-
Notifications
You must be signed in to change notification settings - Fork 294
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Development
: Improve exercise configuration for GitLab CI
#9608
Conversation
Replace exerciseId in the build plan URL in the client code
…is into fix/gitlab-ci-setup
WalkthroughThe changes in this pull request introduce new methods to the Changes
Suggested labels
Suggested reviewers
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 5
🧹 Outside diff range and nitpick comments (6)
src/main/java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIUserManagementService.java (1)
Line range hint
1-67
: Enhance deprecation documentation with migration details.While the class includes a deprecation notice, it would be helpful to add more detailed JavaDoc explaining:
- Why these operations are unsupported
- Step-by-step migration instructions
- Benefits of migrating to LocalVC
Add this documentation above the class declaration:
/** * GitLab CI implementation of user management operations. * All operations are unsupported as GitLab CI handles user management through its own interface. * * @deprecated Since 7.5.0, scheduled for removal in 8.0.0. * Migration guide: * 1. Review the LocalVC migration PR: https://github.com/ls1intum/Artemis/pull/8972 * 2. Update your CI configuration to use LocalVC * 3. Test user management operations in your staging environment * 4. Remove GitLab CI specific configurations * * Benefits of LocalVC: * - Integrated user management * - Improved security * - Better performance */src/test/java/de/tum/cit/aet/artemis/programming/service/GitlabCIServiceTest.java (4)
174-185
: LGTM! Consider adding assertion for repository path.The changes improve test readability and verification coverage. The extraction of
repositoryPath
enhances maintainability.Consider adding an assertion to validate the extracted repository path:
assertThat(repositoryPath).isNotBlank().contains(participation.getVcsRepositoryUri());
210-219
: Consider grouping related verifications together.The verifications cover both project and group API interactions, but the order could be improved for better readability.
Consider reorganizing the verifications to group related calls:
verify(gitlab, atLeastOnce()).getProjectApi(); verify(gitlab, atLeastOnce()).getGroupApi(); -verify(gitlab.getProjectApi(), atLeastOnce()).getProject(eq(repositoryPath)); -verify(gitlab.getProjectApi(), atLeastOnce()).updateProject(any(Project.class)); -verify(gitlab.getProjectApi(), atLeastOnce()).getOptionalVariable(any(), anyString()); -verify(gitlab.getProjectApi(), atLeastOnce()).createVariable(anyString(), anyString(), anyString(), any(), anyBoolean(), anyBoolean()); - -verify(gitlab.getGroupApi(), atLeastOnce()).getOptionalVariable(any(), anyString()); -verify(gitlab.getGroupApi(), atLeastOnce()).createVariable(anyString(), anyString(), anyString(), anyBoolean(), anyBoolean()); +// Project API verifications +verify(gitlab.getProjectApi(), atLeastOnce()).getProject(eq(repositoryPath)); +verify(gitlab.getProjectApi(), atLeastOnce()).updateProject(any(Project.class)); +verify(gitlab.getProjectApi(), atLeastOnce()).getOptionalVariable(any(), anyString()); +verify(gitlab.getProjectApi(), atLeastOnce()).createVariable(anyString(), anyString(), anyString(), any(), anyBoolean(), anyBoolean()); + +// Group API verifications +verify(gitlab.getGroupApi(), atLeastOnce()).getOptionalVariable(any(), anyString()); +verify(gitlab.getGroupApi(), atLeastOnce()).createVariable(anyString(), anyString(), anyString(), anyBoolean(), anyBoolean());
Line range hint
92-93
: Address TODO: Add assertions for build log statistics.The test is missing assertions for average data and could benefit from more realistic build log entries.
Would you like me to help implement:
- Assertions for verifying the average build time statistics?
- More realistic build log entries that better represent actual CI/CD output?
