重构仓库匹配逻辑，移除不必要的代码并添加验证功能

2025-04-13 22:40:03 +08:00 · 2025-04-13 22:40:03 +08:00 · eceef92735
commit eceef92735
parent 227eb3db0e
3 changed files with 36 additions and 35 deletions
--- a/internal/app/poll/poller.go
+++ b/internal/app/poll/poller.go
@ -7,7 +7,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"strings"
 	"sync"
 	"sync/atomic"

@ -148,12 +147,6 @@ func (p *Poller) runTaskWithRecover(ctx context.Context, task *runnerv1.Task) {
 			log.WithError(err).Error("panic in runTaskWithRecover")
 		}
 	}()
-	// verify owner and repo
-	fmt.Println("正在匹配仓库...", task.Context.Fields["repository"].GetStringValue(), p.cfg.Runner.AllowedRepos)
-	if matchAllowedRepo(task.Context.Fields["repository"].GetStringValue(), p.cfg.Runner.AllowedRepos) {
-		log.WithError(errors.New("allowed repos not match")).Error("allowed repos not match")
-		return
-	}

 	if err := p.runner.Run(ctx, task); err != nil {
 		log.WithError(err).Error("failed to run task")
@ -194,31 +187,3 @@ func (p *Poller) fetchTask(ctx context.Context) (*runnerv1.Task, bool) {

 	return resp.Msg.Task, true
 }
-
-func matchAllowedRepo(targetRepo string, allowedRepos []string) bool {
-	if len(allowedRepos) == 0 {
-		return true
-	}
-
-	parts := strings.Split(targetRepo, "/")
-	if len(parts) != 2 {
-		log.Errorf("Invalid repository format: %s", targetRepo)
-		return false
-	}
-
-	targetOwner, targetRepoName := parts[0], parts[1]
-
-	for _, allowedRepo := range allowedRepos {
-		parts := strings.Split(allowedRepo, "/")
-		if len(parts) != 2 {
-			log.Warnf("Invalid allowed repository format: %s", allowedRepo)
-			continue
-		}
-		allowedOwner, allowedRepoName := parts[0], parts[1]
-		if (allowedOwner == "*" || allowedOwner == targetOwner) &&
-			(allowedRepoName == "*" || allowedRepoName == targetRepoName) {
-			return true
-		}
-	}
-	return false
-}
--- a/internal/app/run/runner.go
+++ b/internal/app/run/runner.go
@ -6,6 +6,7 @@ package run
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"path/filepath"
 	"strings"
@ -120,6 +121,14 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 		}
 	}()

+	// verify owner and repo
+	if !matchAllowedRepo(task.Context.Fields["repository"].GetStringValue(), r.cfg.Runner.AllowedRepos) {
+		// not matched
+		log.Warnf("Repository %s not in allowed_repos to run workflows, please replace with other labels", task.Context.Fields["repository"].GetStringValue())
+		reporter.Logf("Repository %s not in allowed_repos to run workflows, please replace with other labels", task.Context.Fields["repository"].GetStringValue())
+		return errors.New("repository not in allowed_repos")
+	}
+
 	reporter.Logf("%s(version:%s) received task %v of job %v, be triggered by event: %s", r.name, ver.Version(), task.Id, task.Context.Fields["job"].GetStringValue(), task.Context.Fields["event_name"].GetStringValue())

 	workflow, jobID, err := generateWorkflow(task)
@ -238,3 +247,30 @@ func (r *Runner) Declare(ctx context.Context, labels []string) (*connect.Respons
 		Labels:  labels,
 	}))
 }
+
+func matchAllowedRepo(targetRepo string, allowedRepos []string) bool {
+	if len(allowedRepos) == 0 {
+		return true
+	}
+
+	parts := strings.Split(targetRepo, "/")
+	if len(parts) != 2 {
+		log.Errorf("Invalid repository format: %s", targetRepo)
+		return false
+	}
+	targetOwner, targetRepoName := parts[0], parts[1]
+
+	for _, allowedRepo := range allowedRepos {
+		parts := strings.Split(allowedRepo, "/")
+		if len(parts) != 2 {
+			log.Warnf("Invalid allowed repository format: %s", allowedRepo)
+			continue
+		}
+		allowedOwner, allowedRepoName := parts[0], parts[1]
+		if (allowedOwner == "*" || allowedOwner == targetOwner) &&
+			(allowedRepoName == "*" || allowedRepoName == targetRepoName) {
+			return true
+		}
+	}
+	return false
+}
--- a/BIN
+++ b/BIN