afan
/
gitea
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
gitea源码
3 提交
2 分支
分支: master
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'master'
${ noResults }
gitea/tests/integration/api_actions_runner_test.go

api_actions_runner_test.go 14KB
永久链接 文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343 
  1. // Copyright 2025 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package integration

  5. 

  6. import (

  7. 	"fmt"

  8. 	"net/http"

  9. 	"slices"

  10. 	"testing"

  11. 

  12. 	auth_model "code.gitea.io/gitea/models/auth"

  13. 	api "code.gitea.io/gitea/modules/structs"

  14. 	"code.gitea.io/gitea/tests"

  15. 

  16. 	"github.com/stretchr/testify/assert"

  17. 	"github.com/stretchr/testify/require"

  18. )

  19. 

  20. func TestAPIActionsRunner(t *testing.T) {

  21. 	t.Run("AdminRunner", testActionsRunnerAdmin)

  22. 	t.Run("UserRunner", testActionsRunnerUser)

  23. 	t.Run("OwnerRunner", testActionsRunnerOwner)

  24. 	t.Run("RepoRunner", testActionsRunnerRepo)

  25. }

  26. 

  27. func testActionsRunnerAdmin(t *testing.T) {

  28. 	defer tests.PrepareTestEnv(t)()

  29. 	adminUsername := "user1"

  30. 	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)

  31. 	req := NewRequest(t, "POST", "/api/v1/admin/actions/runners/registration-token").AddTokenAuth(token)

  32. 	tokenResp := MakeRequest(t, req, http.StatusOK)

  33. 	var registrationToken struct {

  34. 		Token string `json:"token"`

  35. 	}

  36. 	DecodeJSON(t, tokenResp, &registrationToken)

  37. 	assert.NotEmpty(t, registrationToken.Token)

  38. 

  39. 	req = NewRequest(t, "GET", "/api/v1/admin/actions/runners").AddTokenAuth(token)

  40. 	runnerListResp := MakeRequest(t, req, http.StatusOK)

  41. 	runnerList := api.ActionRunnersResponse{}

  42. 	DecodeJSON(t, runnerListResp, &runnerList)

  43. 

  44. 	idx := slices.IndexFunc(runnerList.Entries, func(e *api.ActionRunner) bool { return e.ID == 34349 })

  45. 	require.NotEqual(t, -1, idx)

  46. 	expectedRunner := runnerList.Entries[idx]

  47. 	assert.Equal(t, "runner_to_be_deleted", expectedRunner.Name)

  48. 	assert.False(t, expectedRunner.Ephemeral)

  49. 	assert.Len(t, expectedRunner.Labels, 2)

  50. 	assert.Equal(t, "runner_to_be_deleted", expectedRunner.Labels[0].Name)

  51. 	assert.Equal(t, "linux", expectedRunner.Labels[1].Name)

  52. 

  53. 	// Verify all returned runners can be requested and deleted

  54. 	for _, runnerEntry := range runnerList.Entries {

  55. 		// Verify get the runner by id

  56. 		req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/admin/actions/runners/%d", runnerEntry.ID)).AddTokenAuth(token)

  57. 		runnerResp := MakeRequest(t, req, http.StatusOK)

  58. 

  59. 		runner := api.ActionRunner{}

  60. 		DecodeJSON(t, runnerResp, &runner)

  61. 

  62. 		assert.Equal(t, runnerEntry.Name, runner.Name)

  63. 		assert.Equal(t, runnerEntry.ID, runner.ID)

  64. 		assert.Equal(t, runnerEntry.Ephemeral, runner.Ephemeral)

  65. 		assert.ElementsMatch(t, runnerEntry.Labels, runner.Labels)

  66. 

  67. 		req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/admin/actions/runners/%d", runnerEntry.ID)).AddTokenAuth(token)

  68. 		MakeRequest(t, req, http.StatusNoContent)

  69. 

  70. 		// Verify runner deletion

  71. 		req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/admin/actions/runners/%d", runnerEntry.ID)).AddTokenAuth(token)

  72. 		MakeRequest(t, req, http.StatusNotFound)

  73. 	}

  74. }

  75. 

  76. func testActionsRunnerUser(t *testing.T) {

  77. 	defer tests.PrepareTestEnv(t)()

  78. 	userUsername := "user1"

  79. 	token := getUserToken(t, userUsername, auth_model.AccessTokenScopeWriteUser)

  80. 	req := NewRequest(t, "POST", "/api/v1/user/actions/runners/registration-token").AddTokenAuth(token)

  81. 	tokenResp := MakeRequest(t, req, http.StatusOK)

  82. 	var registrationToken struct {

  83. 		Token string `json:"token"`

  84. 	}

  85. 	DecodeJSON(t, tokenResp, &registrationToken)

  86. 	assert.NotEmpty(t, registrationToken.Token)

  87. 

