mirror of
https://github.com/go-gitea/gitea.git
synced 2026-03-17 14:24:07 +00:00
b3b2d111da
This PR adds per-runner disable/enable support for Gitea Actions so a registered runner can be paused from picking up new jobs without unregistering. Disabled runners stay registered and online but are excluded from new task assignment; running tasks are allowed to finish. Re-enabling restores pickup, and runner list/get responses now expose disabled state. Also added an endpoint for testing http://localhost:3000/devtest/runner-edit/enable <img width="1509" height="701" alt="Bildschirmfoto 2026-02-27 um 22 13 24" src="https://github.com/user-attachments/assets/5328eda9-e59c-46b6-b398-f436e50ee3da" /> Fixes: https://github.com/go-gitea/gitea/issues/36767
448 lines
20 KiB
Go
448 lines
20 KiB
Go
// Copyright 2025 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package integration
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"slices"
|
|
"testing"
|
|
|
|
auth_model "code.gitea.io/gitea/models/auth"
|
|
api "code.gitea.io/gitea/modules/structs"
|
|
"code.gitea.io/gitea/tests"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestAPIActionsRunner(t *testing.T) {
|
|
t.Run("AdminRunner", testActionsRunnerAdmin)
|
|
t.Run("UserRunner", testActionsRunnerUser)
|
|
t.Run("OwnerRunner", testActionsRunnerOwner)
|
|
t.Run("RepoRunner", testActionsRunnerRepo)
|
|
}
|
|
|
|
func newRunnerUpdateRequest(t *testing.T, url string, disabled bool) *RequestWrapper {
|
|
return NewRequestWithJSON(t, http.MethodPatch, url, api.EditActionRunnerOption{
|
|
Disabled: &disabled,
|
|
})
|
|
}
|
|
|
|
func testActionsRunnerAdmin(t *testing.T) {
|
|
defer tests.PrepareTestEnv(t)()
|
|
adminUsername := "user1"
|
|
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
|
|
req := NewRequest(t, "POST", "/api/v1/admin/actions/runners/registration-token").AddTokenAuth(token)
|
|
tokenResp := MakeRequest(t, req, http.StatusOK)
|
|
var registrationToken struct {
|
|
Token string `json:"token"`
|
|
}
|
|
DecodeJSON(t, tokenResp, ®istrationToken)
|
|
assert.NotEmpty(t, registrationToken.Token)
|
|
|
|
req = NewRequest(t, "GET", "/api/v1/admin/actions/runners").AddTokenAuth(token)
|
|
runnerListResp := MakeRequest(t, req, http.StatusOK)
|
|
runnerList := api.ActionRunnersResponse{}
|
|
DecodeJSON(t, runnerListResp, &runnerList)
|
|
|
|
idx := slices.IndexFunc(runnerList.Entries, func(e *api.ActionRunner) bool { return e.ID == 34349 })
|
|
require.NotEqual(t, -1, idx)
|
|
expectedRunner := runnerList.Entries[idx]
|
|
assert.Equal(t, "runner_to_be_deleted", expectedRunner.Name)
|
|
assert.False(t, expectedRunner.Disabled)
|
|
assert.False(t, expectedRunner.Ephemeral)
|
|
assert.Len(t, expectedRunner.Labels, 2)
|
|
assert.Equal(t, "runner_to_be_deleted", expectedRunner.Labels[0].Name)
|
|
assert.Equal(t, "linux", expectedRunner.Labels[1].Name)
|
|
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/admin/actions/runners/%d", expectedRunner.ID), true).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/admin/actions/runners/%d", expectedRunner.ID), true).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/admin/actions/runners/%d", expectedRunner.ID)).AddTokenAuth(token)
|
|
runnerResp := MakeRequest(t, req, http.StatusOK)
|
|
disabledRunner := api.ActionRunner{}
|
|
DecodeJSON(t, runnerResp, &disabledRunner)
|
|
assert.True(t, disabledRunner.Disabled)
|
|
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/admin/actions/runners/%d", expectedRunner.ID), false).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/admin/actions/runners/%d", expectedRunner.ID), false).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
|
|
// Verify all returned runners can be requested and deleted
|
|
for _, runnerEntry := range runnerList.Entries {
|
|
// Verify get the runner by id
|
|
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/admin/actions/runners/%d", runnerEntry.ID)).AddTokenAuth(token)