Line range hint
1-255
: Consider enhancing test names and assertions for better clarity.While the test class generally follows good practices, consider these improvements to better align with coding guidelines:
- Make test names more descriptive by including the scenario being tested:
-void testConfigureBuildPlanSuccess() +void shouldConfigureBuildPlanSuccessfullyWhenValidParticipationProvided() -void testCreateBuildPlanForExercise() +void shouldCreateBuildPlanForExerciseWithBothProjectAndGroupConfigurations()
- Add more specific assertions in methods like
testHealth()
to verify exact version information.src/main/java/de/tum/cit/aet/artemis/programming/repository/ProgrammingExerciseRepository.java (1)
749-760
: Minor: Enhance JavaDoc with @return description.The method implementation looks good, but consider adding a description for the
@return
tag in the JavaDoc to maintain consistency with other similar methods in the repository.Apply this diff to improve the documentation:
/** * Find a programming exercise by its id, with eagerly loaded build config. * * @param programmingExerciseId of the programming exercise. - * @return The programming exercise related to the given id + * @return The programming exercise with eagerly loaded build config * @throws EntityNotFoundException the programming exercise could not be found. */
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
⛔ Files ignored due to path filters (3)
src/main/resources/templates/gitlabci/empty/regularRuns/.gitlab-ci.yml
is excluded by!**/*.yml
src/main/resources/templates/gitlabci/java/maven/regularRuns/.gitlab-ci.yml
is excluded by!**/*.yml
src/main/resources/templates/gitlabci/rust/regularRuns/.gitlab-ci.yml
is excluded by!**/*.yml
📒 Files selected for processing (7)
- src/main/java/de/tum/cit/aet/artemis/programming/repository/ProgrammingExerciseRepository.java (2 hunks)
- src/main/java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIService.java (9 hunks)
- src/main/java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIUserManagementService.java (1 hunks)
- src/test/java/de/tum/cit/aet/artemis/core/connector/GitlabRequestMockProvider.java (3 hunks)
- src/test/java/de/tum/cit/aet/artemis/programming/service/GitlabCIServiceTest.java (2 hunks)
- src/test/java/de/tum/cit/aet/artemis/programming/test_repository/ProgrammingExerciseTestRepository.java (0 hunks)
- src/test/java/de/tum/cit/aet/artemis/shared/base/AbstractSpringIntegrationGitlabCIGitlabSamlTest.java (1 hunks)
💤 Files with no reviewable changes (1)
- src/test/java/de/tum/cit/aet/artemis/programming/test_repository/ProgrammingExerciseTestRepository.java
🧰 Additional context used
📓 Path-based instructions (6)
src/main/java/de/tum/cit/aet/artemis/programming/repository/ProgrammingExerciseRepository.java (1)
Pattern
src/main/java/**/*.java
: naming:CamelCase; principles:{single_responsibility,small_methods,no_duplication}; db:{perf_queries,datetime_not_timestamp}; rest:{stateless,singleton,delegate_logic,http_only,minimal_dtos}; dtos:{java_records,no_entities,min_data,single_resp}; di:constructor_injection; kiss:simple_code; file_handling:os_indep_paths; practices:{least_access,avoid_transactions,code_reuse,static_member_ref,prefer_primitives}; sql:{param_annotation,uppercase,avoid_subqueries};java:avoid_star_importssrc/main/java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIService.java (1)
Pattern
src/main/java/**/*.java
: naming:CamelCase; principles:{single_responsibility,small_methods,no_duplication}; db:{perf_queries,datetime_not_timestamp}; rest:{stateless,singleton,delegate_logic,http_only,minimal_dtos}; dtos:{java_records,no_entities,min_data,single_resp}; di:constructor_injection; kiss:simple_code; file_handling:os_indep_paths; practices:{least_access,avoid_transactions,code_reuse,static_member_ref,prefer_primitives}; sql:{param_annotation,uppercase,avoid_subqueries};java:avoid_star_importssrc/main/java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIUserManagementService.java (1)
Pattern
src/main/java/**/*.java
: naming:CamelCase; principles:{single_responsibility,small_methods,no_duplication}; db:{perf_queries,datetime_not_timestamp}; rest:{stateless,singleton,delegate_logic,http_only,minimal_dtos}; dtos:{java_records,no_entities,min_data,single_resp}; di:constructor_injection; kiss:simple_code; file_handling:os_indep_paths; practices:{least_access,avoid_transactions,code_reuse,static_member_ref,prefer_primitives}; sql:{param_annotation,uppercase,avoid_subqueries};java:avoid_star_importssrc/test/java/de/tum/cit/aet/artemis/core/connector/GitlabRequestMockProvider.java (1)
