            urls_to_keep.add(norm_url)
+
+            # Prepare payload: Extract local-only options
+            mirror_payload: Dict[str, Any] = {"url": mirror_url, **mirror_settings}
+            force_push: bool = mirror_payload.pop("force_push", False)
+            force_update: bool = mirror_payload.pop("force_update", False)
+            print_public_key: bool = mirror_payload.pop("print_public_key", False)
+            mirror_payload.pop("delete", None)
+
+            if mirror_in_gitlab:
+                self._update_existing_mirror(project, mirror_in_gitlab, mirror_payload, norm_url, force_update)
+            else:
+                mirror_in_gitlab = self._create_new_mirror(project, mirror_payload, mirror_url)
+
+            if print_public_key and mirror_in_gitlab:
+                self._handle_public_key_display(project, mirror_in_gitlab, norm_url)
+
+            if force_push and mirror_in_gitlab:
+                self._sync_remote_mirror(mirror_in_gitlab)
+
+        # 3. ENFORCEMENT PHASE
+        if enforce_mirrors:
+            self._enforce_mirrors(gitlab_mirrors_map, urls_to_keep)
+
+        # 4. REPORTING PHASE (Final State)
+        if print_details:
+            # We fetch a fresh list to show the final state after all updates/syncs
+            final_mirrors: List[ProjectRemoteMirror] = project.remote_mirrors.list(get_all=True)
+            if not final_mirrors:
+                info("🔍 No remote mirrors found for this project.")
+            else:
+                info(f"📋 Final Remote Mirror Report for '{project_and_group}':")
+                for mirror in final_mirrors:
+                    info("  " + "─" * 30)  # Visual separator using a light line
+                    self._report_mirror_details(mirror)
+                info("  " + "─" * 30)
+
+    def _handle_public_key_display(self, project: Project, mirror_obj: ProjectRemoteMirror, norm_url: str) -> None:
+        """
+        Retrieves and prints the SSH public key for a mirror.
+        GitLab only provides this for mirrors configured with 'ssh_public_key' auth.
+        """
+        # Only attempt retrieval if the auth method supports it
+        if getattr(mirror_obj, "auth_method", None) != "ssh_public_key":
+            info(f"Skipping public key display for '{norm_url}': auth_method is not 'ssh_public_key'")
+            return
+
+        public_key: Optional[str] = None
+        try:
+            # TODO: python-gitlab does not yet support retrieving the public key via
+            # ProjectRemoteMirror object (e.g., mirror_obj.get_public_key()).
+            # Switch to native method once supported in the library.
+
+            # Mypy fix: cast the union return type (dict | Response) to dict[str, Any]
+            response = cast(
+                Dict[str, Any],
+                project.manager.gitlab.http_get(f"/projects/{project.id}/remote_mirrors/{mirror_obj.id}/public_key"),
+            )
+            public_key = response.get("public_key")
+        except Exception as e:
+            warning(f"Failed to retrieve SSH public key for mirror {norm_url}: {e}")
+
+        if public_key:
+            info(f"🔑 SSH Public Key for mirror '{norm_url}':")
+            info(public_key)
+            info("👆 This public key must be added to the target repository to authorize the mirror.")
+            info(
+                "Please consult the GitLab documentation on 'Repository Mirroring' for specific setup instructions for your target platform."
+            )
+        else:
+            info(f"No public key available to display for mirror '{norm_url}'")
+
+    def _needs_update(self, existing_mirror: Dict[str, Any], config_payload: Dict[str, Any]) -> bool:
+        """
+        Overrides the base comparison to handle GitLab's URL credential masking.
+        Normalization is applied so that 'user:pass@host' matches '*****:*****@host'.
+        """
+        comparison_payload: Dict[str, Any] = config_payload.copy()
+        if "url" in comparison_payload:
+            comparison_payload["url"] = self._normalize_url_for_comparison(comparison_payload["url"])
+
+        existing_mirror_dict = existing_mirror.copy()
+
+        existing_mirror_dict["url"] = self._normalize_url_for_comparison(existing_mirror_dict.get("url", ""))
+
+        return super()._needs_update(existing_mirror_dict, comparison_payload)
+
+    def _update_existing_mirror(
+        self,
+        project: Project,
+        mirror_obj: ProjectRemoteMirror,
+        payload: Dict[str, Any],
+        norm_url: str,
+        force_update: bool,
+    ) -> None:
+        """Compares and updates an existing mirror if changed or if force_update is set."""
+
+        should_update: bool = force_update or self._needs_update(mirror_obj.asdict(), payload)
+
+        if should_update:
+            if force_update:
+                info(f"Mirror '{norm_url}' update is being forced via 'force_update' flag.")
+
+            info(f"Updating remote mirror '{norm_url}' with latest config")
+            try:
+                project.remote_mirrors.update(id=mirror_obj.id, new_data=payload)
+                info(f"Updated remote mirror '{norm_url}'")
+
+                if force_update:
+                    info(
+                        f"!!! REMINDER: 'force_update' was used for mirror '{norm_url}'. "
+                        "Please remove this flag from your configuration to avoid unnecessary API calls in future runs."
+                    )
+            except GitlabUpdateError as e:
+                warning(f"Failed to update remote mirror {norm_url}: {e}")
+        else:
+            info(f"Remote mirror '{norm_url}' remains unchanged")
+
+    def _create_new_mirror(
+        self, project: Project, payload: Dict[str, Any], raw_url: str
+    ) -> Optional[ProjectRemoteMirror]:
+        """Creates a new remote mirror and handles API errors."""
