1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
# frozen_string_literal: true
module Gitlab
module Ci
module Build
module Policy
class Refs < Policy::Specification
def initialize(refs)
@patterns = Array(refs)
end
def satisfied_by?(pipeline, seed = nil)
@patterns.any? do |pattern|
pattern, path = pattern.split('@', 2)
matches_path?(path, pipeline) &&
matches_pattern?(pattern, pipeline)
end
end
private
def matches_path?(path, pipeline)
return true unless path
pipeline.project_full_path == path
end
def matches_pattern?(pattern, pipeline)
matches_tags_keyword?(pattern, pipeline) ||
matches_branches_keyword?(pattern, pipeline) ||
matches_pipeline_source?(pattern, pipeline) ||
matches_single_ref?(pattern, pipeline) ||
matches_external_merge_request_source?(pattern, pipeline)
end
def matches_tags_keyword?(pattern, pipeline)
pipeline.tag? && pattern == 'tags'
end
def matches_branches_keyword?(pattern, pipeline)
pipeline.branch? && pattern == 'branches'
end
def matches_pipeline_source?(pattern, pipeline)
sanitized_source_name(pipeline) == pattern ||
sanitized_source_name(pipeline)&.pluralize == pattern
end
def matches_single_ref?(pattern, pipeline)
# patterns can be matched only when branch or tag is used
# the pattern matching does not work for merge requests pipelines
if pipeline.branch? || pipeline.tag?
if regexp = Gitlab::UntrustedRegexp::RubySyntax.fabricate(pattern, fallback: true)
regexp.match?(pipeline.ref)
else
pattern == pipeline.ref
end
end
end
# TODO: best would be to support 'only/except: external_merge_requests'
# but for now we reuse 'merge_requests'
def matches_external_merge_request_source?(pattern, pipeline)
sanitized_source_name(pipeline) == 'external_merge_request' &&
pattern == 'merge_requests'
end
def sanitized_source_name(pipeline)
pipeline&.source&.delete_suffix('_event')
end
end
end
end
end
end
|