Add tag protection via rest api #17862

models/git/protected_tag.go

@@ -110,6 +110,19 @@ func GetProtectedTagByID(ctx context.Context, id int64) (*ProtectedTag, error) {
 	return tag, nil
 }
 
+// GetProtectedTagByNamePattern gets protected tag by name_pattern
+func GetProtectedTagByNamePattern(ctx context.Context, repoID int64, pattern string) (*ProtectedTag, error) {
+	tag := &ProtectedTag{NamePattern: pattern, RepoID: repoID}
+	has, err := db.GetEngine(ctx).Get(tag)
+	if err != nil {
+		return nil, err
+	}
+	if !has {
+		return nil, nil
+	}
+	return tag, nil
+}
+
 // IsUserAllowedToControlTag checks if a user can control the specific tag.
 // It returns true if the tag name is not protected or the user is allowed to control it.
 func IsUserAllowedToControlTag(ctx context.Context, tags []*ProtectedTag, tagName string, userID int64) (bool, error) {

modules/structs/repo_tag.go

@@ -3,6 +3,8 @@
 
 package structs
 
+import "time"
+
 // Tag represents a repository tag
 type Tag struct {
 	Name       string      `json:"name"`
@@ -38,3 +40,29 @@ type CreateTagOption struct {
 	Message string `json:"message"`
 	Target  string `json:"target"`
 }
+
+// TagProtection represents a tag protection
+type TagProtection struct {
+	ID                 int64    `json:"id"`
+	NamePattern        string   `json:"name_pattern"`
+	WhitelistUsernames []string `json:"whitelist_usernames"`
+	WhitelistTeams     []string `json:"whitelist_teams"`
+	// swagger:strfmt date-time
+	Created time.Time `json:"created_at"`
+	// swagger:strfmt date-time
+	Updated time.Time `json:"updated_at"`
+}
+
+// CreateTagProtectionOption options for creating a tag protection
+type CreateTagProtectionOption struct {
+	NamePattern        string   `json:"name_pattern"`
+	WhitelistUsernames []string `json:"whitelist_usernames"`
+	WhitelistTeams     []string `json:"whitelist_teams"`
+}
+
+// EditTagProtectionOption options for editing a tag protection
+type EditTagProtectionOption struct {
+	NamePattern        *string  `json:"name_pattern"`
+	WhitelistUsernames []string `json:"whitelist_usernames"`
+	WhitelistTeams     []string `json:"whitelist_teams"`
+}

routers/api/v1/api.go

@@ -1168,6 +1168,15 @@ func Routes() *web.Route {
 					m.Post("", reqToken(), reqRepoWriter(unit.TypeCode), mustNotBeArchived, bind(api.CreateTagOption{}), repo.CreateTag)
 					m.Delete("/*", reqToken(), reqRepoWriter(unit.TypeCode), mustNotBeArchived, repo.DeleteTag)
 				}, reqRepoReader(unit.TypeCode), context.ReferencesGitRepo(true))
+				m.Group("/tag_protections", func() {
+					m.Combo("").Get(repo.ListTagProtection).
+						Post(bind(api.CreateTagProtectionOption{}), mustNotBeArchived, repo.CreateTagProtection)
+					m.Group("/{id}", func() {
+						m.Combo("").Get(repo.GetTagProtection).
+							Patch(bind(api.EditTagProtectionOption{}), mustNotBeArchived, repo.EditTagProtection).
+							Delete(repo.DeleteTagProtection)
+					})
+				}, reqToken(), reqAdmin())
 				m.Group("/actions", func() {
 					m.Get("/tasks", repo.ListActionTasks)
 				}, reqRepoReader(unit.TypeActions), context.ReferencesGitRepo(true))