[Git][debian-gis-team/scripts][master] Configure protected branches when creating projects.

Bas Couwenberg gitlab at salsa.debian.org
Wed Dec 2 16:38:23 GMT 2020 


Bas Couwenberg pushed to branch master at Debian GIS Project / scripts


Commits:
941f9b97 by Bas Couwenberg at 2020-12-02T17:38:02+01:00
Configure protected branches when creating projects.

- - - - -


1 changed file:

- salsa-create-repository.pl


Changes:

=====================================
salsa-create-repository.pl
=====================================
@@ -30,27 +30,28 @@ use URI::Escape;
 $|=1;
 
 my %cfg = (
-            config_file      => '',
-            url              => 'https://salsa.debian.org/api/v4',
-            token            => '',
-            token_file       => $ENV{HOME}.'/.salsa-token',
-            namespace        => '2052',
-            user             => '',
-            group            => 'debian-gis-team',
-            ci_cfg_path      => 'debian/.gitlab-ci.yml',
-            email_recipients => 'pkg-grass-devel at lists.alioth.debian.org',
-            irc_recipients   => '#debian-gis',
-            kgb_baseurl      => 'http://kgb.debian.net:9418/webhook/',
-            kgb_network      => 'oftc',
-            project          => '',
-            description      => '',
-            visibility       => 'public',
-            enable_emails    => 1,
-            enable_irker     => 0,
-            enable_kgb       => 1,
-            debug            => 0,
-            verbose          => 0,
-            help             => 0,
+            config_file        => '',
+            url                => 'https://salsa.debian.org/api/v4',
+            token              => '',
+            token_file         => $ENV{HOME}.'/.salsa-token',
+            namespace          => '2052',
+            user               => '',
+            group              => 'debian-gis-team',
+            ci_cfg_path        => 'debian/.gitlab-ci.yml',
+            email_recipients   => 'pkg-grass-devel at lists.alioth.debian.org',
+            irc_recipients     => '#debian-gis',
+            kgb_baseurl        => 'http://kgb.debian.net:9418/webhook/',
+            kgb_network        => 'oftc',
+            project            => '',
+            description        => '',
+            visibility         => 'public',
+            enable_emails      => 1,
+            enable_irker       => 0,
+            enable_kgb         => 1,
+            protected_branches => 1,
+            debug              => 0,
+            verbose            => 0,
+            help               => 0,
           );
 
 my $result = GetOptions(
@@ -71,6 +72,7 @@ my $result = GetOptions(
                          'enable-emails!'       => \$cfg{enable_emails},
                          'enable-irker!'        => \$cfg{enable_irker},
                          'enable-kgb!'          => \$cfg{enable_kgb},
+                         'protected-branches!'  => \$cfg{protected_branches},
                          'd|debug'              => \$cfg{debug},
                          'v|verbose'            => \$cfg{verbose},
                          'h|help'               => \$cfg{help},
@@ -135,6 +137,15 @@ if($cfg{visibility} ne 'public' &&
 
 $cfg{description} = "Packaging of $cfg{project}" if(!$cfg{description});
 
+my %access_level = (
+                     'No access'  => 0,
+                     'Guest'      => 10,
+                     'Reporter'   => 20,
+                     'Developer'  => 30,
+                     'Maintainer' => 40,
+                     'Owner'      => 50,
+                   );
+
 my $ua = new LWP::UserAgent(agent => basename($0));
 
 $cfg{token} = get_private_token() if(!$cfg{token});
@@ -186,6 +197,11 @@ if($cfg{enable_kgb} && !configure_kgb_webhook($project)) {
 	exit 1;
 }
 
+# Configure protected branches
+if($cfg{protected_branches} && !configure_protected_branches($project)) {
+	exit 1;
+}
+
 exit 0;
 
 ################################################################################
@@ -627,3 +643,134 @@ sub configure_kgb_webhook {
 	}
 }
 
