travis-ci · SebastianKarpetaDev · Mar 18, 2021 · Apr 21, 2021 · Jul 6, 2021 · Jul 7, 2021
diff --git a/.travis.yml b/.travis.yml
@@ -1,4 +1,5 @@
 language: ruby
+group: edge
 
 import:
   - travis-ci/build-configs:db-setup.yml
@@ -19,12 +20,11 @@ env:
     - CI_NODE_INDEX=1
     - CI_NODE_INDEX=2
 
-cache: bundler
-
 services:
   - redis-server
 
 before_install:
+  - 'gem install rubygems-update -v 3.4.22'
   - 'gem update --system'
 
 jobs:

diff --git a/Dockerfile.tcie b/Dockerfile.tcie
@@ -0,0 +1,44 @@
+FROM ruby:3.2.2-slim
+
+LABEL maintainer Travis CI GmbH <[email protected]>
+
+RUN ( \
+   mkdir -p /app/vendor /app/cache; \
+   groupadd -r travis -g 1000 && \
+   useradd -u 1000 -r -g travis -s /bin/sh -c "travis user" -d "/app" travis;\
+   chown -R travis:travis /app; \
+   apt-get update ; \
+   apt-get upgrade -y ; \
+   apt-get install -y --no-install-recommends git make gcc g++ libpq-dev libjemalloc-dev xz-utils libcurl4 curl \
+   && rm -rf /var/lib/apt/lists/*; \
+   gem update --system; \
+   bundle config set app_config /app; \
+   bundle config set cache_path /app; \
+   bundle config --global frozen 1; \
+   bundle config set deployment 'true'; \
+   chown -R travis:travis /usr/local/bundle; \
+)
+
+
+
+WORKDIR /app
+
+USER travis
+COPY Gemfile*      /app/
+RUN ( \
+   bundle config set without 'development test'; \
+   bundler install --verbose --retry=3; \
+   bundle config set frozen true; \
+   )
+USER root
+RUN ( apt-get remove -y gcc g++ make git perl xz-utils && apt-get -y autoremove; \
+   bundle clean && rm -rf /app/vendor/bundle/ruby/2.7.0/cache/*; \
+   for i in `find /app/vendor/ -name \*.o -o -name \*.c -o -name \*.h`; do rm -f $i; done; \
+)
+
+USER travis
+ENV LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2
+
+COPY . /app
+
+CMD ["./script/server-buildpacks"]
diff --git a/Makefile b/Makefile
@@ -27,7 +27,7 @@ DOCKER ?= docker
 
 .PHONY: docker-build
 docker-build:
-	$(DOCKER) build -t $(DOCKER_DEST) .
+	$(DOCKER) build --no-cache --pull -t $(DOCKER_DEST) . -f Dockerfile.tcie
 
 .PHONY: docker-login
 docker-login:

diff --git a/README.md b/README.md
@@ -2,6 +2,7 @@
 
 [![Build Status](https://travis-ci.com/travis-ci/travis-api.svg?branch=master)](https://travis-ci.com/travis-ci/travis-api)
 
+
 https://api.travis-ci.org
 
 ## WARNING!!!!!

diff --git a/lib/travis.rb b/lib/travis.rb
@@ -1,6 +1,6 @@
 require 'pusher'
 require 'travis/support'
-require 'travis/support/database'
+#require 'travis/support/database'
 require 'travis/errors'
 
 module Travis

diff --git a/lib/travis/api/app.rb b/lib/travis/api/app.rb
@@ -75,10 +75,6 @@ def self.setup(options = {})
       FileUtils.touch('/tmp/app-initialized') if ENV['DYNO'] # Heroku
     end
 
-    def self.new(options = {})
-      setup(options)
-      super()
-    end
 
     def self.deploy_sha
       @deploy_sha ||= ENV['HEROKU_SLUG_COMMIT'] || SecureRandom.hex(5)
@@ -186,6 +182,7 @@ def initialize(options = {})
 
     # Rack protocol
     def call(env)
+      #app.after { ActiveRecord::Base.clear_active_connections! }
       app.call(env)
     rescue
       if Endpoint.production?