+        norm_url = self._normalize_url_for_comparison(raw_url)
+        info(f"Creating remote mirror '{norm_url}'")
+        try:
+            return cast(ProjectRemoteMirror, project.remote_mirrors.create(payload))
+        except GitlabCreateError as e:
+            warning(f"Failed to create remote mirror {norm_url}: {e}")
+            return None
+
+    def _enforce_mirrors(self, gitlab_mirrors_map: Dict[str, ProjectRemoteMirror], urls_to_keep: Set[str]) -> None:
+        """Deletes mirrors present in GitLab that are not in the configuration."""
+        for norm_url, gm in gitlab_mirrors_map.items():
+            if norm_url not in urls_to_keep:
+                info(f"Enforce: Deleting remote mirror '{gm.url}' as it is not in the configuration")
+                self._delete_remote_mirror(gm)
+
+    def _delete_remote_mirror(self, mirror: ProjectRemoteMirror) -> None:
+        """Delete the given `ProjectRemoteMirror` and handle errors."""
+        info(f"Deleting remote mirror '{mirror.url}'")
+        try:
+            mirror.delete()
+        except GitlabDeleteError as e:
+            warning(
+                f"Failed to delete remote mirror id={getattr(mirror, 'id', None)} url={getattr(mirror, 'url', None)}: {e}"
+            )
+            info(f"Failed to delete remote mirror '{mirror.url}'")
+
+    def _sync_remote_mirror(self, mirror: ProjectRemoteMirror) -> None:
+        """Trigger sync for remote mirror when `force_push` is requested."""
+        mirror_id = getattr(mirror, "id", None)
+        mirror_url = getattr(mirror, "url", None)
+        info(f"Attempting sync for remote mirror id={mirror_id} url={mirror_url}")
+
+        try:
+            result = mirror.sync()
+            info(f"Triggered sync for remote mirror '{mirror_url}' result={result}")
+        except Exception as e:
+            warning(f"Failed to trigger sync for remote mirror id={mirror_id} url={mirror_url}: {e}")
+
+    def _report_mirror_details(self, mirror: ProjectRemoteMirror) -> None:
+        """Prints every attribute of the mirror object, one per line."""
+
+        mirror_data = mirror.asdict()
+
+        # Mapping statuses to helpful visual cues
+        status_icons = {
+            "finished": "✅",
+            "started": "⏳",
+            "scheduled": "📅",
+            "failed": "❌",
+            "none": "⚪",
+        }
+
+        for key, value in sorted(mirror_data.items()):
+            if key == "update_status":
+                icon = status_icons.get(value, "❓")
+                info(f"    - {key}: {icon} {value}")
+            elif key == "last_error" and value:
+                info(f"    - {key}: ⚠️ {value}")
+            else:
+                info(f"    - {key}: {value}")

gitlabform/processors/project/resource_groups_processor.py

@@ -0,0 +1,48 @@
+from logging import warning, info
+from gitlabform.gitlab import GitLab
+from gitlabform.processors.abstract_processor import AbstractProcessor
+
+from gitlab import GitlabGetError, GitlabUpdateError
+from gitlab.v4.objects import Project, ProjectResourceGroup
+
+
+class ResourceGroupsProcessor(AbstractProcessor):
+    def __init__(self, gitlab: GitLab):
+        super().__init__("resource_groups", gitlab)
+
+    def _process_configuration(self, project_and_group: str, configuration: dict):
+        configured_resource_groups: dict = configuration.get("resource_groups", {})
+        ensure_exists: bool = configuration.get("resource_groups|ensure_exists", True)
+
+        # Remove 'ensure_exists' from config so that it's not treated as a 'resource group'
+        if "ensure_exists" in configured_resource_groups:
+            configured_resource_groups.pop("ensure_exists")
+
+        project: Project = self.gl.get_project_by_path_cached(project_and_group)
+
+        for config_resource_group_name in sorted(configured_resource_groups):
+            resource_group_in_config = configured_resource_groups[config_resource_group_name]
+            try:
+                resource_group_in_gitlab: ProjectResourceGroup = project.resource_groups.get(config_resource_group_name)
+            except GitlabGetError:
+                message = (
+                    f"Project is not configured to use resource group: {config_resource_group_name}.\n"
+                    f"Add the resource group in your project's .gitlab-ci.yml file.\n"
+                    f"For more information, visit https://docs.gitlab.com/ee/ci/resource_groups/#add-a-resource-group.\n"
+                    f"Or add 'ensure_exists: false' to gitlabform config to continue processing.\n"
+                    f"For more information, visit https://gitlabform.github.io/gitlabform/reference/resource_groups\n"
+                )
+                if ensure_exists:
+                    raise Exception(message)
+                else:
+                    warning(message)
+                    continue
+
+            if self._needs_update(resource_group_in_gitlab.asdict(), resource_group_in_config):
+                info(f"Updating resource group '{config_resource_group_name}'")
+
+                try:
+                    project.resource_groups.update(resource_group_in_gitlab.key, **resource_group_in_config)
+                except GitlabUpdateError as error:
+                    warning(f"Resource group update failed. Error: '{error}'")
+                    raise GitlabUpdateError