refactor/nullable repo key

api/projects/keys.go

@@ -160,7 +160,7 @@ func (c *KeyController) UpdateKey(w http.ResponseWriter, r *http.Request) {
 	}
 
 	for _, repo := range repos {
-		if repo.SSHKeyID != key.ID {
+		if repo.SSHKeyID == nil || *repo.SSHKeyID != key.ID {
 			continue
 		}
 		err = repo.ClearCache()

api/projects/projects.go

@@ -102,7 +102,7 @@ func (c *ProjectsController) createDemoProject(projectID int, noneKeyID int, emp
 		ProjectID: projectID,
 		GitURL:    "https://github.com/semaphoreui/semaphore-demo.git",
 		GitBranch: "main",
-		SSHKeyID:  noneKeyID,
+		SSHKeyID:  nil,
 	})
 
 	if err != nil {
@@ -149,15 +149,15 @@ func (c *ProjectsController) createDemoProject(projectID int, noneKeyID int, emp
 
 	desc = "Pings the website to provide a real-world example of using Semaphore."
 	_, err = store.CreateTemplate(db.Template{
-		Name:          "Ping semaphoreui.com",
-		Playbook:      "ping.yml",
-		Description:   &desc,
-		ProjectID:     projectID,
-		InventoryID:   &prodInv.ID,
+		Name:           "Ping semaphoreui.com",
+		Playbook:       "ping.yml",
+		Description:    &desc,
+		ProjectID:      projectID,
+		InventoryID:    &prodInv.ID,
 		EnvironmentIDs: []int{emptyEnvID},
-		RepositoryID:  demoRepo.ID,
-		App:           db.AppAnsible,
-		ViewID:        &toolsView.ID,
+		RepositoryID:   demoRepo.ID,
+		App:            db.AppAnsible,
+		ViewID:         &toolsView.ID,
 	})
 
 	if err != nil {
@@ -168,16 +168,16 @@ func (c *ProjectsController) createDemoProject(projectID int, noneKeyID int, emp
 
 	var startVersion = "1.0.0"
 	buildTpl, err := store.CreateTemplate(db.Template{
-		Name:          "Build demo app",
-		Playbook:      "build.yml",
-		Type:          db.TemplateBuild,
-		ProjectID:     projectID,
-		InventoryID:   &buildInv.ID,
+		Name:           "Build demo app",
+		Playbook:       "build.yml",
+		Type:           db.TemplateBuild,
+		ProjectID:      projectID,
+		InventoryID:    &buildInv.ID,
 		EnvironmentIDs: []int{emptyEnvID},
-		RepositoryID:  demoRepo.ID,
-		StartVersion:  &startVersion,
-		App:           db.AppAnsible,
-		ViewID:        &buildView.ID,
+		RepositoryID:   demoRepo.ID,
+		StartVersion:   &startVersion,
+		App:            db.AppAnsible,
+		ViewID:         &buildView.ID,
 	})
 
 	if err != nil {

api/runners/runners.go

@@ -207,8 +207,8 @@ func (c *RunnerController) GetRunner(w http.ResponseWriter, r *http.Request) {
 				}
 			}
 
-			if tsk.Inventory.RepositoryID != nil {
-				err := c.encryptionService.DeserializeSecret(&tsk.Inventory.Repository.SSHKey)
+			if tsk.Inventory.RepositoryID != nil && tsk.Inventory.Repository.SSHKeyID != nil {
+				err := c.encryptionService.DeserializeSecret(tsk.Inventory.Repository.SSHKey)
 				if err != nil {
 					log.WithFields(log.Fields{
 						"runner_id":     runner.ID,
@@ -220,10 +220,12 @@ func (c *RunnerController) GetRunner(w http.ResponseWriter, r *http.Request) {
 					helpers.WriteError(w, err)
 					return
 				}
-				data.AccessKeys[tsk.Inventory.Repository.SSHKeyID] = tsk.Inventory.Repository.SSHKey
+				data.AccessKeys[*tsk.Inventory.Repository.SSHKeyID] = *tsk.Inventory.Repository.SSHKey
 			}
 
-			data.AccessKeys[tsk.Repository.SSHKeyID] = tsk.Repository.SSHKey
+			if tsk.Repository.SSHKeyID != nil {
+				data.AccessKeys[*tsk.Repository.SSHKeyID] = *tsk.Repository.SSHKey
+			}
 
