Fix Bitbucket push event handling #7833
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: Associated issue: #7683 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Codecov Report
@@ Coverage Diff @@
## main #7833 +/- ##
==========================================
- Coverage 12.01% 10.86% -1.16%
==========================================
Files 20 18 -2
Lines 1190 1022 -168
==========================================
- Hits 143 111 -32
+ Misses 1043 909 -134
+ Partials 4 2 -2
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
AlexTugarev
force-pushed
the
at/bitbucket-7683
branch
from
29ff4f4 to
4f67c14
Compare
|
Taking a look now 👀 |
There was a problem hiding this comment.
Many thanks for adding the project association for Bitbucket push events! 👍
This change looks good to me in principle, except for the part about impersonating a random team owner (please see inline).
I've also tested that triggering Prebuilds by pushing commits to Bitbucket still works 👍 (both for user projects and team projects).
| if (project) { | ||
| const owner = !!project.userId | ||
| ? { userId: project.userId } | ||
| : (await this.teamDB.findMembersByTeam(project.teamId || '')).filter(m => m.role === "owner")[0]; |
There was a problem hiding this comment.
Why is it useful to pick a random owner from the team here, as opposed to just picking the user that started the prebuild as before?
It still seems weird and potentially dangerous to me that I can potentially perform actions as someone else (impersonation), as opposed to always running Gitpod actions as myself.
There was a problem hiding this comment.
It still seems weird and potentially dangerous to me that I can potentially perform actions as someone else (impersonation), as opposed to always running Gitpod actions as myself.
First of, here we're are handling projects of a team in that case and this is about the ownership of a prebuild – nothing else. Then also, tagging with any of the current team owners seems to better than potentially tagging with a non-existing userId, which led to this pattern in the first place. BTW it'd be just consistent to do it like this, or change it also for GitHub and GitLab projects/prebuilds.
There was a problem hiding this comment.
Why is it useful to pick a random owner from the team here, as opposed to just picking the user that started the prebuild as before?
Another explainer: have a user A create a project in a team and then let user A leave the team, which account to use to tag the prebuild?
There was a problem hiding this comment.
@jankeromnes, can we discuss this in a call?
There was a problem hiding this comment.
Hm. I tend to agree with Jan that we should not try to do sth intimate (use token) that is unexpected.
How does the BitBucket "installation flow" look like? E.g., can we store a userId there that we can use here? That way we'd at least maintain the expectation that who registered a repo will also execute the prebuilds (like for GitHub apps).
Another explainer: have a user A create a project in a team and then let user A leave the team, which account to use to tag the prebuild?
This sounds like a very interesting question to me: What is projectId.userId useful for, anyway? 🤔
There was a problem hiding this comment.
Suggestion: For the sake of this PR, let's separate the "who owns the Team" and "who owns the BitBucket 'installation'" discussions into (a) separate issue(s). And simply exit here if project.userId is not set. Would that work, @AlexTugarev ?
There was a problem hiding this comment.
The point is that we're storing the users token in the webhook registration, which is part of history when we had no project introduced yet. I believe it would be more robust to add the project id in the webhook registration and use any available token of any team owner (with access to that BB repo) when doing updates to the webook registration. This is something we concluded while discussing about the ownership of a project within a team, and what should happen when one leaves a team, e.g. should the project be removed?
I'm also ok with trying to maintain the installer's link as far as possible and fallback to a team owner after the installer was removed from the team.
There was a problem hiding this comment.
@jankeromnes and @geropl, I changed to prefer the previous webhook installer, which should meet the expectation in most cases. I suggest to overhaul the semantics for all providers in a separate issues, because it seems that we did not cover all cases. That's something we can and should cover in unit tests for clear communications.
There was a problem hiding this comment.
@jankeromnes and @geropl, thanks once again for pushing this! after re-re-reading the flow and testing once more, I realized that's a bad decision to limit to project owners 🙄. the fallback mechanism should, if applied, try to find and team member to rescue the state of the project, if the original installer was removed from the team. so, priority is to maintain the webhook membership and then to fallback to any of the team member with the relevant provider connection.
I took the change and aligned the gitlab app code as well, because that was the blueprint here.
let's continue the clean up of this in the effort to provide a state of the webhook installation.
AlexTugarev
force-pushed
the
at/bitbucket-7683
branch
from
4f67c14 to
b294dd2
Compare
|
/hold The code LGTM except that I think we should add a comment with the gist of our discussion to Please ping for new /lgtm then! |
AlexTugarev
force-pushed
the
at/bitbucket-7683
branch
from
b294dd2 to
a4f5cbc
Compare
| /** | ||
| * Finds the relevant user account and project to the provided webhook event information. | ||
| * | ||
| * First of all it tries to find the project for the given `cloneURL`, then it tries to |
AlexTugarev
force-pushed
the
at/bitbucket-7683
branch
from
a4f5cbc to
50e3740
Compare
|
/unhold |
Fixes #7683
This PR also fixes the linking of prebuilds to the related project.