[IMP] 环境仓库deploy-key过期时尝试刷新

Author: 李浩

src/main/java/io/choerodon/devops/app/service/impl/DevopsGitServiceImpl.java

@@ -771,7 +771,7 @@ public void fileResourceSync(PushWebHookVO pushWebHookVO) {
             handleFiles(operationFiles, deletedFiles, devopsEnvironmentDTO, devopsEnvCommitDTO, path);
 
             // 更新远程仓库的DevOps相关的tag
-            handleTag(git, devopsEnvironmentDTO.getEnvIdRsa(), pushWebHookVO, devopsEnvCommitDTO, tagNotExist);
+            handleTag(devopsEnvironmentDTO, git, devopsEnvironmentDTO.getEnvIdRsa(), pushWebHookVO, devopsEnvCommitDTO, tagNotExist);
 
             devopsEnvironmentDTO.setDevopsSyncCommit(devopsEnvCommitDTO.getId());
             //更新环境 解释commit
@@ -858,17 +858,16 @@ private void handleFiles(List<String> operationFiles, List<String> deletedFiles,
         }
     }
 
-    private void handleTag(Git git, String sshKey, PushWebHookVO pushWebHookVO,
-                           DevopsEnvCommitDTO devopsEnvCommitDTO, Boolean tagNotExist) {
+    private void handleTag(DevopsEnvironmentDTO devopsEnvironmentDTO, Git git, String sshKey, PushWebHookVO pushWebHookVO, DevopsEnvCommitDTO devopsEnvCommitDTO, Boolean tagNotExist) {
         if (Boolean.TRUE.equals(tagNotExist)) {
-            GitUtil.createTagAndPush(git, sshKey, GitUtil.DEV_OPS_SYNC_TAG, devopsEnvCommitDTO.getCommitSha());
+            GitUtil.createTagAndPush(devopsEnvironmentDTO, git, sshKey, GitUtil.DEV_OPS_SYNC_TAG, devopsEnvCommitDTO.getCommitSha());
             if (getDevopsSyncTag(pushWebHookVO)) {
-                GitUtil.createTagAndPush(git, sshKey, GitUtil.DEV_OPS_SYNC_TAG, devopsEnvCommitDTO.getCommitSha());
+                GitUtil.createTagAndPush(devopsEnvironmentDTO, git, sshKey, GitUtil.DEV_OPS_SYNC_TAG, devopsEnvCommitDTO.getCommitSha());
             }
         } else {
-            GitUtil.pushTag(git, sshKey, GitUtil.DEV_OPS_SYNC_TAG, devopsEnvCommitDTO.getCommitSha());
+            GitUtil.pushTag(devopsEnvironmentDTO, git, sshKey, GitUtil.DEV_OPS_SYNC_TAG, devopsEnvCommitDTO.getCommitSha());
             if (getDevopsSyncTag(pushWebHookVO)) {
-                GitUtil.createTagAndPush(git, sshKey, GitUtil.DEV_OPS_SYNC_TAG, devopsEnvCommitDTO.getCommitSha());
+                GitUtil.createTagAndPush(devopsEnvironmentDTO, git, sshKey, GitUtil.DEV_OPS_SYNC_TAG, devopsEnvCommitDTO.getCommitSha());
             }
         }
     }

src/main/java/io/choerodon/devops/infra/feign/GitlabServiceClient.java

@@ -982,4 +982,19 @@ ResponseEntity<Void> deletePipelineSchedule(
             @RequestParam(value = "username") String username,
             @RequestParam(value = "password") String password);
 
+    /**
+     * 删除deployKeys
+     *
+     * @param projectId 项目Id
+     * @param userId    用户Id
+     * @Return List
+     */
+    @ApiOperation(value = "删除deployKeys")
+    @DeleteMapping(value = "/v1/projects/deploy_key")
+    ResponseEntity<Void> deleteDeployKeys(
+            @ApiParam(value = "项目ID", required = true)
+            @RequestParam Integer projectId,
+            @ApiParam(value = "用户Id")
+            @RequestParam(required = false) Integer userId,
+            @RequestParam Integer keyId);
 }

src/main/java/io/choerodon/devops/infra/feign/fallback/GitlabServiceClientFallback.java

