tests(integration): add TestPullMergeBranchProtect
Verify variations of branch protection that are in play when merging a pull request as: * instance admin * repository admin / owner * user with write permissions on the repository In all cases the result is expected to be the same when merging the pull request via: * API * web Although the implementations are different.
This commit is contained in:
parent
e0eba21ab7
commit
793421bf59
7 changed files with 174 additions and 0 deletions
7
tests/gitea-repositories-meta/user5/repo4.git/hooks/post-receive
Executable file
7
tests/gitea-repositories-meta/user5/repo4.git/hooks/post-receive
Executable file
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/env bash
|
||||
ORI_DIR=`pwd`
|
||||
SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
|
||||
cd "$ORI_DIR"
|
||||
for i in `ls "$SHELL_FOLDER/post-receive.d"`; do
|
||||
sh "$SHELL_FOLDER/post-receive.d/$i"
|
||||
done
|
2
tests/gitea-repositories-meta/user5/repo4.git/hooks/post-receive.d/gitea
Executable file
2
tests/gitea-repositories-meta/user5/repo4.git/hooks/post-receive.d/gitea
Executable file
|
@ -0,0 +1,2 @@
|
|||
#!/usr/bin/env bash
|
||||
"$GITEA_ROOT/gitea" hook --config="$GITEA_ROOT/$GITEA_CONF" post-receive
|
7
tests/gitea-repositories-meta/user5/repo4.git/hooks/pre-receive
Executable file
7
tests/gitea-repositories-meta/user5/repo4.git/hooks/pre-receive
Executable file
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/env bash
|
||||
ORI_DIR=`pwd`
|
||||
SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
|
||||
cd "$ORI_DIR"
|
||||
for i in `ls "$SHELL_FOLDER/pre-receive.d"`; do
|
||||
sh "$SHELL_FOLDER/pre-receive.d/$i"
|
||||
done
|
2
tests/gitea-repositories-meta/user5/repo4.git/hooks/pre-receive.d/gitea
Executable file
2
tests/gitea-repositories-meta/user5/repo4.git/hooks/pre-receive.d/gitea
Executable file
|
@ -0,0 +1,2 @@
|
|||
#!/usr/bin/env bash
|
||||
"$GITEA_ROOT/gitea" hook --config="$GITEA_ROOT/$GITEA_CONF" pre-receive
|
7
tests/gitea-repositories-meta/user5/repo4.git/hooks/update
Executable file
7
tests/gitea-repositories-meta/user5/repo4.git/hooks/update
Executable file
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/env bash
|
||||
ORI_DIR=`pwd`
|
||||
SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
|
||||
cd "$ORI_DIR"
|
||||
for i in `ls "$SHELL_FOLDER/update.d"`; do
|
||||
sh "$SHELL_FOLDER/update.d/$i" $1 $2 $3
|
||||
done
|
2
tests/gitea-repositories-meta/user5/repo4.git/hooks/update.d/gitea
Executable file
2
tests/gitea-repositories-meta/user5/repo4.git/hooks/update.d/gitea
Executable file
|
@ -0,0 +1,2 @@
|
|||
#!/usr/bin/env bash
|
||||
"$GITEA_ROOT/gitea" hook --config="$GITEA_ROOT/$GITEA_CONF" update $1 $2 $3
|
|
@ -37,6 +37,7 @@ import (
|
|||
"code.gitea.io/gitea/modules/test"
|
||||
"code.gitea.io/gitea/modules/translation"
|
||||
"code.gitea.io/gitea/services/automerge"
|
||||
"code.gitea.io/gitea/services/forms"
|
||||
"code.gitea.io/gitea/services/pull"
|
||||
commitstatus_service "code.gitea.io/gitea/services/repository/commitstatus"
|
||||
files_service "code.gitea.io/gitea/services/repository/files"
|
||||
|
@ -696,6 +697,152 @@ func testResetRepo(t *testing.T, repoPath, branch, commitID string) {
|
|||
assert.EqualValues(t, commitID, id)
|
||||
}
|
||||
|
||||
func TestPullMergeBranchProtect(t *testing.T) {
|
||||
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
||||
admin := "user1"
|
||||
owner := "user5"
|
||||
notOwner := "user4"
|
||||
repo := "repo4"
|
||||
|
||||
dstPath := t.TempDir()
|
||||
|
||||
u.Path = fmt.Sprintf("%s/%s.git", owner, repo)
|
||||
u.User = url.UserPassword(owner, userPassword)
|
||||
|
||||
t.Run("Clone", doGitClone(dstPath, u))
|
||||
|
||||
for _, testCase := range []struct {
|
||||
name string
|
||||
doer string
|
||||
expectedCode map[string]int
|
||||
filename string
|
||||
protectBranch parameterProtectBranch
|
||||
}{
|
||||
{
|
||||
name: "SuccessAdminNotEnoughMergeRequiredApprovals",
|
||||
doer: admin,
|
||||
expectedCode: map[string]int{"api": http.StatusOK, "web": http.StatusOK},
|
||||
filename: "branch-data-file-",
|
||||
protectBranch: parameterProtectBranch{
|
||||
"required_approvals": "1",
|
||||
"apply_to_admins": "true",
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "FailOwnerProtectedFile",
|
||||
doer: owner,
|
||||
expectedCode: map[string]int{"api": http.StatusMethodNotAllowed, "web": http.StatusBadRequest},
|