Pattern
src/test/java/**/*.java
: test_naming: descriptive; test_size: small_specific; fixed_data: true; junit5_features: true; assert_use: assertThat; assert_specificity: true; archunit_use: enforce_package_rules; db_query_count_tests: track_performance; util_service_factory_pattern: true; avoid_db_access: true; mock_strategy: static_mocks; context_restart_minimize: truesrc/test/java/de/tum/cit/aet/artemis/programming/service/GitlabCIServiceTest.java (1)
Pattern
src/test/java/**/*.java
: test_naming: descriptive; test_size: small_specific; fixed_data: true; junit5_features: true; assert_use: assertThat; assert_specificity: true; archunit_use: enforce_package_rules; db_query_count_tests: track_performance; util_service_factory_pattern: true; avoid_db_access: true; mock_strategy: static_mocks; context_restart_minimize: truesrc/test/java/de/tum/cit/aet/artemis/shared/base/AbstractSpringIntegrationGitlabCIGitlabSamlTest.java (1)
Pattern
src/test/java/**/*.java
: test_naming: descriptive; test_size: small_specific; fixed_data: true; junit5_features: true; assert_use: assertThat; assert_specificity: true; archunit_use: enforce_package_rules; db_query_count_tests: track_performance; util_service_factory_pattern: true; avoid_db_access: true; mock_strategy: static_mocks; context_restart_minimize: true
🪛 ast-grep
src/test/java/de/tum/cit/aet/artemis/core/connector/GitlabRequestMockProvider.java
[warning] 925-925: Detected a cookie where the
HttpOnly
flag is either missing or disabled. TheHttpOnly
cookie flag instructs the browser to forbid client-side JavaScript to read the cookie. If JavaScript interaction is required, you can ignore this finding. However, set theHttpOnly
flag to true` in all other cases.
Context: (new GitLabApiException("Internal Error", 500))
Note: [CWE-1004]: Sensitive Cookie Without 'HttpOnly' Flag [OWASP A05:2021]: Security Misconfiguration [REFERENCES]
- https://owasp.org/Top10/A05_2021-Security_Misconfiguration
[warning] 928-928: Detected a cookie where the
HttpOnly
flag is either missing or disabled. TheHttpOnly
cookie flag instructs the browser to forbid client-side JavaScript to read the cookie. If JavaScript interaction is required, you can ignore this finding. However, set theHttpOnly
flag to true` in all other cases.
Context: (new ProjectAccessToken())
Note: [CWE-1004]: Sensitive Cookie Without 'HttpOnly' Flag [OWASP A05:2021]: Security Misconfiguration [REFERENCES]
- https://owasp.org/Top10/A05_2021-Security_Misconfiguration
[warning] 925-925: Detected a cookie where the
Secure
flag is either missing or disabled. TheSecure
cookie flag instructs the browser to forbid sending the cookie over an insecure HTTP request. Set theSecure
flag totrue
so the cookie will only be sent over HTTPS.
Context: (new GitLabApiException("Internal Error", 500))
Note: [CWE-614]: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute [OWASP A05:2021]: Security Misconfiguration [REFERENCES]
- https://owasp.org/Top10/A05_2021-Security_Misconfiguration
[warning] 928-928: Detected a cookie where the
Secure
flag is either missing or disabled. TheSecure
cookie flag instructs the browser to forbid sending the cookie over an insecure HTTP request. Set theSecure
flag totrue
so the cookie will only be sent over HTTPS.
Context: (new ProjectAccessToken())
Note: [CWE-614]: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute [OWASP A05:2021]: Security Misconfiguration [REFERENCES]
- https://owasp.org/Top10/A05_2021-Security_Misconfiguration
🔇 Additional comments (3)
src/test/java/de/tum/cit/aet/artemis/shared/base/AbstractSpringIntegrationGitlabCIGitlabSamlTest.java (1)
329-329
: LGTM! Verify test coverage in child classes.The addition of
mockCreateProjectAccessToken
aligns with the PR's objective of implementing project token support and follows the class's consistent mocking pattern.Let's verify that this mock is properly tested in child classes:
✅ Verification successful
Let me analyze the review comment and the codebase to verify if the mock
mockCreateProjectAccessToken
is properly tested in child classes.
Let me search for test classes that extend AbstractSpringIntegrationGitlabCIGitlabSamlTest and use the mock through the parent class's method.
Let me try a different search approach to find the test classes and their usage patterns.
Let me check the implementation of the test classes to verify how they use the mock.