|
|
runnerResp = MakeRequest(t, req, http.StatusOK)
|
|
|
|
runner := api.ActionRunner{}
|
|
DecodeJSON(t, runnerResp, &runner)
|
|
|
|
assert.Equal(t, runnerEntry.Name, runner.Name)
|
|
assert.Equal(t, runnerEntry.ID, runner.ID)
|
|
assert.Equal(t, runnerEntry.Disabled, runner.Disabled)
|
|
assert.Equal(t, runnerEntry.Ephemeral, runner.Ephemeral)
|
|
assert.ElementsMatch(t, runnerEntry.Labels, runner.Labels)
|
|
|
|
req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/admin/actions/runners/%d", runnerEntry.ID)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNoContent)
|
|
|
|
// Verify runner deletion
|
|
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/admin/actions/runners/%d", runnerEntry.ID)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNotFound)
|
|
}
|
|
}
|
|
|
|
func testActionsRunnerUser(t *testing.T) {
|
|
defer tests.PrepareTestEnv(t)()
|
|
userUsername := "user1"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeWriteUser)
|
|
req := NewRequest(t, "POST", "/api/v1/user/actions/runners/registration-token").AddTokenAuth(token)
|
|
tokenResp := MakeRequest(t, req, http.StatusOK)
|
|
var registrationToken struct {
|
|
Token string `json:"token"`
|
|
}
|
|
DecodeJSON(t, tokenResp, ®istrationToken)
|
|
assert.NotEmpty(t, registrationToken.Token)
|
|
|
|
req = NewRequest(t, "GET", "/api/v1/user/actions/runners").AddTokenAuth(token)
|
|
runnerListResp := MakeRequest(t, req, http.StatusOK)
|
|
runnerList := api.ActionRunnersResponse{}
|
|
DecodeJSON(t, runnerListResp, &runnerList)
|
|
|
|
assert.Len(t, runnerList.Entries, 1)
|
|
assert.Equal(t, "runner_to_be_deleted-user", runnerList.Entries[0].Name)
|
|
assert.Equal(t, int64(34346), runnerList.Entries[0].ID)
|
|
assert.False(t, runnerList.Entries[0].Disabled)
|
|
assert.False(t, runnerList.Entries[0].Ephemeral)
|
|
assert.Len(t, runnerList.Entries[0].Labels, 2)
|
|
assert.Equal(t, "runner_to_be_deleted", runnerList.Entries[0].Labels[0].Name)
|
|
assert.Equal(t, "linux", runnerList.Entries[0].Labels[1].Name)
|
|
|
|
// Verify get the runner by id
|
|
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/user/actions/runners/%d", runnerList.Entries[0].ID)).AddTokenAuth(token)
|
|
runnerResp := MakeRequest(t, req, http.StatusOK)
|
|
|
|
runner := api.ActionRunner{}
|
|
DecodeJSON(t, runnerResp, &runner)
|
|
|
|
assert.Equal(t, "runner_to_be_deleted-user", runner.Name)
|
|
assert.Equal(t, int64(34346), runner.ID)
|
|
assert.False(t, runner.Disabled)
|
|
assert.False(t, runner.Ephemeral)
|
|
assert.Len(t, runner.Labels, 2)
|
|
assert.Equal(t, "runner_to_be_deleted", runner.Labels[0].Name)
|
|
assert.Equal(t, "linux", runner.Labels[1].Name)
|
|
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/user/actions/runners/%d", runnerList.Entries[0].ID), true).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/user/actions/runners/%d", runnerList.Entries[0].ID), true).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/user/actions/runners/%d", runnerList.Entries[0].ID)).AddTokenAuth(token)
|
|
runnerResp = MakeRequest(t, req, http.StatusOK)
|
|
DecodeJSON(t, runnerResp, &runner)
|
|
assert.True(t, runner.Disabled)
|
|
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/user/actions/runners/%d", runnerList.Entries[0].ID), false).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/user/actions/runners/%d", runnerList.Entries[0].ID), false).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
|
|
// Verify delete the runner by id
|
|
req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/user/actions/runners/%d", runnerList.Entries[0].ID)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNoContent)
|
|
|
|
// Verify runner deletion
|
|
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/user/actions/runners/%d", runnerList.Entries[0].ID)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNotFound)
