oss/forgejo-runner
oss/forgejo-runner
1
0
Fork 0
mirror of https://code.forgejo.org/forgejo/runner.git synced 2025-10-05 19:30:59 +00:00
Code Wiki Activity

refactor: remove duplicate computeMac function (#936)

Browse source 
It was raised during embargo review of #925 that there are two implementations of `computeMac`; this PR fixes that.

As all the tests for `computeMac` were in the `artifactcache` package, it made more sense to keep the method there.  That required reversing the dependency `artifactcache->cacheproxy` package dependency -- it makes more sense to me for the proxy to depend on the cache, rather than vice-versa.

<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/936): <!--number 936 --><!--line 0 --><!--description cmVmYWN0b3I6IHJlbW92ZSBkdXBsaWNhdGUgY29tcHV0ZU1hYyBmdW5jdGlvbg==-->refactor: remove duplicate computeMac function<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/936
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
This commit is contained in:
Mathieu Fenniak 2025-09-05 06:01:49 +00:00 committed by earl-warren
parent 35f93b6b11
commit a3aedba3f1
No known key found for this signature in database
GPG key ID: F128CBE6AB3A7201
5 changed files with 29 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

8
act/artifactcache/mac.go
View file

@ -10,19 +10,17 @@ import (
"errors"
"strconv"
"time"
"code.forgejo.org/forgejo/runner/v9/act/cacheproxy"
)
var ErrValidation = errors.New("validation error")
func (h *handler) validateMac(rundata cacheproxy.RunData) (string, error) {
func (h *handler) validateMac(rundata RunData) (string, error) {
// TODO: allow configurable max age
if !validateAge(rundata.Timestamp) {
return "", ErrValidation
}
expectedMAC := computeMac(h.secret, rundata.RepositoryFullName, rundata.RunNumber, rundata.Timestamp, rundata.WriteIsolationKey)
expectedMAC := ComputeMac(h.secret, rundata.RepositoryFullName, rundata.RunNumber, rundata.Timestamp, rundata.WriteIsolationKey)
if hmac.Equal([]byte(expectedMAC), []byte(rundata.RepositoryMAC)) {
return rundata.RepositoryFullName, nil
}
@ -40,7 +38,7 @@ func validateAge(ts string) bool {
return true
}
func computeMac(secret, repo, run, ts, writeIsolationKey string) string {
func ComputeMac(secret, repo, run, ts, writeIsolationKey string) string {
mac := hmac.New(sha256.New, []byte(secret))
mac.Write([]byte(repo))
mac.Write([]byte(">"))