Files
@ 9f976d75b04c
Branch filter:
Location: kallithea/Jenkinsfile
9f976d75b04c
8.7 KiB
text/plain
auth: restore anonymous repository access
Dominik Ruf found that aa25ef34ebab introduced a regression in anonymous access
to repositories ... if that is enabled.
The refactoring was too strict when it missed that not all repo permission
checks require a logged in user. Read access can be granted to the default user
... but not write or admin.
Instead of the commands used in aa25ef34ebab, the following commands are used
to consistently also allow the default user in all decorators where we only need
repo read access:
# Introduce explicit allow_default_user=True - that was the default before aa25ef34ebab
sed -i 's/@LoginRequired()/@LoginRequired(allow_default_user=True)/g' `hg mani`
sed -i 's/@LoginRequired(\(..*\))/@LoginRequired(\1, allow_default_user=True)/g' `hg mani`
# The primary case: Replace @NotAnonymous with removal of allow_default_user=True
perl -0pi -e 's/\@LoginRequired\((?:(.*), )?allow_default_user=True\)\n\s*\@NotAnonymous\(\)/\@LoginRequired(\1)/g' `hg mani`
# If there is a global permission check, no anonymous is ever allowed
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasPermission)/\@LoginRequired()\1/g' `hg mani`
# Repo access for write or admin also assume no default user
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasRepoPermissionLevelDecorator\('"'(write|admin)'"'\))/\@LoginRequired()\1/g' `hg mani`
Dominik Ruf found that aa25ef34ebab introduced a regression in anonymous access
to repositories ... if that is enabled.
The refactoring was too strict when it missed that not all repo permission
checks require a logged in user. Read access can be granted to the default user
... but not write or admin.
Instead of the commands used in aa25ef34ebab, the following commands are used
to consistently also allow the default user in all decorators where we only need
repo read access:
# Introduce explicit allow_default_user=True - that was the default before aa25ef34ebab
sed -i 's/@LoginRequired()/@LoginRequired(allow_default_user=True)/g' `hg mani`
sed -i 's/@LoginRequired(\(..*\))/@LoginRequired(\1, allow_default_user=True)/g' `hg mani`
# The primary case: Replace @NotAnonymous with removal of allow_default_user=True
perl -0pi -e 's/\@LoginRequired\((?:(.*), )?allow_default_user=True\)\n\s*\@NotAnonymous\(\)/\@LoginRequired(\1)/g' `hg mani`
# If there is a global permission check, no anonymous is ever allowed
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasPermission)/\@LoginRequired()\1/g' `hg mani`
# Repo access for write or admin also assume no default user
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasRepoPermissionLevelDecorator\('"'(write|admin)'"'\))/\@LoginRequired()\1/g' `hg mani`
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 | def createvirtualenv = ''
def activatevirtualenv = ''
node {
properties([[$class: 'BuildDiscarderProperty',
strategy: [$class: 'LogRotator',
artifactDaysToKeepStr: '',
artifactNumToKeepStr: '10',
daysToKeepStr: '',
numToKeepStr: '']]]);
if (isUnix()) {
createvirtualenv = 'rm -r $JENKINS_HOME/venv/$JOB_NAME || true && virtualenv $JENKINS_HOME/venv/$JOB_NAME'
activatevirtualenv = '. $JENKINS_HOME/venv/$JOB_NAME/bin/activate'
} else {
createvirtualenv = 'rmdir /s /q %JENKINS_HOME%\\venv\\%JOB_NAME% || true && virtualenv %JENKINS_HOME%\\venv\\%JOB_NAME%'
activatevirtualenv = 'call %JENKINS_HOME%\\venv\\%JOB_NAME%\\Scripts\\activate.bat'
}
stage('checkout') {
checkout scm
if (isUnix()) {
sh 'hg --config extensions.purge= purge --all'
} else {
bat 'hg --config extensions.purge= purge --all'
}
}
stage('virtual env') {
def virtualenvscript = """$createvirtualenv
$activatevirtualenv
python -m pip install --upgrade pip
pip install --upgrade setuptools
pip install --upgrade pylint
pip install --upgrade pytest-cov
"""
if (isUnix()) {
virtualenvscript += """
pip install --upgrade python-ldap
pip install --upgrade python-pam
"""
sh virtualenvscript
} else {
bat virtualenvscript
}
}
stage('setup') {
def virtualenvscript = """$activatevirtualenv
pip install --upgrade -e .
pip install -r dev_requirements.txt
python setup.py compile_catalog
"""
if (isUnix()) {
sh virtualenvscript
} else {
bat virtualenvscript
}
stash name: 'kallithea', useDefaultExcludes: false
}
stage('pylint') {
sh script: """$activatevirtualenv
pylint -j 0 --disable=C -f parseable kallithea > pylint.out
""", returnStatus: true
archiveArtifacts 'pylint.out'
try {
step([$class: 'WarningsPublisher', canComputeNew: false, canResolveRelativePaths: false, defaultEncoding: '', excludePattern: '', healthy: '', includePattern: '', messagesPattern: '', parserConfigurations: [[parserName: 'PyLint', pattern: 'pylint.out']], unHealthy: ''])
} catch (java.lang.IllegalArgumentException exc) {
echo "You need to install the 'Warnings Plug-in' to display the pylint report."
