audit approval and allow more options for approve field

go-vela · Nov 26, 2023 · a668d28 · a668d28
1 parent ddfe433
commit a668d28
Show file tree

Hide file tree

Showing 9 changed files with 317 additions and 198 deletions.
diff --git a/constants/repo.go b/constants/repo.go
@@ -17,15 +17,15 @@ const (
 	PipelineTypeStarlark = "starlark"
 )
 
-// Repo ApproveForkBuild types.
+// Repo ApproveBuild types.
 const (
-	// ApproveAlways defines the CI strategy of having a repo administrator approve
+	// ApproveForkAlways defines the CI strategy of having a repo administrator approve
 	// all builds triggered from a forked PR.
-	ApproveAlways = "always"
+	ApproveForkAlways = "fork-always"
 
-	// ApproveNoWrite defines the CI strategy of having a repo administrator approve
+	// ApproveForkNoWrite defines the CI strategy of having a repo administrator approve
 	// all builds triggered from a forked PR where the author does not have write access.
-	ApproveNoWrite = "no-write"
+	ApproveForkNoWrite = "fork-no-write"
 
 	// ApproveOnce defines the CI strategy of having a repo administrator approve
 	// all builds triggered from an outside contributor if this is their first time contributing.

diff --git a/database/build.go b/database/build.go
@@ -62,6 +62,8 @@ type Build struct {
 	Host          sql.NullString     `sql:"host"`
 	Runtime       sql.NullString     `sql:"runtime"`
 	Distribution  sql.NullString     `sql:"distribution"`
+	ApprovedAt    sql.NullInt64      `sql:"approved_at"`
+	ApprovedBy    sql.NullString     `sql:"approved_by"`
 }
 
 // Crop prepares the Build type for inserting into the database by
@@ -92,7 +94,7 @@ func (b *Build) Crop() *Build {
 // value for the field, the valid flag is set to
 // false causing it to be NULL in the database.
 //
-//nolint:gocyclo // ignore cyclomatic complexity due to number of fields
+//nolint:gocyclo,funlen // ignore cyclomatic complexity due to number of fields
 func (b *Build) Nullify() *Build {
 	if b == nil {
 		return nil
@@ -248,6 +250,16 @@ func (b *Build) Nullify() *Build {
 		b.Distribution.Valid = false
 	}
 
+	// check if the ApprovedAt field should be false
+	if b.ApprovedAt.Int64 == 0 {
+		b.ApprovedAt.Valid = false
+	}
+
+	// check if the ApprovedBy field should be false
+	if len(b.ApprovedBy.String) == 0 {
+		b.ApprovedBy.Valid = false
+	}
+
 	return b
 }
 
@@ -287,6 +299,8 @@ func (b *Build) ToLibrary() *library.Build {
 	build.SetHost(b.Host.String)
 	build.SetRuntime(b.Runtime.String)
 	build.SetDistribution(b.Distribution.String)
+	build.SetApprovedAt(b.ApprovedAt.Int64)
+	build.SetApprovedBy(b.ApprovedBy.String)
 
 	return build
 }
@@ -328,6 +342,7 @@ func (b *Build) Validate() error {
 	b.Host = sql.NullString{String: sanitize(b.Host.String), Valid: b.Host.Valid}
 	b.Runtime = sql.NullString{String: sanitize(b.Runtime.String), Valid: b.Runtime.Valid}
 	b.Distribution = sql.NullString{String: sanitize(b.Distribution.String), Valid: b.Distribution.Valid}
+	b.ApprovedBy = sql.NullString{String: sanitize(b.ApprovedBy.String), Valid: b.ApprovedBy.Valid}
 
 	return nil
 }
@@ -367,6 +382,8 @@ func BuildFromLibrary(b *library.Build) *Build {
 		Host:          sql.NullString{String: b.GetHost(), Valid: true},
 		Runtime:       sql.NullString{String: b.GetRuntime(), Valid: true},
 		Distribution:  sql.NullString{String: b.GetDistribution(), Valid: true},
+		ApprovedAt:    sql.NullInt64{Int64: b.GetApprovedAt(), Valid: true},
+		ApprovedBy:    sql.NullString{String: b.GetApprovedBy(), Valid: true},
 	}
 
 	return build.Nullify()

diff --git a/database/build_test.go b/database/build_test.go
@@ -139,6 +139,8 @@ func TestDatabase_Build_ToLibrary(t *testing.T) {
 	want.SetRuntime("docker")
 	want.SetDistribution("linux")
 	want.SetDeployPayload(raw.StringSliceMap{"foo": "test1", "bar": "test2"})
+	want.SetApprovedAt(1563474076)
+	want.SetApprovedBy("OctoCat")
 
