-
Notifications
You must be signed in to change notification settings - Fork 7
/
branch_restriction.go
122 lines (111 loc) · 3.75 KB
/
branch_restriction.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package policy
import (
"context"
"fmt"
"regexp"
"github.com/lunarway/release-manager/internal/commitinfo"
"github.com/lunarway/release-manager/internal/log"
"github.com/pkg/errors"
)
type BranchRestriction struct {
ID string `json:"id,omitempty"`
BranchRegex string `json:"branchRegex,omitempty"`
Environment string `json:"environment,omitempty"`
}
// ApplyBranchRestriction applies a branch-restriction policy for service svc to
// environment env with regular expression branchRegex.
func (s *Service) ApplyBranchRestriction(ctx context.Context, actor Actor, svc, branchRegex, env string) (string, error) {
span, ctx := s.Tracer.FromCtx(ctx, "policy.ApplyBranchRestriction")
defer span.Finish()
// validate branch regular expression before storring
re, err := regexp.Compile(branchRegex)
if err != nil {
return "", errors.WithMessage(err, "branch regex not valid")
}
// ensure no auto release policies will conflict with this one
policies, err := s.Get(ctx, svc)
if err != nil && errors.Cause(err) != ErrNotFound {
return "", err
}
for _, policy := range policies.AutoReleases {
if policy.Environment == env && !re.MatchString(policy.Branch) {
return "", errors.WithMessagef(ErrConflict, "conflict with %s", policy.ID)
}
}
// check that it does not conflict with a global policy
if conflictingBranchRestriction(ctx, svc, s.GlobalBranchRestrictionPolicies, BranchRestriction{
BranchRegex: branchRegex,
Environment: env,
}) {
return "", errors.WithMessagef(ErrConflict, "conflicts with global policy")
}
commitMsg := commitinfo.PolicyUpdateApplyCommitMessage(env, svc, "branch-restriction")
var policyID string
err = s.updatePolicies(ctx, actor, svc, commitMsg, func(p *Policies) {
policyID = p.SetBranchRestriction(branchRegex, env)
})
if err != nil {
return "", err
}
return policyID, nil
}
// CanRelease returns whether service svc's branch can be released to env.
func (s *Service) CanRelease(ctx context.Context, svc, branch, env string) (bool, error) {
log.WithContext(ctx).Infof("Verifying whether %s on branch %s can be released to %s", svc, branch, env)
span, ctx := s.Tracer.FromCtx(ctx, "policy.CanRelease")
defer span.Finish()
policies, err := s.Get(ctx, svc)
if err != nil {
if errors.Cause(err) == ErrNotFound {
return true, nil
}
return false, err
}
log.WithContext(ctx).WithFields("policies", policies).Infof("Found %d restrictions", len(policies.BranchRestrictions))
span, _ = s.Tracer.FromCtx(ctx, "policy.canRelease")
defer span.Finish()
return canRelease(ctx, policies, branch, env)
}
func canRelease(ctx context.Context, policies Policies, branch, env string) (bool, error) {
for _, policy := range policies.BranchRestrictions {
if policy.Environment != env {
continue
}
r, err := regexp.Compile(policy.BranchRegex)
if err != nil {
return false, errors.WithMessage(err, "branch regex not valid regular expression")
}
if r.MatchString(branch) {
return true, nil
}
return false, nil
}
return true, nil
}
// SetBranchRestriction sets a branch-restriction policy for specified environment
// and branch regex.
//
// If a policy exists for the same environment it is overwritten.
func (p *Policies) SetBranchRestriction(branchRegex string, env string) string {
id := fmt.Sprintf("branch-restriction-%s", env)
newPolicy := BranchRestriction{
ID: id,
BranchRegex: branchRegex,
Environment: env,
}
newPolicies := make([]BranchRestriction, len(p.BranchRestrictions))
var replaced bool
for i, policy := range p.BranchRestrictions {
if policy.Environment == env {
newPolicies[i] = newPolicy
replaced = true
continue
}
newPolicies[i] = p.BranchRestrictions[i]
}
if !replaced {
newPolicies = append(newPolicies, newPolicy)
}
p.BranchRestrictions = newPolicies
return id
}