diff --git a/app/blueprints/github/__init__.py b/app/blueprints/github/__init__.py index d6bf6d94..18744d84 100644 --- a/app/blueprints/github/__init__.py +++ b/app/blueprints/github/__init__.py @@ -18,17 +18,14 @@ from flask import Blueprint bp = Blueprint("github", __name__) -from flask import redirect, url_for, request, flash, abort, render_template, jsonify, current_app -from flask_login import current_user, login_required +from flask import redirect, url_for, request, flash, jsonify, current_app +from flask_login import current_user from sqlalchemy import func, or_, and_ from app import github, csrf from app.models import db, User, APIToken, Package, Permission, AuditSeverity -from app.utils import randomString, abs_url_for, addAuditLog, login_user_set_active +from app.utils import abs_url_for, addAuditLog, login_user_set_active from app.blueprints.api.support import error, handleCreateRelease -import hmac, requests, json - -from flask_wtf import FlaskForm -from wtforms import SelectField, SubmitField +import hmac, requests @bp.route("/github/start/") def start(): @@ -153,130 +150,3 @@ def webhook(): # return handleCreateRelease(actual_token, package, title, ref) - - -class SetupWebhookForm(FlaskForm): - event = SelectField("Event Type", choices=[('create', 'New tag or GitHub release'), ('push', 'Push')]) - submit = SubmitField("Save") - - -@bp.route("/github/callback/webhook/") -@github.authorized_handler -def callback_webhook(oauth_token=None): - pid = request.args.get("pid") - if pid is None: - abort(404) - - current_user.github_access_token = oauth_token - db.session.commit() - - return redirect(url_for("github.setup_webhook", pid=pid)) - - -@bp.route("/github/webhook/new/", methods=["GET", "POST"]) -@login_required -def setup_webhook(): - pid = request.args.get("pid") - if pid is None: - abort(404) - - package = Package.query.get(pid) - if package is None: - abort(404) - - if not package.checkPerm(current_user, Permission.APPROVE_RELEASE): - flash("Only trusted members can use webhooks", "danger") - return redirect(package.getDetailsURL()) - - gh_user, gh_repo = package.getGitHubFullName() - if gh_user is None or gh_repo is None: - flash("Unable to get Github full name from repo address", "danger") - return redirect(package.getDetailsURL()) - - if current_user.github_access_token is None: - return github.authorize("write:repo_hook", - redirect_uri=abs_url_for("github.callback_webhook", pid=pid)) - - form = SetupWebhookForm(formdata=request.form) - if form.validate_on_submit(): - token = APIToken() - token.name = "GitHub Webhook for " + package.title - token.owner = current_user - token.access_token = randomString(32) - token.package = package - - event = form.event.data - if event != "push" and event != "create": - abort(500) - - if handleMakeWebhook(gh_user, gh_repo, package, - current_user.github_access_token, event, token): - flash("Successfully created webhook", "success") - return redirect(package.getDetailsURL()) - else: - return redirect(url_for("github.setup_webhook", pid=package.id)) - - return render_template("github/setup_webhook.html", - form=form, package=package) - - -def handleMakeWebhook(gh_user: str, gh_repo: str, package: Package, oauth: str, event: str, token: APIToken): - url = "https://api.github.com/repos/{}/{}/hooks".format(gh_user, gh_repo) - headers = { - "Authorization": "token " + oauth - } - data = { - "name": "web", - "active": True, - "events": [event], - "config": { - "url": abs_url_for("github.webhook"), - "content_type": "json", - "secret": token.access_token - }, - } - - # First check that the webhook doesn't already exist - r = requests.get(url, headers=headers) - - if r.status_code == 401 or r.status_code == 403: - current_user.github_access_token = None - db.session.commit() - return False - - if r.status_code != 200: - flash("Failed to create webhook, received response from Github " + - str(r.status_code) + ": " + - str(r.json().get("message")), "danger") - return False - - for hook in r.json(): - if hook.get("config") and hook["config"].get("url") and \ - hook["config"]["url"] == data["config"]["url"]: - flash("Failed to create webhook, as it already exists", "danger") - return False - - - # Create it - r = requests.post(url, headers=headers, data=json.dumps(data)) - - if r.status_code == 201: - package.update_config = None - db.session.add(token) - db.session.commit() - - return True - - elif r.status_code == 401 or r.status_code == 403: - current_user.github_access_token = None - db.session.commit() - - return False - - else: - import sys - print(r.text, file=sys.stderr) - - message = str(r.status_code) + ": " + str(r.json().get("message")) - flash("Failed to create webhook, Github says: " + message, "danger") - return False diff --git a/app/flatpages/help/release_webhooks.md b/app/flatpages/help/release_webhooks.md index 24ab1502..1ff5f1e0 100644 --- a/app/flatpages/help/release_webhooks.md +++ b/app/flatpages/help/release_webhooks.md @@ -11,30 +11,14 @@ you can also use the [API](../api) to create releases. The process is as follows: -1. The user creates an API Token and a webhook to use it. This can be done automatically - for Github. +1. The user creates an API Token and a webhook to use it. 2. The user pushes a commit to the git host (Gitlab or Github). 3. The git host posts a webhook notification to ContentDB, using the API token assigned to it. 4. ContentDB checks the API token and issues a new release. ## Setting up -### GitHub (automatic) - -1. Go to your package's page. -2. Make sure that the repository URL is set to a Github repository. - Only github.com is supported. -3. Go to "Releases" > "+", and click "Setup webhook" at the top of the create release - page. - If you do not see this, either the repository isn't using Github or you do - not have permission to use webhook releases (ie: you're not a Trusted Member). -4. Grant ContentDB the ability to manage Webhooks. -5. Set the event to either "New tag or Github Release" (highly recommended) or "Push". - - N.B.: GitHub uses tags to power GitHub Releases, meaning that creating a webhook - on "New tag" will sync GitHub and ContentDB releases. - -### GitHub (manual) +### GitHub 1. Create a ContentDB API Token at [Profile > API Tokens: Manage](/user/tokens/). 2. Copy the access token that was generated. @@ -48,7 +32,7 @@ The process is as follows: choose "Let me select" > Branch or tag creation. 8. Create. -### GitLab (manual) +### GitLab 1. Create a ContentDB API Token at [Profile > API Tokens: Manage](/user/tokens/). 2. Copy the access token that was generated. diff --git a/app/templates/github/setup_webhook.html b/app/templates/github/setup_webhook.html deleted file mode 100644 index d1a2bc63..00000000 --- a/app/templates/github/setup_webhook.html +++ /dev/null @@ -1,29 +0,0 @@ -{% extends "base.html" %} - -{% block title %} - {{ _("Setup GitHub webhook") }} -{% endblock %} - -{% from "macros/forms.html" import render_field, render_submit_field, render_radio_field %} - -{% block content %} -

{{ self.title() }}

- -
- {{ _("You can delete the webhook at any time by going into Settings > Webhooks on the repository.") }} -
- -
- {{ form.hidden_tag() }} - - {{ render_field(form.event) }} - - {{ render_submit_field(form.submit) }} -
- -

- You will need admin access to the repository. - When setting up hooks on an organisation, - make sure that you have granted access. -

-{% endblock %} diff --git a/app/templates/packages/update_config.html b/app/templates/packages/update_config.html index 6df97294..bf9761e1 100644 --- a/app/templates/packages/update_config.html +++ b/app/templates/packages/update_config.html @@ -17,12 +17,11 @@

{% if package.checkPerm(current_user, "APPROVE_RELEASE") and package.getIsOnGitHub() %} -

+

{{ _("Learn more") }} - {{ _("Setup webhook") }} - {{ _("You can create releases faster by using a webhook.") }} + {{ _("You can create releases faster by using a webhook or the API.") }}

{% endif %}