trustpub: Implement workflow path verification for GitLab

Author: Turbo87

app/controllers/crate/settings/new-trusted-publisher.js

@@ -37,6 +37,8 @@ export default class NewTrustedPublisherController extends Controller {
   get verificationUrl() {
     if (this.publisher === 'GitHub' && this.namespace && this.project && this.workflow) {
       return `https://raw.githubusercontent.com/${this.namespace}/${this.project}/HEAD/.github/workflows/${this.workflow}`;
+    } else if (this.publisher === 'GitLab' && this.namespace && this.project && this.workflow) {
+      return `https://gitlab.com/${this.namespace}/${this.project}/-/raw/HEAD/${this.workflow}`;
     }
   }
 

app/templates/crate/settings/new-trusted-publisher.gjs

@@ -25,6 +25,7 @@ import LoadingSpinner from 'crates-io/components/loading-spinner';
           class='publisher-select base-input'
           data-test-publisher
           {{on 'change' @controller.publisherChanged}}
+          {{on 'change' (perform @controller.verifyWorkflowTask)}}
         >
           {{#each @controller.publishers as |publisher|}}
             <option value={{publisher}} selected={{eq @controller.publisher publisher}}>{{publisher}}</option>
@@ -224,6 +225,7 @@ import LoadingSpinner from 'crates-io/components/loading-spinner';
             data-test-namespace
             {{autoFocus}}
             {{on 'input' @controller.resetNamespaceValidation}}
+            {{on 'input' (perform @controller.verifyWorkflowTask)}}
           />
 
           {{#if @controller.namespaceInvalid}}
@@ -252,6 +254,7 @@ import LoadingSpinner from 'crates-io/components/loading-spinner';
             class='input base-input'
             data-test-project
             {{on 'input' @controller.resetProjectValidation}}
+            {{on 'input' (perform @controller.verifyWorkflowTask)}}
           />
 
           {{#if @controller.projectInvalid}}
@@ -280,6 +283,7 @@ import LoadingSpinner from 'crates-io/components/loading-spinner';
             class='input base-input'
             data-test-workflow
             {{on 'input' @controller.resetWorkflowValidation}}
+            {{on 'input' (perform @controller.verifyWorkflowTask)}}
           />
 
           {{#if @controller.workflowInvalid}}
@@ -302,6 +306,41 @@ import LoadingSpinner from 'crates-io/components/loading-spinner';
               <code>ci/publish.yml</code>.
             </div>
           {{/if}}
+
+          {{#if (not @controller.verificationUrl)}}
+            <div class='workflow-verification' data-test-workflow-verification='initial'>
+              The workflow filepath will be verified once all necessary fields are filled.
+            </div>
+          {{else if (eq @controller.verifyWorkflowTask.last.value 'success')}}
+            <div class='workflow-verification workflow-verification--success' data-test-workflow-verification='success'>
+              ✓ Workflow file found at
+              <a href='{{@controller.verificationUrl}}' target='_blank' rel='noopener noreferrer'>
+                {{@controller.verificationUrl}}
+              </a>
+            </div>
+          {{else if (eq @controller.verifyWorkflowTask.last.value 'not-found')}}
+            <div
+              class='workflow-verification workflow-verification--warning'
+              data-test-workflow-verification='not-found'
+            >
+              ⚠ Workflow file not found at
+              <a href='{{@controller.verificationUrl}}' target='_blank' rel='noopener noreferrer'>
+                {{@controller.verificationUrl}}
+              </a>
+            </div>
+          {{else if (eq @controller.verifyWorkflowTask.last.value 'error')}}
+            <div class='workflow-verification workflow-verification--warning' data-test-workflow-verification='error'>
+              ⚠ Could not verify workflow file at
+              <a href='{{@controller.verificationUrl}}' target='_blank' rel='noopener noreferrer'>
+                {{@controller.verificationUrl}}
+              </a>
+              (network error)
+            </div>
+          {{else}}
+            <div class='workflow-verification' data-test-workflow-verification='verifying'>
+              Verifying...
+            </div>
+          {{/if}}
         {{/let}}
       </div>
 