 	// run test
 	got := testBuild().ToLibrary()
@@ -228,6 +230,8 @@ func TestDatabase_BuildFromLibrary(t *testing.T) {
 	b.SetRuntime("docker")
 	b.SetDistribution("linux")
 	b.SetDeployPayload(raw.StringSliceMap{"foo": "test1", "bar": "test2"})
+	b.SetApprovedAt(1563474076)
+	b.SetApprovedBy("OctoCat")
 
 	want := testBuild()
 
@@ -286,5 +290,7 @@ func testBuild() *Build {
 		Host:          sql.NullString{String: "example.company.com", Valid: true},
 		Runtime:       sql.NullString{String: "docker", Valid: true},
 		Distribution:  sql.NullString{String: "linux", Valid: true},
+		ApprovedAt:    sql.NullInt64{Int64: 1563474076, Valid: true},
+		ApprovedBy:    sql.NullString{String: "OctoCat", Valid: true},
 	}
 }
diff --git a/database/repo.go b/database/repo.go
@@ -44,31 +44,31 @@ var (
 
 // Repo is the database representation of a repo.
 type Repo struct {
-	ID               sql.NullInt64  `sql:"id"`
-	UserID           sql.NullInt64  `sql:"user_id"`
-	Hash             sql.NullString `sql:"hash"`
-	Org              sql.NullString `sql:"org"`
-	Name             sql.NullString `sql:"name"`
-	FullName         sql.NullString `sql:"full_name"`
-	Link             sql.NullString `sql:"link"`
-	Clone            sql.NullString `sql:"clone"`
-	Branch           sql.NullString `sql:"branch"`
-	Topics           pq.StringArray `sql:"topics" gorm:"type:varchar(1020)"`
-	BuildLimit       sql.NullInt64  `sql:"build_limit"`
-	Timeout          sql.NullInt64  `sql:"timeout"`
-	Counter          sql.NullInt32  `sql:"counter"`
-	Visibility       sql.NullString `sql:"visibility"`
-	Private          sql.NullBool   `sql:"private"`
-	Trusted          sql.NullBool   `sql:"trusted"`
-	Active           sql.NullBool   `sql:"active"`
-	AllowPull        sql.NullBool   `sql:"allow_pull"`
-	AllowPush        sql.NullBool   `sql:"allow_push"`
-	AllowDeploy      sql.NullBool   `sql:"allow_deploy"`
-	AllowTag         sql.NullBool   `sql:"allow_tag"`
-	AllowComment     sql.NullBool   `sql:"allow_comment"`
-	PipelineType     sql.NullString `sql:"pipeline_type"`
-	PreviousName     sql.NullString `sql:"previous_name"`
-	ApproveForkBuild sql.NullString `sql:"approve_fork_build"`
+	ID           sql.NullInt64  `sql:"id"`
+	UserID       sql.NullInt64  `sql:"user_id"`
+	Hash         sql.NullString `sql:"hash"`
+	Org          sql.NullString `sql:"org"`
+	Name         sql.NullString `sql:"name"`
+	FullName     sql.NullString `sql:"full_name"`
+	Link         sql.NullString `sql:"link"`
+	Clone        sql.NullString `sql:"clone"`
+	Branch       sql.NullString `sql:"branch"`
+	Topics       pq.StringArray `sql:"topics" gorm:"type:varchar(1020)"`
+	BuildLimit   sql.NullInt64  `sql:"build_limit"`
+	Timeout      sql.NullInt64  `sql:"timeout"`
+	Counter      sql.NullInt32  `sql:"counter"`
+	Visibility   sql.NullString `sql:"visibility"`
+	Private      sql.NullBool   `sql:"private"`
+	Trusted      sql.NullBool   `sql:"trusted"`
+	Active       sql.NullBool   `sql:"active"`
+	AllowPull    sql.NullBool   `sql:"allow_pull"`
+	AllowPush    sql.NullBool   `sql:"allow_push"`
+	AllowDeploy  sql.NullBool   `sql:"allow_deploy"`
+	AllowTag     sql.NullBool   `sql:"allow_tag"`
+	AllowComment sql.NullBool   `sql:"allow_comment"`
+	PipelineType sql.NullString `sql:"pipeline_type"`
+	PreviousName sql.NullString `sql:"previous_name"`
+	ApproveBuild sql.NullString `sql:"approve_build"`
 }
 
