protection

package
v0.0.0-...-94d0466 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 11, 2025 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source 
const TypeBranch types.RuleType = "branch"

Variables

View Source 
var (
	ErrUnrecognizedType       = errors.New("unrecognized protection type")
	ErrAlreadyRegistered      = errors.New("protection type already registered")
	ErrPatternEmpty           = errors.New("name pattern can't be empty")
	ErrInvalidGlobstarPattern = errors.New("invalid globstar pattern")
)
View Source 
var RuleInfoFilterStatusActive = func(r *types.RuleInfoInternal) (bool, error) {
	return r.State == enum.RuleStateActive, nil
}
View Source 
var RuleInfoFilterTypeBranch = func(r *types.RuleInfoInternal) (bool, error) {
	return r.Type == TypeBranch, nil
}
View Source 
var WireSet = wire.NewSet(
	ProvideManager,
)

Functions

func GenerateErrorMessageForBlockingViolations 

func GenerateErrorMessageForBlockingViolations(ruleViolations []types.RuleViolations) string

GenerateErrorMessageForBlockingViolations generates an error message for a given slice of rule violations. It simply takes the first blocking rule that has a violation and prints that, with indication if further rules were violated.

func GetRuleInfos 

func GetRuleInfos(
	protection Protection,
	defaultBranch string,
	branchName string,
	filterFns ...func(*types.RuleInfoInternal) (bool, error),
) (ruleInfos []types.RuleInfo, err error)

func IsBypassed 

func IsBypassed(violations []types.RuleViolations) bool

func IsCritical 

func IsCritical(violations []types.RuleViolations) bool

func ToJSON 

func ToJSON(v any) (json.RawMessage, error)

ToJSON is utility function that converts types to a JSON message. It's used to sanitize protection definition data.

Types

type Branch 

type Branch struct {
	Bypass    DefBypass    `json:"bypass"`
	PullReq   DefPullReq   `json:"pullreq"`
	Lifecycle DefLifecycle `json:"lifecycle"`
}

Branch implements protection rules for the rule type TypeBranch.

func (*Branch) MergeVerify 

func (v *Branch) MergeVerify(
	ctx context.Context,
	in MergeVerifyInput,
) (out MergeVerifyOutput, violations []types.RuleViolations, err error)

func (*Branch) RefChangeVerify 

func (v *Branch) RefChangeVerify(
	ctx context.Context,
	in RefChangeVerifyInput,
) (violations []types.RuleViolations, err error)

func (*Branch) RequiredChecks 

func (v *Branch) RequiredChecks(
	ctx context.Context,
	in RequiredChecksInput,
) (RequiredChecksOutput, error)

func (*Branch) Sanitize 

func (v *Branch) Sanitize() error

func (*Branch) UserGroupIDs 

func (v *Branch) UserGroupIDs() ([]int64, error)

func (*Branch) UserIDs 

func (v *Branch) UserIDs() ([]int64, error)

type DefApprovals 

type DefApprovals struct {
	RequireCodeOwners      bool `json:"require_code_owners,omitempty"`
	RequireMinimumCount    int  `json:"require_minimum_count,omitempty"`
	RequireLatestCommit    bool `json:"require_latest_commit,omitempty"`
	RequireNoChangeRequest bool `json:"require_no_change_request,omitempty"`
}

func (*DefApprovals) Sanitize 

func (v *DefApprovals) Sanitize() error

type DefBypass 

type DefBypass struct {
	UserIDs      []int64 `json:"user_ids,omitempty"`
	UserGroupIDs []int64 `json:"user_group_ids,omitempty"`
	RepoOwners   bool    `json:"repo_owners,omitempty"`
}

func (DefBypass) Sanitize 

func (v DefBypass) Sanitize() error

type DefComments 

type DefComments struct {
	RequireResolveAll bool `json:"require_resolve_all,omitempty"`
}

func (DefComments) Sanitize 

func (DefComments) Sanitize() error

type DefLifecycle 

type DefLifecycle struct {
	CreateForbidden      bool `json:"create_forbidden,omitempty"`
	DeleteForbidden      bool `json:"delete_forbidden,omitempty"`
	UpdateForbidden      bool `json:"update_forbidden,omitempty"`
	UpdateForceForbidden bool `json:"update_force_forbidden,omitempty"`
}

func (*DefLifecycle) RefChangeVerify 

func (v *DefLifecycle) RefChangeVerify(_ context.Context, in RefChangeVerifyInput) ([]types.RuleViolations, error)

func (*DefLifecycle) Sanitize 

func (*DefLifecycle) Sanitize() error

type DefMerge 

type DefMerge struct {
	StrategiesAllowed []enum.MergeMethod `json:"strategies_allowed,omitempty"`
	DeleteBranch      bool               `json:"delete_branch,omitempty"`
	Block             bool               `json:"block,omitempty"`
}

func (*DefMerge) Sanitize 

func (v *DefMerge) Sanitize() error

type DefPullReq 

type DefPullReq struct {
	Approvals    DefApprovals    `json:"approvals"`
	Comments     DefComments     `json:"comments"`
	StatusChecks DefStatusChecks `json:"status_checks"`
	Merge        DefMerge        `json:"merge"`
}

func (*DefPullReq) MergeVerify 

func (v *DefPullReq) MergeVerify(
	_ context.Context,
	in MergeVerifyInput,
) (MergeVerifyOutput, []types.RuleViolations, error)

func (*DefPullReq) RequiredChecks 

func (v *DefPullReq) RequiredChecks(
	_ context.Context,
	_ RequiredChecksInput,
) (RequiredChecksOutput, error)

func (*DefPullReq) Sanitize 

func (v *DefPullReq) Sanitize() error

type DefPush 

type DefPush struct {
	Block bool `json:"block,omitempty"`
}

func (*DefPush) Sanitize 

func (v *DefPush) Sanitize() error

type DefStatusChecks 

type DefStatusChecks struct {
	RequireIdentifiers []string `json:"require_identifiers,omitempty"`
}

func (DefStatusChecks) MarshalJSON 

func (c DefStatusChecks) MarshalJSON() ([]byte, error)