 		} else {
 			data.CurrentJobs = append(data.CurrentJobs, runners.JobState{

db/Migration.go

@@ -126,6 +126,7 @@ func GetMigrations(dialect string) []Migration {
 		{Version: "2.18.2"},
 		{Version: "2.18.4"},
 		{Version: "2.18.5"},
+		{Version: "2.18.7"},
 	}
 
 	return append(initScripts, commonScripts...)

db/Repository.go

@@ -27,9 +27,9 @@ type Repository struct {
 	ProjectID int    `db:"project_id" json:"project_id" backup:"-"`
 	GitURL    string `db:"git_url" json:"git_url" binding:"required"`
 	GitBranch string `db:"git_branch" json:"git_branch" binding:"required"`
-	SSHKeyID  int    `db:"ssh_key_id" json:"ssh_key_id" binding:"required" backup:"-"`
+	SSHKeyID  *int   `db:"ssh_key_id" json:"ssh_key_id" binding:"required" backup:"-"`
 
-	SSHKey AccessKey `db:"-" json:"-" backup:"-"`
+	SSHKey *AccessKey `db:"-" json:"-" backup:"-"`
 }
 
 func (r Repository) ClearCache() error {

db/Repository_test.go

@@ -47,7 +47,7 @@ func TestRepository_GetGitURL(t *testing.T) {
 		ExpectedGitUrl string
 	}{
 		{
-			Repository: Repository{GitURL: "https://github.com/user/project.git", SSHKey: AccessKey{
+			Repository: Repository{GitURL: "https://github.com/user/project.git", SSHKey: &AccessKey{
 				Type: AccessKeyLoginPassword,
 				LoginPassword: LoginPassword{
 					Login:    "login",
@@ -58,7 +58,7 @@ func TestRepository_GetGitURL(t *testing.T) {
 			ExpectedGitUrl: "https://login:password@github.com/user/project.git",
 		},
 		{
-			Repository: Repository{GitURL: "https://github.com/user/project.git", SSHKey: AccessKey{
+			Repository: Repository{GitURL: "https://github.com/user/project.git", SSHKey: &AccessKey{
 				Type: AccessKeyLoginPassword,
 				LoginPassword: LoginPassword{
 					Password: "password",

db/Store.go

@@ -790,7 +790,11 @@ func StoreSession(store Store, token string, callback func()) {
 }
 
 func ValidateRepository(store Store, repo *Repository) (err error) {
-	_, err = store.GetAccessKey(repo.ProjectID, repo.SSHKeyID)
+	if repo.SSHKeyID == nil {
+		return
+	}
+
+	_, err = store.GetAccessKey(repo.ProjectID, *repo.SSHKeyID)
 
 	return
 }

db/bolt/repository.go

@@ -9,7 +9,12 @@ func (d *BoltDb) GetRepository(projectID int, repositoryID int) (repository db.R
 	if err != nil {
 		return
 	}
-	repository.SSHKey, err = d.GetAccessKey(projectID, repository.SSHKeyID)
+
+	if repository.SSHKeyID != nil {
+		var k db.AccessKey
+		k, err = d.GetAccessKey(projectID, *repository.SSHKeyID)
+		repository.SSHKey = &k
+	}
 	return
 }
 

db/sql/migration.go

@@ -190,6 +190,13 @@ func (d *SqlDb) ApplyMigration(migration db.Migration) error {
 		}
 	}
 
+	if d.GetDialect() == util.DbDriverSQLite {
+		_, err = d.Sql().Exec("PRAGMA foreign_keys = OFF")
+		if err != nil {
+			panic(err)
+		}
+	}
+
 	tx, err := d.Sql().Begin()
 	if err != nil {
 		return err
@@ -249,7 +256,16 @@ func (d *SqlDb) ApplyMigration(migration db.Migration) error {
 
 	fmt.Println()
 
-	return tx.Commit()
+	res := tx.Commit()
+
+	if d.GetDialect() == util.DbDriverSQLite {
+		_, err = d.Sql().Exec("PRAGMA foreign_keys = ON")
+		if err != nil {
+			panic(err)
+		}
+	}
+
+	return res
 }
 