|
|
}
|
|
|
|
func testActionsRunnerOwner(t *testing.T) {
|
|
defer tests.PrepareTestEnv(t)()
|
|
|
|
t.Run("GetRunner", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadOrganization)
|
|
// Verify get the runner by id with read scope
|
|
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", 34347)).AddTokenAuth(token)
|
|
runnerResp := MakeRequest(t, req, http.StatusOK)
|
|
|
|
runner := api.ActionRunner{}
|
|
DecodeJSON(t, runnerResp, &runner)
|
|
|
|
assert.Equal(t, "runner_to_be_deleted-org", runner.Name)
|
|
assert.Equal(t, int64(34347), runner.ID)
|
|
assert.False(t, runner.Disabled)
|
|
assert.False(t, runner.Ephemeral)
|
|
assert.Len(t, runner.Labels, 2)
|
|
assert.Equal(t, "runner_to_be_deleted", runner.Labels[0].Name)
|
|
assert.Equal(t, "linux", runner.Labels[1].Name)
|
|
})
|
|
|
|
t.Run("Access", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeWriteOrganization)
|
|
req := NewRequest(t, "POST", "/api/v1/orgs/org3/actions/runners/registration-token").AddTokenAuth(token)
|
|
tokenResp := MakeRequest(t, req, http.StatusOK)
|
|
var registrationToken struct {
|
|
Token string `json:"token"`
|
|
}
|
|
DecodeJSON(t, tokenResp, ®istrationToken)
|
|
assert.NotEmpty(t, registrationToken.Token)
|
|
|
|
req = NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners").AddTokenAuth(token)
|
|
runnerListResp := MakeRequest(t, req, http.StatusOK)
|
|
runnerList := api.ActionRunnersResponse{}
|
|
DecodeJSON(t, runnerListResp, &runnerList)
|
|
|
|
idx := slices.IndexFunc(runnerList.Entries, func(e *api.ActionRunner) bool { return e.ID == 34347 })
|
|
require.NotEqual(t, -1, idx)
|
|
expectedRunner := runnerList.Entries[idx]
|
|
|
|
require.NotNil(t, expectedRunner)
|
|
assert.Equal(t, "runner_to_be_deleted-org", expectedRunner.Name)
|
|
assert.Equal(t, int64(34347), expectedRunner.ID)
|
|
assert.False(t, expectedRunner.Disabled)
|
|
assert.False(t, expectedRunner.Ephemeral)
|
|
assert.Len(t, expectedRunner.Labels, 2)
|
|
assert.Equal(t, "runner_to_be_deleted", expectedRunner.Labels[0].Name)
|
|
assert.Equal(t, "linux", expectedRunner.Labels[1].Name)
|
|
|
|
// Verify get the runner by id
|
|
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", expectedRunner.ID)).AddTokenAuth(token)
|
|
runnerResp := MakeRequest(t, req, http.StatusOK)
|
|
|
|
runner := api.ActionRunner{}
|
|
DecodeJSON(t, runnerResp, &runner)
|
|
|
|
assert.Equal(t, "runner_to_be_deleted-org", runner.Name)
|
|
assert.Equal(t, int64(34347), runner.ID)
|
|
assert.False(t, runner.Disabled)
|
|
assert.False(t, runner.Ephemeral)
|
|
assert.Len(t, runner.Labels, 2)
|
|
assert.Equal(t, "runner_to_be_deleted", runner.Labels[0].Name)
|
|
assert.Equal(t, "linux", runner.Labels[1].Name)
|
|
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", expectedRunner.ID), true).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", expectedRunner.ID), true).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", expectedRunner.ID)).AddTokenAuth(token)
|
|
runnerResp = MakeRequest(t, req, http.StatusOK)
|
|
DecodeJSON(t, runnerResp, &runner)
|
|
assert.True(t, runner.Disabled)
|
|
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", expectedRunner.ID), false).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", expectedRunner.ID), false).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
|
|
// Verify delete the runner by id
|
|
req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", expectedRunner.ID)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNoContent)
|
|
|
|
// Verify runner deletion
|
|
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", expectedRunner.ID)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNotFound)
|
|
})
|
|
|
|
t.Run("DeleteReadScopeForbidden", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadOrganization)
|
|
|
|
// Verify delete the runner by id is forbidden with read scope
|
|
