pull request import (harness#2121)

* bypass lint
* bump golang version
* using types from migrator
* moving Importing to the RepositoryOutput
* minor changes; improved unit tests
* pr comments
* pr import
* pull request import

.github/workflows/ci-lint.yml

@@ -35,7 +35,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v4
         with:
-          go-version: '1.20'
+          go-version: '1.22'
       - name: get dependencies
         run: |
           mkdir -p ./web/dist

Dockerfile

@@ -18,7 +18,7 @@ RUN yarn && yarn build && yarn cache clean
 # ---------------------------------------------------------#
 #                   Build gitness image                    #
 # ---------------------------------------------------------#
-FROM --platform=$BUILDPLATFORM golang:1.20-alpine3.18 as builder
+FROM --platform=$BUILDPLATFORM golang:1.22-alpine3.18 as builder
 
 RUN apk update \
     && apk add --no-cache protoc build-base git

app/api/controller/githook/pre_receive.go

@@ -47,6 +47,11 @@ func (c *Controller) PreReceive(
 		return hook.Output{}, err
 	}
 
+	if !in.Internal && repo.State != enum.RepoStateActive && repo.State != enum.RepoStateMigrateGitPush {
+		output.Error = ptr.String("Push not allowed in the current repository state")
+		return output, nil
+	}
+
 	if err := c.limiter.RepoSize(ctx, in.RepoID); err != nil {
 		return hook.Output{}, fmt.Errorf(
 			"resource limit exceeded: %w",

app/api/controller/pullreq/controller.go

@@ -25,6 +25,7 @@ import (
 	pullreqevents "github.com/harness/gitness/app/events/pullreq"
 	"github.com/harness/gitness/app/services/codecomments"
 	"github.com/harness/gitness/app/services/codeowners"
+	"github.com/harness/gitness/app/services/importer"
 	locker "github.com/harness/gitness/app/services/locker"
 	"github.com/harness/gitness/app/services/protection"
 	"github.com/harness/gitness/app/services/pullreq"
@@ -62,6 +63,7 @@ type Controller struct {
 	sseStreamer         sse.Streamer
 	codeOwners          *codeowners.Service
 	locker              *locker.Locker
+	importer            *importer.PullReq
 }
 
 func NewController(
@@ -87,6 +89,7 @@ func NewController(
 	sseStreamer sse.Streamer,
 	codeowners *codeowners.Service,
 	locker *locker.Locker,
+	importer *importer.PullReq,
 ) *Controller {
 	return &Controller{
 		tx:                  tx,
@@ -111,6 +114,7 @@ func NewController(
 		sseStreamer:         sseStreamer,
 		codeOwners:          codeowners,
 		locker:              locker,
+		importer:            importer,
 	}
 }
 
@@ -152,8 +156,8 @@ func (c *Controller) getRepoCheckAccess(ctx context.Context,
 		return nil, fmt.Errorf("failed to find repository: %w", err)
 	}
 
-	if repo.Importing {
-		return nil, usererror.BadRequest("Repository import is in progress.")
+	if repo.State != enum.RepoStateActive {
+		return nil, usererror.BadRequest("Repository is not ready to use.")
 	}
 
 	if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, reqPermission); err != nil {

app/api/controller/pullreq/wire.go

@@ -19,6 +19,7 @@ import (
 	pullreqevents "github.com/harness/gitness/app/events/pullreq"
 	"github.com/harness/gitness/app/services/codecomments"
 	"github.com/harness/gitness/app/services/codeowners"
+	"github.com/harness/gitness/app/services/importer"
 	"github.com/harness/gitness/app/services/locker"
 	"github.com/harness/gitness/app/services/protection"
 	"github.com/harness/gitness/app/services/pullreq"
@@ -45,7 +46,7 @@ func ProvideController(tx dbtx.Transactor, urlProvider url.Provider, authorizer
 	checkStore store.CheckStore,
 	rpcClient git.Interface, eventReporter *pullreqevents.Reporter, codeCommentMigrator *codecomments.Migrator,
 	pullreqService *pullreq.Service, ruleManager *protection.Manager, sseStreamer sse.Streamer,
-	codeOwners *codeowners.Service, locker *locker.Locker,
+	codeOwners *codeowners.Service, locker *locker.Locker, importer *importer.PullReq,
 ) *Controller {
 	return NewController(tx, urlProvider, authorizer,
 		pullReqStore, pullReqActivityStore,
@@ -56,5 +57,5 @@ func ProvideController(tx dbtx.Transactor, urlProvider url.Provider, authorizer
 		checkStore,
 		rpcClient, eventReporter,
 		codeCommentMigrator,
-		pullreqService, ruleManager, sseStreamer, codeOwners, locker)
+		pullreqService, ruleManager, sseStreamer, codeOwners, locker, importer)
 }

