Add support for [objects]s3-insecure
This commit is contained in:
parent
3f02d409c2
commit
2da016a3d3
|
@ -26,6 +26,7 @@ import (
|
|||
"git.sr.ht/~sircmpwn/core-go/config"
|
||||
"git.sr.ht/~sircmpwn/core-go/database"
|
||||
coremodel "git.sr.ht/~sircmpwn/core-go/model"
|
||||
"git.sr.ht/~sircmpwn/core-go/s3"
|
||||
"git.sr.ht/~sircmpwn/core-go/server"
|
||||
"git.sr.ht/~sircmpwn/core-go/valid"
|
||||
corewebhooks "git.sr.ht/~sircmpwn/core-go/webhooks"
|
||||
|
@ -43,7 +44,6 @@ import (
|
|||
"github.com/go-git/go-git/v5/plumbing/storer"
|
||||
"github.com/lib/pq"
|
||||
minio "github.com/minio/minio-go/v7"
|
||||
"github.com/minio/minio-go/v7/pkg/credentials"
|
||||
)
|
||||
|
||||
// Repository is the resolver for the repository field.
|
||||
|
@ -59,10 +59,7 @@ func (r *aCLResolver) Entity(ctx context.Context, obj *model.ACL) (model.Entity,
|
|||
// URL is the resolver for the url field.
|
||||
func (r *artifactResolver) URL(ctx context.Context, obj *model.Artifact) (string, error) {
|
||||
conf := config.ForContext(ctx)
|
||||
upstream, ok := conf.Get("objects", "s3-upstream")
|
||||
if !ok {
|
||||
return "", fmt.Errorf("S3 upstream not configured for this server")
|
||||
}
|
||||
|
||||
bucket, ok := conf.Get("git.sr.ht", "s3-bucket")
|
||||
if !ok {
|
||||
return "", fmt.Errorf("S3 bucket not configured for this server")
|
||||
|
@ -71,7 +68,13 @@ func (r *artifactResolver) URL(ctx context.Context, obj *model.Artifact) (string
|
|||
if !ok {
|
||||
return "", fmt.Errorf("S3 prefix not configured for this server")
|
||||
}
|
||||
return fmt.Sprintf("https://%s/%s/%s/%s", upstream, bucket, prefix, obj.Filename), nil
|
||||
|
||||
base := s3.URL(conf, bucket)
|
||||
if base == "" {
|
||||
return "", s3.ErrDisabled
|
||||
}
|
||||
|
||||
return fmt.Sprintf("%s/%s/%s/%s", base, bucket, prefix, obj.Filename), nil
|
||||
}
|
||||
|
||||
// Diff is the resolver for the diff field.
|
||||
|
@ -561,21 +564,16 @@ func (r *mutationResolver) DeleteACL(ctx context.Context, id int) (*model.ACL, e
|
|||
// UploadArtifact is the resolver for the uploadArtifact field.
|
||||
func (r *mutationResolver) UploadArtifact(ctx context.Context, repoID int, revspec string, file graphql.Upload) (*model.Artifact, error) {
|
||||
conf := config.ForContext(ctx)
|
||||
upstream, _ := conf.Get("objects", "s3-upstream")
|
||||
accessKey, _ := conf.Get("objects", "s3-access-key")
|
||||
secretKey, _ := conf.Get("objects", "s3-secret-key")
|
||||
bucket, _ := conf.Get("git.sr.ht", "s3-bucket")
|
||||
prefix, _ := conf.Get("git.sr.ht", "s3-prefix")
|
||||
if upstream == "" || accessKey == "" || secretKey == "" || bucket == "" {
|
||||
return nil, fmt.Errorf("Object storage is not enabled for this server")
|
||||
|
||||
mc, err := s3.NewClient(conf)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
mc, err := minio.New(upstream, &minio.Options{
|
||||
Creds: credentials.NewStaticV4(accessKey, secretKey, ""),
|
||||
Secure: true,
|
||||
})
|
||||
if err != nil {
|
||||
panic(err)
|
||||
bucket, _ := conf.Get("git.sr.ht", "s3-bucket")
|
||||
prefix, _ := conf.Get("git.sr.ht", "s3-prefix")
|
||||
if bucket == "" {
|
||||
return nil, s3.ErrDisabled
|
||||
}
|
||||
|
||||
repo, err := loaders.ForContext(ctx).RepositoriesByID.Load(repoID)
|
||||
|
@ -701,21 +699,16 @@ func (r *mutationResolver) UploadArtifact(ctx context.Context, repoID int, revsp
|
|||
// DeleteArtifact is the resolver for the deleteArtifact field.
