Skip to content

Commit

Permalink
Option for whitelisting of watched projects (#194)
Browse files Browse the repository at this point in the history
  • Loading branch information
@pepakriz
pepakriz authored Mar 31, 2024
1 parent acd539d commit 17f43e2
Show file tree
Hide file tree
Showing 5 changed files with 41 additions and 18 deletions.
37 changes: 19 additions & 18 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,24 +85,25 @@ GITLAB_AUTH_TOKEN="<token>" yarn run start

#### Configuration options

| Env variable | Default value | |
|--------------------------------|----------------------|------------------------------------------------------------|
| `GITLAB_URL` | `https://gitlab.com` | GitLab instance URL |
| `GITLAB_AUTH_TOKEN` | | `required` Your GitLab token |
| `HTTP_PROXY` | `` | Use HTTP proxy for API communication |
| `CI_CHECK_INTERVAL` | `10` | Time between CI checks (in seconds) |
| `MR_CHECK_INTERVAL` | `20` | Time between merge-requests checks (in seconds) |
| `REMOVE_BRANCH_AFTER_MERGE` | `true` | It'll remove branch after merge |
| `SQUASH_MERGE_REQUEST` | `true` | It'll squash commits on merge |
| `PREFER_GITLAB_TEMPLATE` | `false` | Use Gitlab template instead of custom message |
| `AUTORUN_MANUAL_BLOCKING_JOBS` | `true` | It'll autorun manual blocking jobs before merge |
| `SKIP_SQUASHING_LABEL` | `bot:skip-squash` | It'll skip squash when MR contains this label |
| `HIGH_PRIORITY_LABEL` | `bot:high-priority` | It'll put MR with this label to the beginning of the queue |
| `SENTRY_DSN` | `` | It'll enable Sentry monitoring |
| `HTTP_SERVER_ENABLE` | `false` | It'll enable experimental API and dashboard support |
| `HTTP_SERVER_PORT` | `4000` | It'll use different http server port |
| `WEB_HOOK_TOKEN` | `` | It'll enable experimental web hook support |
| `ENABLE_PERMISSION_VALIDATION` | `false` | It'll enable experimental permission validation |
| Env variable | Default value | |
|--------------------------------|----------------------|----------------------------------------------------------------------------|
| `GITLAB_URL` | `https://gitlab.com` | GitLab instance URL |
| `GITLAB_AUTH_TOKEN` | | `required` Your GitLab token |
| `ALLOWED_PROJECT_IDS` | `` | It'll restrict operation only on selected projects. (comma separated list) |
| `HTTP_PROXY` | `` | Use HTTP proxy for API communication |
| `CI_CHECK_INTERVAL` | `10` | Time between CI checks (in seconds) |
| `MR_CHECK_INTERVAL` | `20` | Time between merge-requests checks (in seconds) |
| `REMOVE_BRANCH_AFTER_MERGE` | `true` | It'll remove branch after merge |
| `SQUASH_MERGE_REQUEST` | `true` | It'll squash commits on merge |
| `PREFER_GITLAB_TEMPLATE` | `false` | Use Gitlab template instead of custom message |
| `AUTORUN_MANUAL_BLOCKING_JOBS` | `true` | It'll autorun manual blocking jobs before merge |
| `SKIP_SQUASHING_LABEL` | `bot:skip-squash` | It'll skip squash when MR contains this label |
| `HIGH_PRIORITY_LABEL` | `bot:high-priority` | It'll put MR with this label to the beginning of the queue |
| `SENTRY_DSN` | `` | It'll enable Sentry monitoring |
| `HTTP_SERVER_ENABLE` | `false` | It'll enable experimental API and dashboard support |
| `HTTP_SERVER_PORT` | `4000` | It'll use different http server port |
| `WEB_HOOK_TOKEN` | `` | It'll enable experimental web hook support |
| `ENABLE_PERMISSION_VALIDATION` | `false` | It'll enable experimental permission validation |

## Development

Expand Down
2 changes: 2 additions & 0 deletions charts/gitlab-merger-bot/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ spec:
value: "{{ .Values.settings.authToken }}"
- name: GITLAB_URL
value: "{{ .Values.settings.gitlabUrl }}"
- name: ALLOWED_PROJECT_IDS
value: "{{ .Values.settings.allowedProjectIds }}"
- name: CI_CHECK_INTERVAL
value: "{{ .Values.settings.ciCheckInterval }}"
- name: MR_CHECK_INTERVAL
Expand Down
1 change: 1 addition & 0 deletions charts/gitlab-merger-bot/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ settings:
gitlabUrl: "https://gitlab.com"
authToken: ""
sentryDsn: ""
allowedProjectIds: ""
ciCheckInterval: 10
mrCheckInterval: 20
removeBranchAfterMerge: true
Expand Down
5 changes: 5 additions & 0 deletions server/src/Config.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ export const defaultConfig = {
DRY_RUN: false,
HTTP_PROXY: '',
ENABLE_PERMISSION_VALIDATION: false,
ALLOWED_PROJECT_IDS: [] as string[],
};

export const getConfig = (): Config => ({
Expand Down Expand Up @@ -71,6 +72,10 @@ export const getConfig = (): Config => ({
.get('ENABLE_PERMISSION_VALIDATION')
.default(`${defaultConfig.ENABLE_PERMISSION_VALIDATION}`)
.asBoolStrict(),
ALLOWED_PROJECT_IDS: env
.get('ALLOWED_PROJECT_IDS')
.default(`${defaultConfig.ALLOWED_PROJECT_IDS}`)
.asArray(),
});

export type Config = typeof defaultConfig;
14 changes: 14 additions & 0 deletions server/src/MergeRequestReceiver.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,20 @@ export const prepareMergeRequestForMerge = async (
return;
}

if (
config.ALLOWED_PROJECT_IDS.length > 0 &&
!config.ALLOWED_PROJECT_IDS.includes(mergeRequest.target_project_id.toString())
) {
await Promise.all([
assignToAuthorAndResetLabels(gitlabApi, mergeRequest, user),
sendNote(
gitlabApi,
mergeRequest,
`I can't merge it because I'm not allowed to operate on this project.`,
),
]);
}

// Validate permissions
if (author !== null) {
const protectedBranch = await gitlabApi.getProtectedBranch(
Expand Down

0 comments on commit 17f43e2

Please sign in to comment.