app/api/controller/repo/controller.go

@@ -49,7 +49,8 @@ var errPublicRepoCreationDisabled = usererror.BadRequestf("Public repository cre
 
 type RepositoryOutput struct {
 	types.Repository
-	IsPublic bool `json:"is_public" yaml:"is_public"`
+	IsPublic  bool `json:"is_public" yaml:"is_public"`
+	Importing bool `json:"importing" yaml:"-"`
 }
 
 // TODO [CODE-1363]: remove after identifier migration.
@@ -156,6 +157,7 @@ func (c *Controller) getRepo(
 		ctx,
 		c.repoStore,
 		repoRef,
+		ActiveRepoStates,
 	)
 }
 
@@ -174,6 +176,26 @@ func (c *Controller) getRepoCheckAccess(
 		session,
 		repoRef,
 		reqPermission,
+		ActiveRepoStates,
+	)
+}
+
+// getRepoCheckAccessForGit fetches a repo
+// and checks if the current user has permission to access it.
+func (c *Controller) getRepoCheckAccessForGit(
+	ctx context.Context,
+	session *auth.Session,
+	repoRef string,
+	reqPermission enum.Permission,
+) (*types.Repository, error) {
+	return GetRepoCheckAccess(
+		ctx,
+		c.repoStore,
+		c.authorizer,
+		session,
+		repoRef,
+		reqPermission,
+		nil, // Any state allowed - we'll block in the pre-receive hook.
 	)
 }
 

app/api/controller/repo/create.go

@@ -149,10 +149,7 @@ func (c *Controller) Create(ctx context.Context, session *auth.Session, in *Crea
 	repo.GitURL = c.urlProvider.GenerateGITCloneURL(repo.Path)
 	repo.GitSSHURL = c.urlProvider.GenerateGITCloneSSHURL(repo.Path)
 
-	repoOutput := &RepositoryOutput{
-		Repository: *repo,
-		IsPublic:   in.IsPublic,
-	}
+	repoOutput := GetRepoOutputWithAccess(ctx, in.IsPublic, repo)
 
 	err = c.auditService.Log(ctx,
 		session.Principal,

app/api/controller/repo/git_info_refs.go

@@ -33,7 +33,7 @@ func (c *Controller) GitInfoRefs(
 	gitProtocol string,
 	w io.Writer,
 ) error {
-	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView)
+	repo, err := c.getRepoCheckAccessForGit(ctx, session, repoRef, enum.PermissionRepoView)
 	if err != nil {
 		return fmt.Errorf("failed to verify repo access: %w", err)
 	}

app/api/controller/repo/git_service_pack.go

@@ -40,7 +40,7 @@ func (c *Controller) GitServicePack(
 		permission = enum.PermissionRepoPush
 	}
 
-	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, permission)
+	repo, err := c.getRepoCheckAccessForGit(ctx, session, repoRef, permission)
 	if err != nil {
 		return fmt.Errorf("failed to verify repo access: %w", err)
 	}

app/api/controller/repo/helper.go

@@ -26,13 +26,18 @@ import (
 	"github.com/harness/gitness/app/store"
 	"github.com/harness/gitness/types"
 	"github.com/harness/gitness/types/enum"
+
+	"golang.org/x/exp/slices"
 )
 
-// GetRepo fetches an active repo (not one that is currently being imported).
+var ActiveRepoStates = []enum.RepoState{enum.RepoStateActive}
+
+// GetRepo fetches an repository.
 func GetRepo(
 	ctx context.Context,
 	repoStore store.RepoStore,
 	repoRef string,
+	allowedStates []enum.RepoState,
 ) (*types.Repository, error) {
 	if repoRef == "" {
 		return nil, usererror.BadRequest("A valid repository reference must be provided.")
@@ -43,8 +48,8 @@ func GetRepo(
 		return nil, fmt.Errorf("failed to find repository: %w", err)
 	}
 
