Move open registration setting into remote plugins

...so that it's possible to enable or disable open registration on a per-remote basis. For example, the `DRONE_REGISTRATION_OPEN` environment variable now becomes `DRONE_GITHUB_OPEN` when using GitHub as a remote. The default for open registration in this commit is `false` (disabled), which matches the existing behaviour. This is useful if you need to support both public and private remotes, e.g. GitHub.com and GitHub Enterprise, where you trust all of the private users and want to allow open registration for those but would not want all GitHub.com users to run builds on your server. Tested with GitHub and GitLab.
2026-03-22 18:05:18 +01:00 · 2015-01-12 22:59:06 +00:00
parent f79762177c
commit 307aed12bc
14 changed files with 52 additions and 34 deletions
--- a/plugin/remote/bitbucket/bitbucket.go
+++ b/plugin/remote/bitbucket/bitbucket.go
@@ -27,19 +27,21 @@ type Bitbucket struct {
 	API    string
 	Client string
 	Secret string
+	Open   bool
 }

-func New(url, api, client, secret string) *Bitbucket {
+func New(url, api, client, secret string, open bool) *Bitbucket {
 	return &Bitbucket{
 		URL:    url,
 		API:    api,
 		Client: client,
 		Secret: secret,
+		Open:   open,
 	}
 }

-func NewDefault(client, secret string) *Bitbucket {
-	return New(DefaultURL, DefaultAPI, client, secret)
+func NewDefault(client, secret string, open bool) *Bitbucket {
+	return New(DefaultURL, DefaultAPI, client, secret, open)
 }

 // Authorize handles Bitbucket API Authorization
@@ -269,3 +271,7 @@ func (r *Bitbucket) ParseHook(req *http.Request) (*model.Hook, error) {
 		Message:   hook.Commits[len(hook.Commits)-1].Message,
 	}, nil
 }
+
+func (r *Bitbucket) OpenRegistration() bool {
+	return r.Open
+}
--- a/plugin/remote/bitbucket/register.go
+++ b/plugin/remote/bitbucket/register.go
@@ -9,6 +9,7 @@ var (
 	// Bitbucket cloud configuration details
 	bitbucketClient = config.String("bitbucket-client", "")
 	bitbucketSecret = config.String("bitbucket-secret", "")
+	bitbucketOpen   = config.Bool("bitbucket-open", false)
 )

 // Registers the Bitbucket plugin using the default
@@ -19,6 +20,6 @@ func Register() {
 		return
 	}
 	remote.Register(
-		NewDefault(*bitbucketClient, *bitbucketSecret),
+		NewDefault(*bitbucketClient, *bitbucketSecret, *bitbucketOpen),
 	)
 }
--- a/plugin/remote/github/github.go
+++ b/plugin/remote/github/github.go
@@ -28,9 +28,10 @@ type GitHub struct {
 	Private    bool
 	SkipVerify bool
 	Orgs       []string
+	Open       bool
 }

-func New(url, api, client, secret string, private, skipVerify bool, orgs []string) *GitHub {
+func New(url, api, client, secret string, private, skipVerify bool, orgs []string, open bool) *GitHub {
 	var github = GitHub{
 		URL:        url,
 		API:        api,
@@ -39,6 +40,7 @@ func New(url, api, client, secret string, private, skipVerify bool, orgs []strin
 		Private:    private,
 		SkipVerify: skipVerify,
 		Orgs:       orgs,
+		Open:       open,
 	}
 	// the API must have a trailing slash
 	if !strings.HasSuffix(github.API, "/") {
@@ -51,8 +53,8 @@ func New(url, api, client, secret string, private, skipVerify bool, orgs []strin
 	return &github
 }

-func NewDefault(client, secret string, orgs []string) *GitHub {
-	return New(DefaultURL, DefaultAPI, client, secret, false, false, orgs)
+func NewDefault(client, secret string, orgs []string, open bool) *GitHub {
+	return New(DefaultURL, DefaultAPI, client, secret, false, false, orgs, open)
 }

 // Authorize handles GitHub API Authorization.
@@ -305,3 +307,7 @@ func (r *GitHub) ParsePullRequestHook(req *http.Request) (*model.Hook, error) {

 	return &hook, nil
 }
+
+func (r *GitHub) OpenRegistration() bool {
+	return r.Open
+}
--- a/plugin/remote/github/register.go
+++ b/plugin/remote/github/register.go
@@ -10,6 +10,7 @@ var (
 	githubClient = config.String("github-client", "")
 	githubSecret = config.String("github-secret", "")
 	githubOrgs   = config.Strings("github-orgs")
+	githubOpen   = config.Bool("github-open", false)

