PATCH endpoint for branch protections does not clear contexts array

[Infinoid]

Description

The PATCH /api/v1/repos/<org>/<repo>/branch_protections/<branch> API endpoint edits an existing branch protection rule for the given repo and branch.

When using the web interface to disable status checks in a branch protection rule, the lists of contexts (CICD job names) is automatically cleared.

When using the API endpoint to do the same, you can pass status_check_contexts=[], but this value is ignored because enable_status_check is false.

To clear out that array, you have to make two separate PATCH calls: once to empty the array, and once to unset the boolean flag. There is a command in the below reproducer, where it says "UNCOMMENT THIS", which demonstrates the workaround of calling PATCH twice.

Ideally the status_check_contexts array would be emptied automatically when the enable_status_check boolean flag is set to false, like the UI does.

Reproducer

1. Use the PATCH endpoint, setting enable_status_check=true, and add a string to the status_check_contexts array.
2. Use PATCH again, setting enable_status_check=false, and status_check_contexts=[].
3. See in the response that the status_check_contexts array was not actually emptied. It still has the value from step 1.
4. Do another GET, see that it's still not empty.

The below shell script does this, using a try.gitea.io account. After each call, the status_check_contexts array from the response is printed.

Expected output:

[
  "infinoid/test-branch-protection-rules/pipeline/pr-main"
]
[]
[]

Actual output:

[
  "infinoid/test-branch-protection-rules/pipeline/pr-main"
]
[
  "infinoid/test-branch-protection-rules/pipeline/pr-main"
]
[
  "infinoid/test-branch-protection-rules/pipeline/pr-main"
]

Output when the "UNCOMMENT THIS" line is uncommented:

[
  "infinoid/test-branch-protection-rules/pipeline/pr-main"
]
[]
[]
[]

Shell script:

#!/bin/sh

GITEA_API="`grep try.gitea.io ~/.git-credentials`/api/v1"
REPO=$USER/test-branch-protection-rules
BRANCH=main

# add status check
echo '{"enable_status_check": true, "status_check_contexts": [ "'$REPO'/pipeline/pr-main"]}' \
    | curl -s -X 'PATCH' "$GITEA_API/repos/$REPO/branch_protections/$BRANCH" -H 'accept: application/json' -H 'Content-Type: application/json' -d @- \
    | jq '.status_check_contexts'

# UNCOMMENT THIS to empty status context array first
# echo '{"enable_status_check": true, "status_check_contexts": []}' | curl -s -X 'PATCH' "$GITEA_API/repos/$REPO/branch_protections/$BRANCH" -H 'accept: application/json' -H 'Content-Type: application/json' -d @- | jq '.status_check_contexts'

# remove status check
echo '{"enable_status_check": false, "status_check_contexts": []}' \
    | curl -s -X 'PATCH' "$GITEA_API/repos/$REPO/branch_protections/$BRANCH" -H 'accept: application/json' -H 'Content-Type: application/json' -d @- \
    | jq '.status_check_contexts'

# query status check
curl -s -X 'GET' "$GITEA_API/repos/$REPO/branch_protections/$BRANCH" -H 'accept: application/json' \
    | jq '.status_check_contexts'

Reproducer assumptions

• There are login credentials for your try.gitea.io account in your ~/.git-credentials file, which have API access
• Your username on try.gitea.io is the same as your $USER variable
• You have a repo on try.gitea.io called test-branch-protection-rules
• It has a main branch (just a template README is fine)
• It has a branch protection rule for the main branch (defaults are fine)

Gitea Version

1.20.2, 1.21.0+dev-463-g6a7a5ea32 (the version of try.gitea.io at time of writing)

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

This screenshot is from loading the branch protection edit page after running the above reproducer. It shows the stale context string in the text area.

Git Version

No response

Operating System

No response

How are you running Gitea?

I was able to reproduce it using try.gitea.io.

Database

None