feat(resolver,graph): fetch and resolve include: remote: HTTPS URLs
release / Build and publish release (push) Successful in 1m14s
release / Build and publish release (push) Successful in 1m14s
Remote includes (include: remote: https://...) were previously skipped silently in the resolver and rendered as unexpanded leaf nodes in the graph. Changes: - fetcher.FetchURL: new shared unauthenticated HTTP GET helper - resolver: resolveRemoteInclude fetches the URL, parses YAML, sets job origin to the URL string, recursively resolves sub-includes, and emits a warning on failure (lint continues on the rest of the pipeline) - graph: recurseRemote fetches the URL, captures direct job names, and recurses into sub-includes so remote nodes expand like local ones Adds testdata/includes_remote.yml fixture. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -142,6 +142,24 @@ func (cfg GitLabConfig) FetchFile(project, filePath, ref string) ([]byte, error)
|
||||
return body, nil
|
||||
}
|
||||
|
||||
// FetchURL downloads the content at a plain HTTPS URL without authentication.
|
||||
// Used for include: remote: entries which are public by definition.
|
||||
func FetchURL(rawURL string) ([]byte, error) {
|
||||
resp, err := http.Get(rawURL) //nolint:noctx
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("GET %s: %w", rawURL, err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
body, err := io.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("reading body: %w", err)
|
||||
}
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return nil, fmt.Errorf("GET %s: status %d", rawURL, resp.StatusCode)
|
||||
}
|
||||
return body, nil
|
||||
}
|
||||
|
||||
func firstNonEmpty(values ...string) string {
|
||||
for _, v := range values {
|
||||
if v != "" {
|
||||
|
||||
@@ -114,7 +114,9 @@ func (b *treeBuilder) parseMap(m map[string]any) []*treeNode {
|
||||
return []*treeNode{node}
|
||||
}
|
||||
if remote, ok := m["remote"].(string); ok {
|
||||
return []*treeNode{{id: b.nextID(), label: "remote:<br>" + mermaidLabel(remote), class: "remote"}}
|
||||
node := &treeNode{id: b.nextID(), label: "remote:<br>" + mermaidLabel(remote), class: "remote"}
|
||||
b.recurseRemote(node, remote)
|
||||
return []*treeNode{node}
|
||||
}
|
||||
if tmpl, ok := m["template"].(string); ok {
|
||||
return []*treeNode{{id: b.nextID(), label: "template:<br>" + mermaidLabel(tmpl), class: "template"}}
|
||||
@@ -170,6 +172,28 @@ func (b *treeBuilder) recurseProject(node *treeNode, project, filePath, ref stri
|
||||
b.buildChildren(node, p.Include)
|
||||
}
|
||||
|
||||
func (b *treeBuilder) recurseRemote(node *treeNode, rawURL string) {
|
||||
key := "remote:" + rawURL
|
||||
if b.visited[key] {
|
||||
return
|
||||
}
|
||||
b.visited[key] = true
|
||||
|
||||
data, err := fetcher.FetchURL(rawURL)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
p, err := model.ParseBytes(data)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
node.jobs = jobNames(p)
|
||||
if len(p.Include) == 0 {
|
||||
return
|
||||
}
|
||||
b.buildChildren(node, p.Include)
|
||||
}
|
||||
|
||||
func (b *treeBuilder) recurseComponent(node *treeNode, ref string) {
|
||||
if strings.ContainsRune(ref, '$') {
|
||||
return
|
||||
|
||||
@@ -90,7 +90,14 @@ func resolveIncludes(p *model.Pipeline, includes []any, cfg fetcher.GitLabConfig
|
||||
continue
|
||||
}
|
||||
|
||||
// remote, template — resolved by GitLab at runtime, skip silently.
|
||||
if remote, _ := entry["remote"].(string); remote != "" {
|
||||
w, ew := resolveRemoteInclude(p, remote, cfg, rootDir, visited)
|
||||
warnings = append(warnings, w...)
|
||||
extWarnings = append(extWarnings, ew...)
|
||||
continue
|
||||
}
|
||||
|
||||
// template — resolved by GitLab at runtime, skip silently.
|
||||
}
|
||||
return warnings, extWarnings
|
||||
}
|
||||
@@ -133,6 +140,39 @@ func resolveLocalInclude(p *model.Pipeline, rawPath string, cfg fetcher.GitLabCo
|
||||
return warnings, extWarnings
|
||||
}
|
||||
|
||||
// resolveRemoteInclude fetches a plain HTTPS URL, parses it as CI YAML, and
|
||||
// merges it into p. Sub-includes of the fetched file are resolved recursively.
|
||||
func resolveRemoteInclude(p *model.Pipeline, rawURL string, cfg fetcher.GitLabConfig, rootDir string, visited map[string]bool) ([]IncludeWarning, []ExtendWarning) {
|
||||
label := "remote " + rawURL
|
||||
|
||||
if visited[rawURL] {
|
||||
return nil, nil
|
||||
}
|
||||
visited[rawURL] = true
|
||||
|
||||
data, err := fetcher.FetchURL(rawURL)
|
||||
if err != nil {
|
||||
return []IncludeWarning{{Label: label, Err: err}}, nil
|
||||
}
|
||||
|
||||
included, err := model.ParseBytes(data)
|
||||
if err != nil {
|
||||
return []IncludeWarning{{Label: label, Err: fmt.Errorf("parsing YAML: %w", err)}}, nil
|
||||
}
|
||||
included.SetJobOrigin(rawURL)
|
||||
|
||||
var warnings []IncludeWarning
|
||||
var extWarnings []ExtendWarning
|
||||
if len(included.Include) > 0 {
|
||||
w, ew := resolveIncludes(included, included.Include, cfg, rootDir, visited)
|
||||
warnings = append(warnings, w...)
|
||||
extWarnings = append(extWarnings, ew...)
|
||||
}
|
||||
|
||||
mergeIncluded(p, included)
|
||||
return warnings, extWarnings
|
||||
}
|
||||
|
||||
// resolveProjectInclude fetches all files listed under a single project: entry
|
||||
// and merges them into p.
|
||||
func resolveProjectInclude(p *model.Pipeline, entry map[string]any, project string, cfg fetcher.GitLabConfig, rootDir string, visited map[string]bool) ([]IncludeWarning, []ExtendWarning) {
|
||||
|
||||
Reference in New Issue
Block a user