devtron-labs · kartik-579 · Oct 18, 2024 · Nov 15, 2024 · Nov 15, 2024 · Nov 15, 2024
@@ -4,7 +4,6 @@ on:
   issue_comment:
     types: [created]
 
-
 jobs:
   manage-labels:
     if: ${{ !github.event.issue.pull_request }}
@@ -16,40 +15,37 @@ jobs:
 
       - name: Parse and manage labels
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.ORG_MEMBERSHIP_SECRET }}
         run: |
           set -e
           set -x  # Enable debugging
 
-          # Extract comment on  body and issue number
+          # Extract comment body, issue number, and author
           COMMENT_BODY=$(jq -r '.comment.body' "$GITHUB_EVENT_PATH")
           ISSUE_NUMBER=$(jq -r '.issue.number // .pull_request.number' "$GITHUB_EVENT_PATH")
+          COMMENT_AUTHOR=$(jq -r '.comment.user.login' "$GITHUB_EVENT_PATH")
 
-          ORG_NAME="devtron-labs"
-
-          # checks if the person is authorized to add labels or not
-          ORG_MEMBERSHIP_STATUS=$(gh api "orgs/$ORG_NAME/members/$COMMENT_AUTHOR" --silent --exit-status)
+          ORG_NAME="satyam-tests"
 
+          # Check if the person is authorized to add labels
+          curl -s -H "Authorization: token $GH_TOKEN" "https://api.github.com/orgs/$ORG_NAME/members/$COMMENT_AUTHOR" > /dev/null
           if [[ $? -ne 0 ]]; then
             gh issue comment "$ISSUE_NUMBER" --body "Hi @$COMMENT_AUTHOR, you must be a member of the organization '$ORG_NAME' to add or remove labels."
-
             echo "User '$COMMENT_AUTHOR' is not a member of the organization '$ORG_NAME'. Exiting."
             exit 1
           fi
 
-          echo "User '$COMMENT_AUTHOR' is a verified member of the organization '$ORG_NAME'. Adding label"
-
+          echo "User '$COMMENT_AUTHOR' is a verified member of the organization '$ORG_NAME'. Proceeding with label management."
 
-          # Get the existing labels on the issue 
+          # Get the existing labels on the issue
           EXISTING_LABELS=$(gh issue view "$ISSUE_NUMBER" --json labels -q '.labels[].name')
 
-          # Add Label 
+          # Add Label Logic
           if [[ "$COMMENT_BODY" =~ ^/([^ ]+)$ ]]; then
             LABEL_NAME="${COMMENT_BODY:1}"
 
-            # check for already existing labels in reppo
+            # Check if the label exists in the repository
             if gh label list --json name -q '.[].name' | grep -q "^$LABEL_NAME$"; then
-              # Add the requested label, keeping existing ones intact
               gh issue edit "$ISSUE_NUMBER" --add-label "$LABEL_NAME"
               echo "Successfully added label '$LABEL_NAME' to issue #$ISSUE_NUMBER."
             else

@@ -144,7 +144,7 @@ func (handler PipelineTriggerRestHandlerImpl) OverrideConfig(w http.ResponseWrit
 	triggerContext := bean3.TriggerContext{
 		Context: ctx,
 	}
-	mergeResp, helmPackageName, err := handler.cdTriggerService.ManualCdTrigger(triggerContext, &overrideRequest)
+	mergeResp, helmPackageName, _, err := handler.cdTriggerService.ManualCdTrigger(triggerContext, &overrideRequest)
 	span.End()
 	if err != nil {
 		handler.logger.Errorw("request err, OverrideConfig", "err", err, "payload", overrideRequest)

