akillibulut
/
porter
cermin dari https://github.com/porter-dev/porter


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253
							package webhook

import (
	"context"
	"fmt"
	"net/http"
	"strings"

	"connectrpc.com/connect"
	"github.com/google/go-github/v39/github"
	"github.com/google/uuid"
	porterv1 "github.com/porter-dev/api-contracts/generated/go/porter/v1"
	"github.com/porter-dev/porter/api/server/authz"
	"github.com/porter-dev/porter/api/server/handlers"
	"github.com/porter-dev/porter/api/server/shared"
	"github.com/porter-dev/porter/api/server/shared/apierrors"
	"github.com/porter-dev/porter/api/server/shared/config"
	"github.com/porter-dev/porter/api/server/shared/requestutils"
	"github.com/porter-dev/porter/api/types"
	"github.com/porter-dev/porter/api/utils"
	"github.com/porter-dev/porter/internal/models"
	"github.com/porter-dev/porter/internal/porter_app"
	"github.com/porter-dev/porter/internal/telemetry"
)

// GithubPRStatus_Closed is the status for a closed PR (closed, merged)
const GithubPRStatus_Closed = "closed"

// GithubWebhookHandler handles webhooks sent to /api/webhooks/github/{project_id}/{cluster_id}/{porter_app_name}
type GithubWebhookHandler struct {
	handlers.PorterHandlerReadWriter
	authz.KubernetesAgentGetter
}

// NewGithubWebhookHandler returns a GithubWebhookHandler
func NewGithubWebhookHandler(
	config *config.Config,
	decoderValidator shared.RequestDecoderValidator,
	writer shared.ResultWriter,
) *GithubWebhookHandler {
	return &GithubWebhookHandler{
		PorterHandlerReadWriter: handlers.NewDefaultPorterHandler(config, decoderValidator, writer),
		KubernetesAgentGetter:   authz.NewOutOfClusterAgentGetter(config),
	}
}

// ServeHTTP handles the webhook and deletes the deployment target if a PR has been closed
func (c *GithubWebhookHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	ctx, span := telemetry.NewSpan(r.Context(), "serve-github-webhook")
	defer span.End()

	payload, err := github.ValidatePayload(r, []byte(c.Config().ServerConf.GithubIncomingWebhookSecret))
	if err != nil {
		err := telemetry.Error(ctx, span, err, "could not validate payload")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusBadRequest))
		return
	}

	event, err := github.ParseWebHook(github.WebHookType(r), payload)
	if err != nil {
		err := telemetry.Error(ctx, span, err, "could not parse webhook")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusBadRequest))
		return
	}

	webhookID, reqErr := requestutils.GetURLParamString(r, types.URLParamWebhookID)
	if reqErr != nil {
		err := telemetry.Error(ctx, span, nil, "error parsing porter app name")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusBadRequest))
		return
	}
	telemetry.WithAttributes(span, telemetry.AttributeKV{Key: "webhook-id", Value: webhookID})

	webhookUUID, err := uuid.Parse(webhookID)
	if err != nil {
		err := telemetry.Error(ctx, span, err, "error parsing webhook id")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusBadRequest))
		return
	}
	if webhookUUID == uuid.Nil {
		err := telemetry.Error(ctx, span, err, "webhook id is nil")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusBadRequest))
		return
	}

	webhook, err := c.Repo().GithubWebhook().Get(ctx, webhookUUID)
	if err != nil {
		err := telemetry.Error(ctx, span, err, "error getting github webhook")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusInternalServerError))
		return
	}
	if webhook.ID == uuid.Nil {
		err := telemetry.Error(ctx, span, err, "github webhook id is nil")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusBadRequest))
		return
	}

	telemetry.WithAttributes(span,
		telemetry.AttributeKV{Key: "porter-app-id", Value: webhook.PorterAppID},
		telemetry.AttributeKV{Key: "cluster-id", Value: webhook.ClusterID},
		telemetry.AttributeKV{Key: "project-id", Value: webhook.ProjectID},
	)

	porterApp, err := c.Repo().PorterApp().ReadPorterAppByID(ctx, uint(webhook.PorterAppID))
	if err != nil {
		err := telemetry.Error(ctx, span, err, "error getting porter app")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusInternalServerError))
		return
	}
	if porterApp.ID == 0 {
		err := telemetry.Error(ctx, span, err, "porter app not found")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusBadRequest))
		return
	}
	if porterApp.ProjectID != uint(webhook.ProjectID) {
		err := telemetry.Error(ctx, span, err, "porter app project id does not match")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusBadRequest))
		return
	}

	switch event := event.(type) {
	case *github.PullRequestEvent:
		telemetry.WithAttributes(span, telemetry.AttributeKV{Key: "pr-action-type", Value: event.GetAction()})

		if event.GetAction() != GithubPRStatus_Closed {
			telemetry.WithAttributes(span, telemetry.AttributeKV{Key: "event-processed", Value: false})
			c.WriteResult(w, r, nil)
			return
		}

		branch := event.GetPullRequest().GetHead().GetRef()
		telemetry.WithAttributes(span, telemetry.AttributeKV{Key: "event-branch", Value: branch})

