Add support for GitOps commands on pushed commits in GitLab

This adds support of GitOps commands on pushed commits in GitLab
so that users can trigger PipelineRuns on pushed commit.
below commands are supported:
1) [/test, /retest]
2) [/test, /retest] prName
3) [/test, /retest] branch:test
4) /cancel
5) /cancel prName
6) /cancel branch:test

https://issues.redhat.com/browse/SRVKP-7105

Signed-off-by: Zaki Shaikh <[email protected]>

Author: zakisk

docs/content/docs/guide/gitops_commands.md

@@ -37,6 +37,8 @@ Please be aware that GitOps commands such as `/test` and others will not functio
 
 ## GitOps Commands on Pushed Commits
 
+{{< support_matrix github_app="true" github_webhook="true" gitea="false" gitlab="true" bitbucket_cloud="false" bitbucket_server="false" >}}
+
 If you want to trigger a GitOps command on a pushed commit, you can include the `GitOps` comments within your commit messages. These comments can be used to restart either all pipelines or specific ones. Here's how it works:
 
 For restarting all pipeline runs:
@@ -73,6 +75,18 @@ This means:
 Please note that the `/ok-to-test` command does not work on pushed commits, as it is specifically intended for pull requests to manage authorization. Since only authorized users are allowed to send `GitOps` commands on pushed commits,
 there is no need to use the `ok-to-test` command in this context.
 
+For example, when executing a GitOps command like `/test test-pr branch:test` on a pushed commit, verify that the `test-pr` is on the test branch in your repository and includes the `on-event` and `on-target-branch` annotations as demonstrated below:
+
+```yaml
+kind: PipelineRun
+metadata:
+  name: "test-pr"
+  annotations:
+    pipelinesascode.tekton.dev/on-target-branch: "[test]"
+    pipelinesascode.tekton.dev/on-event: "[push]"
+spec:
+```
+
 To issue a `GitOps` comment on a pushed commit, you can follow these steps:
 
 1. Go to your repository.

pkg/matcher/annotation_matcher_test.go

@@ -21,13 +21,10 @@ import (
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/params/triggertype"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/provider"
 	ghprovider "github.com/openshift-pipelines/pipelines-as-code/pkg/provider/github"
-	glprovider "github.com/openshift-pipelines/pipelines-as-code/pkg/provider/gitlab"
-	gltesthelper "github.com/openshift-pipelines/pipelines-as-code/pkg/provider/gitlab/test"
 	testclient "github.com/openshift-pipelines/pipelines-as-code/pkg/test/clients"
 	ghtesthelper "github.com/openshift-pipelines/pipelines-as-code/pkg/test/github"
 	testnewrepo "github.com/openshift-pipelines/pipelines-as-code/pkg/test/repository"
 	tektonv1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1"
-	gitlab "gitlab.com/gitlab-org/api/client-go"
 	"go.uber.org/zap"
 	zapobserver "go.uber.org/zap/zaptest/observer"
 	"gotest.tools/v3/assert"
@@ -1398,53 +1395,11 @@ func TestMatchPipelinerunAnnotationAndRepositories(t *testing.T) {
 			ghCs, _ := testclient.SeedTestData(t, ctx, tt.args.data)
 			runTest(ctx, t, tt, vcx, ghCs)
 
