Add Herald support for blocking ref changes
Summary: Ref T4195. Allows users to write Herald rules which block ref changes. For example, you can write a rule like `alincoln can not create branches`, or `no one can push to the branch "frozen"`.
Test Plan:
This covers a lot of ground. I created and pushed a bunch of rules, then looked at transcripts, in general. Here are some bits in detail:
Here's a hook-based reject message:
>>> orbital ~/repos/POEMS $ git push
Counting objects: 5, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 274 bytes, done.
Total 3 (delta 2), reused 0 (delta 0)
remote: +---------------------------------------------------------------+
remote: | * * * PUSH REJECTED BY EVIL DRAGON BUREAUCRATS * * * |
remote: +---------------------------------------------------------------+
remote: \
remote: \ ^ /^
remote: \ / \ // \
remote: \ |\___/| / \// .\
remote: \ /V V \__ / // | \ \ *----*
remote: / / \/_/ // | \ \ \ |
remote: @___@` \/_ // | \ \ \/\ \
remote: 0/0/| \/_ // | \ \ \ \
remote: 0/0/0/0/| \/// | \ \ | |
remote: 0/0/0/0/0/_|_ / ( // | \ _\ | /
remote: 0/0/0/0/0/0/`/,_ _ _/ ) ; -. | _ _\.-~ / /
remote: ,-} _ *-.|.-~-. .~ ~
remote: \ \__/ `/\ / ~-. _ .-~ /
remote: \____(Oo) *. } { /
remote: ( (--) .----~-.\ \-` .~
remote: //__\\ \ DENIED! ///.----..< \ _ -~
remote: // \\ ///-._ _ _ _ _ _ _{^ - - - - ~
remote:
remote:
remote: This commit was rejected by Herald pre-commit rule H24.
remote: Rule: No Branches Called Blarp
remote: Reason: "blarp" is a bad branch name
remote:
To ssh://dweller@localhost/diffusion/POEMS/
! [remote rejected] blarp -> blarp (pre-receive hook declined)
error: failed to push some refs to 'ssh://dweller@localhost/diffusion/POEMS/'
Here's a transcript, showing that all the field values populate sensibly:
{F90453}
Here's a rule:
{F90454}
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T4195
Differential Revision: https://secure.phabricator.com/D7782
2013-12-18 00:23:55 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
final class HeraldPreCommitRefAdapter extends HeraldAdapter {
|
|
|
|
|
|
|
|
private $log;
|
|
|
|
private $hookEngine;
|
|
|
|
|
|
|
|
const FIELD_REF_TYPE = 'ref-type';
|
|
|
|
const FIELD_REF_NAME = 'ref-name';
|
|
|
|
const FIELD_REF_CHANGE = 'ref-change';
|
|
|
|
|
|
|
|
const VALUE_REF_TYPE = 'value-ref-type';
|
|
|
|
const VALUE_REF_CHANGE = 'value-ref-change';
|
|
|
|
|
|
|
|
public function setPushLog(PhabricatorRepositoryPushLog $log) {
|
|
|
|
$this->log = $log;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function setHookEngine(DiffusionCommitHookEngine $engine) {
|
|
|
|
$this->hookEngine = $engine;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getAdapterApplicationClass() {
|
|
|
|
return 'PhabricatorApplicationDiffusion';
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getObject() {
|
|
|
|
return $this->log;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getAdapterContentName() {
|
|
|
|
return pht('Commit Hook: Branches/Tags/Bookmarks');
|
|
|
|
}
|
|
|
|
|
2013-12-27 22:16:33 +01:00
|
|
|
public function getAdapterSortOrder() {
|
|
|
|
return 2000;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getAdapterContentDescription() {
|
|
|
|
return pht(
|
|
|
|
"React to branches and tags being pushed to hosted repositories.\n".
|
|
|
|
"Hook rules can block changes.");
|
|
|
|
}
|
|
|
|
|
2013-12-31 01:48:07 +01:00
|
|
|
public function supportsRuleType($rule_type) {
|
|
|
|
switch ($rule_type) {
|
|
|
|
case HeraldRuleTypeConfig::RULE_TYPE_GLOBAL:
|
2013-12-31 01:48:14 +01:00
|
|
|
case HeraldRuleTypeConfig::RULE_TYPE_OBJECT:
|
2013-12-31 01:48:07 +01:00
|
|
|
return true;
|
|
|
|
case HeraldRuleTypeConfig::RULE_TYPE_PERSONAL:
|
|
|
|
default:
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-12-31 01:48:14 +01:00
|
|
|
public function canTriggerOnObject($object) {
|
|
|
|
if ($object instanceof PhabricatorRepository) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function explainValidTriggerObjects() {
|
|
|
|
return pht(
|
|
|
|
'This rule can trigger for **repositories**.');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getTriggerObjectPHIDs() {
|
|
|
|
return array(
|
|
|
|
$this->hookEngine->getRepository()->getPHID(),
|
|
|
|
$this->getPHID(),
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
Add Herald support for blocking ref changes
Summary: Ref T4195. Allows users to write Herald rules which block ref changes. For example, you can write a rule like `alincoln can not create branches`, or `no one can push to the branch "frozen"`.