diff --git a/lib/travis/api/app/endpoint/builds.rb b/lib/travis/api/app/endpoint/builds.rb
@@ -24,7 +24,7 @@ class Builds < Endpoint
 
 
         service = Travis::Enqueue::Services::CancelModel.new(current_user, { build_id: params[:id] })
-        auth_for_repo(service&.target&.repository&.id, 'repository_build_cancel')
+        auth_for_repo(service&.target&.repository&.id, 'repository_build_cancel') unless Travis.config.legacy_roles
 
         if !service.authorized?
           json = { error: {
@@ -60,7 +60,7 @@ class Builds < Endpoint
         service = Travis::Enqueue::Services::RestartModel.new(current_user, build_id: params[:id])
         disallow_migrating!(service.repository)
 
-        auth_for_repo(service.repository.id, 'repository_build_restart')
+        auth_for_repo(service.repository.id, 'repository_build_restart') unless Travis.config.legacy_roles
 
         result = if !service.accept?
           status 400

diff --git a/lib/travis/api/app/endpoint/hooks.rb b/lib/travis/api/app/endpoint/hooks.rb
@@ -11,7 +11,7 @@ class Hooks < Endpoint
 
       put '/:id?', scope: :private do
         service = service(:update_hook, id: params[:id] || params[:hook][:id], active: params[:hook][:active])
-        auth_for_repo(params[:id] || params[:hook][:id], 'repository_state_update')
+        auth_for_repo(params[:id] || params[:hook][:id], 'repository_state_update') unless Travis.config.legacy_roles
         disallow_migrating!(service.repo)
         respond_with service
       end

diff --git a/lib/travis/api/app/endpoint/jobs.rb b/lib/travis/api/app/endpoint/jobs.rb
@@ -32,7 +32,7 @@ class Jobs < Endpoint
 
         service = Travis::Enqueue::Services::CancelModel.new(current_user, { job_id: params[:id] })
 
-        auth_for_repo(service&.target&.repository&.id, 'repository_build_cancel')
+        auth_for_repo(service&.target&.repository&.id, 'repository_build_cancel') unless Travis.config.legacy_roles
 
         if !service.authorized?
           json = { error: {
@@ -65,7 +65,7 @@ class Jobs < Endpoint
 
         service = Travis::Enqueue::Services::RestartModel.new(current_user, { job_id: params[:id] })
 
-        auth_for_repo(service&.repository&.id, 'repository_build_restart')
+        auth_for_repo(service&.repository&.id, 'repository_build_restart') unless Travis.config.legacy_roles
         disallow_migrating!(service.repository)
 
         result = if !service.accept?

diff --git a/lib/travis/api/app/endpoint/logs.rb b/lib/travis/api/app/endpoint/logs.rb
@@ -14,7 +14,7 @@ class Logs < Endpoint
 
         repo = Travis::API::V3::Models::Repository.find(job.repository.id)
 
-        auth_for_repo(repo.id, 'repository_log_view')
+        auth_for_repo(repo.id, 'repository_log_view') unless Travis.config.legacy_roles
 
         repo_can_write = current_user ? !!repo.users.where(id: current_user.id, permissions: { push: true }).first : false
 

diff --git a/lib/travis/api/app/endpoint/repos.rb b/lib/travis/api/app/endpoint/repos.rb
@@ -71,7 +71,7 @@ class Repos < Endpoint
       # Get settings for a given repository
       #
       get '/:id/settings', scope: :private do
-        auth_for_repo(params['id'], 'repository_settings_read')
+        auth_for_repo(params['id'], 'repository_settings_read') unless Travis.config.legacy_roles
         settings = service(:find_repo_settings, params).run
         if settings
           respond_with({ settings: settings.simple_attributes }, version: :v2)
@@ -83,7 +83,7 @@ class Repos < Endpoint
       patch '/:id/settings', scope: :private do
         payload = JSON.parse request.body.read
 
