Skip to content

feat: Store issuer_url with (Pending)GitLabPublishers #18814

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 8, 2025
Merged

feat: Store issuer_url with (Pending)GitLabPublishers #18814

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c7bb6df
feat: add column to store GitLab `issuer_url`
miketheman Oct 7, 2025
2f962ef
feat: set GitLab.issuer_url to default value
miketheman Oct 7, 2025
eaecc33
feat: surface issuer URL in user interfaces
miketheman Oct 7, 2025
c1f36c0
make translations
miketheman Oct 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions tests/common/db/oidc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ class Meta:
namespace = factory.Faker("pystr", max_chars=12)
workflow_filepath = "subfolder/example.yml"
environment = "production"
issuer_url = "https://gitlab.com"


class PendingGitLabPublisherFactory(WarehouseFactory):
Expand All @@ -67,6 +68,7 @@ class Meta:
namespace = factory.Faker("pystr", max_chars=12)
workflow_filepath = "subfolder/example.yml"
environment = "production"
issuer_url = "https://gitlab.com"
added_by = factory.SubFactory(UserFactory)


Expand Down
5 changes: 5 additions & 0 deletions tests/unit/accounts/test_views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4093,6 +4093,7 @@ def test_add_pending_oidc_publisher_user_cannot_register(
namespace="some-namespace",
workflow_filepath="some-filepath",
environment="",
issuer_url="https://gitlab.com",
added_by_id=user_id,
),
PendingGitLabPublisher,
Expand Down Expand Up @@ -4398,6 +4399,7 @@ def test_add_pending_oidc_publisher_invalid_form(
project="some-repository",
workflow_filepath="subfolder/some-workflow-filename.yml",
environment="some-environment",
issuer_url="https://gitlab.com",
added_by_id=user_id,
),
MultiDict(
Expand Down Expand Up @@ -4878,6 +4880,7 @@ def test_delete_pending_oidc_publisher_invalid_form(
project="some-repository",
workflow_filepath="subfolder/some-filename",
environment="",
issuer_url="https://gitlab.com",
added_by_id=user_id,
),
PendingGitLabPublisher,
Expand Down Expand Up @@ -4960,6 +4963,7 @@ def test_delete_pending_oidc_publisher_not_found(
project="some-repository",
workflow_filepath="subfolder/some-filename",
environment="",
issuer_url="https://gitlab.com",
added_by_id=user_id,
),
PendingGitLabPublisher,
Expand Down Expand Up @@ -5036,6 +5040,7 @@ def test_delete_pending_oidc_publisher_no_access(
project="some-owner",
workflow_filepath="subfolder/some-filename",
environment="",
issuer_url="https://gitlab.com",
added_by_id=user_id,
),
PendingGitLabPublisher,
Expand Down
5 changes: 5 additions & 0 deletions tests/unit/manage/views/test_oidc_publishers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -456,6 +456,7 @@ def test_manage_project_oidc_publishers_prefill_unknown_provider(self, monkeypat
project="some-project",
workflow_filepath="some-workflow-filename.yml",
environment="",
issuer_url="https://gitlab.com",
),
"fakeenv",
),
Expand Down Expand Up @@ -948,6 +949,7 @@ def test_constrain_publisher_with_nonempty_environment(
"namespace": "some-namespace",
"project": "some-project",
"workflow_filepath": "some-workflow-filename.yml",
"issuer_url": "https://gitlab.com",
},
),
],
Expand Down Expand Up @@ -1375,6 +1377,7 @@ def test_add_oidc_publisher_created(
namespace="some-owner",
workflow_filepath="subfolder/some-workflow-filename.yml",
environment="some-environment",
issuer_url="https://gitlab.com",
),
MultiDict(
{
Expand Down Expand Up @@ -1753,6 +1756,7 @@ def test_add_oidc_publisher_invalid_form(
namespace="some-owner",
workflow_filepath="subfolder/some-workflow-filename.yml",
environment="some-environment",
issuer_url="https://gitlab.com",
),
GooglePublisher(
email="some-email@example.com",
Expand Down Expand Up @@ -1867,6 +1871,7 @@ def test_delete_oidc_publisher_registered_to_multiple_projects(
namespace="some-owner",
workflow_filepath="subfolder/some-workflow-filename.yml",
environment="some-environment",
issuer_url="https://gitlab.com",
),
GooglePublisher(
email="some-email@example.com",
Expand Down
7 changes: 7 additions & 0 deletions tests/unit/oidc/models/test_gitlab.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -255,11 +255,13 @@ def test_gitlab_publisher_admin_details_with_environment(self):
namespace="fakeowner",
workflow_filepath="subfolder/fakeworkflow.yml",
environment="fakeenv",
issuer_url="https://gitlab.com",
)

assert publisher.admin_details == [
("Project", "fakeowner/fakerepo"),
("Workflow", "subfolder/fakeworkflow.yml"),
("Issuer URL", "https://gitlab.com"),
("Environment", "fakeenv"),
]

Expand All @@ -269,11 +271,13 @@ def test_gitlab_publisher_admin_details_without_environment(self):
namespace="fakeowner",
workflow_filepath="subfolder/fakeworkflow.yml",
environment="",
issuer_url="https://gitlab.com",
)

assert publisher.admin_details == [
("Project", "fakeowner/fakerepo"),
("Workflow", "subfolder/fakeworkflow.yml"),
("Issuer URL", "https://gitlab.com"),
]

def test_gitlab_publisher_unaccounted_claims(self, monkeypatch):
Expand Down Expand Up @@ -668,6 +672,7 @@ def test_gitlab_publisher_duplicates_cant_be_created(self, db_request):
namespace="repository_owner",
workflow_filepath="subfolder/worflow_filename.yml",
environment="",
issuer_url="https://gitlab.com",
)

db_request.db.add(publisher1)
Expand All @@ -678,6 +683,7 @@ def test_gitlab_publisher_duplicates_cant_be_created(self, db_request):
namespace="repository_owner",
workflow_filepath="subfolder/worflow_filename.yml",
environment="",
issuer_url="https://gitlab.com",
)
db_request.db.add(publisher2)

Expand Down Expand Up @@ -827,6 +833,7 @@ def test_exists(self, db_request, exists_in_db):
namespace="repository_owner",
workflow_filepath="subfolder/worflow_filename.yml",
environment="",
issuer_url="https://gitlab.com",
)

if exists_in_db:
Expand Down
2 changes: 2 additions & 0 deletions warehouse/accounts/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@
)
from warehouse.oidc.interfaces import TooManyOIDCRegistrations
from warehouse.oidc.models import (
GITLAB_OIDC_ISSUER_URL,
PendingActiveStatePublisher,
PendingGitHubPublisher,
PendingGitLabPublisher,
Expand Down Expand Up @@ -1901,6 +1902,7 @@ def add_pending_gitlab_oidc_publisher(self):
project=form.project.data,
workflow_filepath=form.workflow_filepath.data,
environment=form.normalized_environment,
issuer_url=GITLAB_OIDC_ISSUER_URL,
),
make_existence_filters=lambda form: dict(
project_name=form.project_name.data,
Expand Down
Loading