diff --git a/internal/app/poll/poller.go b/internal/app/poll/poller.go index d14c263..e4e1d97 100644 --- a/internal/app/poll/poller.go +++ b/internal/app/poll/poller.go @@ -7,7 +7,6 @@ import ( "context" "errors" "fmt" - "strings" "sync" "sync/atomic" @@ -148,12 +147,6 @@ func (p *Poller) runTaskWithRecover(ctx context.Context, task *runnerv1.Task) { log.WithError(err).Error("panic in runTaskWithRecover") } }() - // verify owner and repo - fmt.Println("正在匹配仓库...", task.Context.Fields["repository"].GetStringValue(), p.cfg.Runner.AllowedRepos) - if matchAllowedRepo(task.Context.Fields["repository"].GetStringValue(), p.cfg.Runner.AllowedRepos) { - log.WithError(errors.New("allowed repos not match")).Error("allowed repos not match") - return - } if err := p.runner.Run(ctx, task); err != nil { log.WithError(err).Error("failed to run task") @@ -194,31 +187,3 @@ func (p *Poller) fetchTask(ctx context.Context) (*runnerv1.Task, bool) { return resp.Msg.Task, true } - -func matchAllowedRepo(targetRepo string, allowedRepos []string) bool { - if len(allowedRepos) == 0 { - return true - } - - parts := strings.Split(targetRepo, "/") - if len(parts) != 2 { - log.Errorf("Invalid repository format: %s", targetRepo) - return false - } - - targetOwner, targetRepoName := parts[0], parts[1] - - for _, allowedRepo := range allowedRepos { - parts := strings.Split(allowedRepo, "/") - if len(parts) != 2 { - log.Warnf("Invalid allowed repository format: %s", allowedRepo) - continue - } - allowedOwner, allowedRepoName := parts[0], parts[1] - if (allowedOwner == "*" || allowedOwner == targetOwner) && - (allowedRepoName == "*" || allowedRepoName == targetRepoName) { - return true - } - } - return false -} diff --git a/internal/app/run/runner.go b/internal/app/run/runner.go index 710bb47..1bbbd56 100644 --- a/internal/app/run/runner.go +++ b/internal/app/run/runner.go @@ -6,6 +6,7 @@ package run import ( "context" "encoding/json" + "errors" "fmt" "path/filepath" "strings" @@ -120,6 +121,14 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report. } }() + // verify owner and repo + if !matchAllowedRepo(task.Context.Fields["repository"].GetStringValue(), r.cfg.Runner.AllowedRepos) { + // not matched + log.Warnf("Repository %s not in allowed_repos to run workflows, please replace with other labels", task.Context.Fields["repository"].GetStringValue()) + reporter.Logf("Repository %s not in allowed_repos to run workflows, please replace with other labels", task.Context.Fields["repository"].GetStringValue()) + return errors.New("repository not in allowed_repos") + } + reporter.Logf("%s(version:%s) received task %v of job %v, be triggered by event: %s", r.name, ver.Version(), task.Id, task.Context.Fields["job"].GetStringValue(), task.Context.Fields["event_name"].GetStringValue()) workflow, jobID, err := generateWorkflow(task) @@ -238,3 +247,30 @@ func (r *Runner) Declare(ctx context.Context, labels []string) (*connect.Respons Labels: labels, })) } + +func matchAllowedRepo(targetRepo string, allowedRepos []string) bool { + if len(allowedRepos) == 0 { + return true + } + + parts := strings.Split(targetRepo, "/") + if len(parts) != 2 { + log.Errorf("Invalid repository format: %s", targetRepo) + return false + } + targetOwner, targetRepoName := parts[0], parts[1] + + for _, allowedRepo := range allowedRepos { + parts := strings.Split(allowedRepo, "/") + if len(parts) != 2 { + log.Warnf("Invalid allowed repository format: %s", allowedRepo) + continue + } + allowedOwner, allowedRepoName := parts[0], parts[1] + if (allowedOwner == "*" || allowedOwner == targetOwner) && + (allowedRepoName == "*" || allowedRepoName == targetRepoName) { + return true + } + } + return false +} diff --git a/main b/main new file mode 100755 index 0000000..acaaafc Binary files /dev/null and b/main differ