From 4d18b22a23fa7ace6dc01849b912a9ffd09b8d2c Mon Sep 17 00:00:00 2001 From: Dave Walter Date: Thu, 21 Nov 2024 11:33:53 -0800 Subject: [PATCH] Fix a bug in the GitHub release source GetGithubReleaseWithTag will now return ErrNotFound if the repository owner from the GitHubRepository value in the Kilnfile release entry does not match the configured Org. --- internal/commands/update_release.go | 1 - internal/component/github_release_source.go | 5 ++ .../component/github_release_source_test.go | 50 ++++++++++++++++++- 3 files changed, 53 insertions(+), 3 deletions(-) diff --git a/internal/commands/update_release.go b/internal/commands/update_release.go index d17a8445..ef7f1593 100644 --- a/internal/commands/update_release.go +++ b/internal/commands/update_release.go @@ -89,7 +89,6 @@ func (u UpdateRelease) Execute(args []string) error { newSHA1 = remoteRelease.SHA1 newSourceID = remoteRelease.RemoteSource newRemotePath = remoteRelease.RemotePath - } else { remoteRelease, err = releaseSource.GetMatchedRelease(cargo.BOSHReleaseTarballSpecification{ Name: u.Options.Name, diff --git a/internal/component/github_release_source.go b/internal/component/github_release_source.go index 564d4409..e95ec1bb 100644 --- a/internal/component/github_release_source.go +++ b/internal/component/github_release_source.go @@ -109,6 +109,11 @@ func (grs *GithubReleaseSource) GetGithubReleaseWithTag(ctx context.Context, s c return nil, ErrNotFound } + if repoOwner != grs.Org { + grs.Logger.Printf("GitHubRepository owner %q does not match configured Org %q, skipping...", repoOwner, grs.Org) + return nil, ErrNotFound + } + release, response, err := grs.GetReleaseByTag(ctx, repoOwner, repoName, "v"+s.Version) if err == nil { err = checkStatus(http.StatusOK, response.StatusCode) diff --git a/internal/component/github_release_source_test.go b/internal/component/github_release_source_test.go index 2500403e..5e950d18 100644 --- a/internal/component/github_release_source_test.go +++ b/internal/component/github_release_source_test.go @@ -318,8 +318,54 @@ func TestGithubReleaseSource_GetMatchedRelease(t *testing.T) { }) } -func TestGetGithubReleaseWithTag(t *testing.T) { - t.Run("when get release with tag api request fails", func(t *testing.T) { +func TestGithubReleaseSource_GetGithubReleaseWithTag(t *testing.T) { + t.Run("when RepositoryOwnerAndNameFromPath fails", func(t *testing.T) { + damnIt := NewWithT(t) + + ctx := context.TODO() + + grsMock := &component.GithubReleaseSource{ + Logger: log.New(GinkgoWriter, "[test] ", log.Default().Flags()), + ReleaseSourceConfig: cargo.ReleaseSourceConfig{ + Type: component.ReleaseSourceTypeGithub, + Org: "cloudfoundry", + GithubToken: "fake-token", + }, + } + s := cargo.BOSHReleaseTarballSpecification{ + Name: "routing", + Version: "0.226.0", + GitHubRepository: "invalid-uri", + } + + _, err := grsMock.GetGithubReleaseWithTag(ctx, s) + damnIt.Expect(err).To(MatchError(component.ErrNotFound)) + }) + + t.Run("when the GitHubRepository owner does not match the configured Org", func(t *testing.T) { + damnIt := NewWithT(t) + + ctx := context.TODO() + + grsMock := &component.GithubReleaseSource{ + Logger: log.New(GinkgoWriter, "[test] ", log.Default().Flags()), + ReleaseSourceConfig: cargo.ReleaseSourceConfig{ + Type: component.ReleaseSourceTypeGithub, + Org: "cloudnotfoundry", + GithubToken: "fake-token", + }, + } + s := cargo.BOSHReleaseTarballSpecification{ + Name: "routing", + Version: "0.226.0", + GitHubRepository: "https://github.com/cloudfoundry/routing-release", + } + + _, err := grsMock.GetGithubReleaseWithTag(ctx, s) + damnIt.Expect(err).To(MatchError(component.ErrNotFound)) + }) + + t.Run("when GetReleaseByTag fails", func(t *testing.T) { damnIt := NewWithT(t) releaseGetter := new(fakes.ReleaseByTagGetter)