@@ -616,4 +616,9 @@ public ResponseEntity<Void> updatePipelineSchedule(Integer projectId, Integer us
     public ResponseEntity<Void> deletePipelineSchedule(Integer projectId, Integer userId, Integer pipelineScheduleId, String gitlabUrl, String authType, String accessToken, String username, String password) {
         throw new CommonException("error.delete.Pipeline.Schedule");
     }
+
+    @Override
+    public ResponseEntity<Void> deleteDeployKeys(Integer projectId, Integer userId, Integer keyId) {
+        throw new CommonException("devops.gitlab.project.deployKey.delete");
+    }
 }

src/main/java/io/choerodon/devops/infra/feign/operator/GitlabServiceClientOperator.java

@@ -1841,4 +1841,7 @@ public void deletePipelineSchedule(Integer projectId,
         }
     }
 
+    public void deleteDeployKey(Integer projectId, Integer userId, Integer keyId) {
+        gitlabServiceClient.deleteDeployKeys(projectId, userId, keyId);
+    }
 }

src/main/java/io/choerodon/devops/infra/util/GitUtil.java

@@ -32,6 +32,7 @@
 import org.springframework.util.ObjectUtils;
 import org.springframework.util.StringUtils;
 
+import io.choerodon.core.convertor.ApplicationContextHelper;
 import io.choerodon.core.exception.CommonException;
 import io.choerodon.devops.api.vo.GitConfigVO;
 import io.choerodon.devops.api.vo.GitEnvConfigVO;
@@ -40,10 +41,12 @@
 import io.choerodon.devops.app.service.DevopsEnvironmentService;
 import io.choerodon.devops.infra.dto.DevopsClusterDTO;
 import io.choerodon.devops.infra.dto.DevopsEnvironmentDTO;
+import io.choerodon.devops.infra.dto.gitlab.DeployKeyDTO;
 import io.choerodon.devops.infra.dto.iam.ProjectDTO;
 import io.choerodon.devops.infra.dto.iam.Tenant;
 import io.choerodon.devops.infra.enums.EnvironmentType;
 import io.choerodon.devops.infra.feign.operator.BaseServiceClientOperator;
+import io.choerodon.devops.infra.feign.operator.GitlabServiceClientOperator;
 import io.choerodon.devops.infra.mapper.DevopsClusterMapper;
 
 /**
@@ -75,7 +78,8 @@ public class GitUtil {
     private String gitlabSshUrl;
     @Value("${services.gitlab.internalsshUrl:}")
     private String gitlabInternalsshUrl;
-
+    @Autowired
+    private GitlabServiceClientOperator gitlabServiceClientOperator;
 