		_ = cancelPendingWorkflows(ctx, cancelPendingWorkflowsInput{
			appName:         porterApp.Name,
			repoID:          porterApp.GitRepoID,
			repoName:        porterApp.RepoName,
			githubAppSecret: c.Config().ServerConf.GithubAppSecret,
			githubAppID:     c.Config().ServerConf.GithubAppID,
			event:           event,
		})

		namespace := utils.ValidDNSLabel(branch)

		deploymentTarget, err := c.Repo().DeploymentTarget().DeploymentTargetBySelectorAndSelectorType(
			uint(webhook.ProjectID),
			uint(webhook.ClusterID),
			namespace,
			string(models.DeploymentTargetSelectorType_Namespace),
		)
		if err != nil {
			err := telemetry.Error(ctx, span, err, "error getting deployment target")
			c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusInternalServerError))
			return
		}

		if deploymentTarget.ID == uuid.Nil || !deploymentTarget.Preview {
			c.WriteResult(w, r, nil)
			return
		}
		telemetry.WithAttributes(span, telemetry.AttributeKV{Key: "deployment-target-id", Value: deploymentTarget.ID.String()})

		if deploymentTarget.ClusterID != webhook.ClusterID {
			err := telemetry.Error(ctx, span, err, "deployment target cluster id does not match")
			c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusBadRequest))
			return
		}

		deleteTargetReq := connect.NewRequest(&porterv1.DeleteDeploymentTargetRequest{
			ProjectId:          int64(webhook.ProjectID),
			DeploymentTargetId: deploymentTarget.ID.String(),
		})

		_, err = c.Config().ClusterControlPlaneClient.DeleteDeploymentTarget(ctx, deleteTargetReq)
		if err != nil {
			err := telemetry.Error(ctx, span, err, "error deleting deployment target")
			c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusInternalServerError))
			return
		}

		telemetry.WithAttributes(span, telemetry.AttributeKV{Key: "event-processed", Value: true})
		telemetry.WithAttributes(span, telemetry.AttributeKV{Key: "pr-id", Value: event.GetPullRequest().GetID()})
	}

	c.WriteResult(w, r, nil)
}

type cancelPendingWorkflowsInput struct {
	appName         string
	repoID          uint
	repoName        string
	githubAppSecret []byte
	githubAppID     string
	event           *github.PullRequestEvent
}

func cancelPendingWorkflows(ctx context.Context, inp cancelPendingWorkflowsInput) error {
	ctx, span := telemetry.NewSpan(ctx, "cancel-pending-workflows")
	defer span.End()

	if inp.repoID == 0 {
		return telemetry.Error(ctx, span, nil, "repo id is 0")
	}
	if inp.repoName == "" {
		return telemetry.Error(ctx, span, nil, "repo name is empty")
	}
	if inp.appName == "" {
		return telemetry.Error(ctx, span, nil, "app name is empty")
	}
	if inp.githubAppSecret == nil {
		return telemetry.Error(ctx, span, nil, "github app secret is nil")
	}
	if inp.githubAppID == "" {
		return telemetry.Error(ctx, span, nil, "github app id is empty")
	}

	client, err := porter_app.GetGithubClientByRepoID(ctx, inp.repoID, inp.githubAppSecret, inp.githubAppID)
	if err != nil {
		return telemetry.Error(ctx, span, err, "error getting github client")
	}

	repoDetails := strings.Split(inp.repoName, "/")
	if len(repoDetails) != 2 {
		return telemetry.Error(ctx, span, nil, "repo name is invalid")
	}
	owner := repoDetails[0]
	repo := repoDetails[1]

	pendingStatusOptions := []string{"in_progress", "queued", "requested", "waiting"}
	for _, status := range pendingStatusOptions {
		runs, _, err := client.Actions.ListWorkflowRunsByFileName(
			ctx, owner, repo, fmt.Sprintf("porter_preview_%s.yml", inp.appName),
			&github.ListWorkflowRunsOptions{
				Branch: inp.event.GetPullRequest().GetHead().GetRef(),
				Status: status,
			},
		)
		if err != nil {
			return telemetry.Error(ctx, span, err, "error listing workflow runs")
		}

		for _, run := range runs.WorkflowRuns {
			_, err := client.Actions.CancelWorkflowRunByID(
				ctx, owner, repo, run.GetID(),
			)
			if err != nil {
				return telemetry.Error(ctx, span, err, "error cancelling workflow run")
			}
		}
	}

	return nil
}