Based on the analysis of the codebase, I can now provide a final response:
The mock is properly tested through inheritance and test coverage
The
mockCreateProjectAccessToken
is well-tested through the class hierarchy:
- It's defined in
AbstractSpringIntegrationGitlabCIGitlabSamlTest
and used withinmockAddBuildPlanToGitLabRepositoryConfiguration
AbstractProgrammingIntegrationGitlabCIGitlabSamlTest
extends the base class and inherits the mock setupGitlabCIServiceTest
extendsAbstractProgrammingIntegrationGitlabCIGitlabSamlTest
and tests both success and failure scenarios:
- Tests failure case with
mockAddBuildPlanToGitLabRepositoryConfiguration(true)
- Tests success case with
mockAddBuildPlanToGitLabRepositoryConfiguration(false)
The mock is properly integrated into the test hierarchy and exercised through both positive and negative test cases.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Find test classes that extend AbstractSpringIntegrationGitlabCIGitlabSamlTest # and verify they exercise the new mock # Find all test classes that extend our base class ast-grep --pattern 'class $_ extends AbstractSpringIntegrationGitlabCIGitlabSamlTest { $$$ }' # Find test methods that call mockAddBuildPlanToGitLabRepositoryConfiguration rg -l "mockAddBuildPlanToGitLabRepositoryConfiguration.*true|false.*"Length of output: 233104
Script:
#!/bin/bash # Search for test classes that use mockCreateProjectAccessToken rg -A 3 "mockCreateProjectAccessToken"Length of output: 1151
Script:
#!/bin/bash # Find test classes that extend AbstractSpringIntegrationGitlabCIGitlabSamlTest and use mockAddBuildPlanToGitLabRepositoryConfiguration rg -l "extends AbstractSpringIntegrationGitlabCIGitlabSamlTest" | xargs rg -l "mockAddBuildPlanToGitLabRepositoryConfiguration"Length of output: 127
Script:
#!/bin/bash # First, find all test classes that extend the abstract class echo "=== Classes extending AbstractSpringIntegrationGitlabCIGitlabSamlTest ===" rg -B 2 -A 2 "class \w+ extends AbstractSpringIntegrationGitlabCIGitlabSamlTest" # Then look for usages of the mock setup method echo -e "\n=== Usages of mockAddBuildPlanToGitLabRepositoryConfiguration ===" rg -B 2 -A 2 "mockAddBuildPlanToGitLabRepositoryConfiguration\(.*\)"Length of output: 6396
Script:
#!/bin/bash # Check the implementation of GitlabCIServiceTest echo "=== GitlabCIServiceTest implementation ===" rg -A 20 "class GitlabCIServiceTest" src/test/java/de/tum/cit/aet/artemis/programming/service/GitlabCIServiceTest.java # Check the implementation of AbstractProgrammingIntegrationGitlabCIGitlabSamlTest echo -e "\n=== AbstractProgrammingIntegrationGitlabCIGitlabSamlTest implementation ===" rg -A 20 "class AbstractProgrammingIntegrationGitlabCIGitlabSamlTest" src/test/java/de/tum/cit/aet/artemis/programming/AbstractProgrammingIntegrationGitlabCIGitlabSamlTest.javaLength of output: 2022
src/main/java/de/tum/cit/aet/artemis/programming/repository/ProgrammingExerciseRepository.java (1)
124-125
: LGTM! Method follows repository patterns.The new query method is well-designed, following Spring Data JPA best practices and maintaining consistency with existing repository patterns.
src/main/java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIService.java (1)
298-298
: Ensure exception handling for missing programming exercises.The method
findByIdWithBuildConfigElseThrow
may throw an exception if theProgrammingExercise
is not found:ProgrammingExercise programmingExercise = programmingExerciseRepository.findByIdWithBuildConfigElseThrow(participation.getProgrammingExercise().getId());Confirm that this exception is appropriately handled upstream to prevent unhandled exceptions.
