From 33155bffb4925cc236d2e579229fb701931131d6 Mon Sep 17 00:00:00 2001 From: Easton Crupper <65553218+ecrupper@users.noreply.github.com> Date: Wed, 1 May 2024 10:11:21 -0400 Subject: [PATCH 1/3] fix(dashboards): use v7 uuid for primary key (#1115) --- database/types/dashboard.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/database/types/dashboard.go b/database/types/dashboard.go index 181824b7e..ba3b58efb 100644 --- a/database/types/dashboard.go +++ b/database/types/dashboard.go @@ -28,7 +28,7 @@ var ( type ( // Dashboard is the database representation of a dashboard. Dashboard struct { - ID uuid.UUID `gorm:"type:uuid;default:uuid_generate_v4()"` + ID uuid.UUID `gorm:"type:uuid;default:uuid_generate_v7()"` Name sql.NullString `sql:"name"` CreatedAt sql.NullInt64 `sql:"created_at"` CreatedBy sql.NullString `sql:"created_by"` From 58ef7e861ce4f1d35048bd9248a38cbf7437d971 Mon Sep 17 00:00:00 2001 From: Easton Crupper <65553218+ecrupper@users.noreply.github.com> Date: Thu, 2 May 2024 12:06:59 -0400 Subject: [PATCH 2/3] fix(dashboards): add limit to repos for dashboards and dashboards for users (#1116) * fix(dashboards): add limit to repos * also add user dashboard limit --- constants/limit.go | 39 ++++++++++++++++++++++++++++++++ database/types/dashboard.go | 6 +++++ database/types/dashboard_test.go | 15 ++++++++++++ database/types/user.go | 14 +++--------- database/types/user_test.go | 8 +++---- 5 files changed, 67 insertions(+), 15 deletions(-) diff --git a/constants/limit.go b/constants/limit.go index 046b6c19b..8b492ec3e 100644 --- a/constants/limit.go +++ b/constants/limit.go @@ -3,6 +3,45 @@ package constants // Limits and constraints. const ( + // BuildLimitMin defines the minimum value for repo concurrent build limit. + BuildLimitMin = 1 + + // BuildLimitMax defines the maximum value for repo concurrent build limit. + BuildLimitMax = 30 + + // BuildLimitDefault defines the default value for repo concurrent build limit. + BuildLimitDefault = 10 + + // BuildTimeoutMin defines the minimum value in minutes for repo build timeout. + BuildTimeoutMin = 1 + + // BuildTimeoutMax defines the maximum value in minutes for repo build timeout. + BuildTimeoutMax = 90 + + // BuildTimeoutDefault defines the default value in minutes for repo build timeout. + BuildTimeoutDefault = 30 + + // FavoritesMaxSize defines the maximum size in characters for user favorites. + FavoritesMaxSize = 5000 + + // RunningBuildIDsMaxSize defines the maximum size in characters for worker RunningBuildIDs. + RunningBuildIDsMaxSize = 500 + + // TopicsMaxSize defines the maximum size in characters for repo topics. Ex: GitHub has a 20-topic, 50-char limit. + TopicsMaxSize = 1020 + + // DeployBuildsMaxSize defines the maximum size in characters for deployment builds. + DeployBuildsMaxSize = 500 + + // ReportStepStatusLimit defines the maximum number of steps in a pipeline that may report their status to the SCM. + ReportStepStatusLimit = 10 + + // DashboardRepoLimit defines the maximum number of repos that can be assigned to a dashboard. + DashboardRepoLimit = 10 + + // UserDashboardLimit defines the maximum number of dashboards that can be assigned to a user. + UserDashboardLimit = 10 + // DashboardAdminMaxSize defines the maximum size in characters for dashboard admins. DashboardAdminMaxSize = 5000 ) diff --git a/database/types/dashboard.go b/database/types/dashboard.go index ba3b58efb..0d6023058 100644 --- a/database/types/dashboard.go +++ b/database/types/dashboard.go @@ -12,6 +12,7 @@ import ( "github.com/google/uuid" api "github.com/go-vela/server/api/types" + "github.com/go-vela/server/constants" "github.com/go-vela/server/util" ) @@ -142,6 +143,11 @@ func (d *Dashboard) Validate() error { return ErrEmptyDashName } + // verify the number of repos + if len(d.Repos) > constants.DashboardRepoLimit { + return fmt.Errorf("exceeded repos limit of %d", constants.DashboardRepoLimit) + } + // ensure that all Dashboard string fields // that can be returned as JSON are sanitized // to avoid unsafe HTML content diff --git a/database/types/dashboard_test.go b/database/types/dashboard_test.go index f163e8b9c..60ca2cfa0 100644 --- a/database/types/dashboard_test.go +++ b/database/types/dashboard_test.go @@ -90,6 +90,17 @@ func TestTypes_Dashboard_ToAPI(t *testing.T) { func TestTypes_Dashboard_Validate(t *testing.T) { uuid, _ := uuid.Parse("c8da1302-07d6-11ea-882f-4893bca275b8") + dashRepo := new(api.DashboardRepo) + dashRepo.SetName("dashboard-repo") + + dashRepos := []*api.DashboardRepo{} + for i := 0; i < 11; i++ { + dashRepos = append(dashRepos, dashRepo) + } + + exceededReposDashboard := testDashboard() + exceededReposDashboard.Repos = DashReposJSON(dashRepos) + // setup tests tests := []struct { failure bool @@ -105,6 +116,10 @@ func TestTypes_Dashboard_Validate(t *testing.T) { ID: uuid, }, }, + { // hit repo limit + failure: true, + dashboard: exceededReposDashboard, + }, } // run tests diff --git a/database/types/user.go b/database/types/user.go index 0bfd13e2a..bde757a6b 100644 --- a/database/types/user.go +++ b/database/types/user.go @@ -11,8 +11,8 @@ import ( "github.com/lib/pq" api "github.com/go-vela/server/api/types" + "github.com/go-vela/server/constants" "github.com/go-vela/server/util" - "github.com/go-vela/types/constants" ) var ( @@ -216,16 +216,8 @@ func (u *User) Validate() error { return ErrExceededFavoritesLimit } - // calculate totalDashboards size of dashboards - totalDashboards := 0 - for _, d := range u.Dashboards { - totalDashboards += len(d) - } - - // verify the Dashboards field is within the database constraints - // len is to factor in number of comma separators included in the database field, - // removing 1 due to the last item not having an appended comma - if (totalDashboards + len(u.Dashboards) - 1) > constants.FavoritesMaxSize { + // validate number of dashboards + if len(u.Dashboards) > constants.UserDashboardLimit { return ErrExceededDashboardsLimit } diff --git a/database/types/user_test.go b/database/types/user_test.go index 9edf57abf..3d02427e8 100644 --- a/database/types/user_test.go +++ b/database/types/user_test.go @@ -204,7 +204,7 @@ func TestTypes_User_Validate(t *testing.T) { ID: sql.NullInt64{Int64: 1, Valid: true}, Name: sql.NullString{String: "octocat", Valid: true}, Token: sql.NullString{String: "superSecretToken", Valid: true}, - Favorites: exceededField(), + Favorites: exceededField(500), }, }, { // invalid dashboards set for user @@ -213,7 +213,7 @@ func TestTypes_User_Validate(t *testing.T) { ID: sql.NullInt64{Int64: 1, Valid: true}, Name: sql.NullString{String: "octocat", Valid: true}, Token: sql.NullString{String: "superSecretToken", Valid: true}, - Dashboards: exceededField(), + Dashboards: exceededField(11), }, }, } @@ -275,12 +275,12 @@ func testUser() *User { } // exceededField returns a list of strings that exceed the maximum size of a field. -func exceededField() []string { +func exceededField(indexes int) []string { // initialize empty favorites values := []string{} // add enough strings to exceed the character limit - for i := 0; i < 500; i++ { + for i := 0; i < indexes; i++ { // construct field // use i to adhere to unique favorites field := "github/octocat-" + strconv.Itoa(i) From 76931994b10c91d56c1332cc57a52d7c4d8f61ab Mon Sep 17 00:00:00 2001 From: Easton Crupper <65553218+ecrupper@users.noreply.github.com> Date: Fri, 3 May 2024 10:05:56 -0400 Subject: [PATCH 3/3] fix(events): add action to deployment check (#1117) * fix(events): add action to deployment check * fix compiler tests --- api/types/events.go | 2 +- api/types/events_test.go | 2 +- compiler/native/compile_test.go | 6 +++--- go.mod | 2 +- go.sum | 4 ++-- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/api/types/events.go b/api/types/events.go index 2dc6f1e28..8bf27db8c 100644 --- a/api/types/events.go +++ b/api/types/events.go @@ -130,7 +130,7 @@ func (e *Events) Allowed(event, action string) bool { allowed = e.GetComment().GetCreated() case constants.EventComment + ":" + constants.ActionEdited: allowed = e.GetComment().GetEdited() - case constants.EventDeploy: + case constants.EventDeploy + ":" + constants.ActionCreated: allowed = e.GetDeployment().GetCreated() case constants.EventSchedule: allowed = e.GetSchedule().GetRun() diff --git a/api/types/events_test.go b/api/types/events_test.go index 447a84c54..68f6f5709 100644 --- a/api/types/events_test.go +++ b/api/types/events_test.go @@ -340,7 +340,7 @@ func TestTypes_Events_Allowed(t *testing.T) { {event: "pull_request", action: "reopened", want: true}, {event: "pull_request", action: "labeled", want: false}, {event: "pull_request", action: "unlabeled", want: true}, - {event: "deployment", want: false}, + {event: "deployment", action: "created", want: false}, {event: "comment", action: "created", want: true}, {event: "comment", action: "edited", want: false}, {event: "schedule", want: true}, diff --git a/compiler/native/compile_test.go b/compiler/native/compile_test.go index ed9563045..811f9855e 100644 --- a/compiler/native/compile_test.go +++ b/compiler/native/compile_test.go @@ -3317,7 +3317,7 @@ func Test_CompileLite(t *testing.T) { Pull: "not_present", Ruleset: yaml.Ruleset{ If: yaml.Rules{ - Event: []string{"deployment"}, + Event: []string{"deployment:created"}, Target: []string{"production"}, }, Matcher: "filepath", @@ -3396,7 +3396,7 @@ func Test_CompileLite(t *testing.T) { pipelineType: "", substitute: true, ruleData: &pipeline.RuleData{ - Event: "deployment", + Event: "deployment:created", Target: "production", Path: []string{"README.md"}, }, @@ -3421,7 +3421,7 @@ func Test_CompileLite(t *testing.T) { Pull: "not_present", Ruleset: yaml.Ruleset{ If: yaml.Rules{ - Event: []string{"deployment"}, + Event: []string{"deployment:created"}, Target: []string{"production"}, }, Matcher: "filepath", diff --git a/go.mod b/go.mod index bc25fc72b..aefa64a29 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/ghodss/yaml v1.0.0 github.com/gin-gonic/gin v1.9.1 github.com/go-playground/assert/v2 v2.2.0 - github.com/go-vela/types v0.23.4-0.20240405205548-f24f795ac0b7 + github.com/go-vela/types v0.23.4-0.20240417135026-fb4a95c30338 github.com/golang-jwt/jwt/v5 v5.2.1 github.com/google/go-cmp v0.6.0 github.com/google/go-github/v61 v61.0.0 diff --git a/go.sum b/go.sum index 1f35c936b..3b30dd8ed 100644 --- a/go.sum +++ b/go.sum @@ -85,8 +85,8 @@ github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw= github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= -github.com/go-vela/types v0.23.4-0.20240405205548-f24f795ac0b7 h1:3mN7ej69dMH3Vis3G/tPLzLL0Rfp8nR5qd0gpj5ejRM= -github.com/go-vela/types v0.23.4-0.20240405205548-f24f795ac0b7/go.mod h1:mEF9dLkk00rUXf/t39n2WvXZgJbxnPEEWy+DHqIlRUo= +github.com/go-vela/types v0.23.4-0.20240417135026-fb4a95c30338 h1:I0v47dOdAvjX7lOFN4s28uONChmluD6TNgFL1hpav60= +github.com/go-vela/types v0.23.4-0.20240417135026-fb4a95c30338/go.mod h1:vISsYDdjz9RPEK6qZ+MxtrdZEjTVU4K30NomB3826u8= github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=