diff --git a/src/applications/diffusion/ssh/DiffusionGitUploadPackSSHWorkflow.php b/src/applications/diffusion/ssh/DiffusionGitUploadPackSSHWorkflow.php index 33b21b2ffe..754bafd850 100644 --- a/src/applications/diffusion/ssh/DiffusionGitUploadPackSSHWorkflow.php +++ b/src/applications/diffusion/ssh/DiffusionGitUploadPackSSHWorkflow.php @@ -19,8 +19,9 @@ final class DiffusionGitUploadPackSSHWorkflow extends DiffusionGitSSHWorkflow { $device = AlmanacKeys::getLiveDevice(); $skip_sync = $this->shouldSkipReadSynchronization(); + $is_proxy = $this->shouldProxy(); - if ($this->shouldProxy()) { + if ($is_proxy) { $command = $this->getProxyCommand(); if ($device) { @@ -48,6 +49,8 @@ final class DiffusionGitUploadPackSSHWorkflow extends DiffusionGitSSHWorkflow { } $command = PhabricatorDaemon::sudoCommandAsDaemonUser($command); + $pull_event = $this->newPullEvent(); + $future = id(new ExecFuture('%C', $command)) ->setEnv($this->getEnvironment()); @@ -56,6 +59,26 @@ final class DiffusionGitUploadPackSSHWorkflow extends DiffusionGitSSHWorkflow { ->setCommandChannelFromExecFuture($future) ->execute(); + if ($err) { + $pull_event + ->setResultType('error') + ->setResultCode($err); + } else { + $pull_event + ->setResultType('pull') + ->setResultCode(0); + } + + // TODO: Currently, when proxying, we do not write a log on the proxy. + // Perhaps we should write a "proxy log". This is not very useful for + // statistics or auditing, but could be useful for diagnostics. Marking + // the proxy logs as proxied (and recording devicePHID on all logs) would + // make differentiating between these use cases easier. + + if (!$is_proxy) { + $pull_event->save(); + } + if (!$err) { $this->waitForGitClient(); } diff --git a/src/applications/diffusion/ssh/DiffusionSSHWorkflow.php b/src/applications/diffusion/ssh/DiffusionSSHWorkflow.php index 78252fb8d9..20a6a251a7 100644 --- a/src/applications/diffusion/ssh/DiffusionSSHWorkflow.php +++ b/src/applications/diffusion/ssh/DiffusionSSHWorkflow.php @@ -30,10 +30,8 @@ abstract class DiffusionSSHWorkflow extends PhabricatorSSHWorkflow { DiffusionCommitHookEngine::ENV_REMOTE_PROTOCOL => 'ssh', ); - $ssh_client = getenv('SSH_CLIENT'); - if ($ssh_client) { - // This has the format " ". Grab the IP. - $remote_address = head(explode(' ', $ssh_client)); + $remote_address = $this->getSSHRemoteAddress(); + if ($remote_address !== null) { $env[DiffusionCommitHookEngine::ENV_REMOTE_ADDRESS] = $remote_address; } @@ -259,5 +257,17 @@ abstract class DiffusionSSHWorkflow extends PhabricatorSSHWorkflow { return false; } + protected function newPullEvent() { + $viewer = $this->getViewer(); + $repository = $this->getRepository(); + $remote_address = $this->getSSHRemoteAddress(); + + return id(new PhabricatorRepositoryPullEvent()) + ->setEpoch(PhabricatorTime::getNow()) + ->setRemoteAddress($remote_address) + ->setRemoteProtocol('ssh') + ->setPullerPHID($viewer->getPHID()) + ->setRepositoryPHID($repository->getPHID()); + } } diff --git a/src/infrastructure/ssh/PhabricatorSSHWorkflow.php b/src/infrastructure/ssh/PhabricatorSSHWorkflow.php index b5ac17b7bf..beee356951 100644 --- a/src/infrastructure/ssh/PhabricatorSSHWorkflow.php +++ b/src/infrastructure/ssh/PhabricatorSSHWorkflow.php @@ -83,4 +83,19 @@ abstract class PhabricatorSSHWorkflow extends PhabricatorManagementWorkflow { return $this->originalArguments; } + public function getSSHRemoteAddress() { + $ssh_client = getenv('SSH_CLIENT'); + if (!strlen($ssh_client)) { + return null; + } + + // TODO: When commands are proxied, the original remote address should + // also be proxied. + + // This has the format " ". Grab the IP. + $remote_address = head(explode(' ', $ssh_client)); + + return $remote_address; + } + }