support for skipped or blocked pipelines if validation fails

core/validate.go

@@ -14,7 +14,22 @@
 
 package core
 
-import "context"
+import (
+	"context"
+	"errors"
+)
+
+var (
+	// ErrValidatorSkip is returned if the pipeline
+	// validation fails, but the pipeline should be skipped
+	// and silently ignored instead of erroring.
+	ErrValidatorSkip = errors.New("validation failed: skip pipeline")
+
+	// ErrValidatorBlock is returned if the pipeline
+	// validation fails, but the pipeline should be blocked
+	// pending manual approval instead of erroring.
+	ErrValidatorBlock = errors.New("validation failed: block pipeline")
+)
 
 type (
 	// ValidateArgs represents a request to the pipeline

go.mod

@@ -13,7 +13,7 @@ require (
 	github.com/dchest/authcookie v0.0.0-20120917135355-fbdef6e99866
 	github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/drone/drone-go v1.0.6
+	github.com/drone/drone-go v1.3.2-0.20200826185551-24929e4d2cfc
 	github.com/drone/drone-runtime v1.1.1-0.20200623162453-61e33e2cab5d
 	github.com/drone/drone-ui v0.0.0-20200701170131-2b91a041998b
 	github.com/drone/drone-yaml v1.2.4-0.20200326192514-6f4d6dfb39e4

go.sum

@@ -78,6 +78,8 @@ github.com/docker/go-units v0.3.3 h1:Xk8S3Xj5sLGlG5g67hJmYMmUgXv5N4PhkjJHHqrwnTk
 github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/drone/drone-go v1.0.6 h1:YbMwEwlE3HC4InN0bT21EDvzImct5dGG1I56dSdUhjI=
 github.com/drone/drone-go v1.0.6/go.mod h1:GxyeGClYohaKNYJv/ZpsmVHtMJ7WhoT+uDaJNcDIrk4=
+github.com/drone/drone-go v1.3.2-0.20200826185551-24929e4d2cfc h1:6AXXCMPilpJqwNqUfG6Zgwakr7HCwnialFiQ/AbqYyQ=
+github.com/drone/drone-go v1.3.2-0.20200826185551-24929e4d2cfc/go.mod h1:fxCf9jAnXDZV1yDr0ckTuWd1intvcQwfJmTRpTZ1mXg=
 github.com/drone/drone-runtime v1.0.7-0.20190729202838-87c84080f4a1/go.mod h1:+osgwGADc/nyl40J0fdsf8Z09bgcBZXvXXnLOY48zYs=
 github.com/drone/drone-runtime v1.1.1-0.20200623162453-61e33e2cab5d h1:P5HI/Y9hARTZ3F3EKs0kYijhjXZWQRQHYn1neTi0pWM=
 github.com/drone/drone-runtime v1.1.1-0.20200623162453-61e33e2cab5d/go.mod h1:4/2QToW5+HGD0y1sTw7X35W1f7YINS14UfDY4isggT8=

plugin/validator/remote.go

@@ -50,7 +50,15 @@ func (g *remote) Validate(ctx context.Context, in *core.ValidateArgs) error {
 		},
 	}
 	client := validator.Client(g.endpoint, g.secret, g.skipVerify)
-	return client.Validate(ctx, req)
+	err := client.Validate(ctx, req)
+	switch err {
+	case validator.ErrBlock:
+		return core.ErrValidatorBlock
+	case validator.ErrSkip:
+		return core.ErrValidatorSkip
+	default:
+		return err
+	}
 }
 
 func toRepo(from *core.Repository) drone.Repo {

trigger/trigger.go

@@ -234,16 +234,23 @@ func (t *triggerer) Trigger(ctx context.Context, repo *core.Repository, base *co
 		return t.createBuildError(ctx, repo, base, err.Error())
 	}
 
-	err = t.validate.Validate(ctx, &core.ValidateArgs{
+	verr := t.validate.Validate(ctx, &core.ValidateArgs{
 		User:   user,
 		Repo:   repo,
 		Build:  tmpBuild,
 		Config: raw,
 	})
-	if err != nil {
+	switch verr {
-		logger = logger.WithError(err)
+	case core.ErrValidatorBlock:
-		logger.Warnln("trigger: yaml validation error")
+	case core.ErrValidatorSkip:
-		return t.createBuildError(ctx, repo, base, err.Error())
+		logger.Warnln("trigger: yaml validation error: skip pipeline")
+		return nil, nil
+	default:
+		if verr != nil {
+			logger = logger.WithError(err)
+			logger.Warnln("trigger: yaml validation error")
+			return t.createBuildError(ctx, repo, base, verr.Error())
+		}
 	}
 
 	err = linter.Manifest(manifest, repo.Trusted)
@@ -259,6 +266,12 @@ func (t *triggerer) Trigger(ctx context.Context, repo *core.Repository, base *co
 		val := []byte(raw.Data)
 		verified, _ = signer.Verify(val, key)
 	}
+	// if pipeline validation failed with a block error, the
+	// pipeline verification should be set to false, which will
+	// force manual review and approval.
+	if verr == core.ErrValidatorBlock {
+		verified = false
+	}
 
 	// var paths []string
 	// paths, err := listChanges(t.client, repo, base)