feat(API): update and delete secret for managing organization secrets (#26660)

- Add `UpdateSecret` function to modify org or user repo secret - Add `DeleteSecret` function to delete secret from an organization - Add `UpdateSecretOption` struct for updating secret options - Add `UpdateOrgSecret` function to update a secret in an organization - Add `DeleteOrgSecret` function to delete a secret in an organization GitHub API 1. Update Org Secret: https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#create-or-update-an-organization-secret 2. Delete Org Secret: https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#delete-an-organization-secret --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-08-24 10:07:00 +08:00 · 2023-08-24 10:07:00 +08:00 · b62c8e7765
commit b62c8e7765
parent 7e30986667
6 changed files with 272 additions and 1 deletions
--- a/models/secret/secret.go
+++ b/models/secret/secret.go
@ -6,12 +6,14 @@ package secret
 import (
 	"context"
 	"errors"
+	"fmt"
 	"strings"

 	"code.gitea.io/gitea/models/db"
 	secret_module "code.gitea.io/gitea/modules/secret"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"

 	"xorm.io/builder"
 )
@ -26,6 +28,25 @@ type Secret struct {
 	CreatedUnix timeutil.TimeStamp `xorm:"created NOT NULL"`
 }

+// ErrSecretNotFound represents a "secret not found" error.
+type ErrSecretNotFound struct {
+	Name string
+}
+
+// IsErrSecretNotFound checks if an error is a ErrSecretNotFound.
+func IsErrSecretNotFound(err error) bool {
+	_, ok := err.(ErrSecretNotFound)
+	return ok
+}
+
+func (err ErrSecretNotFound) Error() string {
+	return fmt.Sprintf("secret was not found [name: %s]", err.Name)
+}
+
+func (err ErrSecretNotFound) Unwrap() error {
+	return util.ErrNotExist
+}
+
 // newSecret Creates a new already encrypted secret
 func newSecret(ownerID, repoID int64, name, data string) *Secret {
 	return &Secret{
@ -93,3 +114,49 @@ func FindSecrets(ctx context.Context, opts FindSecretsOptions) ([]*Secret, error
 func CountSecrets(ctx context.Context, opts *FindSecretsOptions) (int64, error) {
 	return db.GetEngine(ctx).Where(opts.toConds()).Count(new(Secret))
 }
+
+// UpdateSecret changes org or user reop secret.
+func UpdateSecret(ctx context.Context, orgID, repoID int64, name, data string) error {
+	sc := new(Secret)
+	name = strings.ToUpper(name)
+	has, err := db.GetEngine(ctx).
+		Where("owner_id=?", orgID).
+		And("repo_id=?", repoID).
+		And("name=?", name).
+		Get(sc)
+	if err != nil {
+		return err
+	} else if !has {
+		return ErrSecretNotFound{Name: name}
+	}
+
+	encrypted, err := secret_module.EncryptSecret(setting.SecretKey, data)
+	if err != nil {
+		return err
+	}
+
+	sc.Data = encrypted
+	_, err = db.GetEngine(ctx).ID(sc.ID).Cols("data").Update(sc)
+	return err
+}
+
+// DeleteSecret deletes secret from an organization.
+func DeleteSecret(ctx context.Context, orgID, repoID int64, name string) error {
+	sc := new(Secret)
+	has, err := db.GetEngine(ctx).
+		Where("owner_id=?", orgID).
+		And("repo_id=?", repoID).
+		And("name=?", strings.ToUpper(name)).
+		Get(sc)
+	if err != nil {
+		return err
+	} else if !has {
+		return ErrSecretNotFound{Name: name}
+	}
+
+	if _, err := db.GetEngine(ctx).ID(sc.ID).Delete(new(Secret)); err != nil {
+		return fmt.Errorf("Delete: %w", err)
+	}
+
+	return nil
+}