@@ -27,6 +27,7 @@ import (
 	"github.com/devtron-labs/devtron/internal/sql/repository/pipelineConfig/adapter/cdWorkflow"
 	"github.com/devtron-labs/devtron/internal/sql/repository/pipelineConfig/bean/timelineStatus"
 	cdWorkflow2 "github.com/devtron-labs/devtron/internal/sql/repository/pipelineConfig/bean/workflow/cdWorkflow"
+	bean3 "github.com/devtron-labs/devtron/pkg/app/bean"
 	common2 "github.com/devtron-labs/devtron/pkg/deployment/common"
 	bean2 "github.com/devtron-labs/devtron/pkg/deployment/common/bean"
 	commonBean "github.com/devtron-labs/devtron/pkg/deployment/gitOps/common/bean"
@@ -769,14 +770,15 @@ func (impl *AppServiceImpl) BuildCDSuccessPayload(appName string, environmentNam
 }
 
 type ValuesOverrideResponse struct {
-	MergedValues        string
-	ReleaseOverrideJSON string
-	EnvOverride         *chartConfig.EnvConfigOverride
-	PipelineStrategy    *chartConfig.PipelineStrategy
-	PipelineOverride    *chartConfig.PipelineOverride
-	Artifact            *repository.CiArtifact
-	Pipeline            *pipelineConfig.Pipeline
-	DeploymentConfig    *bean2.DeploymentConfig
+	MergedValues         string
+	ReleaseOverrideJSON  string
+	EnvOverride          *chartConfig.EnvConfigOverride
+	PipelineStrategy     *chartConfig.PipelineStrategy
+	PipelineOverride     *chartConfig.PipelineOverride
+	Artifact             *repository.CiArtifact
+	Pipeline             *pipelineConfig.Pipeline
+	DeploymentConfig     *bean2.DeploymentConfig
+	ManifestPushTemplate *bean3.ManifestPushTemplate
 }
 
 func (impl *AppServiceImpl) buildACDContext() (acdContext context.Context, err error) {

@@ -110,7 +110,7 @@ func (impl *DeployedAppServiceImpl) StopStartApp(ctx context.Context, stopReques
 		Context:     ctx,
 		ReferenceId: stopRequest.ReferenceId,
 	}
-	id, _, err := impl.cdTriggerService.ManualCdTrigger(triggerContext, overrideRequest)
+	id, _, _, err := impl.cdTriggerService.ManualCdTrigger(triggerContext, overrideRequest)
 	if err != nil {
 		impl.logger.Errorw("error in stopping app", "err", err, "appId", stopRequest.AppId, "envId", stopRequest.EnvironmentId)
 		return 0, err

@@ -20,6 +20,7 @@ import (
 	"context"
 	bean2 "github.com/devtron-labs/devtron/api/bean"
 	"github.com/devtron-labs/devtron/internal/sql/repository/pipelineConfig/bean/workflow/cdWorkflow"
+	bean4 "github.com/devtron-labs/devtron/pkg/app/bean"
 	"github.com/devtron-labs/devtron/pkg/deployment/trigger/devtronApps/bean"
 	bean3 "github.com/devtron-labs/devtron/pkg/pipeline/bean"
 	repository3 "github.com/devtron-labs/devtron/pkg/pipeline/history/repository"
@@ -28,9 +29,9 @@ import (
 	"time"
 )
 
