diff --git a/core/validate.go b/core/validate.go index 98054414..cb07e8e6 100644 --- a/core/validate.go +++ b/core/validate.go @@ -14,7 +14,22 @@ package core -import "context" +import ( + "context" + "errors" +) + +var ( + // ErrValidatorSkip is returned if the pipeline + // validation fails, but the pipeline should be skipped + // and silently ignored instead of erroring. + ErrValidatorSkip = errors.New("validation failed: skip pipeline") + + // ErrValidatorBlock is returned if the pipeline + // validation fails, but the pipeline should be blocked + // pending manual approval instead of erroring. + ErrValidatorBlock = errors.New("validation failed: block pipeline") +) type ( // ValidateArgs represents a request to the pipeline diff --git a/go.mod b/go.mod index 6d0fc52f..49c88678 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/dchest/authcookie v0.0.0-20120917135355-fbdef6e99866 github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9 github.com/dgrijalva/jwt-go v3.2.0+incompatible - github.com/drone/drone-go v1.0.6 + github.com/drone/drone-go v1.3.2-0.20200826185551-24929e4d2cfc github.com/drone/drone-runtime v1.1.1-0.20200623162453-61e33e2cab5d github.com/drone/drone-ui v0.0.0-20200701170131-2b91a041998b github.com/drone/drone-yaml v1.2.4-0.20200326192514-6f4d6dfb39e4 diff --git a/go.sum b/go.sum index 0cc3da17..b74f0369 100644 --- a/go.sum +++ b/go.sum @@ -78,6 +78,8 @@ github.com/docker/go-units v0.3.3 h1:Xk8S3Xj5sLGlG5g67hJmYMmUgXv5N4PhkjJHHqrwnTk github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/drone/drone-go v1.0.6 h1:YbMwEwlE3HC4InN0bT21EDvzImct5dGG1I56dSdUhjI= github.com/drone/drone-go v1.0.6/go.mod h1:GxyeGClYohaKNYJv/ZpsmVHtMJ7WhoT+uDaJNcDIrk4= +github.com/drone/drone-go v1.3.2-0.20200826185551-24929e4d2cfc h1:6AXXCMPilpJqwNqUfG6Zgwakr7HCwnialFiQ/AbqYyQ= +github.com/drone/drone-go v1.3.2-0.20200826185551-24929e4d2cfc/go.mod h1:fxCf9jAnXDZV1yDr0ckTuWd1intvcQwfJmTRpTZ1mXg= github.com/drone/drone-runtime v1.0.7-0.20190729202838-87c84080f4a1/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs= github.com/drone/drone-runtime v1.1.1-0.20200623162453-61e33e2cab5d h1:P5HI/Y9hARTZ3F3EKs0kYijhjXZWQRQHYn1neTi0pWM= github.com/drone/drone-runtime v1.1.1-0.20200623162453-61e33e2cab5d/go.mod h1:4/2QToW5+HGD0y1sTw7X35W1f7YINS14UfDY4isggT8= diff --git a/plugin/validator/remote.go b/plugin/validator/remote.go index 5c132328..78370ae2 100644 --- a/plugin/validator/remote.go +++ b/plugin/validator/remote.go @@ -50,7 +50,15 @@ func (g *remote) Validate(ctx context.Context, in *core.ValidateArgs) error { }, } client := validator.Client(g.endpoint, g.secret, g.skipVerify) - return client.Validate(ctx, req) + err := client.Validate(ctx, req) + switch err { + case validator.ErrBlock: + return core.ErrValidatorBlock + case validator.ErrSkip: + return core.ErrValidatorSkip + default: + return err + } } func toRepo(from *core.Repository) drone.Repo { diff --git a/trigger/trigger.go b/trigger/trigger.go index 05cb04e9..9bcf0c29 100644 --- a/trigger/trigger.go +++ b/trigger/trigger.go @@ -234,16 +234,23 @@ func (t *triggerer) Trigger(ctx context.Context, repo *core.Repository, base *co return t.createBuildError(ctx, repo, base, err.Error()) } - err = t.validate.Validate(ctx, &core.ValidateArgs{ + verr := t.validate.Validate(ctx, &core.ValidateArgs{ User: user, Repo: repo, Build: tmpBuild, Config: raw, }) - if err != nil { - logger = logger.WithError(err) - logger.Warnln("trigger: yaml validation error") - return t.createBuildError(ctx, repo, base, err.Error()) + switch verr { + case core.ErrValidatorBlock: + case core.ErrValidatorSkip: + logger.Warnln("trigger: yaml validation error: skip pipeline") + return nil, nil + default: + if verr != nil { + logger = logger.WithError(err) + logger.Warnln("trigger: yaml validation error") + return t.createBuildError(ctx, repo, base, verr.Error()) + } } err = linter.Manifest(manifest, repo.Trusted) @@ -259,6 +266,12 @@ func (t *triggerer) Trigger(ctx context.Context, repo *core.Repository, base *co val := []byte(raw.Data) verified, _ = signer.Verify(val, key) } + // if pipeline validation failed with a block error, the + // pipeline verification should be set to false, which will + // force manual review and approval. + if verr == core.ErrValidatorBlock { + verified = false + } // var paths []string // paths, err := listChanges(t.client, repo, base)