     public String getSshUrl() {
         if (org.apache.commons.lang3.StringUtils.isNotBlank(gitlabInternalsshUrl)) {
@@ -702,7 +706,7 @@ public String cloneAppMarket(String name, String commit, String remoteUrl, Strin
      * @param sha     要打tag的散列值
      * @throws CommonException push error
      */
-    public static void createTagAndPush(Git git, String sshKey, String tagName, String sha) {
+    public static void createTagAndPush(DevopsEnvironmentDTO devopsEnvironmentDTO, Git git, String sshKey, String tagName, String sha) {
         try {
             // 创建之前删除，保证本地不存在要创建的tag
             deleteTag(git, tagName);
@@ -715,7 +719,71 @@ public static void createTagAndPush(Git git, String sshKey, String tagName, Stri
             pushCommand.add(tagName);
             pushCommand.setRemote("origin");
             pushCommand.setForce(true);
-            pushCommand.setTransportConfigCallback(getTransportConfigCallback(sshKey)).call();
+            Iterable<PushResult> call = pushCommand.setTransportConfigCallback(getTransportConfigCallback(sshKey)).call();
+            Iterator<PushResult> iterator = call.iterator();
+            while (iterator.hasNext()) {
+                PushResult pushResult = iterator.next();
+                RemoteRefUpdate remoteUpdate = pushResult.getRemoteUpdate("refs/tags/devops-sync");
+                if (!remoteUpdate.getStatus().name().equals("OK")) {
+                    // 尝试刷新公钥，然后再重新推一次tag
+                    Integer gitlabAdminUserId = GitUserNameUtil.getAdminId();
+                    List<DeployKeyDTO> deployKeyDTOS = ApplicationContextHelper.getContext().getBean(GitlabServiceClientOperator.class).listDeployKey(devopsEnvironmentDTO.getGitlabEnvProjectId().intValue(), gitlabAdminUserId);
+                    deployKeyDTOS.forEach(key -> {
+                        if (key.getTitle().equals(devopsEnvironmentDTO.getCode())) {
+                            ApplicationContextHelper.getContext().getBean(GitlabServiceClientOperator.class).deleteDeployKey(devopsEnvironmentDTO.getGitlabEnvProjectId().intValue(), gitlabAdminUserId, key.getId());
+                        }
+                    });
+                    // 以管理员身份创建deploy key
+                    ApplicationContextHelper.getContext().getBean(GitlabServiceClientOperator.class).createDeployKey(
+                            devopsEnvironmentDTO.getGitlabEnvProjectId().intValue(),
+                            devopsEnvironmentDTO.getCode(),
+                            devopsEnvironmentDTO.getEnvIdRsaPub(),
+                            true,
+                            GitUserNameUtil.getAdminId()
+                    );
+                    // 尝试重新推送一次tag
+                    retryCreateTagAndPush(devopsEnvironmentDTO, git, sshKey, tagName, sha);
+                    break;
+                }
+            }
+        } catch (Exception e) {
+            throw new CommonException("create tag fail", e);
+        }
+    }
+
+
+    /**
+     * 重新尝试本地创建tag并推送远程仓库
+     *
+     * @param git     git repo
+     * @param sshKey  ssh私钥
+     * @param tagName tag名称
+     * @param sha     要打tag的散列值
+     * @throws CommonException push error
+     */
+    public static void retryCreateTagAndPush(DevopsEnvironmentDTO devopsEnvironmentDTO, Git git, String sshKey, String tagName, String sha) {
+        try {
+            // 创建之前删除，保证本地不存在要创建的tag
+            deleteTag(git, tagName);
+            Repository repository = git.getRepository();
+            ObjectId id = repository.resolve(sha);
+            RevWalk walk = new RevWalk(repository);
+            RevCommit commit = walk.parseCommit(id);
+            git.tag().setObjectId(commit).setName(tagName).call();
+            PushCommand pushCommand = git.push();
+            pushCommand.add(tagName);
+            pushCommand.setRemote("origin");
+            pushCommand.setForce(true);
+            Iterable<PushResult> call = pushCommand.setTransportConfigCallback(getTransportConfigCallback(sshKey)).call();
+            Iterator<PushResult> iterator = call.iterator();
+            while (iterator.hasNext()) {
+                PushResult pushResult = iterator.next();
+                RemoteRefUpdate remoteUpdate = pushResult.getRemoteUpdate("refs/tags/devops-sync");
+                if (!remoteUpdate.getStatus().name().equals("OK")) {
+                    LOGGER.info("failed to push devops-sync tag of env:{}, id :{} ,err code :{}", devopsEnvironmentDTO.getCode(), devopsEnvironmentDTO.getId(), remoteUpdate.getStatus().name());
+                    throw new CommonException(remoteUpdate.getStatus().name());
+                }
+            }
         } catch (Exception e) {
             throw new CommonException("create tag fail", e);
         }
@@ -771,9 +839,9 @@ public static void deleteTag(Git git, String tagName) {
      * @param tagName tag名称
      * @param sha     要打tag的commit的散列值
      */
-    public static void pushTag(Git git, String sshKey, String tagName, String sha) {
+    public static void pushTag(DevopsEnvironmentDTO devopsEnvironmentDTO, Git git, String sshKey, String tagName, String sha) {
         deleteTag(git, tagName);
-        createTagAndPush(git, sshKey, tagName, sha);
+        createTagAndPush(devopsEnvironmentDTO, git, sshKey, tagName, sha);
     }
 
     /**

src/main/resources/messages/messages_en_US.properties

@@ -924,3 +924,4 @@ error.load.host.upgrade.sh=Failed to read the host upgrade command template.
 error.host.app.name.length=The application name length should be in 0 to 128
 error.host.app.code.length=The application code length should be in 0 to 128
 error.middleware.code.exists=code exists
+devops.gitlab.project.deployKey.delete=Failed to delete gitlab project deployKey

src/main/resources/messages/messages_zh_CN.properties

@@ -920,4 +920,5 @@ error.load.host.upgrade.sh=读取主机升级命令模版失败
 error.host.app.name.length=应用名称长度应该在0～128
 error.host.app.code.length=应用code长度应该在0～64
 error.middleware.code.exists=编码已存在
-error.key-encrypt.decrypt.abnormal_content=页面失效，请重新访问首页进入 
+error.key-encrypt.decrypt.abnormal_content=页面失效，请重新访问首页进入 
+devops.gitlab.project.deployKey.delete=删除gitlab项目的deploy key失败