 // Decrypt will manipulate the existing repo hash by
@@ -200,8 +200,8 @@ func (r *Repo) Nullify() *Repo {
 	}
 
 	// check if the ApproveForkBuild field should be false
-	if len(r.ApproveForkBuild.String) == 0 {
-		r.ApproveForkBuild.Valid = false
+	if len(r.ApproveBuild.String) == 0 {
+		r.ApproveBuild.Valid = false
 	}
 
 	return r
@@ -236,7 +236,7 @@ func (r *Repo) ToLibrary() *library.Repo {
 	repo.SetAllowComment(r.AllowComment.Bool)
 	repo.SetPipelineType(r.PipelineType.String)
 	repo.SetPreviousName(r.PreviousName.String)
-	repo.SetApproveForkBuild(r.ApproveForkBuild.String)
+	repo.SetApproveBuild(r.ApproveBuild.String)
 
 	return repo
 }
@@ -308,31 +308,31 @@ func (r *Repo) Validate() error {
 // to a database repo type.
 func RepoFromLibrary(r *library.Repo) *Repo {
 	repo := &Repo{
-		ID:               sql.NullInt64{Int64: r.GetID(), Valid: true},
-		UserID:           sql.NullInt64{Int64: r.GetUserID(), Valid: true},
-		Hash:             sql.NullString{String: r.GetHash(), Valid: true},
-		Org:              sql.NullString{String: r.GetOrg(), Valid: true},
-		Name:             sql.NullString{String: r.GetName(), Valid: true},
-		FullName:         sql.NullString{String: r.GetFullName(), Valid: true},
-		Link:             sql.NullString{String: r.GetLink(), Valid: true},
-		Clone:            sql.NullString{String: r.GetClone(), Valid: true},
-		Branch:           sql.NullString{String: r.GetBranch(), Valid: true},
-		Topics:           pq.StringArray(r.GetTopics()),
-		BuildLimit:       sql.NullInt64{Int64: r.GetBuildLimit(), Valid: true},
-		Timeout:          sql.NullInt64{Int64: r.GetTimeout(), Valid: true},
-		Counter:          sql.NullInt32{Int32: int32(r.GetCounter()), Valid: true},
-		Visibility:       sql.NullString{String: r.GetVisibility(), Valid: true},
-		Private:          sql.NullBool{Bool: r.GetPrivate(), Valid: true},
-		Trusted:          sql.NullBool{Bool: r.GetTrusted(), Valid: true},
-		Active:           sql.NullBool{Bool: r.GetActive(), Valid: true},
-		AllowPull:        sql.NullBool{Bool: r.GetAllowPull(), Valid: true},
-		AllowPush:        sql.NullBool{Bool: r.GetAllowPush(), Valid: true},
-		AllowDeploy:      sql.NullBool{Bool: r.GetAllowDeploy(), Valid: true},
-		AllowTag:         sql.NullBool{Bool: r.GetAllowTag(), Valid: true},
-		AllowComment:     sql.NullBool{Bool: r.GetAllowComment(), Valid: true},
-		PipelineType:     sql.NullString{String: r.GetPipelineType(), Valid: true},
-		PreviousName:     sql.NullString{String: r.GetPreviousName(), Valid: true},
-		ApproveForkBuild: sql.NullString{String: r.GetApproveForkBuild(), Valid: true},
+		ID:           sql.NullInt64{Int64: r.GetID(), Valid: true},
+		UserID:       sql.NullInt64{Int64: r.GetUserID(), Valid: true},
+		Hash:         sql.NullString{String: r.GetHash(), Valid: true},
+		Org:          sql.NullString{String: r.GetOrg(), Valid: true},
+		Name:         sql.NullString{String: r.GetName(), Valid: true},
+		FullName:     sql.NullString{String: r.GetFullName(), Valid: true},
+		Link:         sql.NullString{String: r.GetLink(), Valid: true},
+		Clone:        sql.NullString{String: r.GetClone(), Valid: true},
+		Branch:       sql.NullString{String: r.GetBranch(), Valid: true},
+		Topics:       pq.StringArray(r.GetTopics()),
+		BuildLimit:   sql.NullInt64{Int64: r.GetBuildLimit(), Valid: true},
+		Timeout:      sql.NullInt64{Int64: r.GetTimeout(), Valid: true},
+		Counter:      sql.NullInt32{Int32: int32(r.GetCounter()), Valid: true},
+		Visibility:   sql.NullString{String: r.GetVisibility(), Valid: true},
+		Private:      sql.NullBool{Bool: r.GetPrivate(), Valid: true},
+		Trusted:      sql.NullBool{Bool: r.GetTrusted(), Valid: true},
+		Active:       sql.NullBool{Bool: r.GetActive(), Valid: true},
+		AllowPull:    sql.NullBool{Bool: r.GetAllowPull(), Valid: true},
+		AllowPush:    sql.NullBool{Bool: r.GetAllowPush(), Valid: true},
+		AllowDeploy:  sql.NullBool{Bool: r.GetAllowDeploy(), Valid: true},
+		AllowTag:     sql.NullBool{Bool: r.GetAllowTag(), Valid: true},
+		AllowComment: sql.NullBool{Bool: r.GetAllowComment(), Valid: true},
+		PipelineType: sql.NullString{String: r.GetPipelineType(), Valid: true},
+		PreviousName: sql.NullString{String: r.GetPreviousName(), Valid: true},
+		ApproveBuild: sql.NullString{String: r.GetApproveBuild(), Valid: true},
 	}
 