TODO [CODE-1363]: remove after identifier migration.

func (*DefStatusChecks) Sanitize 

func (c *DefStatusChecks) Sanitize() error

func (*DefStatusChecks) UnmarshalJSON 

func (c *DefStatusChecks) UnmarshalJSON(data []byte) error

TODO [CODE-1363]: remove if we don't have any require_uids left in our DB.

type Definition 

type Definition interface {
	Sanitizer
	Protection
}

type DefinitionGenerator 

type DefinitionGenerator func() Definition

DefinitionGenerator is the function that creates blank rules.

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager is used to enforce protection rules.

func NewManager 

func NewManager(ruleStore store.RuleStore) *Manager

NewManager creates new protection Manager.

func ProvideManager 

func ProvideManager(ruleStore store.RuleStore) (*Manager, error)

func (*Manager) ForRepository 

func (m *Manager) ForRepository(ctx context.Context, repoID int64) (Protection, error)

func (*Manager) FromJSON 

func (m *Manager) FromJSON(ruleType types.RuleType, message json.RawMessage, strict bool) (Protection, error)

func (*Manager) Register 

func (m *Manager) Register(ruleType types.RuleType, gen DefinitionGenerator) error

Register registers new types.RuleType.

func (*Manager) SanitizeJSON 

func (m *Manager) SanitizeJSON(ruleType types.RuleType, message json.RawMessage) (json.RawMessage, error)

type MergeVerifier 

type MergeVerifier interface {
	MergeVerify(ctx context.Context, in MergeVerifyInput) (MergeVerifyOutput, []types.RuleViolations, error)
	RequiredChecks(ctx context.Context, in RequiredChecksInput) (RequiredChecksOutput, error)
}

type MergeVerifyInput 

type MergeVerifyInput struct {
	ResolveUserGroupID func(ctx context.Context, userGroupIDs []int64) ([]int64, error)
	Actor              *types.Principal
	AllowBypass        bool
	IsRepoOwner        bool
	TargetRepo         *types.Repository
	SourceRepo         *types.Repository
	PullReq            *types.PullReq
	Reviewers          []*types.PullReqReviewer
	Method             enum.MergeMethod
	CheckResults       []types.CheckResult
	CodeOwners         *codeowners.Evaluation
}

type MergeVerifyOutput 

type MergeVerifyOutput struct {
	AllowedMethods                      []enum.MergeMethod
	DeleteSourceBranch                  bool
	MinimumRequiredApprovalsCount       int
	MinimumRequiredApprovalsCountLatest int
	RequiresCodeOwnersApproval          bool
	RequiresCodeOwnersApprovalLatest    bool
	RequiresCommentResolution           bool
	RequiresNoChangeRequests            bool
}

type Pattern 

type Pattern struct {
	Default bool     `json:"default,omitempty"`
	Include []string `json:"include,omitempty"`
	Exclude []string `json:"exclude,omitempty"`
}

func (*Pattern) JSON 

func (p *Pattern) JSON() json.RawMessage

func (*Pattern) Matches 

func (p *Pattern) Matches(branchName, defaultName string) bool

func (*Pattern) Validate 

func (p *Pattern) Validate() error

type Protection 

type Protection interface {
	MergeVerifier
	RefChangeVerifier
	UserIDs() ([]int64, error)
	UserGroupIDs() ([]int64, error)
}

type RefAction 

type RefAction int
const (
	RefActionCreate RefAction = iota
	RefActionDelete
	RefActionUpdate
	RefActionUpdateForce
)

type RefChangeVerifier 

type RefChangeVerifier interface {
	RefChangeVerify(ctx context.Context, in RefChangeVerifyInput) ([]types.RuleViolations, error)
}

type RefChangeVerifyInput 

type RefChangeVerifyInput struct {
	ResolveUserGroupID func(ctx context.Context, userGroupIDs []int64) ([]int64, error)
	Actor              *types.Principal
	AllowBypass        bool
	IsRepoOwner        bool
	Repo               *types.Repository
	RefAction          RefAction
	RefType            RefType
	RefNames           []string
}

type RefType 

type RefType int
const (
	RefTypeRaw RefType = iota
	RefTypeBranch
	RefTypeTag
)

type RequiredChecksInput 

type RequiredChecksInput struct {
	ResolveUserGroupID func(ctx context.Context, userGroupIDs []int64) ([]int64, error)
	Actor              *types.Principal
	IsRepoOwner        bool
	Repo               *types.Repository
	PullReq            *types.PullReq
}

type RequiredChecksOutput 

type RequiredChecksOutput struct {
	RequiredIdentifiers   map[string]struct{}
	BypassableIdentifiers map[string]struct{}
}

type Sanitizer 

type Sanitizer interface {
	// Sanitize validates if the definition is valid and automatically corrects minor issues.
	Sanitize() error
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.