 // TryRollbackMigration attempts to rollback the database to an earlier version if a rollback exists

db/sql/migrations/v.2.18.7.err.sql

@@ -0,0 +1 @@
+-- do nothing

db/sql/migrations/v2.18.7.sql

@@ -0,0 +1,31 @@
+{{if .Sqlite}}
+create table project__repository_dg_tmp
+(
+    id         INTEGER
+        primary key autoincrement,
+    project_id INTEGER                 not null
+        references project
+            on delete cascade,
+    git_url    TEXT                    not null,
+    ssh_key_id INTEGER
+        references access_key,
+    name       VARCHAR(255),
+    git_branch VARCHAR(255) default '' not null
+);
+
+insert into project__repository_dg_tmp(id, project_id, git_url, ssh_key_id, name, git_branch)
+select id, project_id, git_url, ssh_key_id, name, git_branch
+from project__repository;
+
+drop table project__repository;
+
+alter table project__repository_dg_tmp rename to project__repository;
+
+create index project__repository__project_id on project__repository (project_id);
+
+create index project__repository__ssh_key_id on project__repository (ssh_key_id);
+{{else if .Mysql}}
+alter table project__repository modify ssh_key_id int null;
+{{else if .Postgresql}}
+alter table public.project__repository alter column ssh_key_id drop not null;
+{{end}}

db/sql/repository.go

@@ -13,7 +13,11 @@ func (d *SqlDb) GetRepository(projectID int, repositoryID int) (db.Repository, e
 		return repository, err
 	}
 
-	repository.SSHKey, err = d.GetAccessKey(projectID, repository.SSHKeyID)
+	if repository.SSHKeyID != nil {
+		var key db.AccessKey
+		key, err = d.GetAccessKey(projectID, *repository.SSHKeyID)
+		repository.SSHKey = &key
+	}
 
 	return repository, err
 }

db_lib/CmdGitClient.go

@@ -61,10 +61,14 @@ func (c CmdGitClient) makeCmd(
 
 func (c CmdGitClient) run(r GitRepository, targetDir GitRepositoryDirType, args ...string) error {
 	var err error
-	keyInstallation, err := c.keyInstaller.Install(r.Repository.SSHKey, db.AccessKeyRoleGit, r.Logger)
+	var keyInstallation ssh.AccessKeyInstallation
 
-	if err != nil {
-		return err
+	if r.Repository.SSHKey != nil {
+		keyInstallation, err = c.keyInstaller.Install(*r.Repository.SSHKey, db.AccessKeyRoleGit, r.Logger)
+
+		if err != nil {
+			return err
+		}
 	}
 
 	defer keyInstallation.Destroy() //nolint: errcheck
@@ -77,9 +81,15 @@ func (c CmdGitClient) run(r GitRepository, targetDir GitRepositoryDirType, args
 }
 
 func (c CmdGitClient) output(r GitRepository, targetDir GitRepositoryDirType, args ...string) (out string, err error) {
-	keyInstallation, err := c.keyInstaller.Install(r.Repository.SSHKey, db.AccessKeyRoleGit, r.Logger)
-	if err != nil {
-		return
+
+	var keyInstallation ssh.AccessKeyInstallation
+
+	if r.Repository.SSHKey != nil {
+		keyInstallation, err = c.keyInstaller.Install(*r.Repository.SSHKey, db.AccessKeyRoleGit, r.Logger)
+
+		if err != nil {
+			return
+		}
 	}
 
 	defer keyInstallation.Destroy() //nolint: errcheck

db_lib/GoGitClient.go

@@ -42,12 +42,14 @@ func (c GoGitClient) getAuthMethod(r GitRepository) (transport.AuthMethod, error
 	switch r.Repository.SSHKey.Type {
 	case db.AccessKeySSH:
 
-		install, err := c.keyInstaller.Install(r.Repository.SSHKey, db.AccessKeyRoleGit, r.Logger)
-		if err != nil {
-			return nil, err
-		}
+		if r.Repository.SSHKey != nil {
+			install, err := c.keyInstaller.Install(*r.Repository.SSHKey, db.AccessKeyRoleGit, r.Logger)
+			if err != nil {
+				return nil, err
+			}
 
-		defer install.Destroy()
+			defer install.Destroy()
+		}
 
 		var sshKeyBuff = r.Repository.SSHKey.SshKey.PrivateKey
 

services/export/Repository.go

@@ -45,9 +45,13 @@ func (e *RepositoryExporter) restoreValue(val EntityObject[db.Repository], store
 		return err
 	}
 