-        auth_for_repo(params['id'], 'repository_settings_update')
+        auth_for_repo(params['id'], 'repository_settings_update') unless Travis.config.legacy_roles
         if payload['settings'].blank? || !payload['settings'].is_a?(Hash)
           halt 422, { "error" => "Settings must be passed with a request" }
         end
@@ -115,14 +115,14 @@ class Repos < Endpoint
       #
       # json(:repository_key)
       get '/:id/key' do
-        auth_for_repo(params['id'], 'repository_settings_read')
+        auth_for_repo(params['id'], 'repository_settings_read') unless Travis.config.legacy_roles
         respond_with service(:find_repo_key, params), version: :v2
         respond_with service(:find_repo_key, params), type: :ssl_key, version: :v2
       end
 
       post '/:id/key' do
 
-        auth_for_repo(params['id'], 'repository_settings_create')
+        auth_for_repo(params['id'], 'repository_settings_create') unless Travis.config.legacy_roles
         service = service(:regenerate_repo_key, params)
         disallow_migrating!(service.repo)
         respond_with service, version: :v2
@@ -141,14 +141,14 @@ class Repos < Endpoint
 
       # List caches for a given repo. Can be filtered with `branch` and `match` query parameter.
       get '/:repository_id/caches', scope: :private do
-        auth_for_repo(params['repository_id'], 'repository_cache_view')
+        auth_for_repo(params['repository_id'], 'repository_cache_view') unless Travis.config.legacy_roles
         respond_with service(:find_caches, params), type: :caches, version: :v2
       end
 
       # Delete caches for a given repo. Can be filtered with `branch` and `match` query parameter.
       delete '/:repository_id/caches', scope: :private do
 
-        auth_for_repo(params['repository_id'], 'repository_cache_delete')
+        auth_for_repo(params['repository_id'], 'repository_cache_delete') unless Travis.config.legacy_roles
         respond_with service(:delete_caches, params), type: :caches, version: :v2
       end
 
@@ -197,7 +197,7 @@ class Repos < Endpoint
         repo = service(:find_repo, params).run
         halt 404 unless repo
 
-        auth_for_repo(repo&.id, 'repository_settings_read')
+        auth_for_repo(repo&.id, 'repository_settings_read') unless Travis.config.legacy_roles
         respond_with service(:find_repo_key, params), type: :ssl_key, version: :v2
       end
 
@@ -206,7 +206,7 @@ class Repos < Endpoint
         halt 404 unless repo
 
 
-        auth_for_repo(repo&.id, 'repository_settings_create')
+        auth_for_repo(repo&.id, 'repository_settings_create') unless Travis.config.legacy_roles
         service = service(:regenerate_repo_key, params)
         disallow_migrating!(service.repo)
         respond_with service, version: :v2
@@ -226,14 +226,14 @@ class Repos < Endpoint
       # List caches for a given repo. Can be filtered with `branch` and `match` query parameter.
       get '/:owner_name/:name/caches', scope: :private do
         repo = service(:find_repo, params).run
-        auth_for_repo(repo&.id, 'repository_cache_view')
+        auth_for_repo(repo&.id, 'repository_cache_view') unless Travis.config.legacy_roles
         respond_with service(:find_caches, params), type: :caches, version: :v2
       end
 
       # Delete caches for a given repo. Can be filtered with `branch` and `match` query parameter.
       delete '/:owner_name/:name/caches', scope: :private do
         repo = service(:find_repo, params).run
-        auth_for_repo(repo&.id, 'repository_cache_delete')
+        auth_for_repo(repo&.id, 'repository_cache_delete') unless Travis.config.legacy_roles
         respond_with service(:delete_caches, params), type: :caches, version: :v2
       end
     end

diff --git a/lib/travis/api/app/endpoint/setting_endpoint.rb b/lib/travis/api/app/endpoint/setting_endpoint.rb
@@ -39,20 +39,20 @@ def define_routes!
     # Rails style methods for easy overriding
     def index
 
-      auth_for_repo(repo.id, 'repository_settings_read')
+      auth_for_repo(repo.id, 'repository_settings_read') unless Travis.config.legacy_roles
 
       respond_with(collection, type: name, version: :v2)
     end
 
     def show
-      auth_for_repo(repo.id, 'repository_settings_read')
+      auth_for_repo(repo.id, 'repository_settings_read') unless Travis.config.legacy_roles
 
       respond_with(record, type: singular_name, version: :v2)
     end
 
     def update
 
-      auth_for_repo(repo.id, 'repository_settings_update')
+      auth_for_repo(repo.id, 'repository_settings_update') unless Travis.config.legacy_roles
 
       disallow_migrating!(repo)
 