 	return repo.Nullify()

diff --git a/database/repo_test.go b/database/repo_test.go
@@ -107,19 +107,19 @@ func TestDatabase_Repo_Nullify(t *testing.T) {
 	var r *Repo
 
 	want := &Repo{
-		ID:               sql.NullInt64{Int64: 0, Valid: false},
-		UserID:           sql.NullInt64{Int64: 0, Valid: false},
-		Hash:             sql.NullString{String: "", Valid: false},
-		Org:              sql.NullString{String: "", Valid: false},
-		Name:             sql.NullString{String: "", Valid: false},
-		FullName:         sql.NullString{String: "", Valid: false},
-		Link:             sql.NullString{String: "", Valid: false},
-		Clone:            sql.NullString{String: "", Valid: false},
-		Branch:           sql.NullString{String: "", Valid: false},
-		Timeout:          sql.NullInt64{Int64: 0, Valid: false},
-		Visibility:       sql.NullString{String: "", Valid: false},
-		PipelineType:     sql.NullString{String: "", Valid: false},
-		ApproveForkBuild: sql.NullString{String: "", Valid: false},
+		ID:           sql.NullInt64{Int64: 0, Valid: false},
+		UserID:       sql.NullInt64{Int64: 0, Valid: false},
+		Hash:         sql.NullString{String: "", Valid: false},
+		Org:          sql.NullString{String: "", Valid: false},
+		Name:         sql.NullString{String: "", Valid: false},
+		FullName:     sql.NullString{String: "", Valid: false},
+		Link:         sql.NullString{String: "", Valid: false},
+		Clone:        sql.NullString{String: "", Valid: false},
+		Branch:       sql.NullString{String: "", Valid: false},
+		Timeout:      sql.NullInt64{Int64: 0, Valid: false},
+		Visibility:   sql.NullString{String: "", Valid: false},
+		PipelineType: sql.NullString{String: "", Valid: false},
+		ApproveBuild: sql.NullString{String: "", Valid: false},
 	}
 
 	// setup tests
@@ -179,7 +179,7 @@ func TestDatabase_Repo_ToLibrary(t *testing.T) {
 	want.SetAllowComment(false)
 	want.SetPipelineType("yaml")
 	want.SetPreviousName("oldName")
-	want.SetApproveForkBuild(constants.ApproveNever)
+	want.SetApproveBuild(constants.ApproveNever)
 
