blob: 2e6ad12f928d413b7eb73ecedd11f6d6eaf230fd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
# frozen_string_literal: true
class DisableJobTokenScopeWhenUnused < Gitlab::Database::Migration[1.0]
disable_ddl_transaction!
class ProjectCiCdSetting < ApplicationRecord
include EachBatch
self.table_name = 'project_ci_cd_settings'
end
module Ci
module JobToken
class ProjectScopeLink < ApplicationRecord
self.table_name = 'ci_job_token_project_scope_links'
end
end
end
def up
# Disabling job token scope after db/migrate/20210902171808_set_default_job_token_scope_false.rb
# if users haven't configured it.
ProjectCiCdSetting.each_batch(of: 10_000) do |settings|
with_enabled_but_unused_scope(settings).each_batch(of: 500) do |settings_to_update|
settings_to_update.update_all(job_token_scope_enabled: false)
end
end
end
def down
# irreversible data migration
# The migration relies on the state of `job_token_scope_enabled` and
# updates it based on whether the feature is used or not.
#
# The inverse migration would be to set `job_token_scope_enabled: true`
# for those projects that have the feature disabled and unused. But there
# could be also existing cases where the feature is disabled and unused.
# For example, old projects.
end
private
# The presence of ProjectScopeLinks means that the job token scope
# is configured and we need to leave it enabled. Unused job token scope
# can be disabled since they weren't configured.
def with_enabled_but_unused_scope(settings)
settings
.where(job_token_scope_enabled: true)
.where.not(project_id: Ci::JobToken::ProjectScopeLink.select(:source_project_id))
end
end
|
