From 7b8a2cafc81cd5344684be74e4daab5d39adfff6 Mon Sep 17 00:00:00 2001 From: Stanislav Gabenov Date: Thu, 1 Feb 2024 12:02:01 +0300 Subject: [PATCH] [DO-x] Initial add gitea --- .gitignore | 34 ++++++ README.md | 28 +++++ gitea/pre-recive/check_commits | 112 ++++++++++++++++++ .../authentication_sources/ds/map_ldap_groups | 1 + 4 files changed, 175 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 gitea/pre-recive/check_commits create mode 100644 gitea/site_administration/identity_and_access/authentication_sources/ds/map_ldap_groups diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e257658 --- /dev/null +++ b/.gitignore @@ -0,0 +1,34 @@ +# ---> C++ +# Prerequisites +*.d + +# Compiled Object files +*.slo +*.lo +*.o +*.obj + +# Precompiled Headers +*.gch +*.pch + +# Compiled Dynamic libraries +*.so +*.dylib +*.dll + +# Fortran module files +*.mod +*.smod + +# Compiled Static libraries +*.lai +*.la +*.a +*.lib + +# Executables +*.exe +*.out +*.app + diff --git a/README.md b/README.md new file mode 100644 index 0000000..1df7e62 --- /dev/null +++ b/README.md @@ -0,0 +1,28 @@ +## Настройка проверки коммитов + +В данном репозитории включена проверка коммитов на наличие ссылки на Jira тикет. Все коммиты, которые не имеют референса, типа "[MEC-123] Some commit text", будут откланены гит репозиторием. Для автоматизации подстановки Jira ID в комментарий комита, нужно использовать преднастроенный pre-commit +https://confluence.ncloudtech.ru/pages/viewpage.action?pageId=201708163 + +### Настройка pre-commit на локальной машине + +Для автоматизации используется фреймворк pre-commit: https://pre-commit.com/ + +Дополнительная информация доступна здесь: https://confluence.ncloudtech.ru/pages/viewpage.action?pageId=201701553 + + +```bash +#!/bin/sh +# Install pre-commit framework +pip install pre-commit +pre-commit --version + +# Configure local GIT to store hooks templates in separate folder in user space +# This is necessary, as GIT Sub-modules will not get pre-configured hooks from pre-commit framework +# Please reference to article for more info: https://confluence.ncloudtech.ru/pages/viewpage.action?pageId=201701553 +git config --global init.templateDir ~/.git-template +pre-commit init-templatedir ~/.git-template + +# Install pre-commit packages (Need to do on each new git repository): +pre-commit install +pre-commit install --hook-type prepare-commit-msg +``` diff --git a/gitea/pre-recive/check_commits b/gitea/pre-recive/check_commits new file mode 100644 index 0000000..5cd4d2c --- /dev/null +++ b/gitea/pre-recive/check_commits @@ -0,0 +1,112 @@ +#!/bin/bash + +# Error message for BRANCH POLICY +error_msg_branch=$(cat <<-END + +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +@ @ +@ !!! Push not allowed by BRANCH NAME policy !!! @ +@ @ +@ You branch should be named with these templates: @ +@ - master @ +@ - main @ +@ - feature/EVA_ID-000--* @ +@ - bugfix/* @ +@ - hotfix/* @ +@ @ +@ Example: feature/DO-167--add_new_functionality @ +@ @ +@ Wiki: https://eva.avroid.tech/project/Document/DOC-000518 @ +@ @ +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ + +END +) + +error_msg_commit=$(cat <<-END + +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +@ @ +@ !!! Your Commit does not have a referance to Eva ticket !!! @ +@ @ +@ Please correct your Git