-			glFakeClient, glMux, glTeardown := gltesthelper.Setup(t)
-			defer glTeardown()
-			glVcx := &glprovider.Provider{
-				Client: glFakeClient,
-				Token:  github.Ptr("None"),
-			}
-			if len(tt.args.fileChanged) > 0 {
-				commitFiles := []*gitlab.MergeRequestDiff{}
-				pushFileChanges := []*gitlab.Diff{}
-				if tt.args.runevent.TriggerTarget == "push" {
-					for _, v := range tt.args.fileChanged {
-						pushFileChanges = append(pushFileChanges, &gitlab.Diff{
-							NewPath:     v.FileName,
-							RenamedFile: v.RenamedFile,
-							DeletedFile: v.DeletedFile,
-							NewFile:     v.NewFile,
-						})
-					}
-					glMux.HandleFunc(fmt.Sprintf("/projects/0/repository/commits/%s/diff",
-						tt.args.runevent.SHA), func(rw http.ResponseWriter, _ *http.Request) {
-						jeez, err := json.Marshal(pushFileChanges)
-						assert.NilError(t, err)
-						_, _ = rw.Write(jeez)
-					})
-				} else {
-					for _, v := range tt.args.fileChanged {
-						commitFiles = append(commitFiles, &gitlab.MergeRequestDiff{
-							NewPath:     v.FileName,
-							RenamedFile: v.RenamedFile,
-							DeletedFile: v.DeletedFile,
-							NewFile:     v.NewFile,
-						})
-					}
-					url := fmt.Sprintf("/projects/0/merge_requests/%d/diffs", tt.args.runevent.PullRequestNumber)
-					glMux.HandleFunc(url, func(w http.ResponseWriter, _ *http.Request) {
-						jeez, err := json.Marshal(commitFiles)
-						assert.NilError(t, err)
-						_, _ = w.Write(jeez)
-					})
-				}
-			}
-
 			tt.args.runevent.Provider = &info.Provider{
 				Token: "NONE",
 			}
 
-			runTest(ctx, t, tt, glVcx, ghCs)
+			runTest(ctx, t, tt, vcx, ghCs)
 		})
 	}
 }

pkg/pipelineascode/secret.go

@@ -29,7 +29,7 @@ type SecretFromRepository struct {
 	Logger      *zap.SugaredLogger
 }
 
-// SecretFromRepository grab the secret from the repository CRD.
+// Get grab the secret from the repository CRD.
 func (s *SecretFromRepository) Get(ctx context.Context) error {
 	var err error
 	if s.Repo.Spec.GitProvider == nil {

pkg/provider/github/github.go

@@ -586,8 +586,8 @@ func uniqueRepositoryID(repoIDs []int64, id int64) []int64 {
 	return r
 }
 
-// isBranchContainsCommit checks whether provided branch has sha or not.
-func (v *Provider) isBranchContainsCommit(ctx context.Context, runevent *info.Event, branchName string) error {
+// isHeadCommitOfBranch checks whether provided branch is valid or not and SHA is HEAD commit of the branch.
+func (v *Provider) isHeadCommitOfBranch(ctx context.Context, runevent *info.Event, branchName string) error {
 	if v.Client == nil {
 		return fmt.Errorf("no github client has been initialized, " +
 			"exiting... (hint: did you forget setting a secret on your repo?)")

pkg/provider/github/github_test.go

@@ -1087,7 +1087,7 @@ func TestCreateToken(t *testing.T) {
 	}
 }
 
-func TestGetBranch(t *testing.T) {
+func TestIsHeadCommitOfBranch(t *testing.T) {
 	tests := []struct {
 		name       string
 		sha        string
@@ -1125,7 +1125,7 @@ func TestGetBranch(t *testing.T) {
 
 			ctx, _ := rtesting.SetupFakeContext(t)
 			provider := &Provider{Client: fakeclient}
-			err := provider.isBranchContainsCommit(ctx, runEvent, "test1")
+			err := provider.isHeadCommitOfBranch(ctx, runEvent, "test1")
 			assert.Equal(t, err != nil, tt.wantErr)
 		})
 	}

pkg/provider/github/parse_payload.go

@@ -466,7 +466,7 @@ func (v *Provider) handleCommitCommentEvent(ctx context.Context, event *github.C
 	}
 
 	// Check if the specified branch contains the commit
-	if err = v.isBranchContainsCommit(ctx, runevent, branchName); err != nil {
+	if err = v.isHeadCommitOfBranch(ctx, runevent, branchName); err != nil {
 		if provider.IsCancelComment(event.GetComment().GetBody()) {
 			runevent.CancelPipelineRuns = false
 		}
@@ -476,6 +476,6 @@ func (v *Provider) handleCommitCommentEvent(ctx context.Context, event *github.C
 	runevent.HeadBranch = branchName
 	runevent.BaseBranch = branchName
 