|
||||
func (r *mutationResolver) DeleteArtifact(ctx context.Context, id int) (*model.Artifact, error) {
|
||||
conf := config.ForContext(ctx)
|
||||
upstream, _ := conf.Get("objects", "s3-upstream")
|
||||
accessKey, _ := conf.Get("objects", "s3-access-key")
|
||||
secretKey, _ := conf.Get("objects", "s3-secret-key")
|
||||
bucket, _ := conf.Get("git.sr.ht", "s3-bucket")
|
||||
prefix, _ := conf.Get("git.sr.ht", "s3-prefix")
|
||||
if upstream == "" || accessKey == "" || secretKey == "" || bucket == "" {
|
||||
return nil, fmt.Errorf("Object storage is not enabled for this server")
|
||||
|
||||
mc, err := s3.NewClient(conf)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
mc, err := minio.New(upstream, &minio.Options{
|
||||
Creds: credentials.NewStaticV4(accessKey, secretKey, ""),
|
||||
Secure: true,
|
||||
})
|
||||
if err != nil {
|
||||
panic(err)
|
||||
bucket, _ := conf.Get("git.sr.ht", "s3-bucket")
|
||||
prefix, _ := conf.Get("git.sr.ht", "s3-prefix")
|
||||
if bucket == "" {
|
||||
return nil, s3.ErrDisabled
|
||||
}
|
||||
|
||||
var artifact model.Artifact
|
||||
|
|
|
@ -3,7 +3,6 @@ package repos
|
|||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"path"
|
||||
|
@ -11,10 +10,10 @@ import (
|
|||
|
||||
"git.sr.ht/~sircmpwn/core-go/config"
|
||||
"git.sr.ht/~sircmpwn/core-go/database"
|
||||
"git.sr.ht/~sircmpwn/core-go/s3"
|
||||
work "git.sr.ht/~sircmpwn/dowork"
|
||||
"github.com/go-git/go-git/v5"
|
||||
"github.com/minio/minio-go/v7"
|
||||
"github.com/minio/minio-go/v7/pkg/credentials"
|
||||
)
|
||||
|
||||
type contextKey struct {
|
||||
|
@ -102,22 +101,16 @@ func DeleteArtifactsBlocking(
|
|||
filenames []string,
|
||||
) error {
|
||||
conf := config.ForContext(ctx)
|
||||
upstream, _ := conf.Get("objects", "s3-upstream")
|
||||
accessKey, _ := conf.Get("objects", "s3-access-key")
|
||||
secretKey, _ := conf.Get("objects", "s3-secret-key")
|
||||
bucket, _ := conf.Get("git.sr.ht", "s3-bucket")
|
||||
prefix, _ := conf.Get("git.sr.ht", "s3-prefix")
|
||||
|
||||
if upstream == "" || accessKey == "" || secretKey == "" || bucket == "" {
|
||||
return fmt.Errorf("Object storage is not enabled for this server")
|
||||
mc, err := s3.NewClient(conf)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
mc, err := minio.New(upstream, &minio.Options{
|
||||
Creds: credentials.NewStaticV4(accessKey, secretKey, ""),
|
||||
Secure: true,
|
||||
})
|
||||
if err != nil {
|
||||
panic(err)
|
||||
bucket, _ := conf.Get("git.sr.ht", "s3-bucket")
|
||||
prefix, _ := conf.Get("git.sr.ht", "s3-prefix")
|
||||
if bucket == "" {
|
||||
return s3.ErrDisabled
|
||||
}
|
||||
|
||||
for _, filename := range filenames {
|
||||
|
|
|
@ -8,9 +8,9 @@ import (
|
|||
"path/filepath"
|
||||
"strconv"
|
||||
|
||||
"git.sr.ht/~sircmpwn/core-go/s3"
|
||||
_ "github.com/lib/pq"
|
||||
"github.com/minio/minio-go/v7"
|
||||
"github.com/minio/minio-go/v7/pkg/credentials"
|
||||
)
|
||||
|
||||
func stage3() {
|
||||
|
@ -122,16 +122,10 @@ func stage3() {
|
|||
}
|
||||
|
||||
func deleteArtifacts(ctx *PushContext, db *sql.DB, payload *WebhookPayload) {
|
||||
s3upstream, _ := config.Get("objects", "s3-upstream")
|
||||
s3accessKey, _ := config.Get("objects", "s3-access-key")
|
||||
s3secretKey, _ := config.Get("objects", "s3-secret-key")