-	if repo.Importing {
-		return nil, usererror.BadRequest("Repository import is in progress.")
+	if len(allowedStates) > 0 && !slices.Contains(allowedStates, repo.State) {
+		return nil, usererror.BadRequest("Repository is not ready to use.")
 	}
 
 	return repo, nil
@@ -59,8 +64,9 @@ func GetRepoCheckAccess(
 	session *auth.Session,
 	repoRef string,
 	reqPermission enum.Permission,
+	allowedStates []enum.RepoState,
 ) (*types.Repository, error) {
-	repo, err := GetRepo(ctx, repoStore, repoRef)
+	repo, err := GetRepo(ctx, repoStore, repoRef, allowedStates)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find repo: %w", err)
 	}
@@ -85,5 +91,18 @@ func GetRepoOutput(
 	return &RepositoryOutput{
 		Repository: *repo,
 		IsPublic:   isPublic,
+		Importing:  repo.State != enum.RepoStateActive,
 	}, nil
 }
+
+func GetRepoOutputWithAccess(
+	_ context.Context,
+	isPublic bool,
+	repo *types.Repository,
+) *RepositoryOutput {
+	return &RepositoryOutput{
+		Repository: *repo,
+		IsPublic:   isPublic,
+		Importing:  repo.State != enum.RepoStateActive,
+	}
+}

app/api/controller/repo/import.go

@@ -114,10 +114,7 @@ func (c *Controller) Import(ctx context.Context, session *auth.Session, in *Impo
 		log.Warn().Msgf("failed to insert audit log for import repository operation: %s", err)
 	}
 
-	return &RepositoryOutput{
-		Repository: *repo,
-		IsPublic:   false,
-	}, nil
+	return GetRepoOutputWithAccess(ctx, false, repo), nil
 }
 
 func (c *Controller) sanitizeImportInput(in *ImportInput) error {

app/api/controller/repo/move.go

@@ -58,8 +58,8 @@ func (c *Controller) Move(ctx context.Context,
 		return nil, err
 	}
 
-	if repo.Importing {
-		return nil, usererror.BadRequest("can't move a repo that is being imported")
+	if repo.State != enum.RepoStateActive {
+		return nil, usererror.BadRequest("Can't move a repo that isn't ready to use.")
 	}
 
 	if err = apiauth.CheckRepo(ctx, c.authorizer, session, repo, enum.PermissionRepoEdit); err != nil {

app/api/controller/repo/purge.go

@@ -64,7 +64,7 @@ func (c *Controller) PurgeNoAuth(
 	session *auth.Session,
 	repo *types.Repository,
 ) error {
-	if repo.Importing {
+	if repo.State == enum.RepoStateGitImport {
 		log.Ctx(ctx).Info().Msg("repository is importing. cancelling the import job.")
 		err := c.importer.Cancel(ctx, repo)
 		if err != nil {

app/api/controller/repo/restore.go

@@ -94,8 +94,5 @@ func (c *Controller) RestoreNoAuth(
 	}
 
 	// Repos restored as private since public access data has been deleted upon deletion.
-	return &RepositoryOutput{
-		Repository: *repo,
-		IsPublic:   false,
-	}, nil
+	return GetRepoOutputWithAccess(ctx, false, repo), nil
 }

app/api/controller/repo/soft_delete.go

@@ -97,7 +97,7 @@ func (c *Controller) SoftDeleteNoAuth(
 		return fmt.Errorf("failed to delete public access for repo: %w", err)
 	}
 
-	if repo.Importing {
+	if repo.State != enum.RepoStateActive {
 		return c.PurgeNoAuth(ctx, session, repo)
 	}
 

app/api/controller/repo/update_public_access.go

@@ -63,10 +63,7 @@ func (c *Controller) UpdatePublicAccess(ctx context.Context,
 
 	// no op
 	if isPublic == in.IsPublic {
-		return &RepositoryOutput{
-			Repository: *repo,
-			IsPublic:   isPublic,
-		}, nil
+		return GetRepoOutputWithAccess(ctx, isPublic, repo), nil
 	}
 
 	if err = c.publicAccess.Set(ctx, enum.PublicResourceTypeRepo, repo.Path, in.IsPublic); err != nil {
@@ -95,8 +92,5 @@ func (c *Controller) UpdatePublicAccess(ctx context.Context,
 		log.Ctx(ctx).Warn().Msgf("failed to insert audit log for update repository operation: %s", err)
 	}
 