-	v.Logger.Infof("commit_comment: pipelinerun %s on %s/%s#%s has been requested", action, runevent.Organization, runevent.Repository, runevent.SHA)
+	v.Logger.Infof("github commit_comment: pipelinerun %s on %s/%s#%s has been requested", action, runevent.Organization, runevent.Repository, runevent.SHA)
 	return runevent, nil
 }

pkg/provider/github/parse_payload_test.go

@@ -530,7 +530,7 @@ func TestParsePayLoad(t *testing.T) {
 			isCancelPipelineRunEnabled: true,
 		},
 		{
-			name:          "good/commit comment for cancel a pr with invalid branch name",
+			name:          "bad/commit comment for cancel a pr with invalid branch name",
 			eventType:     "commit_comment",
 			triggerTarget: "push",
 			githubClient:  true,
@@ -550,7 +550,7 @@ func TestParsePayLoad(t *testing.T) {
 			wantErrString:              "404 Not Found",
 		},
 		{
-			name:          "commit comment to retest a pr with a SHA that does not exist in the main branch",
+			name:          "commit comment to retest a pr with a SHA is not HEAD commit of the main branch",
 			eventType:     "commit_comment",
 			triggerTarget: "push",
 			githubClient:  true,

pkg/provider/gitlab/detect.go

@@ -10,8 +10,9 @@ import (
 	"go.uber.org/zap"
 )
 
-// Detect processes event and detect if it is a gitlab event, whether to process or reject it
-// returns (if is a GL event, whether to process or reject, logger with event metadata,, error if any occurred).
+// Detect detects events and validates if it is a valid gitlab event Pipelines as Code supports and
+// decides whether to process or reject it.
+// returns a boolean value whether to process or reject, logger with event metadata, and error if any occurred.
 func (v *Provider) Detect(req *http.Request, payload string, logger *zap.SugaredLogger) (bool, bool, *zap.SugaredLogger, string, error) {
 	isGL := false
 	event := req.Header.Get("X-Gitlab-Event")
@@ -58,6 +59,19 @@ func (v *Provider) Detect(req *http.Request, payload string, logger *zap.Sugared
 			return setLoggerAndProceed(true, "", nil)
 		}
 		return setLoggerAndProceed(false, "comments on closed merge requests is not supported", nil)
+	case *gitlab.CommitCommentEvent:
+		comment := gitEvent.ObjectAttributes.Note
+		if gitEvent.ObjectAttributes.Action == gitlab.CommentEventActionCreate {
+			if provider.IsTestRetestComment(comment) || provider.IsCancelComment(comment) {
+				return setLoggerAndProceed(true, "", nil)
+			}
+			// truncate comment to make logs readable
+			if len(comment) > 50 {
+				comment = comment[:50] + "..."
+			}
+			return setLoggerAndProceed(false, fmt.Sprintf("gitlab: commit_comment: unsupported GitOps comment \"%s\" on pushed commits", comment), nil)
+		}
+		return setLoggerAndProceed(false, fmt.Sprintf("gitlab: commit_comment: unsupported action \"%s\" with comment \"%s\"", gitEvent.ObjectAttributes.Action, comment), nil)
 	default:
 		return setLoggerAndProceed(false, "", fmt.Errorf("gitlab: event \"%s\" is not supported", event))
 	}

pkg/provider/gitlab/detect_test.go

@@ -11,6 +11,8 @@ import (
 	"gotest.tools/v3/assert"
 )
 
