Merge branch 'tencent-master' into issue-9636

CHANGELOG/CHANGELOG-1.13.md

@@ -1,4 +1,7 @@
 <!-- BEGIN MUNGE: GENERATED_TOC -->
+- [v1.13.0-rc.5](#v1130-rc5)
+   - [Changelog since v1.13.0-rc.4](#changelog-since-v1130-rc4)
+
 
 - [v1.13.0-rc.4](#v1130-rc4)
    - [Changelog since v1.13.0-rc.3](#changelog-since-v1130-rc3)
@@ -12,6 +15,20 @@
 
 
 <!-- NEW RELEASE NOTES ENTRY -->
+# v1.13.0-rc.5
+## Changelog since v1.13.0-rc.4
+#### 新增
+- [新增] [bugfix] 默认prod集群router-tag判断有误 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9615)
+- [新增] Image checkImageInspect接口优化 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9609)
+- [新增] 提供监控迁移service接口 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9592)
+- [新增] github触发器事件补充 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9372)
+- [新增] redis分布式锁改造 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9499)
+- [新增] 流水线插件安装包支持缓存，提高流水线执行速度 TencentBlueKing [链接](http://github.com/TencentBlueKing/bk-ci/issues/8940)
+- [新增] 【PAC】feat：代码库支持重置授权 [链接](http://github.com/TencentBlueKing/bk-ci/issues/8145)
+
+#### 修复
+- [修复] 构建日志的服务调用端增加请求熔断机制 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9602)
+- [修复] 静态资源文件的url地址域名支持适配特定环境遗漏点修复 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9581)
 
 # v1.13.0-rc.4
 ## Changelog since v1.13.0-rc.3

src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceMonitorSpaceResource.kt

@@ -35,6 +35,7 @@ import io.swagger.annotations.ApiParam
 import javax.ws.rs.Consumes
 import javax.ws.rs.GET
 import javax.ws.rs.HeaderParam
+import javax.ws.rs.POST
 import javax.ws.rs.Path
 import javax.ws.rs.Produces
 import javax.ws.rs.QueryParam
@@ -56,4 +57,12 @@ interface ServiceMonitorSpaceResource {
         @ApiParam("项目ID", required = false)
         projectCode: String
     ): Result<String>
+
+    @POST
+    @Path("/migrateMonitorResource")
+    @ApiOperation("迁移监控空间权限资源")
+    fun migrateMonitorResource(
+        @ApiParam("迁移项目", required = true)
+        projectCodes: List<String>
+    ): Result<Boolean>
 }

src/backend/ci/core/auth/biz-auth-rbac/src/main/kotlin/com/tencent/devops/auth/config/RbacAuthConfiguration.kt

@@ -460,7 +460,8 @@ class RbacAuthConfiguration {
         migrateCreatorFixService: MigrateCreatorFixService,
         migratePermissionHandoverService: MigratePermissionHandoverService,
         dslContext: DSLContext,
-        authMigrationDao: AuthMigrationDao
+        authMigrationDao: AuthMigrationDao,
+        authMonitorSpaceDao: AuthMonitorSpaceDao
     ) = RbacPermissionMigrateService(
         client = client,
         migrateResourceService = migrateResourceService,
@@ -472,7 +473,8 @@ class RbacAuthConfiguration {
         migrateCreatorFixService = migrateCreatorFixService,
         migratePermissionHandoverService = migratePermissionHandoverService,
         dslContext = dslContext,
-        authMigrationDao = authMigrationDao
+        authMigrationDao = authMigrationDao,
+        authMonitorSpaceDao = authMonitorSpaceDao
     )
 
     @Bean

src/backend/ci/core/auth/biz-auth-rbac/src/main/kotlin/com/tencent/devops/auth/service/migrate/MigrateResourceService.kt

@@ -283,19 +283,33 @@ class MigrateResourceService @Autowired constructor(
         )
     }
 