  88. 	req = NewRequest(t, "GET", "/api/v1/user/actions/runners").AddTokenAuth(token)

  89. 	runnerListResp := MakeRequest(t, req, http.StatusOK)

  90. 	runnerList := api.ActionRunnersResponse{}

  91. 	DecodeJSON(t, runnerListResp, &runnerList)

  92. 

  93. 	assert.Len(t, runnerList.Entries, 1)

  94. 	assert.Equal(t, "runner_to_be_deleted-user", runnerList.Entries[0].Name)

  95. 	assert.Equal(t, int64(34346), runnerList.Entries[0].ID)

  96. 	assert.False(t, runnerList.Entries[0].Ephemeral)

  97. 	assert.Len(t, runnerList.Entries[0].Labels, 2)

  98. 	assert.Equal(t, "runner_to_be_deleted", runnerList.Entries[0].Labels[0].Name)

  99. 	assert.Equal(t, "linux", runnerList.Entries[0].Labels[1].Name)

  100. 

  101. 	// Verify get the runner by id

  102. 	req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/user/actions/runners/%d", runnerList.Entries[0].ID)).AddTokenAuth(token)

  103. 	runnerResp := MakeRequest(t, req, http.StatusOK)

  104. 

  105. 	runner := api.ActionRunner{}

  106. 	DecodeJSON(t, runnerResp, &runner)

  107. 

  108. 	assert.Equal(t, "runner_to_be_deleted-user", runner.Name)

  109. 	assert.Equal(t, int64(34346), runner.ID)

  110. 	assert.False(t, runner.Ephemeral)

  111. 	assert.Len(t, runner.Labels, 2)

  112. 	assert.Equal(t, "runner_to_be_deleted", runner.Labels[0].Name)

  113. 	assert.Equal(t, "linux", runner.Labels[1].Name)

  114. 

  115. 	// Verify delete the runner by id

  116. 	req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/user/actions/runners/%d", runnerList.Entries[0].ID)).AddTokenAuth(token)

  117. 	MakeRequest(t, req, http.StatusNoContent)

  118. 

  119. 	// Verify runner deletion

  120. 	req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/user/actions/runners/%d", runnerList.Entries[0].ID)).AddTokenAuth(token)

  121. 	MakeRequest(t, req, http.StatusNotFound)

  122. }

  123. 

  124. func testActionsRunnerOwner(t *testing.T) {

  125. 	defer tests.PrepareTestEnv(t)()

  126. 

  127. 	t.Run("GetRunner", func(t *testing.T) {

  128. 		userUsername := "user2"

  129. 		token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadOrganization)

  130. 		// Verify get the runner by id with read scope

  131. 		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", 34347)).AddTokenAuth(token)

  132. 		runnerResp := MakeRequest(t, req, http.StatusOK)

  133. 

  134. 		runner := api.ActionRunner{}

  135. 		DecodeJSON(t, runnerResp, &runner)

  136. 

  137. 		assert.Equal(t, "runner_to_be_deleted-org", runner.Name)

  138. 		assert.Equal(t, int64(34347), runner.ID)

  139. 		assert.False(t, runner.Ephemeral)

  140. 		assert.Len(t, runner.Labels, 2)

  141. 		assert.Equal(t, "runner_to_be_deleted", runner.Labels[0].Name)

  142. 		assert.Equal(t, "linux", runner.Labels[1].Name)

  143. 	})

  144. 

  145. 	t.Run("Access", func(t *testing.T) {

  146. 		userUsername := "user2"

  147. 		token := getUserToken(t, userUsername, auth_model.AccessTokenScopeWriteOrganization)

  148. 		req := NewRequest(t, "POST", "/api/v1/orgs/org3/actions/runners/registration-token").AddTokenAuth(token)

  149. 		tokenResp := MakeRequest(t, req, http.StatusOK)

  150. 		var registrationToken struct {

  151. 			Token string `json:"token"`

  152. 		}

  153. 		DecodeJSON(t, tokenResp, &registrationToken)

  154. 		assert.NotEmpty(t, registrationToken.Token)

  155. 

  156. 		req = NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners").AddTokenAuth(token)

  157. 		runnerListResp := MakeRequest(t, req, http.StatusOK)

  158. 		runnerList := api.ActionRunnersResponse{}

  159. 		DecodeJSON(t, runnerListResp, &runnerList)

  160. 

  161. 		idx := slices.IndexFunc(runnerList.Entries, func(e *api.ActionRunner) bool { return e.ID == 34347 })

  162. 		require.NotEqual(t, -1, idx)

  163. 		expectedRunner := runnerList.Entries[idx]

  164. 

