diff options
Diffstat (limited to 'lib/api/ci/runner.rb')
-rw-r--r-- | lib/api/ci/runner.rb | 318 |
1 files changed, 318 insertions, 0 deletions
diff --git a/lib/api/ci/runner.rb b/lib/api/ci/runner.rb new file mode 100644 index 00000000000..31be1bb7e3e --- /dev/null +++ b/lib/api/ci/runner.rb @@ -0,0 +1,318 @@ +# frozen_string_literal: true + +module API + module Ci + class Runner < Grape::API::Instance + helpers ::API::Helpers::Runner + + resource :runners do + desc 'Registers a new Runner' do + success Entities::RunnerRegistrationDetails + http_codes [[201, 'Runner was created'], [403, 'Forbidden']] + end + params do + requires :token, type: String, desc: 'Registration token' + optional :description, type: String, desc: %q(Runner's description) + optional :info, type: Hash, desc: %q(Runner's metadata) + optional :active, type: Boolean, desc: 'Should Runner be active' + optional :locked, type: Boolean, desc: 'Should Runner be locked for current project' + optional :access_level, type: String, values: ::Ci::Runner.access_levels.keys, + desc: 'The access_level of the runner' + optional :run_untagged, type: Boolean, desc: 'Should Runner handle untagged jobs' + optional :tag_list, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, desc: %q(List of Runner's tags) + optional :maximum_timeout, type: Integer, desc: 'Maximum timeout set when this Runner will handle the job' + end + post '/' do + attributes = attributes_for_keys([:description, :active, :locked, :run_untagged, :tag_list, :access_level, :maximum_timeout]) + .merge(get_runner_details_from_request) + + attributes = + if runner_registration_token_valid? + # Create shared runner. Requires admin access + attributes.merge(runner_type: :instance_type) + elsif project = Project.find_by_runners_token(params[:token]) + # Create a specific runner for the project + attributes.merge(runner_type: :project_type, projects: [project]) + elsif group = Group.find_by_runners_token(params[:token]) + # Create a specific runner for the group + attributes.merge(runner_type: :group_type, groups: [group]) + else + forbidden! + end + + runner = ::Ci::Runner.create(attributes) + + if runner.persisted? + present runner, with: Entities::RunnerRegistrationDetails + else + render_validation_error!(runner) + end + end + + desc 'Deletes a registered Runner' do + http_codes [[204, 'Runner was deleted'], [403, 'Forbidden']] + end + params do + requires :token, type: String, desc: %q(Runner's authentication token) + end + delete '/' do + authenticate_runner! + + runner = ::Ci::Runner.find_by_token(params[:token]) + + destroy_conditionally!(runner) + end + + desc 'Validates authentication credentials' do + http_codes [[200, 'Credentials are valid'], [403, 'Forbidden']] + end + params do + requires :token, type: String, desc: %q(Runner's authentication token) + end + post '/verify' do + authenticate_runner! + status 200 + end + end + + resource :jobs do + before do + Gitlab::ApplicationContext.push( + user: -> { current_job&.user }, + project: -> { current_job&.project } + ) + end + + desc 'Request a job' do + success Entities::JobRequest::Response + http_codes [[201, 'Job was scheduled'], + [204, 'No job for Runner'], + [403, 'Forbidden']] + end + params do + requires :token, type: String, desc: %q(Runner's authentication token) + optional :last_update, type: String, desc: %q(Runner's queue last_update token) + optional :info, type: Hash, desc: %q(Runner's metadata) do + optional :name, type: String, desc: %q(Runner's name) + optional :version, type: String, desc: %q(Runner's version) + optional :revision, type: String, desc: %q(Runner's revision) + optional :platform, type: String, desc: %q(Runner's platform) + optional :architecture, type: String, desc: %q(Runner's architecture) + optional :executor, type: String, desc: %q(Runner's executor) + optional :features, type: Hash, desc: %q(Runner's features) + end + optional :session, type: Hash, desc: %q(Runner's session data) do + optional :url, type: String, desc: %q(Session's url) + optional :certificate, type: String, desc: %q(Session's certificate) + optional :authorization, type: String, desc: %q(Session's authorization) + end + optional :job_age, type: Integer, desc: %q(Job should be older than passed age in seconds to be ran on runner) + end + + # Since we serialize the build output ourselves to ensure Gitaly + # gRPC calls succeed, we need a custom Grape format to handle + # this: + # 1. Grape will ordinarily call `JSON.dump` when Content-Type is set + # to application/json. To avoid this, we need to define a custom type in + # `content_type` and a custom formatter to go with it. + # 2. Grape will parse the request input with the parser defined for + # `content_type`. If no such parser exists, it will be treated as text. We + # reuse the existing JSON parser to preserve the previous behavior. + content_type :build_json, 'application/json' + formatter :build_json, ->(object, _) { object } + parser :build_json, ::Grape::Parser::Json + + post '/request' do + authenticate_runner! + + unless current_runner.active? + header 'X-GitLab-Last-Update', current_runner.ensure_runner_queue_value + break no_content! + end + + runner_params = declared_params(include_missing: false) + + if current_runner.runner_queue_value_latest?