req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", 34347)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusForbidden)
|
|
})
|
|
|
|
t.Run("DisableReadScopeForbidden", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadOrganization)
|
|
|
|
req := newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", 34347), true).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusForbidden)
|
|
})
|
|
|
|
t.Run("UpdateReadScopeForbidden", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadOrganization)
|
|
|
|
req := newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", 34347), false).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusForbidden)
|
|
})
|
|
|
|
t.Run("GetRepoScopeForbidden", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadRepository)
|
|
// Verify get the runner by id with read scope
|
|
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", 34347)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusForbidden)
|
|
})
|
|
|
|
t.Run("GetAdminRunner", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadOrganization)
|
|
// Verify get a runner by id of different entity is not found
|
|
// runner.EditableInContext(ownerID, repoID) false
|
|
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", 34349)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNotFound)
|
|
})
|
|
|
|
t.Run("DeleteAdminRunner", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeWriteOrganization)
|
|
// Verify delete a runner by id of different entity is not found
|
|
// runner.EditableInContext(ownerID, repoID) false
|
|
req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/orgs/org3/actions/runners/%d", 34349)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNotFound)
|
|
})
|
|
}
|
|
|
|
func testActionsRunnerRepo(t *testing.T) {
|
|
defer tests.PrepareTestEnv(t)()
|
|
|
|
t.Run("GetRunner", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadRepository)
|
|
// Verify get the runner by id with read scope
|
|
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 34348)).AddTokenAuth(token)
|
|
runnerResp := MakeRequest(t, req, http.StatusOK)
|
|
|
|
runner := api.ActionRunner{}
|
|
DecodeJSON(t, runnerResp, &runner)
|
|
|
|
assert.Equal(t, "runner_to_be_deleted-repo1", runner.Name)
|
|
assert.Equal(t, int64(34348), runner.ID)
|
|
assert.False(t, runner.Disabled)
|
|
assert.False(t, runner.Ephemeral)
|
|
assert.Len(t, runner.Labels, 2)
|
|
assert.Equal(t, "runner_to_be_deleted", runner.Labels[0].Name)
|
|
assert.Equal(t, "linux", runner.Labels[1].Name)
|
|
})
|
|
|
|
t.Run("Access", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeWriteRepository)
|
|
req := NewRequest(t, "POST", "/api/v1/repos/user2/repo1/actions/runners/registration-token").AddTokenAuth(token)
|
|
tokenResp := MakeRequest(t, req, http.StatusOK)
|
|
var registrationToken struct {
|
|
Token string `json:"token"`
|
|
}
|
|
DecodeJSON(t, tokenResp, ®istrationToken)
|
|
assert.NotEmpty(t, registrationToken.Token)
|
|
|
|
req = NewRequest(t, "GET", "/api/v1/repos/user2/repo1/actions/runners").AddTokenAuth(token)
|
|
runnerListResp := MakeRequest(t, req, http.StatusOK)
|
|
runnerList := api.ActionRunnersResponse{}
|
|
DecodeJSON(t, runnerListResp, &runnerList)
|
|
|
|
assert.Len(t, runnerList.Entries, 1)
|
|
assert.Equal(t, "runner_to_be_deleted-repo1", runnerList.Entries[0].Name)
|
|
assert.Equal(t, int64(34348), runnerList.Entries[0].ID)
|
|
assert.False(t, runnerList.Entries[0].Disabled)
|
|
assert.False(t, runnerList.Entries[0].Ephemeral)
|
|
assert.Len(t, runnerList.Entries[0].Labels, 2)
|
|
assert.Equal(t, "runner_to_be_deleted", runnerList.Entries[0].Labels[0].Name)
|
|
assert.Equal(t, "linux", runnerList.Entries[0].Labels[1].Name)
|
|
|
|
// Verify get the runner by id
|
|
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", runnerList.Entries[0].ID)).AddTokenAuth(token)
|
|
runnerResp := MakeRequest(t, req, http.StatusOK)