currentBuild.result = 'UNSTABLE'
echo "Caught: ${exc}"
}
}
}
def pytests = [:]
pytests['sqlite'] = {
node {
ws {
deleteDir()
unstash name: 'kallithea'
if (isUnix()) {
sh script: """$activatevirtualenv
py.test -p no:sugar --cov-config .coveragerc --junit-xml=pytest_sqlite.xml --cov=kallithea
""", returnStatus: true
} else {
bat script: """$activatevirtualenv
py.test -p no:sugar --cov-config .coveragerc --junit-xml=pytest_sqlite.xml --cov=kallithea
""", returnStatus: true
}
sh 'sed --in-place "s/\\(classname=[\'\\"]\\)/\\1SQLITE./g" pytest_sqlite.xml'
archiveArtifacts 'pytest_sqlite.xml'
junit 'pytest_sqlite.xml'
writeFile(file: '.coverage.sqlite', text: readFile('.coverage'))
stash name: 'coverage.sqlite', includes: '.coverage.sqlite'
}
}
}
pytests['de'] = {
node {
if (isUnix()) {
ws {
deleteDir()
unstash name: 'kallithea'
withEnv(['LANG=de_DE.UTF-8',
'LANGUAGE=de',
'LC_ADDRESS=de_DE.UTF-8',
'LC_IDENTIFICATION=de_DE.UTF-8',
'LC_MEASUREMENT=de_DE.UTF-8',
'LC_MONETARY=de_DE.UTF-8',
'LC_NAME=de_DE.UTF-8',
'LC_NUMERIC=de_DE.UTF-8',
'LC_PAPER=de_DE.UTF-8',
'LC_TELEPHONE=de_DE.UTF-8',
'LC_TIME=de_DE.UTF-8',
]) {
sh script: """$activatevirtualenv
py.test -p no:sugar --cov-config .coveragerc --junit-xml=pytest_de.xml --cov=kallithea
""", returnStatus: true
}
sh 'sed --in-place "s/\\(classname=[\'\\"]\\)/\\1DE./g" pytest_de.xml'
archiveArtifacts 'pytest_de.xml'
junit 'pytest_de.xml'
writeFile(file: '.coverage.de', text: readFile('.coverage'))
stash name: 'coverage.de', includes: '.coverage.de'
}
}
}
}
pytests['mysql'] = {
node {
if (isUnix()) {
ws {
deleteDir()
unstash name: 'kallithea'
sh """$activatevirtualenv
pip install --upgrade MySQL-python
"""
withEnv(['TEST_DB=mysql://kallithea:kallithea@jenkins_mysql/kallithea_test?charset=utf8']) {
if (isUnix()) {
sh script: """$activatevirtualenv
py.test -p no:sugar --cov-config .coveragerc --junit-xml=pytest_mysql.xml --cov=kallithea
""", returnStatus: true
} else {
bat script: """$activatevirtualenv
py.test -p no:sugar --cov-config .coveragerc --junit-xml=pytest_mysql.xml --cov=kallithea
""", returnStatus: true
}
}
sh 'sed --in-place "s/\\(classname=[\'\\"]\\)/\\1MYSQL./g" pytest_mysql.xml'
archiveArtifacts 'pytest_mysql.xml'
junit 'pytest_mysql.xml'
writeFile(file: '.coverage.mysql', text: readFile('.coverage'))
stash name: 'coverage.mysql', includes: '.coverage.mysql'
}
}
}
}
pytests['postgresql'] = {
node {
if (isUnix()) {
ws {
deleteDir()
unstash name: 'kallithea'
sh """$activatevirtualenv
pip install --upgrade psycopg2
"""
withEnv(['TEST_DB=postgresql://kallithea:kallithea@jenkins_postgresql/kallithea_test']) {
if (isUnix()) {
sh script: """$activatevirtualenv
py.test -p no:sugar --cov-config .coveragerc --junit-xml=pytest_postgresql.xml --cov=kallithea
""", returnStatus: true
} else {
bat script: """$activatevirtualenv
py.test -p no:sugar --cov-config .coveragerc --junit-xml=pytest_postgresql.xml --cov=kallithea
""", returnStatus: true
}
}
sh 'sed --in-place "s/\\(classname=[\'\\"]\\)/\\1POSTGRES./g" pytest_postgresql.xml'
archiveArtifacts 'pytest_postgresql.xml'
junit 'pytest_postgresql.xml'
writeFile(file: '.coverage.postgresql', text: readFile('.coverage'))
stash name: 'coverage.postgresql', includes: '.coverage.postgresql'
}
}
}
}
stage('Tests') {
parallel pytests
node {
unstash 'coverage.sqlite'
unstash 'coverage.de'
unstash 'coverage.mysql'
unstash 'coverage.postgresql'
if (isUnix()) {
sh script: """$activatevirtualenv
coverage combine .coverage.sqlite .coverage.de .coverage.mysql .coverage.postgresql
coverage xml
""", returnStatus: true
} else {
bat script: """$activatevirtualenv
coverage combine .coverage.sqlite .coverage.de .coverage.mysql .coverage.postgresql
coverage xml
""", returnStatus: true
}
try {
step([$class: 'CoberturaPublisher', autoUpdateHealth: false, autoUpdateStability: false, coberturaReportFile: 'coverage.xml', failNoReports: false, failUnhealthy: false, failUnstable: false, maxNumberOfBuilds: 0, onlyStable: false, zoomCoverageChart: false])
} catch (java.lang.IllegalArgumentException exc) {
echo "You need to install the pipeline compatible 'CoberturaPublisher Plug-in' to display the coverage report."
currentBuild.result = 'UNSTABLE'
echo "Caught: ${exc}"
}
}
}
|