[installer] Make blocked repositories configurable

[andrew-farries]

Description

One of the Webapp team's epics for Q2 is to use the Gitpod installer to deploy to Gitpod SaaS. In order to do that we will need to add additional configuration to the installer to make the output suitable for a SaaS deployment as opposed to a self-hosted deployment.

This PR makes it possible to configure blocked repositories for the server component:

• Add a blockedRepositories field to the server configmap struct to match https://github.com/gitpod-io/gitpod/blob/main/components/server/src/config.ts#L164.
• Add a new experimental.webapp.server.blockedRepositories config field to the installer to set the field in the configmap.

Related Issue(s)

Part of #9097

How to test

Create an installer config file containing this experimental section:

experimental:
  webapp:
    server:
      blockedRepositories:
      - urlRegExp: "https://github.com/some-user/some-bad-repo"
        blockUser: true
      - urlRegExp: "https://github.com/some-other-user/another-bad-repo"
        blockUser: false

Get a versions.yaml for use with the installer:

docker run -it --rm "eu.gcr.io/gitpod-core-dev/build/versions:${version}" cat versions.yaml > versions.yaml

Then invoke the installer as:

go run . render --debug-version-file versions.yaml --config /path/to/config --use-experimental-config

The blockedRepositories field in the server config map will reflect the value set in the installer config.

Release Notes

Add `disableWorkspaceGarbageCollection` experimental installer config flag

Documentation

None.

[easyCZ]

LGTM, added a couple of questions. Feel free to land without addressing them but wanted to raise them in this context.
/hold

[easyCZ]

[nit] Would it make sense to comment the usage of a particular field? I know it's slightly increasing the scope of the PR here but I believe it would make onboarding new people to the team easier if they could read something like:

Suggested change

	BlockedRepositories []BlockedRepository `json:"blockedRepositories,omitempty"`
	// BlockedRepositories define repositories (by regex) which can be blocked.
	// Repositories are often blocked due to abuse or ...
	// To block a repository foo/bar, specify:
	// { UrlRegExp: "https://github.com/foo/bar", BlockUser: false }
	// ...
	BlockedRepositories []BlockedRepository `json:"blockedRepositories,omitempty"`

This could also act as a good basis for documentation

[andrew-farries]

At least in this case, this documentation already exists in the server config:

gitpod/components/server/src/config.ts

Lines 160 to 164 in 8ce8f7a

	/**
	* List of repositories not allowed to be used for workspace starts.
	* `blockUser` attribute to control handling of the user's account.
	*/
	blockedRepositories?: { urlRegExp: string; blockUser: boolean }[];

and there is a pretty close mapping between fields in this struct and those config fields.

[Pothulapati]

Just a heads up, There's #8441 to generate config documentation from the struct itself! Could be done together!

[geropl]

LGTM

[geropl]

/unhold

Because comments have been adressed above

[Pothulapati]