-    fun migrateMonitorResource(projectCode: String) {
-        val projectInfo = authResourceService.get(
-            projectCode = projectCode,
-            resourceType = AuthResourceType.PROJECT.value,
-            resourceCode = projectCode
-        )
+    fun migrateProjectMonitorResource(
+        projectCode: String,
+        gradeManagerId: String,
+        projectName: String
+    ) {
         // 注册分级管理员监控权限资源
         permissionGradeManagerService.modifyGradeManager(
-            gradeManagerId = projectInfo.relationId,
+            gradeManagerId = gradeManagerId,
             projectCode = projectCode,
-            projectName = projectInfo.resourceName,
+            projectName = projectName,
             registerMonitorPermission = true
         )
+    }
+
+    fun migrateMonitorResource(
+        projectCode: String,
+        projectName: String,
+        gradeManagerId: String,
+        async: Boolean
+    ) {
+        if (async) {
+            migrateProjectMonitorResource(
+                projectCode = projectCode,
+                gradeManagerId = gradeManagerId,
+                projectName = projectName
+            )
+        }
         val defaultGroupConfigs = authResourceGroupConfigDao.get(
             dslContext = dslContext,
             resourceType = AuthResourceType.PROJECT.value,
@@ -313,11 +327,11 @@ class MigrateResourceService @Autowired constructor(
             permissionGroupPoliciesService.grantGroupPermission(
                 authorizationScopesStr = groupConfig.authorizationScopes,
                 projectCode = projectCode,
-                projectName = projectInfo.resourceName,
+                projectName = projectName,
                 resourceType = groupConfig.resourceType,
                 groupCode = groupConfig.groupCode,
                 iamResourceCode = projectCode,
-                resourceName = projectInfo.resourceName,
+                resourceName = projectName,
                 iamGroupId = resourceGroupInfo.relationId.toInt()
             )
         }

src/backend/ci/core/auth/biz-auth-rbac/src/main/kotlin/com/tencent/devops/auth/service/migrate/RbacPermissionMigrateService.kt

@@ -31,6 +31,7 @@ package com.tencent.devops.auth.service.migrate
 import com.tencent.bk.sdk.iam.exception.IamException
 import com.tencent.devops.auth.constant.AuthMessageCode
 import com.tencent.devops.auth.dao.AuthMigrationDao
+import com.tencent.devops.auth.dao.AuthMonitorSpaceDao
 import com.tencent.devops.auth.pojo.enum.AuthMigrateStatus
 import com.tencent.devops.auth.service.AuthResourceService
 import com.tencent.devops.auth.service.iam.MigrateCreatorFixService
@@ -73,7 +74,8 @@ class RbacPermissionMigrateService constructor(
     private val migrateCreatorFixService: MigrateCreatorFixService,
     private val migratePermissionHandoverService: MigratePermissionHandoverService,
     private val dslContext: DSLContext,
-    private val authMigrationDao: AuthMigrationDao
+    private val authMigrationDao: AuthMigrationDao,
+    private val authMonitorSpaceDao: AuthMonitorSpaceDao
 ) : PermissionMigrateService {
 
     companion object {
@@ -203,17 +205,40 @@ class RbacPermissionMigrateService constructor(
         return true
     }
 
-    override fun migrateMonitorResource(projectCodes: List<String>): Boolean {
+    override fun migrateMonitorResource(
+        projectCodes: List<String>,
+        async: Boolean
+    ): Boolean {
         val traceId = MDC.get(TraceTag.BIZID)
         client.get(ServiceProjectResource::class).listByProjectCode(
             projectCodes = projectCodes.toSet()
         ).data?.filter {
             // 仅迁移已迁移成功的项目
             it.routerTag != null && it.routerTag!!.contains(AuthSystemType.RBAC_AUTH_TYPE.value)
         }?.forEach {
+            // 若已迁移监控资源，直接跳过
+            if (authMonitorSpaceDao.get(dslContext, it.englishName) != null)
+                return@forEach
+            val projectInfo = authResourceService.get(
+                projectCode = it.englishName,
+                resourceType = AuthResourceType.PROJECT.value,
+                resourceCode = it.englishName
+            )
+            if (!async) {
+                migrateResourceService.migrateProjectMonitorResource(
+                    projectCode = it.englishName,
+                    gradeManagerId = projectInfo.relationId,
+                    projectName = projectInfo.resourceName
+                )
+            }
             migrateProjectsExecutorService.submit {
                 MDC.put(TraceTag.BIZID, traceId)
-                migrateResourceService.migrateMonitorResource(projectCode = it.englishName)
+                migrateResourceService.migrateMonitorResource(
+                    projectCode = it.englishName,
+                    projectName = projectInfo.resourceName,
+                    gradeManagerId = projectInfo.relationId,
+                    async = async
+                )
             }
         }
         return true

