Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
const formatCheckoutUrl = (checkoutUrl) => {
let result = checkoutUrl;
const MATCH_COMPONENT_BRANCH_NAME = 4;
const matched = (schema.config.regex.CHECKOUT_URL).exec(result);
let branchName = matched[MATCH_COMPONENT_BRANCH_NAME];
// Check if branch name exists
if (!branchName) {
branchName = '#master';
}
// Do not convert branch name to lowercase
result = result.split('#')[0].toLowerCase().concat(branchName);
return result;
};
payload.creator = creator;
}
// Trigger "~pr" needs to have PR number given
// Note: To kick start builds for all jobs under a PR,
// you need both the prNum and the trigger "~pr" as startFrom
if (startFrom.match(validationSchema.config.regex.PR_TRIGGER) && !prNum) {
throw boom.badRequest('Trigger "~pr" must be accompanied by a PR number');
}
if (!prNum) {
// If PR number isn't given, induce it from "startFrom"
// Match PR-prNum, then extract prNum
// e.g. if startFrom is "PR-1:main", prNumFullName will be "PR-1"; prNum will be "1"
const prNumFullName = startFrom.match(
validationSchema.config.regex.PR_JOB_NAME
);
prNum = prNumFullName ? prNumFullName[1].split('-')[1] : null;
}
// Fetch the job and user models
return Promise.all([
pipelineFactory.get(pipelineId),
userFactory.get({ username, scmContext })
]).then(([pipeline, user]) => {
// In pipeline scope, check if the token is allowed to the pipeline
if (!isValidToken(pipeline.id, request.auth.credentials)) {
throw boom.unauthorized('Token does not have permission to this pipeline');
}
let scmConfig;
if (meta) {
payload.meta = meta;
}
if (causeMessage) {
payload.causeMessage = causeMessage;
}
if (creator) {
payload.creator = creator;
}
// Trigger "~pr" needs to have PR number given
// Note: To kick start builds for all jobs under a PR,
// you need both the prNum and the trigger "~pr" as startFrom
if (startFrom.match(validationSchema.config.regex.PR_TRIGGER) && !prNum) {
throw boom.badRequest('Trigger "~pr" must be accompanied by a PR number');
}
if (!prNum) {
// If PR number isn't given, induce it from "startFrom"
// Match PR-prNum, then extract prNum
// e.g. if startFrom is "PR-1:main", prNumFullName will be "PR-1"; prNum will be "1"
const prNumFullName = startFrom.match(
validationSchema.config.regex.PR_JOB_NAME
);
prNum = prNumFullName ? prNumFullName[1].split('-')[1] : null;
}
// Fetch the job and user models
return Promise.all([
/* eslint no-underscore-dangle: ["error", { "allow": ["_data", "_shot"] }] */
'use strict';
const boom = require('boom');
const schema = require('screwdriver-data-schema');
const validator = require('screwdriver-command-validator');
const hoek = require('hoek');
const urlLib = require('url');
const req = require('request');
const VERSION_REGEX = schema.config.regex.VERSION;
const DEFAULT_BYTES = 1024 * 1024 * 1024; // 1GB
/**
* Publish file to the store
* @method publishFileToStore
* @param {CommandFactory} commandFactory commandFactory
* @param {Object} config Command config
* @param {Uint8Array} file File published to the store
* @param {String} storeUrl URL to the store
* @param {String} authToken Bearer Token to be passed to the store
* @return {Promise}
*/
function publishFileToStore(commandFactory, config, file, storeUrl, authToken) {
const [, major, minor] = VERSION_REGEX.exec(config.version);
const searchVersion = minor ? `${major}${minor}` : major;
let publishVersion;
'use strict';
const boom = require('boom');
const joi = require('joi');
const schema = require('screwdriver-data-schema');
const baseSchema = schema.models.commandTag.base;
const urlLib = require('url');
const VERSION_REGEX = schema.config.regex.VERSION;
const exactVersionSchema = joi.reach(schema.models.commandTag.base, 'version');
const tagSchema = joi.reach(schema.models.commandTag.base, 'tag');
/* Currently, only build scope is allowed to tag command due to security reasons.
* The same pipeline that publishes the command has the permission to tag it.