-func (impl *TriggerServiceImpl) TriggerPostStage(request bean.TriggerRequest) error {
+func (impl *TriggerServiceImpl) TriggerPostStage(request bean.TriggerRequest) (*bean4.ManifestPushTemplate, error) {
 	request.WorkflowType = bean2.CD_WORKFLOW_TYPE_POST
-	//setting triggeredAt variable to have consistent data for various audit log places in db for deployment time
+	// setting triggeredAt variable to have consistent data for various audit log places in db for deployment time
 	triggeredAt := time.Now()
 	triggeredBy := request.TriggeredBy
 	pipeline := request.Pipeline
@@ -39,21 +40,23 @@ func (impl *TriggerServiceImpl) TriggerPostStage(request bean.TriggerRequest) er
 	env, namespace, err := impl.getEnvAndNsIfRunStageInEnv(ctx, request)
 	if err != nil {
 		impl.logger.Errorw("error, getEnvAndNsIfRunStageInEnv", "err", err, "pipeline", pipeline, "stage", request.WorkflowType)
-		return nil
+		return nil, nil
 	}
 	request.RunStageInEnvNamespace = namespace
+
 	cdWf, runner, err := impl.createStartingWfAndRunner(request, triggeredAt)
 	if err != nil {
 		impl.logger.Errorw("error in creating wf starting and runner entry", "err", err, "request", request)
-		return err
+		return nil, err
 	}
 	if cdWf.CiArtifact == nil || cdWf.CiArtifact.Id == 0 {
 		cdWf.CiArtifact, err = impl.ciArtifactRepository.Get(cdWf.CiArtifactId)
 		if err != nil {
 			impl.logger.Errorw("error fetching artifact data", "err", err)
-			return err
+			return nil, err
 		}
 	}
+
 	// Migration of deprecated DataSource Type
 	if cdWf.CiArtifact.IsMigrationRequired() {
 		migrationErr := impl.ciArtifactRepository.MigrateToWebHookDataSourceType(cdWf.CiArtifact.Id)
@@ -62,29 +65,48 @@ func (impl *TriggerServiceImpl) TriggerPostStage(request bean.TriggerRequest) er
 		}
 	}
 
+	filterEvaluationAudit, err := impl.checkFeasibilityForPostStage(pipeline, &request, env, cdWf, triggeredBy)
+	if err != nil {
+		impl.logger.Errorw("error, checkFeasibilityForPostStage", "err", err, "pipeline", pipeline)
+		return nil, nil
+	}
+
 	envDevploymentConfig, err := impl.deploymentConfigService.GetAndMigrateConfigIfAbsentForDevtronApps(pipeline.AppId, pipeline.EnvironmentId)
 	if err != nil {
 		impl.logger.Errorw("error in fetching deployment config by appId and envId", "appId", pipeline.AppId, "envId", pipeline.EnvironmentId, "err", err)
-		return err
+		return nil, err
+	}
+
+	dbErr := impl.createAuditDataForDeploymentWindowBypass(request, runner.Id)
+	if dbErr != nil {
+		impl.logger.Errorw("error in creating audit data for deployment window bypass", "runnerId", runner.Id, "err", dbErr)
+		// skip error for audit data creation
+	}
+
+	err = impl.handlerFilterEvaluationAudit(filterEvaluationAudit, runner)
+	if err != nil {
+		impl.logger.Errorw("error, handlerFilterEvaluationAudit", "err", err)
+		return nil, err
 	}
 
 	// custom GitOps repo url validation --> Start
 	err = impl.handleCustomGitOpsRepoValidation(runner, pipeline, envDevploymentConfig, triggeredBy)
 	if err != nil {
 		impl.logger.Errorw("custom GitOps repository validation error, TriggerPreStage", "err", err)
-		return err
+		return nil, err
 	}
 	// custom GitOps repo url validation --> Ends
 
+	// checking vulnerability for the selected image
 	err = impl.checkVulnerabilityStatusAndFailWfIfNeeded(ctx, cdWf.CiArtifact, pipeline, runner, triggeredBy)
 	if err != nil {
 		impl.logger.Errorw("error, checkVulnerabilityStatusAndFailWfIfNeeded", "err", err, "runner", runner)
-		return err
+		return nil, err
 	}
 	cdStageWorkflowRequest, err := impl.buildWFRequest(runner, cdWf, pipeline, envDevploymentConfig, triggeredBy)
 	if err != nil {
 		impl.logger.Errorw("error in building wfRequest", "err", err, "runner", runner, "cdWf", cdWf, "pipeline", pipeline)
-		return err
+		return nil, err
 	}
 	cdStageWorkflowRequest.StageType = types.POST
 	cdStageWorkflowRequest.Pipeline = pipeline
@@ -97,19 +119,23 @@ func (impl *TriggerServiceImpl) TriggerPostStage(request bean.TriggerRequest) er
 		runner.Status = cdWorkflow.WorkflowFailed
 		runner.Message = err.Error()
 		_ = impl.cdWorkflowRepository.UpdateWorkFlowRunner(runner)
-		return err
+		return nil, err
 	}
 