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceMonitorSpaceResourceImpl.kt

@@ -29,15 +29,26 @@ package com.tencent.devops.auth.resources
 
 import com.tencent.devops.auth.api.service.ServiceMonitorSpaceResource
 import com.tencent.devops.auth.service.AuthMonitorSpaceService
+import com.tencent.devops.auth.service.iam.PermissionMigrateService
 import com.tencent.devops.common.api.pojo.Result
 import com.tencent.devops.common.web.RestResource
 import org.springframework.beans.factory.annotation.Autowired
 
 @RestResource
 class ServiceMonitorSpaceResourceImpl @Autowired constructor(
-    val monitorSpaceService: AuthMonitorSpaceService
+    val monitorSpaceService: AuthMonitorSpaceService,
+    val permissionMigrateService: PermissionMigrateService
 ) : ServiceMonitorSpaceResource {
     override fun getMonitorSpaceBizId(userId: String, projectCode: String): Result<String> {
         return Result(monitorSpaceService.getMonitorSpaceBizId(projectCode))
     }
+
+    override fun migrateMonitorResource(projectCodes: List<String>): Result<Boolean> {
+        return Result(
+            permissionMigrateService.migrateMonitorResource(
+                projectCodes = projectCodes,
+                async = false
+            )
+        )
+    }
 }

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionMigrateService.kt

@@ -83,7 +83,10 @@ interface PermissionMigrateService {
     /**
      * 迁移监控空间权限资源--该接口仅用于迁移“已迁移成功”的项目
      */
-    fun migrateMonitorResource(projectCodes: List<String>): Boolean
+    fun migrateMonitorResource(
+        projectCodes: List<String>,
+        async: Boolean = true
+    ): Boolean
 
     fun fitSecToRbacAuth(migrateProjectConditionDTO: MigrateProjectConditionDTO): Boolean
 }

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/sample/SamplePermissionMigrateService.kt

@@ -69,7 +69,7 @@ class SamplePermissionMigrateService : PermissionMigrateService {
         return true
     }
 
-    override fun migrateMonitorResource(projectCodes: List<String>): Boolean {
+    override fun migrateMonitorResource(projectCodes: List<String>, async: Boolean): Boolean {
         return true
     }
 

src/backend/ci/core/common/common-archive/src/main/kotlin/com/tencent/devops/common/archive/client/DirectBkRepoClient.kt

@@ -56,20 +56,20 @@ class DirectBkRepoClient {
         path: String,
         file: File,
         metadata: Map<String, String> = mapOf(),
-        override: Boolean = true
+        override: Boolean = true,
+        headers: Map<String, String> = mapOf()
     ) {
         logger.info("uploadLocalFile, userId: $userId, projectId: $projectId, repoName: $repoName, path: $path, " +
             "file: ${file.canonicalPath}, metadata: $metadata, override: $override")
-        buildMetadataHeader(metadata)
         val request = Request.Builder()
             .url("${getBkRepoUrl()}/generic/$projectId/$repoName/${path.removePrefix("/")}")
             .header(AUTHORIZATION, bkrepoAuth)
             .header(BK_REPO_OVERRIDE, override.toString())
             .header(BK_REPO_UID, userId)
             .header(BK_REPO_METADATA, Base64.getEncoder().encodeToString(buildMetadataHeader(metadata).toByteArray()))
             .put(RequestBody.create("application/octet-stream".toMediaTypeOrNull(), file))
-            .build()
-        OkhttpUtils.doHttp(request).use { response ->
+        headers.forEach { (key, value) -> request.header(key, value) }
+        OkhttpUtils.doHttp(request.build()).use { response ->
             if (!response.isSuccessful) {
                 throw RemoteServiceException("upload file failed: ${response.body!!.string()}", response.code)
             }
@@ -86,11 +86,11 @@ class DirectBkRepoClient {
         path: String,
         byteArray: ByteArray,
         metadata: Map<String, String> = mapOf(),
-        override: Boolean = true
+        override: Boolean = true,
+        headers: Map<String, String> = mapOf()
     ): String {
         logger.info("uploadByteArray, userId: $userId, projectId: $projectId, repoName: $repoName, path: $path, " +
             "metadata: $metadata, override: $override")
-        buildMetadataHeader(metadata)
         val url = "${getBkRepoUrl()}/generic/$projectId/$repoName/${path.removePrefix("/")}"
         val request = Request.Builder()
             .url(url)
@@ -99,8 +99,8 @@ class DirectBkRepoClient {
             .header(BK_REPO_UID, userId)
             .header(BK_REPO_METADATA, Base64.getEncoder().encodeToString(buildMetadataHeader(metadata).toByteArray()))
             .put(RequestBody.create("application/octet-stream".toMediaTypeOrNull(), byteArray))
-            .build()
-        OkhttpUtils.doHttp(request).use { response ->
+        headers.forEach { (key, value) -> request.header(key, value) }
+        OkhttpUtils.doHttp(request.build()).use { response ->
             if (!response.isSuccessful) {
                 throw RemoteServiceException("upload file failed: ${response.body!!.string()}", response.code)
             }