Test Plan:
This covers a lot of ground. I created and pushed a bunch of rules, then looked at transcripts, in general. Here are some bits in detail:
Here's a hook-based reject message:
>>> orbital ~/repos/POEMS $ git push
Counting objects: 5, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 274 bytes, done.
Total 3 (delta 2), reused 0 (delta 0)
remote: +---------------------------------------------------------------+
remote: | * * * PUSH REJECTED BY EVIL DRAGON BUREAUCRATS * * * |
remote: +---------------------------------------------------------------+
remote: \
remote: \ ^ /^
remote: \ / \ // \
remote: \ |\___/| / \// .\
remote: \ /V V \__ / // | \ \ *----*
remote: / / \/_/ // | \ \ \ |
remote: @___@` \/_ // | \ \ \/\ \
remote: 0/0/| \/_ // | \ \ \ \
remote: 0/0/0/0/| \/// | \ \ | |
remote: 0/0/0/0/0/_|_ / ( // | \ _\ | /
remote: 0/0/0/0/0/0/`/,_ _ _/ ) ; -. | _ _\.-~ / /
remote: ,-} _ *-.|.-~-. .~ ~
remote: \ \__/ `/\ / ~-. _ .-~ /
remote: \____(Oo) *. } { /
remote: ( (--) .----~-.\ \-` .~
remote: //__\\ \ DENIED! ///.----..< \ _ -~
remote: // \\ ///-._ _ _ _ _ _ _{^ - - - - ~
remote:
remote:
remote: This commit was rejected by Herald pre-commit rule H24.
remote: Rule: No Branches Called Blarp
remote: Reason: "blarp" is a bad branch name
remote:
To ssh://dweller@localhost/diffusion/POEMS/
! [remote rejected] blarp -> blarp (pre-receive hook declined)
error: failed to push some refs to 'ssh://dweller@localhost/diffusion/POEMS/'
Here's a transcript, showing that all the field values populate sensibly:
{F90453}
Here's a rule:
{F90454}
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T4195
Differential Revision: https://secure.phabricator.com/D7782
2013-12-18 00:23:55 +01:00
|
|
|
public function getFieldNameMap() {
|
|
|
|
return array(
|
|
|
|
self::FIELD_REF_TYPE => pht('Ref type'),
|
|
|
|
self::FIELD_REF_NAME => pht('Ref name'),
|
|
|
|
self::FIELD_REF_CHANGE => pht('Ref change type'),
|
|
|
|
) + parent::getFieldNameMap();
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getFields() {
|
|
|
|
return array_merge(
|
|
|
|
array(
|
|
|
|
self::FIELD_REF_TYPE,
|
|
|
|
self::FIELD_REF_NAME,
|
|
|
|
self::FIELD_REF_CHANGE,
|
|
|
|
self::FIELD_REPOSITORY,
|
|
|
|
self::FIELD_PUSHER,
|
|
|
|
self::FIELD_PUSHER_PROJECTS,
|
|
|
|
self::FIELD_RULE,
|
|
|
|
),
|
|
|
|
parent::getFields());
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getConditionsForField($field) {
|
|
|
|
switch ($field) {
|
|
|
|
case self::FIELD_REF_NAME:
|
|
|
|
return array(
|
|
|
|
self::CONDITION_IS,
|
|
|
|
self::CONDITION_IS_NOT,
|
|
|
|
self::CONDITION_CONTAINS,
|
|
|
|
self::CONDITION_REGEXP,
|
|
|
|
);
|
|
|
|
case self::FIELD_REF_TYPE:
|
|
|
|
return array(
|
|
|
|
self::CONDITION_IS,
|
|
|
|
self::CONDITION_IS_NOT,
|
|
|
|
);
|
|
|
|
case self::FIELD_REF_CHANGE:
|
|
|
|
return array(
|
|
|
|
self::CONDITION_HAS_BIT,
|
|
|
|
self::CONDITION_NOT_BIT,
|
|
|
|
);
|
|
|
|
}
|
|
|
|
return parent::getConditionsForField($field);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getActions($rule_type) {
|
|
|
|
switch ($rule_type) {
|
|
|
|
case HeraldRuleTypeConfig::RULE_TYPE_GLOBAL:
|
2013-12-31 01:48:14 +01:00
|
|
|
case HeraldRuleTypeConfig::RULE_TYPE_OBJECT:
|
Add Herald support for blocking ref changes
Summary: Ref T4195. Allows users to write Herald rules which block ref changes. For example, you can write a rule like `alincoln can not create branches`, or `no one can push to the branch "frozen"`.