(runner_params[:last_update]) + header 'X-GitLab-Last-Update', runner_params[:last_update] + Gitlab::Metrics.add_event(:build_not_found_cached) + break no_content! + end + + new_update = current_runner.ensure_runner_queue_value + result = ::Ci::RegisterJobService.new(current_runner).execute(runner_params) + + if result.valid? + if result.build_json + Gitlab::Metrics.add_event(:build_found) + env['api.format'] = :build_json + body result.build_json + else + Gitlab::Metrics.add_event(:build_not_found) + header 'X-GitLab-Last-Update', new_update + no_content! + end + else + # We received build that is invalid due to concurrency conflict + Gitlab::Metrics.add_event(:build_invalid) + conflict! + end + end + + desc 'Updates a job' do + http_codes [[200, 'Job was updated'], [403, 'Forbidden']] + end + params do + requires :token, type: String, desc: %q(Runners's authentication token) + requires :id, type: Integer, desc: %q(Job's ID) + optional :trace, type: String, desc: %q(Job's full trace) + optional :state, type: String, desc: %q(Job's status: success, failed) + optional :failure_reason, type: String, desc: %q(Job's failure_reason) + end + put '/:id' do + job = authenticate_job! + + job.trace.set(params[:trace]) if params[:trace] + + Gitlab::Metrics.add_event(:update_build) + + case params[:state].to_s + when 'running' + job.touch if job.needs_touch? + when 'success' + job.success! + when 'failed' + job.drop!(params[:failure_reason] || :unknown_failure) + end + end + + desc 'Appends a patch to the job trace' do + http_codes [[202, 'Trace was patched'], + [400, 'Missing Content-Range header'], + [403, 'Forbidden'], + [416, 'Range not satisfiable']] + end + params do + requires :id, type: Integer, desc: %q(Job's ID) + optional :token, type: String, desc: %q(Job's authentication token) + end + patch '/:id/trace' do + job = authenticate_job! + + error!('400 Missing header Content-Range', 400) unless request.headers.key?('Content-Range') + content_range = request.headers['Content-Range'] + content_range = content_range.split('-') + + # TODO: + # it seems that `Content-Range` as formatted by runner is wrong, + # the `byte_end` should point to final byte, but it points byte+1 + # that means that we have to calculate end of body, + # as we cannot use `content_length[1]` + # Issue: https://gitlab.com/gitlab-org/gitlab-runner/issues/3275 + + body_data = request.body.read + body_start = content_range[0].to_i + body_end = body_start + body_data.bytesize + + stream_size = job.trace.append(body_data, body_start) + unless stream_size == body_end + break error!('416 Range Not Satisfiable', 416, { 'Range' => "0-#{stream_size}" }) + end + + status 202 + header 'Job-Status', job.status + header 'Range', "0-#{stream_size}" + header 'X-GitLab-Trace-Update-Interval', job.trace.update_interval.to_s + end + + desc 'Authorize artifacts uploading for job' do + http_codes [[200, 'Upload allowed'], + [403, 'Forbidden'], + [405, 'Artifacts support not enabled'], + [413, 'File too large']] + end + params do + requires :id, type: Integer, desc: %q(Job's ID) + optional :token, type: String, desc: %q(Job's authentication token) + + # NOTE: + # In current runner, filesize parameter would be empty here. This is because archive is streamed by runner, + # so the archive size is not known ahead of time. Streaming is done to not use additional I/O on + # Runner to first save, and then send via Network. + optional :filesize, type: Integer, desc: %q(Artifacts filesize) + + optional :artifact_type, type: String, desc: %q(The type of artifact), + default: 'archive', values: ::Ci::JobArtifact.file_types.keys + end + post '/:id/artifacts/authorize' do + not_allowed! unless Gitlab.config.artifacts.enabled + require_gitlab_workhorse! + + job = authenticate_job! + + result = ::Ci::CreateJobArtifactsService.new(job).authorize(artifact_type: params[:artifact_type], filesize: params[:filesize]) + + if result[:status] == :success + content_type Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE + status :ok + result[:headers] + else + render_api_error!(result[:message], result[:http_status]) + end + end + + desc 'Upload artifacts for job' do + success Entities::JobRequest::Response + http_codes [[201, 'Artifact uploaded'], + [400, 'Bad request'], + [403, 'Forbidden'], + [405, 'Artifacts support not enabled'], + [413, 'File too large']] + end + params do + requires :id, type: Integer, desc: %q(Job's ID) + requires :file, type: ::API::Validations::Types::WorkhorseFile, desc: %(The artifact file to store (generated by Multipart middleware)) + optional :token, type: String, desc: %q(Job's authentication token) + optional :expire_in, type: String, desc: %q(Specify when artifacts should expire) + optional :artifact_type, type: String, desc: %q(The type of artifact), + default: 'archive', values: ::Ci::JobArtifact.file_types.keys + optional :artifact_format, type: String, desc: %q(The format of artifact), + default: 'zip', values: ::Ci::JobArtifact.file_formats.keys + optional :metadata, type: ::API::Validations::Types::WorkhorseFile, desc: %(The artifact metadata to store (generated by Multipart middleware)) + end + post '/:id/artifacts' do + not_allowed! unless Gitlab.config.artifacts.enabled + require_gitlab_workhorse! + + job = authenticate_job! + + artifacts = params[:file] + metadata = params[:metadata] + + result = ::Ci::CreateJobArtifactsService.new(job).execute(artifacts, params, metadata_file: metadata) + + if result[:status] == :success + status :created + else + render_api_error!(result[:message], result[:http_status]) + end + end + + desc 'Download the artifacts file for job' do + http_codes [[200, 'Upload allowed'], + [403, 'Forbidden'], + [404, 'Artifact not found']] + end + params do + requires :id, type: Integer, desc: %q(Job's ID) + optional :token, type: String, desc: %q(Job's authentication token) + optional :direct_download, default: false, type: Boolean, desc: %q(Perform direct download from remote storage instead of proxying artifacts) + end + get '/:id/artifacts' do + job = authenticate_job!(require_running: false) + + present_carrierwave_file!(job.artifacts_file, supports_direct_download: params[:direct_download]) + end + end + end + end +end |