||||
filename: "protected-file-",
|
||||
protectBranch: parameterProtectBranch{
|
||||
"protected_file_patterns": "protected-file-*",
|
||||
"apply_to_admins": "true",
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "OwnerProtectedFile",
|
||||
doer: owner,
|
||||
expectedCode: map[string]int{"api": http.StatusOK, "web": http.StatusOK},
|
||||
filename: "protected-file-",
|
||||
protectBranch: parameterProtectBranch{
|
||||
"protected_file_patterns": "protected-file-*",
|
||||
"apply_to_admins": "false",
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "FailNotOwnerProtectedFile",
|
||||
doer: notOwner,
|
||||
expectedCode: map[string]int{"api": http.StatusMethodNotAllowed, "web": http.StatusBadRequest},
|
||||
filename: "protected-file-",
|
||||
protectBranch: parameterProtectBranch{
|
||||
"protected_file_patterns": "protected-file-*",
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "FailOwnerNotEnoughMergeRequiredApprovals",
|
||||
doer: owner,
|
||||
expectedCode: map[string]int{"api": http.StatusMethodNotAllowed, "web": http.StatusBadRequest},
|
||||
filename: "branch-data-file-",
|
||||
protectBranch: parameterProtectBranch{
|
||||
"required_approvals": "1",
|
||||
"apply_to_admins": "true",
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "SuccessOwnerNotEnoughMergeRequiredApprovals",
|
||||
doer: owner,
|
||||
expectedCode: map[string]int{"api": http.StatusOK, "web": http.StatusOK},
|
||||
filename: "branch-data-file-",
|
||||
protectBranch: parameterProtectBranch{
|
||||
"required_approvals": "1",
|
||||
"apply_to_admins": "false",
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "FailNotOwnerNotEnoughMergeRequiredApprovals",
|
||||
doer: notOwner,
|
||||
expectedCode: map[string]int{"api": http.StatusMethodNotAllowed, "web": http.StatusBadRequest},
|
||||
filename: "branch-data-file-",
|
||||
protectBranch: parameterProtectBranch{
|
||||
"required_approvals": "1",
|
||||
"apply_to_admins": "false",
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "SuccessNotOwner",
|
||||
doer: notOwner,
|
||||
expectedCode: map[string]int{"api": http.StatusOK, "web": http.StatusOK},
|
||||
filename: "branch-data-file-",
|
||||
protectBranch: parameterProtectBranch{
|
||||
"required_approvals": "0",
|
||||
},
|
||||
},
|
||||
} {
|
||||
mergeWith := func(t *testing.T, ctx APITestContext, apiOrWeb string, expectedCode int, pr int64) {
|
||||
switch apiOrWeb {
|
||||
case "api":
|
||||
ctx.ExpectedCode = expectedCode
|
||||
doAPIMergePullRequestForm(t, ctx, owner, repo, pr,
|
||||
&forms.MergePullRequestForm{
|
||||
MergeMessageField: "doAPIMergePullRequest Merge",
|
||||
Do: string(repo_model.MergeStyleMerge),
|
||||
ForceMerge: true,
|
||||
})
|
||||
ctx.ExpectedCode = 0
|
||||
case "web":
|
||||
testPullMergeForm(t, ctx.Session, expectedCode, owner, repo, fmt.Sprintf("%d", pr), optionsPullMerge{
|
||||
"do": string(repo_model.MergeStyleMerge),
|
||||
"force_merge": "true",
|
||||
})
|
||||
default:
|
||||
panic(apiOrWeb)
|
||||
}
|
||||
}
|
||||
for _, withAPIOrWeb := range []string{"api", "web"} {
|
||||
t.Run(testCase.name+" "+withAPIOrWeb, func(t *testing.T) {
|
||||
branch := testCase.name + "-" + withAPIOrWeb
|
||||
unprotected := branch + "-unprotected"
|
||||
doGitCheckoutBranch(dstPath, "master")(t)
|
||||
doGitCreateBranch(dstPath, branch)(t)
|
||||
doGitPushTestRepository(dstPath, "origin", branch)(t)
|
||||
|
||||
ctx := NewAPITestContext(t, owner, repo, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
|
||||
doProtectBranch(ctx, branch, testCase.protectBranch)(t)
|
||||
|
||||
ctx = NewAPITestContext(t, testCase.doer, "not used", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
|
||||
ctx.Username = owner
|
||||
ctx.Reponame = repo
|
||||
_, err := generateCommitWithNewData(littleSize, dstPath, "user2@example.com", "User Two", testCase.filename)
|
||||
assert.NoError(t, err)
|
||||
doGitPushTestRepository(dstPath, "origin", branch+":"+unprotected)(t)
|
||||
pr, err := doAPICreatePullRequest(ctx, owner, repo, branch, unprotected)(t)
|
||||
assert.NoError(t, err)
|
||||
mergeWith(t, ctx, withAPIOrWeb, testCase.expectedCode[withAPIOrWeb], pr.Index)
|
||||
})
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func TestPullAutoMergeAfterCommitStatusSucceed(t *testing.T) {
|
||||
onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
|
||||
// create a pull request
|
||||
|
|
Loading…
Reference in a new issue