e2e/routes/crate/settings/new-trusted-publisher.spec.ts

@@ -502,5 +502,93 @@ test.describe('Route | crate.settings.new-trusted-publisher', { tag: '@routes' }
       await expect(page).toHaveURL(`/crates/${crate.name}/settings`);
       await expect(page.locator('[data-test-gitlab-config]')).toHaveCount(0);
     });
+
+    test.describe('workflow verification', () => {
+      test('success case (200 OK)', async ({ msw, page }) => {
+        let { crate } = await prepare(msw);
+
+        await page.goto(`/crates/${crate.name}/settings/new-trusted-publisher`);
+        await expect(page).toHaveURL(`/crates/${crate.name}/settings/new-trusted-publisher`);
+
+        // Select GitLab from the publisher dropdown
+        await page.selectOption('[data-test-publisher]', 'GitLab');
+
+        await msw.worker.use(
+          http.head('https://gitlab.com/rust-lang/crates.io/-/raw/HEAD/.gitlab-ci.yml', () => {
+            return new HttpResponse(null, { status: 200 });
+          }),
+        );
+
+        await expect(page.locator('[data-test-workflow-verification="initial"]')).toHaveText(
+          'The workflow filepath will be verified once all necessary fields are filled.',
+        );
+
+        await page.fill('[data-test-namespace]', 'rust-lang');
+        await page.fill('[data-test-project]', 'crates.io');
+        await page.fill('[data-test-workflow]', '.gitlab-ci.yml');
+
+        await expect(page.locator('[data-test-workflow-verification="success"]')).toBeVisible();
+
+        await expect(page.locator('[data-test-workflow-verification="success"]')).toHaveText(
+          '✓ Workflow file found at https://gitlab.com/rust-lang/crates.io/-/raw/HEAD/.gitlab-ci.yml',
+        );
+      });
+
+      test('not found case (404)', async ({ msw, page }) => {
+        let { crate } = await prepare(msw);
+
+        await page.goto(`/crates/${crate.name}/settings/new-trusted-publisher`);
+        await expect(page).toHaveURL(`/crates/${crate.name}/settings/new-trusted-publisher`);
+
+        // Select GitLab from the publisher dropdown
+        await page.selectOption('[data-test-publisher]', 'GitLab');
+
+        await msw.worker.use(
+          http.head('https://gitlab.com/rust-lang/crates.io/-/raw/HEAD/missing.yml', () => {
+            return new HttpResponse(null, { status: 404 });
+          }),
+        );
+
+        await page.fill('[data-test-namespace]', 'rust-lang');
+        await page.fill('[data-test-project]', 'crates.io');
+        await page.fill('[data-test-workflow]', 'missing.yml');
+
+        await expect(page.locator('[data-test-workflow-verification="not-found"]')).toBeVisible();
+
+        await expect(page.locator('[data-test-workflow-verification="not-found"]')).toHaveText(
+          '⚠ Workflow file not found at https://gitlab.com/rust-lang/crates.io/-/raw/HEAD/missing.yml',
+        );
+
+        // Verify form can still be submitted
+        await page.click('[data-test-add]');
+        await expect(page).toHaveURL(`/crates/${crate.name}/settings`);
+      });
+
+      test('server error (5xx)', async ({ msw, page }) => {
+        let { crate } = await prepare(msw);
+
+        await page.goto(`/crates/${crate.name}/settings/new-trusted-publisher`);
+        await expect(page).toHaveURL(`/crates/${crate.name}/settings/new-trusted-publisher`);
+
+        // Select GitLab from the publisher dropdown
+        await page.selectOption('[data-test-publisher]', 'GitLab');
+
+        await msw.worker.use(
+          http.head('https://gitlab.com/rust-lang/crates.io/-/raw/HEAD/.gitlab-ci.yml', () => {
+            return new HttpResponse(null, { status: 500 });
+          }),
+        );
+
+        await page.fill('[data-test-namespace]', 'rust-lang');
+        await page.fill('[data-test-project]', 'crates.io');
+        await page.fill('[data-test-workflow]', '.gitlab-ci.yml');
+
+        await expect(page.locator('[data-test-workflow-verification="error"]')).toBeVisible();
+
+        await expect(page.locator('[data-test-workflow-verification="error"]')).toHaveText(
+          '⚠ Could not verify workflow file at https://gitlab.com/rust-lang/crates.io/-/raw/HEAD/.gitlab-ci.yml (network error)',
+        );
+      });
+    });
   });
 });

packages/crates-io-msw/handlers/gitlab.js

@@ -0,0 +1,7 @@
+import { http, HttpResponse } from 'msw';
+
+export default [
+  http.head('https://gitlab.com/:owner/:project/-/raw/HEAD/:workflow_path', () => {
+    return new HttpResponse(null, { status: 404 });
+  }),
+];