-	return &RepositoryOutput{
-		Repository: *repo,
-		IsPublic:   in.IsPublic,
-	}, nil
+	return GetRepoOutputWithAccess(ctx, in.IsPublic, repo), nil
 }

app/api/controller/reposettings/controller.go

@@ -63,5 +63,6 @@ func (c *Controller) getRepoCheckAccess(
 		session,
 		repoRef,
 		reqPermission,
+		repo.ActiveRepoStates,
 	)
 }

app/api/controller/space/import_repositories.go

@@ -21,7 +21,7 @@ import (
 
 	apiauth "github.com/harness/gitness/app/api/auth"
 	"github.com/harness/gitness/app/api/controller/limiter"
-	repoCtrl "github.com/harness/gitness/app/api/controller/repo"
+	repoctrl "github.com/harness/gitness/app/api/controller/repo"
 	"github.com/harness/gitness/app/api/usererror"
 	"github.com/harness/gitness/app/auth"
 	"github.com/harness/gitness/app/paths"
@@ -39,8 +39,8 @@ type ImportRepositoriesInput struct {
 }
 
 type ImportRepositoriesOutput struct {
-	ImportingRepos []*repoCtrl.RepositoryOutput `json:"importing_repos"`
-	DuplicateRepos []*repoCtrl.RepositoryOutput `json:"duplicate_repos"` // repos which already exist in the space.
+	ImportingRepos []*repoctrl.RepositoryOutput `json:"importing_repos"`
+	DuplicateRepos []*repoctrl.RepositoryOutput `json:"duplicate_repos"` // repos which already exist in the space.
 }
 
 // getSpaceCheckAuthRepoCreation checks whether the user has permissions to create repos
@@ -165,12 +165,9 @@ func (c *Controller) ImportRepositories(
 		return ImportRepositoriesOutput{}, err
 	}
 
-	reposOut := make([]*repoCtrl.RepositoryOutput, len(repos))
+	reposOut := make([]*repoctrl.RepositoryOutput, len(repos))
 	for i, repo := range repos {
-		reposOut[i] = &repoCtrl.RepositoryOutput{
-			Repository: *repo,
-			IsPublic:   false,
-		}
+		reposOut[i] = repoctrl.GetRepoOutputWithAccess(ctx, false, repo)
 
 		err = c.auditService.Log(ctx,
 			session.Principal,
@@ -187,12 +184,9 @@ func (c *Controller) ImportRepositories(
 		}
 	}
 
-	duplicateReposOut := make([]*repoCtrl.RepositoryOutput, len(duplicateRepos))
+	duplicateReposOut := make([]*repoctrl.RepositoryOutput, len(duplicateRepos))
 	for i, dupRepo := range duplicateRepos {
-		duplicateReposOut[i] = &repoCtrl.RepositoryOutput{
-			Repository: *dupRepo,
-			IsPublic:   false,
-		}
+		duplicateReposOut[i] = repoctrl.GetRepoOutputWithAccess(ctx, false, dupRepo)
 	}
 
 	return ImportRepositoriesOutput{ImportingRepos: reposOut, DuplicateRepos: duplicateReposOut}, nil

app/services/importer/provider.go

@@ -27,6 +27,7 @@ import (
 	"github.com/harness/gitness/app/api/usererror"
 	"github.com/harness/gitness/app/paths"
 	"github.com/harness/gitness/types"
+	"github.com/harness/gitness/types/enum"
 
 	"github.com/drone/go-scm/scm"
 	"github.com/drone/go-scm/scm/driver/azure"
@@ -100,7 +101,7 @@ func (r *RepositoryInfo) ToRepo(
 		Updated:       now,
 		ForkID:        0,
 		DefaultBranch: r.DefaultBranch,
-		Importing:     true,
+		State:         enum.RepoStateGitImport,
 		Path:          paths.Concatenate(spacePath, identifier),
 	}, r.IsPublic
 }