mirror of
https://github.com/go-gitea/gitea
synced 2024-11-10 20:24:24 +00:00
Prevent update pull refs manually and will not affect other refs update (#31931)
All refs under `refs/pull` should only be changed from Gitea inside but not by pushing from outside of Gitea. This PR will prevent the pull refs update but allow other refs to be updated on the same pushing with `--mirror` operations. The main changes are to add checks on `update` hook but not `pre-receive` because `update` will be invoked by every ref but `pre-receive` will revert all changes once one ref update fails.
This commit is contained in:
parent
052a8fe6cc
commit
ac34449747
14
cmd/hook.go
14
cmd/hook.go
@ -290,8 +290,22 @@ Gitea or set your environment appropriately.`, "")
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// runHookUpdate avoid to do heavy operations on update hook because it will be
|
||||||
|
// invoked for every ref update which does not like pre-receive and post-receive
|
||||||
func runHookUpdate(c *cli.Context) error {
|
func runHookUpdate(c *cli.Context) error {
|
||||||
|
if isInternal, _ := strconv.ParseBool(os.Getenv(repo_module.EnvIsInternal)); isInternal {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// Update is empty and is kept only for backwards compatibility
|
// Update is empty and is kept only for backwards compatibility
|
||||||
|
if len(os.Args) < 3 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
refName := git.RefName(os.Args[len(os.Args)-3])
|
||||||
|
if refName.IsPull() {
|
||||||
|
// ignore update to refs/pull/xxx/head, so we don't need to output any information
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -6,8 +6,10 @@ package integration
|
|||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
auth_model "code.gitea.io/gitea/models/auth"
|
||||||
"code.gitea.io/gitea/models/db"
|
"code.gitea.io/gitea/models/db"
|
||||||
git_model "code.gitea.io/gitea/models/git"
|
git_model "code.gitea.io/gitea/models/git"
|
||||||
"code.gitea.io/gitea/models/unittest"
|
"code.gitea.io/gitea/models/unittest"
|
||||||
@ -192,3 +194,23 @@ func runTestGitPush(t *testing.T, u *url.URL, gitOperation func(t *testing.T, gi
|
|||||||
|
|
||||||
require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, repo.ID))
|
require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, repo.ID))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestPushPullRefs(t *testing.T) {
|
||||||
|
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
||||||
|
baseAPITestContext := NewAPITestContext(t, "user2", "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
|
||||||
|
|
||||||
|
u.Path = baseAPITestContext.GitPath()
|
||||||
|
u.User = url.UserPassword("user2", userPassword)
|
||||||
|
|
||||||
|
dstPath := t.TempDir()
|
||||||
|
doGitClone(dstPath, u)(t)
|
||||||
|
|
||||||
|
cmd := git.NewCommand(git.DefaultContext, "push", "--delete", "origin", "refs/pull/2/head")
|
||||||
|
stdout, stderr, err := cmd.RunStdString(&git.RunOpts{
|
||||||
|
Dir: dstPath,
|
||||||
|
})
|
||||||
|
assert.Error(t, err)
|
||||||
|
assert.Empty(t, stdout)
|
||||||
|
assert.False(t, strings.Contains(stderr, "[deleted]"), "stderr: %s", stderr)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
@ -223,6 +223,7 @@ func PrepareTestEnv(t testing.TB, skip ...int) func() {
|
|||||||
_ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "objects", "info"), 0o755)
|
_ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "objects", "info"), 0o755)
|
||||||
_ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "refs", "heads"), 0o755)
|
_ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "refs", "heads"), 0o755)
|
||||||
_ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "refs", "tag"), 0o755)
|
_ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "refs", "tag"), 0o755)
|
||||||
|
_ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "refs", "pull"), 0o755)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user