+const largeComment = "/Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s"
+
 func TestProvider_Detect(t *testing.T) {
 	sample := thelp.TEvent{
 		Username:          "foo",
@@ -126,6 +128,51 @@ func TestProvider_Detect(t *testing.T) {
 			isGL:       true,
 			processReq: true,
 		},
+		{
+			name:       "bad/commit comment unsupported action",
+			event:      sample.CommitNoteEventAsJSON("/test", "update", "null"),
+			eventType:  gitlab.EventTypeNote,
+			isGL:       true,
+			processReq: false,
+			wantReason: "gitlab: commit_comment: unsupported action \"update\" with comment \"/test\"",
+		},
+		{
+			name:       "bad/commit comment unsupported gitops command",
+			event:      sample.CommitNoteEventAsJSON("/merge", "create", "null"),
+			eventType:  gitlab.EventTypeNote,
+			isGL:       true,
+			processReq: false,
+			wantReason: "gitlab: commit_comment: unsupported GitOps comment \"/merge\"",
+		},
+		{
+			name:       "bad/commit comment unsupported large comment",
+			event:      sample.CommitNoteEventAsJSON(largeComment, "create", "null"),
+			eventType:  gitlab.EventTypeNote,
+			isGL:       true,
+			processReq: false,
+			wantReason: "gitlab: commit_comment: unsupported GitOps comment \"/Lorem Ipsum is simply dummy text of the printing ...\"",
+		},
+		{
+			name:       "good/commit comment /test command",
+			event:      sample.CommitNoteEventAsJSON("/test", "create", "null"),
+			eventType:  gitlab.EventTypeNote,
+			isGL:       true,
+			processReq: true,
+		},
+		{
+			name:       "good/commit comment /retest command",
+			event:      sample.CommitNoteEventAsJSON("/retest", "create", "null"),
+			eventType:  gitlab.EventTypeNote,
+			isGL:       true,
+			processReq: true,
+		},
+		{
+			name:       "good/commit comment /cancel command",
+			event:      sample.CommitNoteEventAsJSON("/cancel", "create", "null"),
+			eventType:  gitlab.EventTypeNote,
+			isGL:       true,
+			processReq: true,
+		},
 	}
 
 	for _, tt := range tests {

pkg/provider/gitlab/gitlab.go

@@ -142,8 +142,8 @@ func (v *Provider) SetClient(_ context.Context, run *params.Run, runevent *info.
 	// repository, runevent.SourceProjectID will not be 0 when SetClient is called from the pac-watcher code.
 	// This is because, in the controller, SourceProjectID is set in the annotation of the pull request,
 	// and runevent.SourceProjectID is set before SetClient is called. Therefore, we need to take
-	// the ID from runevent.SourceProjectID.
-	if runevent.SourceProjectID > 0 {
+	// the ID from runevent.SourceProjectID when v.sourceProject is 0 (nil).
+	if v.sourceProjectID == 0 && runevent.SourceProjectID > 0 {
 		v.sourceProjectID = runevent.SourceProjectID
 	}
 
@@ -228,7 +228,9 @@ func (v *Provider) CreateStatus(_ context.Context, event *info.Event, statusOpts
 	}
 
 	eventType := triggertype.IsPullRequestType(event.EventType)
-	if opscomments.IsAnyOpsEventType(eventType.String()) {
+	// When a GitOps command is sent on a pushed commit, it mistakenly treats it as a pull_request
+	// and attempts to create a note, but notes are not intended for pushed commits.
+	if event.TriggerTarget == triggertype.PullRequest && opscomments.IsAnyOpsEventType(event.EventType) {
 		eventType = triggertype.PullRequest
 	}
 	// only add a note when we are on a MR
@@ -440,3 +442,21 @@ func (v *Provider) GetFiles(_ context.Context, runevent *info.Event) (changedfil
 func (v *Provider) CreateToken(_ context.Context, _ []string, _ *info.Event) (string, error) {
 	return "", nil
 }
+
+// isHeadCommitOfBranch validates that branch exists and the SHA is HEAD commit of the branch.
+func (v *Provider) isHeadCommitOfBranch(runevent *info.Event, branchName string) error {
+	if v.Client == nil {
+		return fmt.Errorf("no gitlab client has been initialized, " +
+			"exiting... (hint: did you forget setting a secret on your repo?)")
+	}
+	branch, _, err := v.Client.Branches.GetBranch(v.sourceProjectID, branchName)
+	if err != nil {
+		return err
+	}
+
+	if branch.Commit.ID == runevent.SHA {
+		return nil
+	}
+
+	return fmt.Errorf("provided SHA %s is not the HEAD commit of the branch %s", runevent.SHA, branchName)
+}