Module: API::Ci::Helpers::Runner
- Includes:
- Gitlab::Utils::StrongMemoize
- Defined in:
- lib/api/ci/helpers/runner.rb
Constant Summary collapse
- JOB_TOKEN_HEADER =
'HTTP_JOB_TOKEN'
- JOB_TOKEN_PARAM =
:token
- LEGACY_SYSTEM_XID =
'<legacy>'
Instance Method Summary collapse
-
#authenticate_job!(heartbeat_runner: false) ⇒ Object
HTTP status codes to terminate the job on GitLab Runner: - 403.
- #authenticate_job_via_dependent_job! ⇒ Object
- #authenticate_runner!(ensure_runner_manager: true, update_contacted_at: true) ⇒ Object
- #check_if_backoff_required! ⇒ Object
- #current_job ⇒ Object
- #current_runner ⇒ Object
- #current_runner_manager ⇒ Object
- #get_runner_details_from_request ⇒ Object
- #get_runner_ip ⇒ Object
- #get_system_id_from_request ⇒ Object
- #job_forbidden!(job, reason) ⇒ Object
-
#job_token ⇒ Object
The token used by runner to authenticate a request.
- #set_application_context ⇒ Object
- #track_ci_minutes_usage!(_build, _runner) ⇒ Object
- #track_runner_authentication ⇒ Object
Instance Method Details
#authenticate_job!(heartbeat_runner: false) ⇒ Object
HTTP status codes to terminate the job on GitLab Runner:
-
403
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
# File 'lib/api/ci/helpers/runner.rb', line 72 def authenticate_job!(heartbeat_runner: false) job = current_job # 404 is not returned here because we want to terminate the job if it's # running. A 404 can be returned from anywhere in the networking stack which is why # we are explicit about a 403, we should improve this in # https://gitlab.com/gitlab-org/gitlab/-/issues/327703 forbidden! unless job forbidden! unless job.valid_token?(job_token) forbidden!('Project has been deleted!') if job.project.nil? || job.project.pending_delete? forbidden!('Job has been erased!') if job.erased? job_forbidden!(job, 'Job is not running') unless job.running? # Only some requests (like updating the job or patching the trace) should trigger # runner heartbeat. Operations like artifacts uploading are executed in context of # the running job and in the job environment, which in many cases will cause the IP # to be updated to not the expected value. And operations like artifacts downloads can # be done even after the job is finished and from totally different runners - while # they would then update the connection status of not the runner that they should. # Runner requests done in context of job authentication should explicitly define when # the heartbeat should be triggered. if heartbeat_runner job.runner&.heartbeat(get_runner_ip) job.runner_manager&.heartbeat(get_runner_ip) end job end |
#authenticate_job_via_dependent_job! ⇒ Object
103 104 105 106 107 |
# File 'lib/api/ci/helpers/runner.rb', line 103 def authenticate_job_via_dependent_job! authenticate! forbidden! unless current_job forbidden! unless can?(current_user, :read_build, current_job) end |
#authenticate_runner!(ensure_runner_manager: true, update_contacted_at: true) ⇒ Object
15 16 17 18 19 20 21 22 23 24 |
# File 'lib/api/ci/helpers/runner.rb', line 15 def authenticate_runner!(ensure_runner_manager: true, update_contacted_at: true) track_runner_authentication forbidden! unless current_runner runner_details = get_runner_details_from_request current_runner.heartbeat(runner_details, update_contacted_at: update_contacted_at) return unless ensure_runner_manager current_runner_manager&.heartbeat(runner_details, update_contacted_at: update_contacted_at) end |
#check_if_backoff_required! ⇒ Object
143 144 145 146 147 |
# File 'lib/api/ci/helpers/runner.rb', line 143 def check_if_backoff_required! return unless Gitlab::Database::Migrations::RunnerBackoff::Communicator.backoff_runner? too_many_requests!('Executing database migrations. Please retry later.', retry_after: 1.minute) end |
#current_job ⇒ Object
109 110 111 112 113 114 115 116 117 |
# File 'lib/api/ci/helpers/runner.rb', line 109 def current_job id = params[:id] load_balancer_stick_request(::Ci::Build, :build, id) if id strong_memoize(:current_job) do ::Ci::Build.find_by_id(id) end end |
#current_runner ⇒ Object
45 46 47 48 49 50 51 52 53 |
# File 'lib/api/ci/helpers/runner.rb', line 45 def current_runner token = params[:token] load_balancer_stick_request(::Ci::Runner, :runner, token) if token strong_memoize(:current_runner) do ::Ci::Runner.find_by_token(token.to_s) end end |
#current_runner_manager ⇒ Object
55 56 57 58 59 60 |
# File 'lib/api/ci/helpers/runner.rb', line 55 def current_runner_manager strong_memoize(:current_runner_manager) do system_xid = params.fetch(:system_id, LEGACY_SYSTEM_XID) current_runner&.ensure_manager(system_xid) { |m| m.contacted_at = Time.current } end end |
#get_runner_details_from_request ⇒ Object
26 27 28 29 30 31 32 33 |
# File 'lib/api/ci/helpers/runner.rb', line 26 def get_runner_details_from_request return get_runner_ip unless params['info'].present? attributes_for_keys(%w[name version revision platform architecture executor], params['info']) .merge(get_system_id_from_request) .merge(get_runner_config_from_request) .merge(get_runner_ip) end |
#get_runner_ip ⇒ Object
41 42 43 |
# File 'lib/api/ci/helpers/runner.rb', line 41 def get_runner_ip { ip_address: ip_address } end |
#get_system_id_from_request ⇒ Object
35 36 37 38 39 |
# File 'lib/api/ci/helpers/runner.rb', line 35 def get_system_id_from_request return { system_id: params[:system_id] } if params.include?(:system_id) {} end |
#job_forbidden!(job, reason) ⇒ Object
128 129 130 131 |
# File 'lib/api/ci/helpers/runner.rb', line 128 def job_forbidden!(job, reason) header 'Job-Status', job.status forbidden!(reason) end |
#job_token ⇒ Object
The token used by runner to authenticate a request. In most cases, the runner uses the token belonging to the requested job. However, when requesting for job artifacts, the runner would use the token that belongs to downstream jobs that depend on the job that owns the artifacts.
124 125 126 |
# File 'lib/api/ci/helpers/runner.rb', line 124 def job_token @job_token ||= (params[JOB_TOKEN_PARAM] || env[JOB_TOKEN_HEADER]).to_s end |
#set_application_context ⇒ Object
133 134 135 136 137 |
# File 'lib/api/ci/helpers/runner.rb', line 133 def set_application_context return unless current_job Gitlab::ApplicationContext.push(job: current_job, runner: current_runner) end |
#track_ci_minutes_usage!(_build, _runner) ⇒ Object
139 140 141 |
# File 'lib/api/ci/helpers/runner.rb', line 139 def track_ci_minutes_usage!(_build, _runner) # noop: overridden in EE end |
#track_runner_authentication ⇒ Object
62 63 64 65 66 67 68 |
# File 'lib/api/ci/helpers/runner.rb', line 62 def track_runner_authentication if current_runner metrics.increment_runner_authentication_success_counter(runner_type: current_runner.runner_type) else metrics.increment_runner_authentication_failure_counter end end |