-	_, err = impl.cdWorkflowService.SubmitWorkflow(cdStageWorkflowRequest)
+	_, jobHelmPackagePath, err := impl.cdWorkflowService.SubmitWorkflow(cdStageWorkflowRequest)
 	if err != nil {
 		impl.logger.Errorw("error in submitting workflow", "err", err, "workflowId", cdStageWorkflowRequest.WorkflowId, "pipeline", pipeline, "env", env)
-		return err
+		return nil, err
+	}
+	manifestPushTempate, err := impl.getManifestPushTemplateForPostStage(request, envDevploymentConfig, jobHelmPackagePath, cdStageWorkflowRequest, cdWf, runner, pipeline, triggeredBy, triggeredAt)
+	if err != nil {
+		impl.logger.Errorw("error in getting manifest push template", "err", err)
+		return nil, err
 	}
-
 	wfr, err := impl.cdWorkflowRepository.FindByWorkflowIdAndRunnerType(context.Background(), cdWf.Id, bean2.CD_WORKFLOW_TYPE_POST)
 	if err != nil {
 		impl.logger.Errorw("error in getting wfr by workflowId and runnerType", "err", err, "wfId", cdWf.Id)
-		return err
+		return nil, err
 	}
 	wfr.ImagePathReservationIds = pluginImagePathReservationIds
 	err = impl.cdWorkflowRepository.UpdateWorkFlowRunner(&wfr)
@@ -124,11 +150,11 @@ func (impl *TriggerServiceImpl) TriggerPostStage(request bean.TriggerRequest) er
 	if evtErr != nil {
 		impl.logger.Errorw("CD trigger event not sent", "error", evtErr)
 	}
-	//creating cd config history entry
+	// creating cd config history entry
 	err = impl.prePostCdScriptHistoryService.CreatePrePostCdScriptHistory(pipeline, nil, repository3.POST_CD_TYPE, true, triggeredBy, triggeredAt)
 	if err != nil {
 		impl.logger.Errorw("error in creating post cd script entry", "err", err, "pipeline", pipeline)
-		return err
+		return nil, err
 	}
-	return nil
+	return manifestPushTempate, nil
 }
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2024. Devtron Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package devtronApps
+
+import (
+	"github.com/devtron-labs/devtron/internal/sql/repository/pipelineConfig"
+	bean4 "github.com/devtron-labs/devtron/pkg/app/bean"
+	"github.com/devtron-labs/devtron/pkg/cluster/environment/repository"
+	bean5 "github.com/devtron-labs/devtron/pkg/deployment/common/bean"
+	"github.com/devtron-labs/devtron/pkg/deployment/trigger/devtronApps/bean"
+	"github.com/devtron-labs/devtron/pkg/pipeline/types"
+	"time"
+)
+
+func (impl *TriggerServiceImpl) checkFeasibilityForPostStage(pipeline *pipelineConfig.Pipeline, request *bean.TriggerRequest,
+	env *repository.Environment, cdWf *pipelineConfig.CdWorkflow, triggeredBy int32) (interface{}, error) {
+	//here return type is interface as ResourceFilterEvaluationAudit is not present in this version
+	return nil, nil
+}
+
+func (impl *TriggerServiceImpl) getManifestPushTemplateForPostStage(request bean.TriggerRequest, envDevploymentConfig *bean5.DeploymentConfig,
+	jobHelmPackagePath string, cdStageWorkflowRequest *types.WorkflowRequest, cdWf *pipelineConfig.CdWorkflow, runner *pipelineConfig.CdWorkflowRunner,
+	pipeline *pipelineConfig.Pipeline, triggeredBy int32, triggeredAt time.Time) (*bean4.ManifestPushTemplate, error) {
+	return nil, nil
+}