 	// GitHub Enterprise configuration details
 	githubEnterpriseURL        = config.String("github-enterprise-url", "")
@@ -19,6 +20,7 @@ var (
 	githubEnterprisePrivate    = config.Bool("github-enterprise-private-mode", true)
 	githubEnterpriseSkipVerify = config.Bool("github-enterprise-skip-verify", false)
 	githubEnterpriseOrgs       = config.Strings("github-enterprise-orgs")
+	githubEnterpriseOpen       = config.Bool("github-enterprise-open", false)
 )

 // Registers the GitHub plugins using the default
@@ -35,7 +37,7 @@ func registerGitHub() {
 		return
 	}
 	remote.Register(
-		NewDefault(*githubClient, *githubSecret, *githubOrgs),
+		NewDefault(*githubClient, *githubSecret, *githubOrgs, *githubOpen),
 	)
 }

@@ -56,6 +58,7 @@ func registerGitHubEnterprise() {
 			*githubEnterprisePrivate,
 			*githubEnterpriseSkipVerify,
 			*githubEnterpriseOrgs,
+			*githubEnterpriseOpen,
 		),
 	)
 }
--- a/plugin/remote/gitlab/gitlab.go
+++ b/plugin/remote/gitlab/gitlab.go
@@ -13,12 +13,14 @@ import (
 type Gitlab struct {
 	url        string
 	SkipVerify bool
+	Open       bool
 }

-func New(url string, skipVerify bool) *Gitlab {
+func New(url string, skipVerify, open bool) *Gitlab {
 	return &Gitlab{
 		url:        url,
 		SkipVerify: skipVerify,
+		Open:       open,
 	}
 }

@@ -191,3 +193,7 @@ func (r *Gitlab) ParseHook(req *http.Request) (*model.Hook, error) {

 	return hook, nil
 }
+
+func (r *Gitlab) OpenRegistration() bool {
+	return r.Open
+}
--- a/plugin/remote/gitlab/gitlab_test.go
+++ b/plugin/remote/gitlab/gitlab_test.go
@@ -14,7 +14,7 @@ func Test_Github(t *testing.T) {
 	var server = testdata.NewServer()
 	defer server.Close()

-	var gitlab = New(server.URL, false)
+	var gitlab = New(server.URL, false, false)
 	var user = model.User{
 		Access: "e3b0c44298fc1c149afbf4c8996fb",
 	}
--- a/plugin/remote/gitlab/register.go
+++ b/plugin/remote/gitlab/register.go
@@ -8,6 +8,7 @@ import (
 var (
 	gitlabURL        = config.String("gitlab-url", "")
 	gitlabSkipVerify = config.Bool("gitlab-skip-verify", false)
+	gitlabOpen       = config.Bool("gitlab-open", false)
 )

 // Registers the Gitlab plugin using the default
@@ -21,6 +22,7 @@ func Register() {
 		New(
 			*gitlabURL,
 			*gitlabSkipVerify,
+			*gitlabOpen,
 		),
 	)
 }
--- a/plugin/remote/gogs/gogs.go
+++ b/plugin/remote/gogs/gogs.go
@@ -16,10 +16,11 @@ import (
 type Gogs struct {
 	URL    string
 	Secret string
+	Open   bool
 }

-func New(url string, secret string) *Gogs {
-	return &Gogs{URL: url, Secret: secret}
+func New(url string, secret string, open bool) *Gogs {
+	return &Gogs{URL: url, Secret: secret, Open: open}
 }

 // Authorize handles Gogs authorization
@@ -181,3 +182,7 @@ func (r *Gogs) ParseHook(req *http.Request) (*model.Hook, error) {
 		Message:   payload.Commits[0].Message,
 	}, nil
 }
+
+func (r *Gogs) OpenRegistration() bool {
+	return r.Open
+}
--- a/plugin/remote/gogs/register.go
+++ b/plugin/remote/gogs/register.go
@@ -8,6 +8,7 @@ import (
 var (
 	gogsUrl    = config.String("gogs-url", "")
 	gogsSecret = config.String("gogs-secret", "")
+	gogsOpen   = config.Bool("gogs-open", false)
 )

 // Registers the Gogs plugin using the default
@@ -18,6 +19,6 @@ func Register() {
 		return
 	}
 	remote.Register(
-		New(*gogsUrl, *gogsSecret),
+		New(*gogsUrl, *gogsSecret, *gogsOpen),
 	)
 }
--- a/plugin/remote/remote.go
+++ b/plugin/remote/remote.go
@@ -32,6 +32,9 @@ type Remote interface {
 	// ParseHook parses the post-commit hook from the Request body
 	// and returns the required data in a standard format.
 	ParseHook(r *http.Request) (*model.Hook, error)
+
+	// Registration returns true if open registration is allowed
+	OpenRegistration() bool
 }

 // List of registered plugins.