|
||||
s3bucket, _ := config.Get("git.sr.ht", "s3-bucket")
|
||||
s3prefix, _ := config.Get("git.sr.ht", "s3-prefix")
|
||||
|
||||
minioClient, err := minio.New(s3upstream, &minio.Options{
|
||||
Creds: credentials.NewStaticV4(s3accessKey, s3secretKey, ""),
|
||||
Secure: true,
|
||||
})
|
||||
minioClient, err := s3.NewClient(config)
|
||||
if err != nil {
|
||||
logger.Fatalf("Error connecting to S3: %e", err)
|
||||
}
|
||||
|
|
|
@ -19,6 +19,7 @@ artifacts = Blueprint('artifacts', __name__)
|
|||
s3_upstream = cfg("objects", "s3-upstream", default=None)
|
||||
s3_access_key = cfg("objects", "s3-access-key", default=None)
|
||||
s3_secret_key = cfg("objects", "s3-secret-key", default=None)
|
||||
s3_secure = cfg("objects", "s3-insecure", default="no") != "yes"
|
||||
s3_bucket = cfg("git.sr.ht", "s3-bucket", default=None)
|
||||
s3_prefix = cfg("git.sr.ht", "s3-prefix", default=None)
|
||||
|
||||
|
@ -83,7 +84,7 @@ def ref_download(owner, repo, ref, filename):
|
|||
prefix = os.path.join(s3_prefix, "artifacts",
|
||||
repo.owner.canonical_name, repo.name)
|
||||
minio = Minio(s3_upstream, access_key=s3_access_key,
|
||||
secret_key=s3_secret_key, secure=True)
|
||||
secret_key=s3_secret_key, secure=s3_secure)
|
||||
f = minio.get_object(s3_bucket, os.path.join(prefix, filename))
|
||||
return send_file(f, as_attachment=True, download_name=filename)
|
||||
|
||||
|
|
|
@ -16,6 +16,7 @@ post_update = cfg("git.sr.ht", "post-update-script")
|
|||
s3_upstream = cfg("objects", "s3-upstream", default=None)
|
||||
s3_access_key = cfg("objects", "s3-access-key", default=None)
|
||||
s3_secret_key = cfg("objects", "s3-secret-key", default=None)
|
||||
s3_secure = cfg("objects", "s3-insecure", default="no") != "yes"
|
||||
s3_bucket = cfg("git.sr.ht", "s3-bucket", default=None)
|
||||
s3_prefix = cfg("git.sr.ht", "s3-prefix", default=None)
|
||||
|
||||
|
@ -28,7 +29,7 @@ object_storage_enabled = all([
|
|||
|
||||
def delete_artifact(artifact):
|
||||
minio = Minio(s3_upstream, access_key=s3_access_key,
|
||||
secret_key=s3_secret_key, secure=True)
|
||||
secret_key=s3_secret_key, secure=s3_secure)
|
||||
repo = artifact.repo
|
||||
prefix = os.path.join(s3_prefix, "artifacts",
|
||||
repo.owner.canonical_name, repo.name)
|
||||
|
@ -49,7 +50,7 @@ def upload_artifact(valid, repo, commit, f, filename):
|
|||
if not valid.ok:
|
||||
return None
|
||||
minio = Minio(s3_upstream, access_key=s3_access_key,
|
||||
secret_key=s3_secret_key, secure=True)
|
||||
secret_key=s3_secret_key, secure=s3_secure)
|
||||
prefix = os.path.join(s3_prefix, "artifacts",
|
||||
repo.owner.canonical_name, repo.name)
|
||||
try:
|
||||
|
|
|
@ -31,7 +31,10 @@ class Artifact(Base):
|
|||
s3_prefix = cfg("git.sr.ht", "s3-prefix")
|
||||
prefix = os.path.join(s3_prefix, "artifacts",
|
||||
self.repo.owner.canonical_name, self.repo.name)
|
||||
url = f"https://{s3_upstream}/{s3_bucket}/{prefix}/{self.filename}"
|
||||
proto = "https"
|
||||
if cfg("objects", "s3-insecure", default="no") == "yes":
|
||||
proto = "http"
|
||||
url = f"{proto}://{s3_upstream}/{s3_bucket}/{prefix}/{self.filename}"
|
||||
return {
|
||||
"created": self.created,
|
||||
"checksum": self.checksum,
|
||||
|
|
Loading…
Reference in New Issue