@@ -77,7 +77,7 @@ def update
 
     def create
 
-      auth_for_repo(repo.id, 'repository_settings_create')
+      auth_for_repo(repo.id, 'repository_settings_create') unless Travis.config.legacy_roles
 
       disallow_migrating!(repo)
 
@@ -101,7 +101,7 @@ def create
     end
 
     def destroy
-      auth_for_repo(repo.id, 'repository_settings_delete')
+      auth_for_repo(repo.id, 'repository_settings_delete') unless Travis.config.legacy_roles
 
       disallow_migrating!(repo)
 

diff --git a/lib/travis/api/app/endpoint/singleton_settings_endpoint.rb b/lib/travis/api/app/endpoint/singleton_settings_endpoint.rb
@@ -16,7 +16,7 @@ def create_settings_class(name)
     end
 
     def update
-      auth_for_repo(parent.repository.id, 'repository_settings_update')
+      auth_for_repo(parent.repository.id, 'repository_settings_update') unless Travis.config.legacy_roles
 
       disallow_migrating!(parent.repository)
 
@@ -32,7 +32,7 @@ def update
     end
 
     def destroy
-      auth_for_repo(parent.repository.id, 'repository_settings_delete')
+      auth_for_repo(parent.repository.id, 'repository_settings_delete') unless Travis.config.legacy_roles
 
       disallow_migrating!(parent.repository)
 

diff --git a/lib/travis/api/enqueue/services/restart_model.rb b/lib/travis/api/enqueue/services/restart_model.rb
@@ -34,6 +34,9 @@ def billing?
           # there is no billing for .org
           return true if Travis.config.org?
 
+          # there is no billing for .enterprise
+          return true if !!Travis.config.enterprise
+
           @_billing_ok ||= begin
             jobs = target.is_a?(Job) ? [target] : target.matrix
 
@@ -106,11 +109,17 @@ def permission?
         end
 
         def build_permission?
+          return build_permission_legacy? if Travis.config.legacy_roles
+
           # nil value is considered true
           return true if authorizer.for_repo(repository.id,'repository_build_restart')
 
           false
         rescue Travis::API::V3::AuthorizerError
+          build_permission_legacy?
+        end
+
+        def build_permission_legacy?
           return false if repository.permissions.find_by(user_id: current_user.id).build == false
           return false if repository.owner_type == 'Organization' && repository.owner.memberships.find_by(user_id: current_user.id)&.build_permission == false
 

diff --git a/lib/travis/api/v3/extensions/preferences.rb b/lib/travis/api/v3/extensions/preferences.rb
@@ -1,3 +1,5 @@
+require 'active_support/all'
+
 module Travis::API::V3
   module Extensions
     module Preferences

diff --git a/lib/travis/api/v3/models/fingerprint.rb b/lib/travis/api/v3/models/fingerprint.rb
@@ -13,6 +13,8 @@ def calculate(source)
       rsa_key = OpenSSL::PKey::RSA.new(source)
       public_ssh_rsa = "\x00\x00\x00\x07ssh-rsa" + rsa_key.e.to_s(0) + rsa_key.n.to_s(0)
       OpenSSL::Digest::MD5.new(public_ssh_rsa).hexdigest.scan(/../).join(':')
+    rescue OpenSSL::PKey::RSAError
+      nil
     end
 
     module_function :calculate

diff --git a/lib/travis/api/v3/models/key_pair.rb b/lib/travis/api/v3/models/key_pair.rb
@@ -18,6 +18,8 @@ def fingerprint_source
     def public_key
       return unless value.decrypt
       OpenSSL::PKey::RSA.new(value.decrypt).public_key.to_s
+    rescue OpenSSL::PKey::RSAError
+      nil
     end
 
     def to_h

diff --git a/lib/travis/api/v3/models/leads.rb b/lib/travis/api/v3/models/leads.rb
diff --git a/lib/travis/api/v3/models/user_settings.rb b/lib/travis/api/v3/models/user_settings.rb
@@ -1,3 +1,5 @@
+require 'json'
+
 module Travis::API::V3
   class Models::UserSettings < Models::JsonSlice
     child Models::UserSetting