// Copyright 2023 Harness, Inc. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package pullreq import ( "context" "fmt" "time" apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/api/controller" "github.com/harness/gitness/app/api/usererror" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/bootstrap" pullreqevents "github.com/harness/gitness/app/events/pullreq" "github.com/harness/gitness/app/services/codeowners" "github.com/harness/gitness/app/services/protection" "github.com/harness/gitness/contextutil" "github.com/harness/gitness/errors" "github.com/harness/gitness/git" gitenum "github.com/harness/gitness/git/enum" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" "github.com/rs/zerolog/log" ) type MergeInput struct { Method enum.MergeMethod `json:"method"` SourceSHA string `json:"source_sha"` BypassRules bool `json:"bypass_rules"` DryRun bool `json:"dry_run"` } func (in *MergeInput) sanitize() error { if in.Method == "" && !in.DryRun { return usererror.BadRequest("merge method must be provided if dry run is false") } if in.SourceSHA == "" { return usererror.BadRequest("source SHA must be provided") } if in.Method != "" { method, ok := in.Method.Sanitize() if !ok { return usererror.BadRequestf("unsupported merge method: %s", in.Method) } in.Method = method } return nil } // Merge merges a pull request. // // It supports dry running by providing the DryRun=true. Dry running can be used to find any rule violations that // might block the merging. Dry running typically should be used with BypassRules=true. // // MergeMethod doesn't need to be provided for dry running. If no MergeMethod has been provided the function will // return allowed merge methods. Rules can limit allowed merge methods. // // If the pull request has been successfully merged the function will return the SHA of the merge commit. // //nolint:gocognit,gocyclo,cyclop func (c *Controller) Merge( ctx context.Context, session *auth.Session, repoRef string, pullreqNum int64, in *MergeInput, ) (*types.MergeResponse, *types.MergeViolations, error) { if err := in.sanitize(); err != nil { return nil, nil, err } requiredPermission := enum.PermissionRepoPush if in.DryRun { requiredPermission = enum.PermissionRepoView } targetRepo, err := c.getRepoCheckAccess(ctx, session, repoRef, requiredPermission) if err != nil { return nil, nil, fmt.Errorf("failed to acquire access to target repo: %w", err) } // the max time we give a merge to succeed const timeout = 3 * time.Minute // if two requests for merging comes at the same time then unlock will lock // first one and second one will wait, when first one is done then second one // continue with latest data from db with state merged and return error that // pr is already merged. unlock, err := c.lockPR( ctx, targetRepo.GitUID, 0, // 0 means locks all PRs for this repo timeout+30*time.Second, // add 30s to the lock to give enough time for pre + post merge ) if err != nil { return nil, nil, err } defer unlock() pr, err := c.pullreqStore.FindByNumber(ctx, targetRepo.ID, pullreqNum) if err != nil { return nil, nil, fmt.Errorf("failed to get pull request by number: %w", err) } if pr.Merged != nil { return nil, nil, usererror.BadRequest("Pull request already merged") } if pr.State != enum.PullReqStateOpen { return nil, nil, usererror.BadRequest("Pull request must be open") } if pr.SourceSHA != in.SourceSHA { return nil, nil, usererror.BadRequest("A newer commit is available. Only the latest commit can be merged.") } if pr.IsDraft && !in.DryRun { return nil, nil, usererror.BadRequest( "Draft pull requests can't be merged. Clear the draft flag first.", ) } reviewers, err := c.reviewerStore.List(ctx, pr.ID) if err != nil { return nil, nil, fmt.Errorf("failed to load list of reviwers: %w", err) } targetWriteParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, targetRepo) if err != nil { return nil, nil, fmt.Errorf("failed to create RPC write params: %w", err) } sourceRepo := targetRepo sourceWriteParams := targetWriteParams if pr.SourceRepoID != pr.TargetRepoID { sourceWriteParams, err = controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, sourceRepo) if err != nil { return nil, nil, fmt.Errorf("failed to create RPC write params: %w", err) } sourceRepo, err = c.repoStore.Find(ctx, pr.SourceRepoID) if err != nil { return nil, nil, fmt.Errorf("failed to get source repository: %w", err) } } isRepoOwner, err := apiauth.IsRepoOwner(ctx, c.authorizer, session, targetRepo) if err != nil { return nil, nil, fmt.Errorf("failed