diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index cb770451..700f51bf 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -35,11 +35,19 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: install go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + # use version from go.mod file + go-version-file: 'go.mod' + cache: true + check-latest: true # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3 + uses: github/codeql-action/init@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,7 +58,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3 + uses: github/codeql-action/autobuild@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -64,4 +72,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3 + uses: github/codeql-action/analyze@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml index 7e131da2..b9eb09c0 100644 --- a/.github/workflows/reviewdog.yml +++ b/.github/workflows/reviewdog.yml @@ -12,10 +12,10 @@ jobs: steps: - name: clone - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: install go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: # use version from go.mod file go-version-file: 'go.mod' @@ -23,7 +23,7 @@ jobs: check-latest: true - name: golangci-lint - uses: reviewdog/action-golangci-lint@f016e796a429b33094d0da6e86af3fa5479afe65 # v2 + uses: reviewdog/action-golangci-lint@8e1117c7d327bbfb1eb7ec8dc2d895d13e6e17c3 # v2.6.0 with: github_token: ${{ secrets.github_token }} golangci_lint_flags: "--config=.golangci.yml" @@ -36,10 +36,10 @@ jobs: steps: - name: clone - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: install go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: # use version from go.mod file go-version-file: 'go.mod' @@ -47,7 +47,7 @@ jobs: check-latest: true - name: golangci-lint - uses: reviewdog/action-golangci-lint@f016e796a429b33094d0da6e86af3fa5479afe65 # v2 + uses: reviewdog/action-golangci-lint@8e1117c7d327bbfb1eb7ec8dc2d895d13e6e17c3 # v2.6.0 with: github_token: ${{ secrets.github_token }} golangci_lint_flags: "--config=.golangci.yml" diff --git a/.github/workflows/schema.yml b/.github/workflows/schema.yml index 7112d3ee..352fe0d4 100644 --- a/.github/workflows/schema.yml +++ b/.github/workflows/schema.yml @@ -13,10 +13,10 @@ jobs: steps: - name: clone - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: install go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: # use version from go.mod file go-version-file: 'go.mod' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 03244cd1..5970250f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,10 +14,10 @@ jobs: steps: - name: clone - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: install go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: # use version from go.mod file go-version-file: 'go.mod' @@ -29,7 +29,7 @@ jobs: go test -race -covermode=atomic -coverprofile=coverage.out ./... - name: coverage - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3 + uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # v4.0.1 with: token: ${{ secrets.CODECOV_TOKEN }} file: coverage.out diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index bc6cdf74..0f039bfa 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -14,10 +14,10 @@ jobs: steps: - name: clone - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: install go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: # use version from go.mod file go-version-file: 'go.mod' diff --git a/cmd/schema/main.go b/cmd/schema/main.go index 4adc0e70..f3396b67 100644 --- a/cmd/schema/main.go +++ b/cmd/schema/main.go @@ -92,8 +92,11 @@ func main() { "comment", "comment:created", "comment:edited", + "delete:branch", + "delete:tag", "deployment", "pull_request", + "pull_request*", "pull_request:edited", "pull_request:opened", "pull_request:synchronize", diff --git a/constants/limit.go b/constants/limit.go index cfa4d5a2..d3cd6352 100644 --- a/constants/limit.go +++ b/constants/limit.go @@ -33,4 +33,7 @@ const ( // TopicsMaxSize defines the maximum size in characters for repo topics. Ex: GitHub has a 20-topic, 50-char limit. TopicsMaxSize = 1020 + + // DeployBuildsMaxSize defines the maximum size in characters for deployment builds. + DeployBuildsMaxSize = 500 ) diff --git a/database/build.go b/database/build.go index 69309492..79a856a2 100644 --- a/database/build.go +++ b/database/build.go @@ -173,7 +173,7 @@ func (b *Build) Nullify() *Build { // check if the DeployNumber field should be false if b.DeployNumber.Int64 == 0 { - b.Deploy.Valid = false + b.DeployNumber.Valid = false } // check if the Clone field should be false diff --git a/database/build_test.go b/database/build_test.go index 976c66d2..a7760659 100644 --- a/database/build_test.go +++ b/database/build_test.go @@ -276,7 +276,7 @@ func testBuild() *Build { Started: sql.NullInt64{Int64: 1563474078, Valid: true}, Finished: sql.NullInt64{Int64: 1563474079, Valid: true}, Deploy: sql.NullString{String: "", Valid: false}, - DeployNumber: sql.NullInt64{Int64: 0, Valid: true}, + DeployNumber: sql.NullInt64{Int64: 0, Valid: false}, DeployPayload: raw.StringSliceMap{"foo": "test1", "bar": "test2"}, Clone: sql.NullString{String: "https://github.com/github/octocat.git", Valid: true}, Source: sql.NullString{String: "https://github.com/github/octocat/48afb5bdc41ad69bf22588491333f7cf71135163", Valid: true}, diff --git a/database/deployment.go b/database/deployment.go index 6815229f..ba97ecdd 100644 --- a/database/deployment.go +++ b/database/deployment.go @@ -7,6 +7,7 @@ import ( "errors" "fmt" + "github.com/go-vela/types/constants" "github.com/go-vela/types/library" "github.com/go-vela/types/raw" "github.com/lib/pq" @@ -152,6 +153,22 @@ func (d *Deployment) Validate() error { d.Target = sql.NullString{String: sanitize(d.Target.String), Valid: d.Target.Valid} d.Description = sql.NullString{String: sanitize(d.Description.String), Valid: d.Description.Valid} + // calculate total size of builds + total := 0 + for _, b := range d.Builds { + total += len(b) + } + + // verify the Builds field is within the database constraints and evict if not + // len is to factor in number of comma separators included in the database field, + // removing 1 due to the last item not having an appended comma + if diff := (total + len(d.Builds) - 1) - constants.DeployBuildsMaxSize; diff > 0 { + for diff > 0 { + diff = diff - (len(d.Builds[0]) + 1) + d.Builds = d.Builds[1:] + } + } + return nil } diff --git a/database/deployment_test.go b/database/deployment_test.go index 28f86b6e..3a3c6f2f 100644 --- a/database/deployment_test.go +++ b/database/deployment_test.go @@ -129,6 +129,7 @@ func TestDatabase_Deployment_Validate(t *testing.T) { tests := []struct { failure bool deployment *Deployment + want *Deployment }{ { failure: false, @@ -140,6 +141,10 @@ func TestDatabase_Deployment_Validate(t *testing.T) { ID: sql.NullInt64{Int64: 1, Valid: true}, RepoID: sql.NullInt64{Int64: 1, Valid: true}, }, + want: &Deployment{ + ID: sql.NullInt64{Int64: 1, Valid: true}, + RepoID: sql.NullInt64{Int64: 1, Valid: true}, + }, }, { // no repoID set for deployment failure: true, @@ -147,6 +152,36 @@ func TestDatabase_Deployment_Validate(t *testing.T) { ID: sql.NullInt64{Int64: 1, Valid: true}, Number: sql.NullInt64{Int64: 1, Valid: true}, }, + want: &Deployment{ + ID: sql.NullInt64{Int64: 1, Valid: true}, + RepoID: sql.NullInt64{Int64: 1, Valid: true}, + }, + }, + { // too many builds + failure: true, + deployment: &Deployment{ + ID: sql.NullInt64{Int64: 1, Valid: true}, + Number: sql.NullInt64{Int64: 1, Valid: true}, + Builds: generateBuilds(100), + }, + want: &Deployment{ + ID: sql.NullInt64{Int64: 1, Valid: true}, + RepoID: sql.NullInt64{Int64: 1, Valid: true}, + Builds: generateBuilds(50), + }, + }, + { // acceptable builds + failure: true, + deployment: &Deployment{ + ID: sql.NullInt64{Int64: 1, Valid: true}, + Number: sql.NullInt64{Int64: 1, Valid: true}, + Builds: generateBuilds(30), + }, + want: &Deployment{ + ID: sql.NullInt64{Int64: 1, Valid: true}, + RepoID: sql.NullInt64{Int64: 1, Valid: true}, + Builds: generateBuilds(30), + }, }, } @@ -253,3 +288,15 @@ func testDeployment() *Deployment { Builds: pq.StringArray{"1"}, } } + +// generateBuilds returns a list of valid builds that exceed the maximum size. +func generateBuilds(amount int) []string { + // initialize empty builds + builds := []string{} + + for i := 0; i < amount; i++ { + builds = append(builds, "123456789") + } + + return builds +} diff --git a/go.mod b/go.mod index 2963f7b4..0409f5b1 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/go-vela/types go 1.21 require ( - github.com/adhocore/gronx v1.6.6 + github.com/adhocore/gronx v1.6.7 github.com/buildkite/yaml v0.0.0-20181016232759-0caa5f0796e3 github.com/drone/envsubst v1.0.3 github.com/ghodss/yaml v1.0.0 diff --git a/go.sum b/go.sum index 3ec3a0af..1f186ff6 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/adhocore/gronx v1.6.6 h1:Gk1OAP4CCSs2/i3f7HHwB2tX/EtYP3TzzWSHvesTR4k= -github.com/adhocore/gronx v1.6.6/go.mod h1:7oUY1WAU8rEJWmAxXR2DN0JaO4gi9khSgKjiRypqteg= +github.com/adhocore/gronx v1.6.7 h1:yE/AKQP/yhjMRqV943XiPqBdmUwIF8VHJwm6KZhnk48= +github.com/adhocore/gronx v1.6.7/go.mod h1:7oUY1WAU8rEJWmAxXR2DN0JaO4gi9khSgKjiRypqteg= github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk= github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= github.com/buildkite/yaml v0.0.0-20181016232759-0caa5f0796e3 h1:q+sMKdA6L8LyGVudTkpGoC73h6ak2iWSPFiFo/pFOU8=