  165. 		require.NotNil(t, expectedRunner)

  166. 		assert.Equal(t, "runner_to_be_deleted-org", expectedRunner.Name)

  167. 		assert.Equal(t, int64(34347), expectedRunner.ID)

  168. 		assert.False(t, expectedRunner.Ephemeral)

  169. 		assert.Len(t, expectedRunner.Labels, 2)

  170. 		assert.Equal(t, "runner_to_be_deleted", expectedRunner.Labels[0].Name)

  171. 		assert.Equal(t, "linux", expectedRunner.Labels[1].Name)

  172. 

  173. 		// Verify get the runner by id

  174. 		req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", expectedRunner.ID)).AddTokenAuth(token)

  175. 		runnerResp := MakeRequest(t, req, http.StatusOK)

  176. 

  177. 		runner := api.ActionRunner{}

  178. 		DecodeJSON(t, runnerResp, &runner)

  179. 

  180. 		assert.Equal(t, "runner_to_be_deleted-org", runner.Name)

  181. 		assert.Equal(t, int64(34347), runner.ID)

  182. 		assert.False(t, runner.Ephemeral)

  183. 		assert.Len(t, runner.Labels, 2)

  184. 		assert.Equal(t, "runner_to_be_deleted", runner.Labels[0].Name)

  185. 		assert.Equal(t, "linux", runner.Labels[1].Name)

  186. 

  187. 		// Verify delete the runner by id

  188. 		req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", expectedRunner.ID)).AddTokenAuth(token)

  189. 		MakeRequest(t, req, http.StatusNoContent)

  190. 

  191. 		// Verify runner deletion

  192. 		req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", expectedRunner.ID)).AddTokenAuth(token)

  193. 		MakeRequest(t, req, http.StatusNotFound)

  194. 	})

  195. 

  196. 	t.Run("DeleteReadScopeForbidden", func(t *testing.T) {

  197. 		userUsername := "user2"

  198. 		token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadOrganization)

  199. 

  200. 		// Verify delete the runner by id is forbidden with read scope

  201. 		req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", 34347)).AddTokenAuth(token)

  202. 		MakeRequest(t, req, http.StatusForbidden)

  203. 	})

  204. 

  205. 	t.Run("GetRepoScopeForbidden", func(t *testing.T) {

  206. 		userUsername := "user2"

  207. 		token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadRepository)

  208. 		// Verify get the runner by id with read scope

  209. 		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", 34347)).AddTokenAuth(token)

  210. 		MakeRequest(t, req, http.StatusForbidden)

  211. 	})

  212. 

  213. 	t.Run("GetAdminRunner", func(t *testing.T) {

  214. 		userUsername := "user2"

  215. 		token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadOrganization)

  216. 		// Verify get a runner by id of different entity is not found

  217. 		// runner.EditableInContext(ownerID, repoID) false

  218. 		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", 34349)).AddTokenAuth(token)

  219. 		MakeRequest(t, req, http.StatusNotFound)

  220. 	})

  221. 

  222. 	t.Run("DeleteAdminRunner", func(t *testing.T) {

  223. 		userUsername := "user2"

  224. 		token := getUserToken(t, userUsername, auth_model.AccessTokenScopeWriteOrganization)

  225. 		// Verify delete a runner by id of different entity is not found

  226. 		// runner.EditableInContext(ownerID, repoID) false

  227. 		req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", 34349)).AddTokenAuth(token)

  228. 		MakeRequest(t, req, http.StatusNotFound)

  229. 	})

  230. }

  231. 

  232. func testActionsRunnerRepo(t *testing.T) {

  233. 	defer tests.PrepareTestEnv(t)()

  234. 

  235. 	t.Run("GetRunner", func(t *testing.T) {

  236. 		userUsername := "user2"

  237. 		token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadRepository)

  238. 		// Verify get the runner by id with read scope

  239. 		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 34348)).AddTokenAuth(token)

  240. 		runnerResp := MakeRequest(t, req, http.StatusOK)

  241. 

  242. 		runner := api.ActionRunner{}

  243. 		DecodeJSON(t, runnerResp, &runner)

  244. 

  245. 		assert.Equal(t, "runner_to_be_deleted-repo1", runner.Name)

  246. 		assert.Equal(t, int64(34348), runner.ID)

  247. 		assert.False(t, runner.Ephemeral)

  248. 		assert.Len(t, runner.Labels, 2)

  249. 		assert.Equal(t, "runner_to_be_deleted", runner.Labels[0].Name)

  250. 		assert.Equal(t, "linux", runner.Labels[1].Name)

  251. 	})

  252. 

  253. 	t.Run("Access", func(t *testing.T) {

  254. 		userUsername := "user2"

  255. 		token := getUserToken(t, userUsername, auth_model.AccessTokenScopeWriteRepository)

  256. 		req := NewRequest(t, "POST", "/api/v1/repos/user2/repo1/actions/runners/registration-token").AddTokenAuth(token)

  257. 		tokenResp := MakeRequest(t, req, http.StatusOK)

  258. 		var registrationToken struct {

  259. 			Token string `json:"token"`

  260. 		}

  261. 		DecodeJSON(t, tokenResp, &registrationToken)

  262. 		assert.NotEmpty(t, registrationToken.Token)

  263. 