 	// run test
 	got := testRepo().ToLibrary()
@@ -333,7 +333,7 @@ func TestDatabase_RepoFromLibrary(t *testing.T) {
 	r.SetAllowComment(false)
 	r.SetPipelineType("yaml")
 	r.SetPreviousName("oldName")
-	r.SetApproveForkBuild(constants.ApproveNever)
+	r.SetApproveBuild(constants.ApproveNever)
 
 	want := testRepo()
 
@@ -349,30 +349,30 @@ func TestDatabase_RepoFromLibrary(t *testing.T) {
 // type with all fields set to a fake value.
 func testRepo() *Repo {
 	return &Repo{
-		ID:               sql.NullInt64{Int64: 1, Valid: true},
-		UserID:           sql.NullInt64{Int64: 1, Valid: true},
-		Hash:             sql.NullString{String: "superSecretHash", Valid: true},
-		Org:              sql.NullString{String: "github", Valid: true},
-		Name:             sql.NullString{String: "octocat", Valid: true},
-		FullName:         sql.NullString{String: "github/octocat", Valid: true},
-		Link:             sql.NullString{String: "https://github.com/github/octocat", Valid: true},
-		Clone:            sql.NullString{String: "https://github.com/github/octocat.git", Valid: true},
-		Branch:           sql.NullString{String: "main", Valid: true},
-		Topics:           []string{"cloud", "security"},
-		BuildLimit:       sql.NullInt64{Int64: 10, Valid: true},
-		Timeout:          sql.NullInt64{Int64: 30, Valid: true},
-		Counter:          sql.NullInt32{Int32: 0, Valid: true},
-		Visibility:       sql.NullString{String: "public", Valid: true},
-		Private:          sql.NullBool{Bool: false, Valid: true},
-		Trusted:          sql.NullBool{Bool: false, Valid: true},
-		Active:           sql.NullBool{Bool: true, Valid: true},
-		AllowPull:        sql.NullBool{Bool: false, Valid: true},
-		AllowPush:        sql.NullBool{Bool: true, Valid: true},
-		AllowDeploy:      sql.NullBool{Bool: false, Valid: true},
-		AllowTag:         sql.NullBool{Bool: false, Valid: true},
-		AllowComment:     sql.NullBool{Bool: false, Valid: true},
-		PipelineType:     sql.NullString{String: "yaml", Valid: true},
-		PreviousName:     sql.NullString{String: "oldName", Valid: true},
-		ApproveForkBuild: sql.NullString{String: constants.ApproveNever, Valid: true},
+		ID:           sql.NullInt64{Int64: 1, Valid: true},
+		UserID:       sql.NullInt64{Int64: 1, Valid: true},
+		Hash:         sql.NullString{String: "superSecretHash", Valid: true},
+		Org:          sql.NullString{String: "github", Valid: true},
+		Name:         sql.NullString{String: "octocat", Valid: true},
+		FullName:     sql.NullString{String: "github/octocat", Valid: true},
+		Link:         sql.NullString{String: "https://github.com/github/octocat", Valid: true},
+		Clone:        sql.NullString{String: "https://github.com/github/octocat.git", Valid: true},
+		Branch:       sql.NullString{String: "main", Valid: true},
+		Topics:       []string{"cloud", "security"},
+		BuildLimit:   sql.NullInt64{Int64: 10, Valid: true},
+		Timeout:      sql.NullInt64{Int64: 30, Valid: true},
+		Counter:      sql.NullInt32{Int32: 0, Valid: true},
+		Visibility:   sql.NullString{String: "public", Valid: true},
+		Private:      sql.NullBool{Bool: false, Valid: true},
+		Trusted:      sql.NullBool{Bool: false, Valid: true},
+		Active:       sql.NullBool{Bool: true, Valid: true},
+		AllowPull:    sql.NullBool{Bool: false, Valid: true},
+		AllowPush:    sql.NullBool{Bool: true, Valid: true},
+		AllowDeploy:  sql.NullBool{Bool: false, Valid: true},
+		AllowTag:     sql.NullBool{Bool: false, Valid: true},
+		AllowComment: sql.NullBool{Bool: false, Valid: true},
+		PipelineType: sql.NullString{String: "yaml", Valid: true},
+		PreviousName: sql.NullString{String: "oldName", Valid: true},
+		ApproveBuild: sql.NullString{String: constants.ApproveNever, Valid: true},
 	}
 }