merge from master (#1260)

* bundler update

* merge from master 31.10.22

* usr/group update

* ship:docker

Author: GbArc

.travis.yml

@@ -21,8 +21,6 @@ env:
     - CI_NODE_INDEX=1
     - CI_NODE_INDEX=2
 
-cache: bundler
-
 services:
   - redis-server
 

Dockerfile

@@ -3,30 +3,40 @@ FROM ruby:2.7.5-slim
 LABEL maintainer Travis CI GmbH <[email protected]>
 
 RUN ( \
-   bundle config set no-cache 'true'; \
+   mkdir -p /app/vendor /app/cache; \
+   groupadd -r travis -g 1000 && \
+   useradd -u 1000 -r -g travis -s /bin/sh -c "travis user" -d "/app" travis;\
+   chown -R travis:travis /app; \
+   apt-get update ; \
+   apt-get upgrade -y ; \
+   apt-get install -y --no-install-recommends git make gcc g++ libpq-dev libjemalloc-dev xz-utils \
+   && rm -rf /var/lib/apt/lists/*; \
+   gem update --system; \
+   bundle config set app_config /app; \
+   bundle config set cache_path /app; \
    bundle config --global frozen 1; \
    bundle config set deployment 'true'; \
-   mkdir -p /app; \
+   chown -R travis:travis /usr/local/bundle; \
 )
 
+
+
 WORKDIR /app
 
+USER travis
 COPY Gemfile*      /app/
-
 RUN ( \
-   apt-get update ; \
-   apt-get upgrade -y ; \
-   apt-get install -y --no-install-recommends git make gcc g++ libpq-dev libjemalloc-dev \
-   && rm -rf /var/lib/apt/lists/* \
-   gem install bundler -v '2.3.6'; \
    bundle config set without 'development test'; \
    bundler install --verbose --retry=3; \
    bundle config set frozen true; \
-   apt-get remove -y gcc g++ make git perl && apt-get -y autoremove; \
+   )
+USER root
+RUN ( apt-get remove -y gcc g++ make git perl xz-utils && apt-get -y autoremove; \
    bundle clean && rm -rf /app/vendor/bundle/ruby/2.7.0/cache/*; \
    for i in `find /app/vendor/ -name \*.o -o -name \*.c -o -name \*.h`; do rm -f $i; done; \
 )
 
+USER travis
 ENV LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2
 
 COPY . /app

Gemfile.lock

@@ -527,4 +527,4 @@ RUBY VERSION
    ruby 2.7.5p203
 
 BUNDLED WITH
-   2.3.7
+   2.3.24

README.md

@@ -4,6 +4,8 @@
 
 https://api.travis-ci.org
 
+## WARNING!!!!!
+Master branch is designed for .com only. If you would like to deploy changes for .org please use org-only branch
 ## Requirements
 
 You will need the following packages to get travis-api to work:

lib/travis.rb

@@ -31,6 +31,8 @@ class GithubApiError    < StandardError; end
   class AdminMissing      < StandardError; end
   class RepositoryMissing < StandardError; end
   class LogAlreadyRemoved < StandardError; end
+  class LogExpired        < StandardError; end
+  class LogAccessDenied   < StandardError; end
   class AuthorizationDenied < StandardError; end
   class JobUnfinished     < StandardError; end
 

lib/travis/api/app/endpoint.rb

@@ -120,6 +120,7 @@ def endpoint(link, query_values = {})
 require 'travis/api/app/endpoint/branches'
 require 'travis/api/app/endpoint/broadcasts'
 require 'travis/api/app/endpoint/builds'
+require 'travis/api/app/endpoint/build_backups'
 require 'travis/api/app/endpoint/documentation'
 require 'travis/api/app/endpoint/endpoints'
 require 'travis/api/app/endpoint/env_vars'

lib/travis/api/app/endpoint/authorization.rb

@@ -106,7 +106,6 @@ class Authorization < Endpoint
       get '/handshake/?:provider?' do
         method = org? ? :handshake : :vcs_handshake
         params[:provider] ||= 'github'
-
         send(method) do |user, token, redirect_uri|
           if target_ok? redirect_uri
             content_type :html
@@ -128,6 +127,21 @@ class Authorization < Endpoint
         halt 401, 'could not resolve github token'
       end
 