*/
module.exports = () => ({
method: 'PUT',
path: '/commands/{namespace}/{name}/tags/{tagName}',
config: {
description: 'Add or update a command tag',
notes: 'Add or update a specific command',
tags: ['api', 'commands'],
auth: {
strategies: ['token'],
scope: ['build', '!guest']
'use strict';
const boom = require('boom');
const hoek = require('hoek');
const joi = require('joi');
const schema = require('screwdriver-data-schema');
const { EXTERNAL_TRIGGER } = schema.config.regex;
const idSchema = joi.reach(schema.models.job.base, 'id');
module.exports = config => ({
method: 'PUT',
path: '/builds/{id}',
config: {
description: 'Update a build',
notes: 'Update a specific build',
tags: ['api', 'builds'],
auth: {
strategies: ['token'],
scope: ['build', 'user', '!guest', 'temporal']
},
plugins: {
'hapi-swagger': {
security: [{ token: [] }]
'use strict';
const boom = require('boom');
const joi = require('joi');
const workflowParser = require('screwdriver-workflow-parser');
const schema = require('screwdriver-data-schema');
const logger = require('screwdriver-logger');
const ANNOT_NS = 'screwdriver.cd';
const ANNOT_CHAIN_PR = `${ANNOT_NS}/chainPR`;
const ANNOT_RESTRICT_PR = `${ANNOT_NS}/restrictPR`;
const EXTRA_TRIGGERS = schema.config.regex.EXTRA_TRIGGER;
const CHECKOUT_URL_SCHEMA = schema.config.regex.CHECKOUT_URL;
const CHECKOUT_URL_SCHEMA_REGEXP = new RegExp(CHECKOUT_URL_SCHEMA);
const DEFAULT_MAX_BYTES = 1048576;
/**
* Determine "startFrom" with type, action and branches
* @param {String} action SCM webhook action type
* @param {String} type Triggered SCM event type ('pr' or 'repo')
* @param {String} targetBranch The branch against which commit is pushed
* @param {String} pipelineBranch The pipeline branch
* @returns {String} startFrom
*/
function determineStartFrom(action, type, targetBranch, pipelineBranch) {
let startFrom;
if (type && type === 'pr') {
'use strict';
const boom = require('boom');
const joi = require('joi');
const schema = require('screwdriver-data-schema');
const { EXTERNAL_TRIGGER, JOB_NAME } = schema.config.regex;
const pipelineIdSchema = joi.reach(schema.models.pipeline.base, 'id');
const destSchema = joi.string().regex(EXTERNAL_TRIGGER).max(64);
const triggerListSchema = joi.array().items(joi.object({
jobName: JOB_NAME,
triggers: joi.array().items(destSchema)
})).label('List of triggers');
module.exports = () => ({
method: 'GET',
path: '/pipelines/{id}/triggers',
config: {
description: 'Get all jobs for a given pipeline',
notes: 'Returns all jobs for a given pipeline',
tags: ['api', 'pipelines', 'jobs'],
auth: {
strategies: ['token'],
'use strict';
const boom = require('boom');
const joi = require('joi');
const workflowParser = require('screwdriver-workflow-parser');
const schema = require('screwdriver-data-schema');
const logger = require('screwdriver-logger');
const ANNOT_NS = 'screwdriver.cd';
const ANNOT_CHAIN_PR = `${ANNOT_NS}/chainPR`;
const ANNOT_RESTRICT_PR = `${ANNOT_NS}/restrictPR`;
const EXTRA_TRIGGERS = schema.config.regex.EXTRA_TRIGGER;
const CHECKOUT_URL_SCHEMA = schema.config.regex.CHECKOUT_URL;
const CHECKOUT_URL_SCHEMA_REGEXP = new RegExp(CHECKOUT_URL_SCHEMA);
const DEFAULT_MAX_BYTES = 1048576;
/**
* Determine "startFrom" with type, action and branches
* @param {String} action SCM webhook action type
* @param {String} type Triggered SCM event type ('pr' or 'repo')
* @param {String} targetBranch The branch against which commit is pushed
* @param {String} pipelineBranch The pipeline branch
* @returns {String} startFrom
*/
function determineStartFrom(action, type, targetBranch, pipelineBranch) {
let startFrom;
if (type && type === 'pr') {
startFrom = '~pr';