messages, and push again. @ +@ Example: "[DO-1234] This is a correct Eva reference" @ +@ @ +@ Wiki: https://eva.avroid.tech/project/Document/DOC-000518 @ +@ @ +@ To FORCE push, use "bugfix" or "hotfix" in your commit message @ +@ @ +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ + +END +) + +while read oldrev newrev refname +do + # + # Step 1: + # Get Git commit information + # + BRANCH_NAME_FULL=$refname + BRANCH_NAME="$(echo $BRANCH_NAME_FULL | sed 's/refs\/heads\///g')" + COMMIT_MESSAGE=$(git log --format=%B -n 1) + echo "[INFO] BRANCH NAME: $BRANCH_NAME" + + + # + # Step 2: + # Policy - Check that brunch name is enforced by branch name + # + echo "[INFO] Policy - Check that brunch name is enforced by branch name" + # Regexp for allowed names of branches + branch_name_format='^master|^main|^feature\/[a-zA-Z0-9,\.\_\-]+-[0-9]+.*|^hotfix\/.*|^bugfix\/.*' + + if [[ ! $BRANCH_NAME =~ $branch_name_format ]]; then + echo "$error_msg_branch" >&2 + exit 1 + else + echo "Push is successful" + fi + + + # + # Step 3: + # Policy - Check commit message for Eva issue number + # + + # Configuration + echo "[INFO] Policy - Check commit message for Eva issue number" + issueIdRegex="[a-zA-Z0-9,\.\_\-]+-[0-9]+" + fixMsgRegex="bugfix|hotfix" + info_msg="[INFO] The commit message looks good" + error_msg="[POLICY] The commit doesn't reference a Eva issue" + + # Get all commits from this push + for sha1Commit in $(git rev-list $oldrev..$newrev); + do + # Receive git commits sha from git history in chronologic order + echo "[INFO] Processing commit with sha: $sha1Commit"; + # Get commit message from commit + commitMessage=$(git log --format=%B -n 1 $sha1Commit) + # Check with RegEX if commit has Eva reference + issueIds=$(echo $commitMessage | grep -Eo $issueIdRegex) + fixMsg=$(echo $commitMessage | grep -Eo $fixMsgRegex) + # Check if this commit urgent e.g. hotfox or bugfix + if [[ -n "${fixMsg}" ]]; then + echo "[WARNING] Found "bugfix|hotfix" in msg. Force skipping check for EvaID" + exit 0 + fi + # Check for issueIDs in commit message + echo "[INFO] Found Eva IDs in commit: $issueIds" + if [[ -z "${issueIds}" ]]; then + echo "$error_msg: $commitMessage" >&2 + echo "$error_msg_commit" >&2 + exit 1 + fi + done +done + +# +# Exit +# +exit 0 \ No newline at end of file diff --git a/gitea/site_administration/identity_and_access/authentication_sources/ds/map_ldap_groups b/gitea/site_administration/identity_and_access/authentication_sources/ds/map_ldap_groups new file mode 100644 index 0000000..4258efc --- /dev/null +++ b/gitea/site_administration/identity_and_access/authentication_sources/ds/map_ldap_groups @@ -0,0 +1 @@ +{"cn=svc-gitea-formalmodels-adm,cn=groups,cn=accounts,dc=avroid,dc=tech":{"FormalModels":["svc-gitea-formalmodels-adm"]},"cn=svc-gitea-formalmodels-w,cn=groups,cn=accounts,dc=avroid,dc=tech":{"FormalModels":["svc-gitea-formalmodels-w"]},"cn=svc-gitea-formalmodels-r,cn=groups,cn=accounts,dc=avroid,dc=tech":{"FormalModels":["svc-gitea-formalmodels-r"]},"cn=svc-gitea-tavro-adm,cn=groups,cn=accounts,dc=avroid,dc=tech":{"TAVRO":["svc-gitea-tavro-adm"]},"cn=svc-gitea-tavro-w,cn=groups,cn=accounts,dc=avroid,dc=tech":{"TAVRO":["svc-gitea-tavro-w"]},"cn=svc-gitea-tavro-r,cn=groups,cn=accounts,dc=avroid,dc=tech":{"TAVRO":["svc-gitea-tavro-r"]},"cn=svc-gitea-reactnative-adm,cn=groups,cn=accounts,dc=avroid,dc=tech":{"rndev":["svc-gitea-reactnative-adm"]},"cn=svc-gitea-reactnative-w,cn=groups,cn=accounts,dc=avroid,dc=tech":{"rndev":["svc-gitea-reactnative-w"]},"cn=svc-gitea-reactnative-r,cn=groups,cn=accounts,dc=avroid,dc=tech":{"rndev":["svc-gitea-reactnative-r"]},"cn=svc-gitea-eisen-adm,cn=groups,cn=accounts,dc=avroid,dc=tech":{"Eisen":["svc-gitea-eisen-adm"]},"cn=svc-gitea-eisen-w,cn=groups,cn=accounts,dc=avroid,dc=tech":{"Eisen":["svc-gitea-eisen-w"]},"cn=svc-gitea-eisen-r,cn=groups,cn=accounts,dc=avroid,dc=tech":{"Eisen":["svc-gitea-eisen-r"]},"cn=svc-gitea-arenv-adm,cn=groups,cn=accounts,dc=avroid,dc=tech":{"ArEnv":["svc-gitea-arenv-adm"]},"cn=svc-gitea-arenv-w,cn=groups,cn=accounts,dc=avroid,dc=tech":{"ArEnv":["svc-gitea-arenv-w"]},"cn=svc-gitea-arenv-r,cn=groups,cn=accounts,dc=avroid,dc=tech":{"ArEnv":["svc-gitea-arenv-r"]},"cn=svc-gitea-bbl-adm,cn=groups,cn=accounts,dc=avroid,dc=tech":{"BBL":["svc-gitea-bbl-adm"]},"cn=svc-gitea-bbl-w,cn=groups,cn=accounts,dc=avroid,dc=tech":{"BBL":["svc-gitea-bbl-w"]},"cn=svc-gitea-bbl-r,cn=groups,cn=accounts,dc=avroid,dc=tech":{"BBL":["svc-gitea-bbl-r"]},"cn=svc-gitea-webengine-adm,cn=groups,cn=accounts,dc=avroid,dc=tech":{"WebEngine":["svc-gitea-webengine-adm"]},"cn=svc-gitea-webengine-w,cn=groups,cn=accounts,dc=avroid,dc=tech":{"WebEngine":["svc-gitea-webengine-w"]},"cn=svc-gitea-webengine-r,cn=groups,cn=accounts,dc=avroid,dc=tech":{"WebEngine":["svc-gitea-webengine-r"]},"cn=svc-gitea-argocd-adm,cn=groups,cn=accounts,dc=avroid,dc=tech":{"argocd":["svc-gitea-argocd-adm"]},"cn=svc-gitea-argocd-w,cn=groups,cn=accounts,dc=avroid,dc=tech":{"argocd":["svc-gitea-argocd-w"]},"cn=svc-gitea-argocd-r,cn=groups,cn=accounts,dc=avroid,dc=tech":{"argocd":["svc-gitea-argocd-r"]},"cn=svc-gitea-actions-adm,cn=groups,cn=accounts,dc=avroid,dc=tech":{"Actions":["svc-gitea-actions-adm"]},"cn=svc-gitea-actions-w,cn=groups,cn=accounts,dc=avroid,dc=tech":{"Actions":["svc-gitea-actions-w"]},"cn=svc-gitea-actions-r,cn=groups,cn=accounts,dc=avroid,dc=tech":{"Actions":["svc-gitea-actions-r"]},"cn=svc-gitea-mirrors-adm,cn=groups,cn=accounts,dc=avroid,dc=tech":{"Mirrors":["svc-gitea-mirrors-adm"]},"cn=svc-gitea-mirrors-w,cn=groups,cn=accounts,dc=avroid,dc=tech":{"Mirrors":["svc-gitea-mirrors-w"]},"cn=svc-gitea-mirrors-r,cn=groups,cn=accounts,dc=avroid,dc=tech":{"Mirrors":["svc-gitea-mirrors-r"]},"cn=svc-gitea-devops-adm,cn=groups,cn=accounts,dc=avroid,dc=tech":{"DevOps":["svc-gitea-devops-adm"]},"cn=svc-gitea-devops-w,cn=groups,cn=accounts,dc=avroid,dc=tech":{"DevOps":["svc-gitea-devops-w"]},"cn=svc-gitea-devops-r,cn=groups,cn=accounts,dc=avroid,dc=tech":{"DevOps":["svc-gitea-devops-r"]},"cn=svc-gitea-devsec-adm,cn=groups,cn=accounts,dc=avroid,dc=tech":{"DevSec":["svc-gitea-devsec-adm"]},"cn=svc-gitea-devsec-w,cn=groups,cn=accounts,dc=avroid,dc=tech":{"DevSec":["svc-gitea-devsec-w"]},"cn=svc-gitea-devsec-r,cn=groups,cn=accounts,dc=avroid,dc=tech":{"DevSec":["svc-gitea-devsec-r"]},"cn=svc-gitea-docker-adm,cn=groups,cn=accounts,dc=avroid,dc=tech":{"Docker":["svc-gitea-docker-adm"]},"cn=svc-gitea-docker-w,cn=groups,cn=accounts,dc=avroid,dc=tech":{"Docker":["svc-gitea-docker-w"]},"cn=svc-gitea-docker-r,cn=groups,cn=accounts,dc=avroid,dc=tech":{"Docker":["svc-gitea-docker-r"]}} \ No newline at end of file