packages/crates-io-msw/index.js

@@ -3,6 +3,7 @@ import categoryHandlers from './handlers/categories.js';
 import cratesHandlers from './handlers/crates.js';
 import docsRsHandlers from './handlers/docs-rs.js';
 import githubHandlers from './handlers/github.js';
+import gitlabHandlers from './handlers/gitlab.js';
 import inviteHandlers from './handlers/invites.js';
 import keywordHandlers from './handlers/keywords.js';
 import metadataHandlers from './handlers/metadata.js';
@@ -35,6 +36,7 @@ export const handlers = [
   ...cratesHandlers,
   ...docsRsHandlers,
   ...githubHandlers,
+  ...gitlabHandlers,
   ...inviteHandlers,
   ...keywordHandlers,
   ...metadataHandlers,

tests/routes/crate/settings/new-trusted-publisher-test.js

@@ -513,5 +513,91 @@ module('Route | crate.settings.new-trusted-publisher', hooks => {
       assert.strictEqual(currentURL(), `/crates/${crate.name}/settings`);
       assert.dom('[data-test-gitlab-config]').exists({ count: 0 });
     });
+
+    module('workflow verification', function () {
+      test('success case (200 OK)', async function (assert) {
+        let { crate } = prepare(this);
+
+        await visit(`/crates/${crate.name}/settings/new-trusted-publisher`);
+        assert.strictEqual(currentURL(), `/crates/${crate.name}/settings/new-trusted-publisher`);
+
+        // Select GitLab from the publisher dropdown
+        await fillIn('[data-test-publisher]', 'GitLab');
+
+        this.worker.use(
+          http.head('https://gitlab.com/rust-lang/crates.io/-/raw/HEAD/.gitlab-ci.yml', () => {
+            return new HttpResponse(null, { status: 200 });
+          }),
+        );
+
+        assert
+          .dom('[data-test-workflow-verification="initial"]')
+          .hasText('The workflow filepath will be verified once all necessary fields are filled.');
+
+        await fillIn('[data-test-namespace]', 'rust-lang');
+        await fillIn('[data-test-project]', 'crates.io');
+        await fillIn('[data-test-workflow]', '.gitlab-ci.yml');
+
+        await waitFor('[data-test-workflow-verification="success"]');
+
+        let expected = '✓ Workflow file found at https://gitlab.com/rust-lang/crates.io/-/raw/HEAD/.gitlab-ci.yml';
+        assert.dom('[data-test-workflow-verification="success"]').hasText(expected);
+      });
+
+      test('not found case (404)', async function (assert) {
+        let { crate } = prepare(this);
+
+        await visit(`/crates/${crate.name}/settings/new-trusted-publisher`);
+        assert.strictEqual(currentURL(), `/crates/${crate.name}/settings/new-trusted-publisher`);
+
+        // Select GitLab from the publisher dropdown
+        await fillIn('[data-test-publisher]', 'GitLab');
+
+        this.worker.use(
+          http.head('https://gitlab.com/rust-lang/crates.io/-/raw/HEAD/missing.yml', () => {
+            return new HttpResponse(null, { status: 404 });
+          }),
+        );
+
+        await fillIn('[data-test-namespace]', 'rust-lang');
+        await fillIn('[data-test-project]', 'crates.io');
+        await fillIn('[data-test-workflow]', 'missing.yml');
+
+        await waitFor('[data-test-workflow-verification="not-found"]');
+
+        let expected = '⚠ Workflow file not found at https://gitlab.com/rust-lang/crates.io/-/raw/HEAD/missing.yml';
+        assert.dom('[data-test-workflow-verification="not-found"]').hasText(expected);
+
+        // Verify form can still be submitted
+        await click('[data-test-add]');
+        assert.strictEqual(currentURL(), `/crates/${crate.name}/settings`);
+      });
+
+      test('server error (5xx)', async function (assert) {
+        let { crate } = prepare(this);
+
+        await visit(`/crates/${crate.name}/settings/new-trusted-publisher`);
+        assert.strictEqual(currentURL(), `/crates/${crate.name}/settings/new-trusted-publisher`);
+
+        // Select GitLab from the publisher dropdown
+        await fillIn('[data-test-publisher]', 'GitLab');
+
+        this.worker.use(
+          http.head('https://gitlab.com/rust-lang/crates.io/-/raw/HEAD/.gitlab-ci.yml', () => {
+            return new HttpResponse(null, { status: 500 });
+          }),
+        );
+
+        await fillIn('[data-test-namespace]', 'rust-lang');
+        await fillIn('[data-test-project]', 'crates.io');
+        await fillIn('[data-test-workflow]', '.gitlab-ci.yml');
+
+        await waitFor('[data-test-workflow-verification="error"]');
+
+        let expected =
+          '⚠ Could not verify workflow file at https://gitlab.com/rust-lang/crates.io/-/raw/HEAD/.gitlab-ci.yml (network error)';
+        assert.dom('[data-test-workflow-verification="error"]').hasText(expected);
+      });
+    });
   });
 });