+sub configure_protected_branches {
+	my ($project) = @_;
+
+	my $url = $cfg{url}.'/projects/'.uri_escape($project->{id}).'/protected_branches';
+
+	my $req = new HTTP::Request(GET => $url);
+	   $req->header('PRIVATE-TOKEN' => $cfg{token});
+
+	my $res = $ua->request($req);
+	if($res->is_success) {
+		my $content = $res->content;
+
+		my $data = decode_json($content);
+
+		print "protected_branches:\n". Dumper($data) if($cfg{debug});
+
+		my $delete = 1;
+		my $configure = 0;
+
+		foreach my $branch (@{$data}) {
+			if($branch->{name} ne 'master') {
+				print "Skipping branch: ". $branch->{name} ."\n" if($cfg{debug});
+				next;
+			}
+
+			if(
+			    $#{$branch->{merge_access_levels}} != 0 ||
+			    $branch->{merge_access_levels}[0]->{access_level} != $access_level{Maintainer}
+			) {
+				$configure = 1;
+				last;
+			}
+
+			if(
+			    $#{$branch->{push_access_levels}} != 0 ||
+			    $branch->{push_access_levels}[0]->{access_level} != $access_level{Developer}
+			) {
+				$configure = 1;
+				last;
+			}
+
+			if(
+			    exists $branch->{unprotect_access_levels} &&
+                            (
+			      $#{$branch->{unprotect_access_levels}} != -1 ||
+			      $branch->{unprotect_access_levels}[0]->{access_level} != $access_level{Maintainer}
+                            )
+			) {
+				$configure = 1;
+				last;
+			}
+			elsif(
+			       exists $branch->{unprotect_access_levels} &&
+			       $#{$branch->{unprotect_access_levels}} == -1
+			) {
+				$delete = 1;
+				$configure = 1;
+				last;
+			}
+		}
+
+		if($#{$data} == -1) {
+			$delete = 0;
+			$configure = 1;
+		}
+
+		if(!$configure) {
+			print "Protected branches already configured for project: ". $project->{name} ." (". $project->{id} .")\n" if($cfg{verbose});
+
+			return 2;
+		}
+
+		if($delete) {
+			my $delete_url = $url ."/master";
+
+			my $req = HTTP::Request::Common::DELETE($delete_url);
+			   $req->header('PRIVATE-TOKEN' => $cfg{token});
+
+			my $res = $ua->request($req);
+			if($res->code != 204) {
+				print "Error: Request failed! ($url)\n";
+				print "HTTP Status: ".$res->code." ".$res->message."\n";
+				print $res->content if($res->content);
+
+				return;
+			}
+		}
+
+		print "Configuring protected branches for: ". $project->{name} ." (". $project->{id} .")\n" if($cfg{verbose});
+
+		my $url = $cfg{url}.'/projects/'.uri_escape($project->{id}).'/protected_branches';
+
+		my %param = (
+		              name                   => 'master',
+		              merge_access_level     => $access_level{Maintainer},
+		              push_access_level      => $access_level{Developer},
+		              unprotect_access_level => $access_level{Maintainer},
+		            );
+
+		print "param:\n".Dumper(\%param) if($cfg{debug});
+
+		my $req = HTTP::Request::Common::POST($url, [ %param ]);
+		   $req->header('PRIVATE-TOKEN' => $cfg{token});
+
+		my $res = $ua->request($req);
+		if($res->is_success) {
+			my $content = $res->content;
+
+			print "Content:\n".Dumper($content) if($cfg{debug});
+
+			print "Configured protected branches for project: ". $project->{name} ." (". $project->{id} .")\n" if($cfg{verbose});
+
+			return 1;
+		}
+		else {
+			print "Error: Request failed! ($url)\n";
+			print "HTTP Status: ".$res->code." ".$res->message."\n";
+			print $res->content if($res->content);
+
+			return;
+		}
+	}
+	else {
+		print "Error: Request failed! ($url)\n";
+		print "HTTP Status: ".$res->code." ".$res->message."\n";
+		print $res->content if($res->content);
+
+		return;
+	}
+}
+



View it on GitLab: https://salsa.debian.org/debian-gis-team/scripts/-/commit/941f9b97e8b4b8d2ace2f4d10aa07769dd0b847d

-- 
View it on GitLab: https://salsa.debian.org/debian-gis-team/scripts/-/commit/941f9b97e8b4b8d2ace2f4d10aa07769dd0b847d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-grass-devel/attachments/20201202/e8fd5d62/attachment-0001.html>

More information about the Pkg-grass-devel mailing list