Test Plan:
This covers a lot of ground. I created and pushed a bunch of rules, then looked at transcripts, in general. Here are some bits in detail:
Here's a hook-based reject message:
>>> orbital ~/repos/POEMS $ git push
Counting objects: 5, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 274 bytes, done.
Total 3 (delta 2), reused 0 (delta 0)
remote: +---------------------------------------------------------------+
remote: | * * * PUSH REJECTED BY EVIL DRAGON BUREAUCRATS * * * |
remote: +---------------------------------------------------------------+
remote: \
remote: \ ^ /^
remote: \ / \ // \
remote: \ |\___/| / \// .\
remote: \ /V V \__ / // | \ \ *----*
remote: / / \/_/ // | \ \ \ |
remote: @___@` \/_ // | \ \ \/\ \
remote: 0/0/| \/_ // | \ \ \ \
remote: 0/0/0/0/| \/// | \ \ | |
remote: 0/0/0/0/0/_|_ / ( // | \ _\ | /
remote: 0/0/0/0/0/0/`/,_ _ _/ ) ; -. | _ _\.-~ / /
remote: ,-} _ *-.|.-~-. .~ ~
remote: \ \__/ `/\ / ~-. _ .-~ /
remote: \____(Oo) *. } { /
remote: ( (--) .----~-.\ \-` .~
remote: //__\\ \ DENIED! ///.----..< \ _ -~
remote: // \\ ///-._ _ _ _ _ _ _{^ - - - - ~
remote:
remote:
remote: This commit was rejected by Herald pre-commit rule H24.
remote: Rule: No Branches Called Blarp
remote: Reason: "blarp" is a bad branch name
remote:
To ssh://dweller@localhost/diffusion/POEMS/
! [remote rejected] blarp -> blarp (pre-receive hook declined)
error: failed to push some refs to 'ssh://dweller@localhost/diffusion/POEMS/'
Here's a transcript, showing that all the field values populate sensibly:
{F90453}
Here's a rule:
{F90454}
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T4195
Differential Revision: https://secure.phabricator.com/D7782
2013-12-18 00:23:55 +01:00
|
|
|
return array(
|
|
|
|
self::ACTION_BLOCK,
|
|
|
|
self::ACTION_NOTHING
|
|
|
|
);
|
|
|
|
case HeraldRuleTypeConfig::RULE_TYPE_PERSONAL:
|
|
|
|
return array(
|
|
|
|
self::ACTION_NOTHING,
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getValueTypeForFieldAndCondition($field, $condition) {
|
|
|
|
switch ($field) {
|
|
|
|
case self::FIELD_REF_TYPE:
|
|
|
|
return self::VALUE_REF_TYPE;
|
|
|
|
case self::FIELD_REF_CHANGE:
|
|
|
|
return self::VALUE_REF_CHANGE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return parent::getValueTypeForFieldAndCondition($field, $condition);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getPHID() {
|
|
|
|
return $this->getObject()->getPHID();
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getHeraldName() {
|
|
|
|
return pht('Push Log');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getHeraldField($field) {
|
|
|
|
$log = $this->getObject();
|
|
|
|
switch ($field) {
|
|
|
|
case self::FIELD_REF_TYPE:
|
|
|
|
return $log->getRefType();
|
|
|
|
case self::FIELD_REF_NAME:
|
|
|
|
return $log->getRefName();
|
|
|
|
case self::FIELD_REF_CHANGE:
|
|
|
|
return $log->getChangeFlags();
|
|
|
|
case self::FIELD_REPOSITORY:
|
|
|
|
return $this->hookEngine->getRepository()->getPHID();
|
|
|
|
case self::FIELD_PUSHER:
|
|
|
|
return $this->hookEngine->getViewer()->getPHID();
|
|
|
|
case self::FIELD_PUSHER_PROJECTS:
|
|
|
|
return $this->hookEngine->loadViewerProjectPHIDsForHerald();
|
|
|
|
}
|
|
|
|
|
|
|
|
return parent::getHeraldField($field);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function applyHeraldEffects(array $effects) {
|
|
|
|
assert_instances_of($effects, 'HeraldEffect');
|
|
|
|
|
|
|
|
$result = array();
|
|
|
|
foreach ($effects as $effect) {
|
|
|
|
$action = $effect->getAction();
|
|
|
|
switch ($action) {
|
|
|
|
case self::ACTION_NOTHING:
|
|
|
|
$result[] = new HeraldApplyTranscript(
|
|
|
|
$effect,
|
|
|
|
true,
|
|
|
|
pht('Did nothing.'));
|
|
|
|
break;
|
|
|
|
case self::ACTION_BLOCK:
|
|
|
|
$result[] = new HeraldApplyTranscript(
|
|
|
|
$effect,
|
|
|
|
true,
|
|
|
|
pht('Blocked push.'));
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
throw new Exception(pht('No rules to handle action "%s"!', $action));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|