  264. 		req = NewRequest(t, "GET", "/api/v1/repos/user2/repo1/actions/runners").AddTokenAuth(token)

  265. 		runnerListResp := MakeRequest(t, req, http.StatusOK)

  266. 		runnerList := api.ActionRunnersResponse{}

  267. 		DecodeJSON(t, runnerListResp, &runnerList)

  268. 

  269. 		assert.Len(t, runnerList.Entries, 1)

  270. 		assert.Equal(t, "runner_to_be_deleted-repo1", runnerList.Entries[0].Name)

  271. 		assert.Equal(t, int64(34348), runnerList.Entries[0].ID)

  272. 		assert.False(t, runnerList.Entries[0].Ephemeral)

  273. 		assert.Len(t, runnerList.Entries[0].Labels, 2)

  274. 		assert.Equal(t, "runner_to_be_deleted", runnerList.Entries[0].Labels[0].Name)

  275. 		assert.Equal(t, "linux", runnerList.Entries[0].Labels[1].Name)

  276. 

  277. 		// Verify get the runner by id

  278. 		req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", runnerList.Entries[0].ID)).AddTokenAuth(token)

  279. 		runnerResp := MakeRequest(t, req, http.StatusOK)

  280. 

  281. 		runner := api.ActionRunner{}

  282. 		DecodeJSON(t, runnerResp, &runner)

  283. 

  284. 		assert.Equal(t, "runner_to_be_deleted-repo1", runner.Name)

  285. 		assert.Equal(t, int64(34348), runner.ID)

  286. 		assert.False(t, runner.Ephemeral)

  287. 		assert.Len(t, runner.Labels, 2)

  288. 		assert.Equal(t, "runner_to_be_deleted", runner.Labels[0].Name)

  289. 		assert.Equal(t, "linux", runner.Labels[1].Name)

  290. 

  291. 		// Verify delete the runner by id

  292. 		req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", runnerList.Entries[0].ID)).AddTokenAuth(token)

  293. 		MakeRequest(t, req, http.StatusNoContent)

  294. 

  295. 		// Verify runner deletion

  296. 		req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", runnerList.Entries[0].ID)).AddTokenAuth(token)

  297. 		MakeRequest(t, req, http.StatusNotFound)

  298. 	})

  299. 

  300. 	t.Run("DeleteReadScopeForbidden", func(t *testing.T) {

  301. 		userUsername := "user2"

  302. 		token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadRepository)

  303. 

  304. 		// Verify delete the runner by id is forbidden with read scope

  305. 		req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 34348)).AddTokenAuth(token)

  306. 		MakeRequest(t, req, http.StatusForbidden)

  307. 	})

  308. 

  309. 	t.Run("GetOrganizationScopeForbidden", func(t *testing.T) {

  310. 		userUsername := "user2"

  311. 		token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadOrganization)

  312. 		// Verify get the runner by id with read scope

  313. 		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 34348)).AddTokenAuth(token)

  314. 		MakeRequest(t, req, http.StatusForbidden)

  315. 	})

  316. 

  317. 	t.Run("GetAdminRunnerNotFound", func(t *testing.T) {

  318. 		userUsername := "user2"

  319. 		token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadRepository)

  320. 		// Verify get a runner by id of different entity is not found

  321. 		// runner.EditableInContext(ownerID, repoID) false

  322. 		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 34349)).AddTokenAuth(token)

  323. 		MakeRequest(t, req, http.StatusNotFound)

  324. 	})

  325. 

  326. 	t.Run("DeleteAdminRunnerNotFound", func(t *testing.T) {

  327. 		userUsername := "user2"

  328. 		token := getUserToken(t, userUsername, auth_model.AccessTokenScopeWriteRepository)

  329. 		// Verify delete a runner by id of different entity is not found

  330. 		// runner.EditableInContext(ownerID, repoID) false

  331. 		req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 34349)).AddTokenAuth(token)

  332. 		MakeRequest(t, req, http.StatusNotFound)

  333. 	})

  334. 

  335. 	t.Run("DeleteAdminRunnerNotFoundUnknownID", func(t *testing.T) {

  336. 		userUsername := "user2"

  337. 		token := getUserToken(t, userUsername, auth_model.AccessTokenScopeWriteRepository)

  338. 		// Verify delete a runner by unknown id is not found

  339. 		req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 4384797347934)).AddTokenAuth(token)

  340. 		MakeRequest(t, req, http.StatusNotFound)

  341. 	})

  342. }