src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/option/StageControlOption.kt

@@ -43,20 +43,28 @@ data class StageControlOption(
     val enable: Boolean = true, // 是否启用该阶段
     @ApiModelProperty("运行条件", required = false)
     val runCondition: StageRunCondition = StageRunCondition.AFTER_LAST_FINISHED, // 运行条件
+    @ApiModelProperty("自定义变量", required = false)
+    val customVariables: List<NameAndValue>? = emptyList(), // 自定义变量
+    @ApiModelProperty("自定义条件", required = false)
+    val customCondition: String? = null, // 自定义条件
+
+    // 废弃旧数据字段
     @ApiModelProperty("是否人工触发", required = false)
+    @Deprecated("被StagePauseCheck.manualTrigger代替")
     val manualTrigger: Boolean? = false,
     @ApiModelProperty("可触发用户，支持引用变量", required = false)
+    @Deprecated("被StagePauseCheck.reviewGroups代替")
     var triggerUsers: List<String>? = null, // 可触发用户，支持引用变量
     @ApiModelProperty("已通过审核", required = false)
+    @Deprecated("被StagePauseCheck.status代替")
     var triggered: Boolean? = null, // 已通过审核
     @ApiModelProperty("等待审核的超时时间", required = false)
+    @Deprecated("被StagePauseCheck.timeout代替")
     val timeout: Int? = null, // 等待审核的超时时间
-    @ApiModelProperty("自定义变量", required = false)
-    val customVariables: List<NameAndValue>? = emptyList(), // 自定义变量
-    @ApiModelProperty("自定义条件", required = false)
-    val customCondition: String? = null, // 自定义条件
     @ApiModelProperty("审核变量", required = false)
+    @Deprecated("被StagePauseCheck.reviewParams代替")
     var reviewParams: List<ManualReviewParam>? = null, // 审核变量
     @ApiModelProperty("审核说明", required = false)
+    @Deprecated("被StagePauseCheck.reviewDesc代替")
     var reviewDesc: String? = null // 审核说明
 )

src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/pojo/element/trigger/CodeGithubWebHookTriggerElement.kt

@@ -54,7 +54,15 @@ data class CodeGithubWebHookTriggerElement(
     @ApiModelProperty("新版的github原子的类型")
     val repositoryType: RepositoryType? = null,
     @ApiModelProperty("新版的github代码库名")
-    val repositoryName: String? = null
+    val repositoryName: String? = null,
+    @ApiModelProperty("code review 状态", required = false)
+    val includeCrState: List<String>? = null,
+    @ApiModelProperty("code note comment", required = false)
+    val includeNoteComment: String? = null,
+    @ApiModelProperty("code note 类型", required = false)
+    val includeNoteTypes: List<String>? = null,
+    @ApiModelProperty("issue事件action")
+    val includeIssueAction: List<String>? = null
 ) : WebHookTriggerElement(name, id, status) {
     companion object {
         const val classType = "codeGithubWebHookTrigger"

src/backend/ci/core/common/common-redis/build.gradle.kts

@@ -29,4 +29,5 @@ dependencies {
     implementation("io.micrometer:micrometer-core")
     api("org.springframework.boot:spring-boot-starter-data-redis")
     api("org.apache.commons:commons-pool2")
+    api("com.github.ben-manes.caffeine:caffeine")
 }