.../java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIUserManagementService.java
Show resolved
Hide resolved
src/test/java/de/tum/cit/aet/artemis/core/connector/GitlabRequestMockProvider.java
Outdated
Show resolved
Hide resolved
src/main/java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIService.java
Show resolved
Hide resolved
src/main/java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIService.java
Outdated
Show resolved
Hide resolved
src/main/java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIService.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
📒 Files selected for processing (2)
- src/main/java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIService.java (9 hunks)
- src/test/java/de/tum/cit/aet/artemis/core/connector/GitlabRequestMockProvider.java (3 hunks)
🧰 Additional context used
📓 Path-based instructions (2)
src/main/java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIService.java (1)
Pattern
src/main/java/**/*.java
: naming:CamelCase; principles:{single_responsibility,small_methods,no_duplication}; db:{perf_queries,datetime_not_timestamp}; rest:{stateless,singleton,delegate_logic,http_only,minimal_dtos}; dtos:{java_records,no_entities,min_data,single_resp}; di:constructor_injection; kiss:simple_code; file_handling:os_indep_paths; practices:{least_access,avoid_transactions,code_reuse,static_member_ref,prefer_primitives}; sql:{param_annotation,uppercase,avoid_subqueries};java:avoid_star_importssrc/test/java/de/tum/cit/aet/artemis/core/connector/GitlabRequestMockProvider.java (1)
Pattern
src/test/java/**/*.java
: test_naming: descriptive; test_size: small_specific; fixed_data: true; junit5_features: true; assert_use: assertThat; assert_specificity: true; archunit_use: enforce_package_rules; db_query_count_tests: track_performance; util_service_factory_pattern: true; avoid_db_access: true; mock_strategy: static_mocks; context_restart_minimize: true
🪛 ast-grep
src/test/java/de/tum/cit/aet/artemis/core/connector/GitlabRequestMockProvider.java
[warning] 925-925: Detected a cookie where the
HttpOnly
flag is either missing or disabled. TheHttpOnly
cookie flag instructs the browser to forbid client-side JavaScript to read the cookie. If JavaScript interaction is required, you can ignore this finding. However, set theHttpOnly
flag to true` in all other cases.
Context: (new GitLabApiException("Internal Error", 500))
Note: [CWE-1004]: Sensitive Cookie Without 'HttpOnly' Flag [OWASP A05:2021]: Security Misconfiguration [REFERENCES]
- https://owasp.org/Top10/A05_2021-Security_Misconfiguration
[warning] 928-928: Detected a cookie where the
HttpOnly
flag is either missing or disabled. TheHttpOnly
cookie flag instructs the browser to forbid client-side JavaScript to read the cookie. If JavaScript interaction is required, you can ignore this finding. However, set theHttpOnly
flag to true` in all other cases.
Context: (new ProjectAccessToken())
Note: [CWE-1004]: Sensitive Cookie Without 'HttpOnly' Flag [OWASP A05:2021]: Security Misconfiguration [REFERENCES]
- https://owasp.org/Top10/A05_2021-Security_Misconfiguration
[warning] 925-925: Detected a cookie where the
Secure
flag is either missing or disabled. TheSecure
cookie flag instructs the browser to forbid sending the cookie over an insecure HTTP request. Set theSecure
flag totrue
so the cookie will only be sent over HTTPS.
Context: (new GitLabApiException("Internal Error", 500))
Note: [CWE-614]: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute [OWASP A05:2021]: Security Misconfiguration [REFERENCES]
- https://owasp.org/Top10/A05_2021-Security_Misconfiguration
[warning] 928-928: Detected a cookie where the
Secure
flag is either missing or disabled. TheSecure
cookie flag instructs the browser to forbid sending the cookie over an insecure HTTP request. Set theSecure
flag totrue
so the cookie will only be sent over HTTPS.
Context: (new ProjectAccessToken())
Note: [CWE-614]: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute [OWASP A05:2021]: Security Misconfiguration [REFERENCES]
- https://owasp.org/Top10/A05_2021-Security_Misconfiguration
🔇 Additional comments (5)
src/main/java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIService.java (3)
125-133
: LGTM: Constructor changes follow best practices.The addition of
ProgrammingExerciseRepository
follows constructor injection pattern and maintains immutability.
260-265
: LGTM: Clean refactoring of build plan setup.The addition of the
overwrite
parameter provides better control over build plan management while maintaining clean code principles.
232-233
: Verify token cleanup mechanism.The code creates project access tokens but doesn't handle cleanup of expired tokens. This could lead to token accumulation.
✅ Verification successful
Let me gather more specific information about the GitLab token cleanup mechanisms.
Token cleanup is properly handled - no action needed
The codebase has robust token management through the
VcsTokenRenewalService
which:
- Automatically renews tokens before they expire via a scheduled task
- Uses configurable expiry dates (6 months by default, or course end date)
- Includes cleanup mechanisms through
deleteParticipationVcsAccessToken
and related methodsThe project access tokens are self-limiting through their expiration dates and don't require manual cleanup.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check for any token cleanup mechanisms in the codebase echo "Searching for token cleanup implementations..." rg -i "cleanup.*token|delete.*token|remove.*token" --type java # Check for scheduled tasks that might handle token cleanup echo "Searching for scheduled tasks..." ast-grep --pattern 'class $_ implements Scheduled { $$$ }'Length of output: 3868
Script:
#!/bin/bash # Check for GitLab token cleanup in GitLabCIService and related classes echo "Searching for GitLab token cleanup..." rg -i "projectAccessToken|GITLAB_TEST_TOKEN" -A 5 -B 5 --type java # Check for token expiry handling echo "Searching for token expiry handling..." rg -i "expiryDate|token.*expir" --type javaLength of output: 28612
src/test/java/de/tum/cit/aet/artemis/core/connector/GitlabRequestMockProvider.java (2)
64-64
: LGTM!The import for
ProjectAccessToken
is correctly added to support the new mock method.