to determine if user is repo owner: %w", err) } checkResults, err := c.checkStore.ListResults(ctx, targetRepo.ID, pr.SourceSHA) if err != nil { return nil, nil, fmt.Errorf("failed to list status checks: %w", err) } protectionRules, err := c.protectionManager.ForRepository(ctx, targetRepo.ID) if err != nil { return nil, nil, fmt.Errorf("failed to fetch protection rules for the repository: %w", err) } codeOwnerWithApproval, err := c.codeOwners.Evaluate(ctx, sourceRepo, pr, reviewers) // check for error and ignore if it is codeowners file not found else throw error if err != nil && !errors.Is(err, codeowners.ErrNotFound) { return nil, nil, fmt.Errorf("CODEOWNERS evaluation failed: %w", err) } ruleOut, violations, err := protectionRules.MergeVerify(ctx, protection.MergeVerifyInput{ Actor: &session.Principal, AllowBypass: in.BypassRules, IsRepoOwner: isRepoOwner, TargetRepo: targetRepo, SourceRepo: sourceRepo, PullReq: pr, Reviewers: reviewers, Method: in.Method, CheckResults: checkResults, CodeOwners: codeOwnerWithApproval, }) if err != nil { return nil, nil, fmt.Errorf("failed to verify protection rules: %w", err) } // we want to complete the merge independent of request cancel - start with new, time restricted context. // TODO: This is a small change to reduce likelihood of dirty state. // We still require a proper solution to handle an application crash or very slow execution times // (which could cause an unlocking pre operation completion). ctx, cancel := context.WithTimeout( contextutil.WithNewValues(context.Background(), ctx), timeout, ) defer cancel() //nolint:nestif if in.DryRun { // As the merge API is always executed under a global lock, we use the opportunity of dry-running the merge // to check the PR's mergeability status if it's currently "unchecked". This can happen if the target branch // has advanced. It's possible that the merge base commit is different too. // So, the next time the API gets called for the same PR the mergeability status will not be unchecked. // Without dry-run the execution would proceed below and would either merge the PR or set the conflict status. if pr.MergeCheckStatus == enum.MergeCheckStatusUnchecked { mergeOutput, err := c.git.Merge(ctx, &git.MergeParams{ WriteParams: targetWriteParams, BaseBranch: pr.TargetBranch, HeadRepoUID: sourceRepo.GitUID, HeadBranch: pr.SourceBranch, HeadExpectedSHA: in.SourceSHA, }) if err != nil { return nil, nil, fmt.Errorf("merge check execution failed: %w", err) } pr, err = c.pullreqStore.UpdateOptLock(ctx, pr, func(pr *types.PullReq) error { if pr.SourceSHA != mergeOutput.HeadSHA { return errors.New("source SHA has changed") } if mergeOutput.MergeSHA == "" || len(mergeOutput.ConflictFiles) > 0 { pr.MergeCheckStatus = enum.MergeCheckStatusConflict pr.MergeBaseSHA = mergeOutput.MergeBaseSHA pr.MergeTargetSHA = &mergeOutput.BaseSHA pr.MergeSHA = nil pr.MergeConflicts = mergeOutput.ConflictFiles } else { pr.MergeCheckStatus = enum.MergeCheckStatusMergeable pr.MergeBaseSHA = mergeOutput.MergeBaseSHA pr.MergeTargetSHA = &mergeOutput.BaseSHA pr.MergeSHA = &mergeOutput.MergeSHA pr.MergeConflicts = nil } pr.Stats.DiffStats = types.NewDiffStats(mergeOutput.CommitCount, mergeOutput.ChangedFileCount) return nil }) if err != nil { // non-critical error log.Ctx(ctx).Warn().Err(err).Msg("failed to update unchecked pull request") } else { if err = c.sseStreamer.Publish(ctx, targetRepo.ParentID, enum.SSETypePullRequestUpdated, pr); err != nil { log.Ctx(ctx).Warn().Err(err).Msg("failed to publish PR changed event") } } } // With in.DryRun=true this function never returns types.MergeViolations out := &types.MergeResponse{ DryRun: true, BranchDeleted: ruleOut.DeleteSourceBranch, AllowedMethods: ruleOut.AllowedMethods, ConflictFiles: pr.MergeConflicts, RuleViolations: violations, } return out, nil, nil } if protection.IsCritical(violations) { return nil, &types.MergeViolations{RuleViolations: violations}, nil } // TODO: for forking merge title might be different? var mergeTitle string author := *session.Principal.ToPrincipalInfo() if in.Method == enum.MergeMethodSquash { // squash commit should show as authored by PR author author = pr.Author mergeTitle = fmt.Sprintf("%s (#%d)", pr.Title, pr.Number) } else { mergeTitle = fmt.Sprintf("Merge branch '%s' of %s (#%d)", pr.SourceBranch, sourceRepo.Path, pr.Number) } log.Ctx(ctx).Debug().Msgf("all pre-check passed, merge PR") now := time.Now() mergeOutput, err := c.git.Merge(ctx, &git.MergeParams{ WriteParams: targetWriteParams, BaseBranch: pr.TargetBranch, HeadRepoUID: sourceRepo.GitUID, HeadBranch: pr.SourceBranch, Title: mergeTitle, Message: "", Committer: identityFromPrincipalInfo(*bootstrap.NewSystemServiceSession().Principal.ToPrincipalInfo()), CommitterDate: &now, Author: identityFromPrincipalInfo(author), AuthorDate: &now, RefType: gitenum.RefTypeBranch, RefName: pr.TargetBranch, HeadExpectedSHA: in.SourceSHA, Method: gitenum.MergeMethod(in.Method), }) if err != nil { return nil, nil, fmt.Errorf("merge check execution failed: %w", err) } //nolint:nestif if mergeOutput.MergeSHA == "" || len(mergeOutput.ConflictFiles) > 0 { _, err = c.pullreqStore.UpdateOptLock(ctx, pr, func(pr *types.PullReq) error { if pr.SourceSHA != mergeOutput.HeadSHA { return errors.New("source SHA has changed") } // update all Merge specific information pr.MergeCheckStatus = enum.MergeCheckStatusConflict pr.MergeBaseSHA = mergeOutput.MergeBaseSHA pr.MergeTargetSHA = &mergeOutput.BaseSHA pr.MergeSHA = nil pr.MergeConflicts = mergeOutput.ConflictFiles pr.Stats.DiffStats = types.NewDiffStats(mergeOutput.CommitCount, mergeOutput.ChangedFileCount) return nil }) if err != nil { // non-critical error log.Ctx(ctx).Warn().Err(err).Msg("failed to update pull request with conflict files") } else { if err = c.sseStreamer.Publish(ctx, targetRepo.ParentID, enum.SSETypePullRequestUpdated, pr); err != nil { log.Ctx(ctx).Warn().Err(err).Msg("failed to publish PR changed event") } } return nil, &types.MergeViolations{ ConflictFiles: mergeOutput.ConflictFiles, RuleViolations: violations, }, nil } log.Ctx(ctx).Debug().Msgf("successfully merged PR") var activitySeqMerge, activitySeqBranchDeleted int64 pr, err = c.pullreqStore.UpdateOptLock(ctx, pr, func(pr *types.PullReq) error { pr.State = enum.PullReqStateMerged nowMilli := now.UnixMilli() pr.Merged = &nowMilli pr.MergedBy = &session.Principal.ID pr.MergeMethod = &in.Method // update all Merge specific information (might be empty if previous merge check failed) // since this is the final operation on the PR, we update any sha that might've changed by now. pr.MergeCheckStatus = enum.MergeCheckStatusMergeable pr.SourceSHA = mergeOutput.HeadSHA pr.MergeTargetSHA = &mergeOutput.BaseSHA pr.MergeBaseSHA = mergeOutput.MergeBaseSHA pr.MergeSHA = &mergeOutput.MergeSHA pr.MergeConflicts = nil pr.Stats.DiffStats = types.NewDiffStats(mergeOutput.CommitCount, mergeOutput.ChangedFileCount) // update sequence for PR activities pr.ActivitySeq++ activitySeqMerge = pr.ActivitySeq if ruleOut.DeleteSourceBranch { pr.ActivitySeq++ activitySeqBranchDeleted = pr.ActivitySeq } return nil }) if err != nil { return nil, nil, fmt.Errorf("failed to update pull request: %w", err) } pr.ActivitySeq = activitySeqMerge activityPayload := &types.PullRequestActivityPayloadMerge{ MergeMethod: in.Method, MergeSHA: mergeOutput.MergeSHA, TargetSHA: mergeOutput.BaseSHA, SourceSHA: mergeOutput.HeadSHA, } if _, errAct := c.activityStore.CreateWithPayload(ctx, pr, session.Principal.ID, activityPayload); errAct != nil { // non-critical error log.Ctx(ctx).Err(errAct).Msgf("failed to write pull req merge activity") } c.eventReporter.Merged(ctx, &pullreqevents.MergedPayload{ Base: eventBase(pr, &session.Principal), MergeMethod: in.Method, MergeSHA: mergeOutput.MergeSHA, TargetSHA: mergeOutput.BaseSHA, SourceSHA: mergeOutput.HeadSHA, }) var branchDeleted bool if ruleOut.DeleteSourceBranch { errDelete := c.git.DeleteBranch(ctx, &git.DeleteBranchParams{ WriteParams: sourceWriteParams, BranchName: pr.SourceBranch, }) if errDelete != nil { // non-critical error log.Ctx(ctx).Err(errDelete).Msgf("failed to delete source branch after merging") } else { branchDeleted = true // NOTE: there is a chance someone pushed on the branch between merge and delete. // Either way, we'll use the SHA that was merged with for the activity to be consistent from PR perspective. pr.ActivitySeq = activitySeqBranchDeleted if _, errAct := c.activityStore.CreateWithPayload(ctx, pr, session.Principal.ID, &types.PullRequestActivityPayloadBranchDelete{SHA: in.SourceSHA}); errAct != nil { // non-critical error log.Ctx(ctx).Err(errAct). Msgf("failed to write pull request activity for successful automatic branch delete") } } } if err = c.sseStreamer.Publish(ctx, targetRepo.ParentID, enum.SSETypePullRequestUpdated, pr); err != nil { log.Ctx(ctx).Warn().Err(err).Msg("failed to publish PR changed event") } return &types.MergeResponse{ SHA: mergeOutput.MergeSHA, BranchDeleted: branchDeleted, RuleViolations: violations, }, nil, nil }