+      get '/confirm_user/:token' do
+        content_type :json
+        Travis::RemoteVCS::User.new.confirm_user(token: params[:token])
+        { status: 200 }.to_json
+      rescue Travis::RemoteVCS::ResponseError
+        halt 404, 'The token is expired or not found.'
+      end
+
+      get '/request_confirmation/:id' do
+        content_type :json
+        Travis::RemoteVCS::User
+          .new.request_confirmation(id: current_user.id)
+        { status: 200 }.to_json
+      end
+
       private
 
         # update first login date if not set
@@ -166,7 +180,8 @@ def handshake
           if params[:code]
             unless state_ok?(params[:state])
               log_with_request_id("[handshake] Handshake failed (state mismatch)")
-              halt 400, 'state mismatch'
+              handle_invalid_response
+              return
             end
 
             endpoint.path          = config[:access_token_path]
@@ -196,7 +211,8 @@ def remote_vcs_user
         def vcs_handshake
           if params[:code]
             unless state_ok?(params[:state], params[:provider])
-              halt 400, 'state mismatch'
+              handle_invalid_response
+              return
             end
 
             vcs_data = remote_vcs_user.authenticate(
@@ -210,7 +226,9 @@ def vcs_handshake
               return
             end
 
-            yield serialize_user(User.find(vcs_data['user']['id'])), vcs_data['token'], payload(params[:provider])
+            user = User.find(vcs_data['user']['id'])
+            update_first_login(user)
+            yield serialize_user(user), vcs_data['token'], payload(params[:provider])
           else
             state = vcs_create_state(params[:origin] || params[:redirect_uri])
 
@@ -259,6 +277,18 @@ def cookie_name(provider = :github)
 
         # VCS HANDSHAKE END
 
+        def clear_state_cookies
+          response.delete_cookie cookie_name(:github)
+          response.delete_cookie cookie_name(:gitlab)
+          response.delete_cookie cookie_name(:bitbucket)
+          response.delete_cookie cookie_name(:assembla)
+        end
+
+        def handle_invalid_response
+          clear_state_cookies
+          redirect to("https://#{Travis.config.host}/")
+        end
+
         def create_state
           state = SecureRandom.urlsafe_base64(16)
           redis.sadd('github:states', state)

lib/travis/api/app/endpoint/build_backups.rb

@@ -0,0 +1,18 @@
+require 'travis/api/app'
+require 'travis/api/app/responders/base'
+
+class Travis::Api::App
+  class Endpoint
+    class BuildBackups < Endpoint
+      include Helpers::Accept
+
+      before { authenticate_by_mode! }
+
+      get '/' do
+        prefer_follower do
+          respond_with service(:find_build_backups, params)
+        end
+      end
+    end
+  end
+end

lib/travis/api/app/endpoint/env_vars.rb

@@ -27,6 +27,7 @@ def update
           respond_with(record, type: :validation_error, version: :v2)
         end
       end
+
     end
   end
 end

lib/travis/api/app/endpoint/jobs.rb

@@ -93,16 +93,7 @@ class Jobs < Endpoint
           # the way we use responders makes it hard to validate proper format
           # automatically here, so we need to check it explicitly
           if accepts?('text/plain')
-            archived_log_path = resource.archived_url
-
-            if params[:cors_hax]
-              status 204
-              headers['Access-Control-Expose-Headers'] = 'Location'
-              headers['Location'] = archived_log_path
-              attach_log_token if job.try(:private?)
-            else
-              redirect archived_log_path, 307
-            end
+            respond_with resource.archived_log_content
           elsif accepts?('application/json')
             attach_log_token if job.try(:private?)
             respond_with resource.as_json