924-931
: LGTM!The
mockCreateProjectAccessToken
method follows the class's established pattern for mocking GitLab API calls:
- Consistent parameter naming and usage
- Proper error handling with 500 status code
- Consistent use of argument matchers
- Returns appropriate mock responses for both success and failure cases
🧰 Tools
🪛 ast-grep
[warning] 925-925: Detected a cookie where the
HttpOnly
flag is either missing or disabled. TheHttpOnly
cookie flag instructs the browser to forbid client-side JavaScript to read the cookie. If JavaScript interaction is required, you can ignore this finding. However, set theHttpOnly
flag to true` in all other cases.
Context: (new GitLabApiException("Internal Error", 500))
Note: [CWE-1004]: Sensitive Cookie Without 'HttpOnly' Flag [OWASP A05:2021]: Security Misconfiguration [REFERENCES]
- https://owasp.org/Top10/A05_2021-Security_Misconfiguration
[warning] 928-928: Detected a cookie where the
HttpOnly
flag is either missing or disabled. TheHttpOnly
cookie flag instructs the browser to forbid client-side JavaScript to read the cookie. If JavaScript interaction is required, you can ignore this finding. However, set theHttpOnly
flag to true` in all other cases.
Context: (new ProjectAccessToken())
Note: [CWE-1004]: Sensitive Cookie Without 'HttpOnly' Flag [OWASP A05:2021]: Security Misconfiguration [REFERENCES]
- https://owasp.org/Top10/A05_2021-Security_Misconfiguration
[warning] 925-925: Detected a cookie where the
Secure
flag is either missing or disabled. TheSecure
cookie flag instructs the browser to forbid sending the cookie over an insecure HTTP request. Set theSecure
flag totrue
so the cookie will only be sent over HTTPS.
Context: (new GitLabApiException("Internal Error", 500))
Note: [CWE-614]: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute [OWASP A05:2021]: Security Misconfiguration [REFERENCES]
- https://owasp.org/Top10/A05_2021-Security_Misconfiguration
[warning] 928-928: Detected a cookie where the
Secure
flag is either missing or disabled. TheSecure
cookie flag instructs the browser to forbid sending the cookie over an insecure HTTP request. Set theSecure
flag totrue
so the cookie will only be sent over HTTPS.
Context: (new ProjectAccessToken())
Note: [CWE-614]: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute [OWASP A05:2021]: Security Misconfiguration [REFERENCES]
- https://owasp.org/Top10/A05_2021-Security_Misconfiguration
src/main/java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIService.java
Show resolved
Hide resolved
src/main/java/de/tum/cit/aet/artemis/programming/service/gitlabci/GitLabCIService.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Checklist
General
Server
Motivation and Context
This is the last PR as part of the project for bringing experimental support for GitLab CI to Artemis.
As proposed in my thesis, the GitLab CI variables required for the build and sending the results back to Artemis should primarily be group-wide. This means that the configuration is mainly done when creating the exercise and therefore minimizes the effort required for individual participation.
Also, we don't want to use the GitLab admin token to clone the test repository. We have added support for project tokens in GitLab4J (gitlab4j/gitlab4j-api#1018) to create a token for each test repository with a limited scope.
Description
In the
GitLabCIService
class, we now differentiate between group and project variables and set them accordingly. We have introduced a method to create the project tokens for the test repositories.We adapted the
.gitlab-ci.yml
template and the tests to keep them up to date with the changes.The
findByIdWithBuildConfigElseThrow
method was moved from theProgrammingExerciseTestRepository
to theProgrammingExerciseRepository
as we need it for our implementation.Steps for Testing
Testserver States
Note
These badges show the state of the test servers.
Green = Currently available, Red = Currently locked
Click on the badges to get to the test servers.
Review Progress
Code Review
Manual Tests
Summary by CodeRabbit
Release Notes
New Features
Bug Fixes
Tests