-	old.SSHKeyID, err = exporter.getNewKeyInt(AccessKey, val.scope, old.SSHKeyID)
-	if err != nil {
-		return err
+	if old.SSHKeyID != nil {
+		var k int
+		k, err = exporter.getNewKeyInt(AccessKey, val.scope, *old.SSHKeyID)
+		if err != nil {
+			return err
+		}
+		old.SSHKeyID = &k
 	}
 
 	newObj, err := store.CreateRepository(old)

services/project/backup.go

@@ -352,10 +352,13 @@ func (b *BackupDB) format() (*BackupFormat, error) {
 
 	repositories := make([]BackupRepository, len(b.repositories))
 	for i, o := range b.repositories {
-		SSHKey, _ := findNameByID[db.AccessKey](o.SSHKeyID, b.keys)
+		var key *string
+		if o.SSHKeyID != nil {
+			key, _ = findNameByID[db.AccessKey](*o.SSHKeyID, b.keys)
+		}
 		repositories[i] = BackupRepository{
 			Repository: o,
-			SSHKey:     SSHKey,
+			SSHKey:     key,
 		}
 	}
 

services/project/backup_test.go

@@ -35,7 +35,7 @@ func TestBackupProject(t *testing.T) {
 
 	repo, err := store.CreateRepository(db.Repository{
 		ProjectID: proj.ID,
-		SSHKeyID:  key.ID,
+		SSHKeyID:  &key.ID,
 		Name:      "Test",
 		GitURL:    "git@example.com:test/test",
 		GitBranch: "master",

services/project/restore.go

@@ -218,11 +218,14 @@ func (e BackupRepository) Verify(backup *BackupFormat) error {
 }
 
 func (e BackupRepository) Restore(store db.Store, b *BackupDB) error {
-	var SSHKeyID int
-	if k := findEntityByName[db.AccessKey](e.SSHKey, b.keys); k == nil {
-		return fmt.Errorf("SSHKey does not exist in keys[].Name")
-	} else {
-		SSHKeyID = (*k).ID
+	var SSHKeyID *int
+
+	if e.SSHKey != nil {
+		if k := findEntityByName[db.AccessKey](e.SSHKey, b.keys); k == nil {
+			return fmt.Errorf("SSHKey does not exist in keys[].Name")
+		} else {
+			SSHKeyID = &(*k).ID
+		}
 	}
 
 	repo := e.Repository

services/runners/job_pool.go

@@ -679,7 +679,10 @@ func (p *JobPool) checkNewJobs() {
 			},
 		}
 
-		taskRunner.job.Repository.SSHKey = response.AccessKeys[taskRunner.job.Repository.SSHKeyID]
+		if taskRunner.job.Repository.SSHKeyID != nil {
+			k := response.AccessKeys[*taskRunner.job.Repository.SSHKeyID]
+			taskRunner.job.Repository.SSHKey = &k
+		}
 
 		if taskRunner.job.Inventory.SSHKeyID != nil {
 			taskRunner.job.Inventory.SSHKey = response.AccessKeys[*taskRunner.job.Inventory.SSHKeyID]
@@ -702,8 +705,9 @@ func (p *JobPool) checkNewJobs() {
 		}
 		taskRunner.job.Template.Vaults = vaults
 
-		if taskRunner.job.Inventory.RepositoryID != nil {
-			taskRunner.job.Inventory.Repository.SSHKey = response.AccessKeys[taskRunner.job.Inventory.Repository.SSHKeyID]
+		if taskRunner.job.Inventory.RepositoryID != nil && taskRunner.job.Inventory.Repository.SSHKeyID != nil {
+			k := response.AccessKeys[*taskRunner.job.Inventory.Repository.SSHKeyID]
+			taskRunner.job.Inventory.Repository.SSHKey = &k
 		}
 
 		p.queue = append(p.queue, &taskRunner)

services/schedules/SchedulePool.go

@@ -64,7 +64,9 @@ func (r ScheduleRunner) tryUpdateScheduleCommitHash(schedule db.Schedule) (updat
 		return
 	}
 
-	err = r.pool.encryptionService.DeserializeSecret(&repo.SSHKey)
+	if repo.SSHKey != nil {
+		err = r.pool.encryptionService.DeserializeSecret(repo.SSHKey)
+	}
 	if err != nil {
 		return
 	}