|
|
|
|
runner := api.ActionRunner{}
|
|
DecodeJSON(t, runnerResp, &runner)
|
|
|
|
assert.Equal(t, "runner_to_be_deleted-repo1", runner.Name)
|
|
assert.Equal(t, int64(34348), runner.ID)
|
|
assert.False(t, runner.Disabled)
|
|
assert.False(t, runner.Ephemeral)
|
|
assert.Len(t, runner.Labels, 2)
|
|
assert.Equal(t, "runner_to_be_deleted", runner.Labels[0].Name)
|
|
assert.Equal(t, "linux", runner.Labels[1].Name)
|
|
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", runnerList.Entries[0].ID), true).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", runnerList.Entries[0].ID), true).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", runnerList.Entries[0].ID)).AddTokenAuth(token)
|
|
runnerResp = MakeRequest(t, req, http.StatusOK)
|
|
DecodeJSON(t, runnerResp, &runner)
|
|
assert.True(t, runner.Disabled)
|
|
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", runnerList.Entries[0].ID), false).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
req = newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", runnerList.Entries[0].ID), false).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
|
|
// Verify delete the runner by id
|
|
req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", runnerList.Entries[0].ID)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNoContent)
|
|
|
|
// Verify runner deletion
|
|
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", runnerList.Entries[0].ID)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNotFound)
|
|
})
|
|
|
|
t.Run("DeleteReadScopeForbidden", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadRepository)
|
|
|
|
// Verify delete the runner by id is forbidden with read scope
|
|
req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 34348)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusForbidden)
|
|
})
|
|
|
|
t.Run("DisableReadScopeForbidden", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadRepository)
|
|
|
|
req := newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 34348), true).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusForbidden)
|
|
})
|
|
|
|
t.Run("UpdateReadScopeForbidden", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadRepository)
|
|
|
|
req := newRunnerUpdateRequest(t, fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 34348), false).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusForbidden)
|
|
})
|
|
|
|
t.Run("GetOrganizationScopeForbidden", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadOrganization)
|
|
// Verify get the runner by id with read scope
|
|
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 34348)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusForbidden)
|
|
})
|
|
|
|
t.Run("GetAdminRunnerNotFound", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeReadRepository)
|
|
// Verify get a runner by id of different entity is not found
|
|
// runner.EditableInContext(ownerID, repoID) false
|
|
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 34349)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNotFound)
|
|
})
|
|
|
|
t.Run("DeleteAdminRunnerNotFound", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeWriteRepository)
|
|
// Verify delete a runner by id of different entity is not found
|
|
// runner.EditableInContext(ownerID, repoID) false
|
|
req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 34349)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNotFound)
|
|
})
|
|
|
|
t.Run("DeleteAdminRunnerNotFoundUnknownID", func(t *testing.T) {
|
|
userUsername := "user2"
|
|
token := getUserToken(t, userUsername, auth_model.AccessTokenScopeWriteRepository)
|
|
// Verify delete a runner by unknown id is not found
|
|
req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/user2/repo1/actions/runners/%d", 4384797347934)).AddTokenAuth(token)
|
|
MakeRequest(t, req, http.StatusNotFound)
|
|
})
|
|
}
|