debug: enable webhook on newly enabled prebuilds

Author: filiptronicek

components/server/src/prebuilds/github-service.ts

@@ -14,12 +14,16 @@ import { Config } from "../config";
 import { RepoURL } from "../repohost";
 import { UnauthorizedError } from "../errors";
 import { GitHubOAuthScopes } from "@gitpod/public-api-common/lib/auth-providers";
+import { containsScopes } from "./token-scopes-inclusion";
+import { TokenService } from "../user/token-service";
+import { ApplicationError, ErrorCodes } from "@gitpod/gitpod-protocol/lib/messaging/error";
 
 @injectable()
 export class GitHubService extends RepositoryService {
     constructor(
         @inject(GitHubRestApi) protected readonly githubApi: GitHubRestApi,
         @inject(Config) private readonly config: Config,
+        @inject(TokenService) private readonly tokenService: TokenService,
         @inject(GithubContextParser) private readonly githubContextParser: GithubContextParser,
     ) {
         super();
@@ -44,6 +48,53 @@ export class GitHubService extends RepositoryService {
         }
     }
 
+    async installAutomatedPrebuilds(user: User, cloneUrl: string): Promise<void> {
+        const parsedRepoUrl = RepoURL.parseRepoUrl(cloneUrl);
+        if (!parsedRepoUrl) {
+            throw new ApplicationError(ErrorCodes.BAD_REQUEST, `Clone URL not parseable.`);
+        }
+        let tokenEntry;
+        try {
+            const { owner, repoName: repo } = await this.githubContextParser.parseURL(user, cloneUrl);
+            const webhooks = (await this.githubApi.run(user, (gh) => gh.repos.listWebhooks({ owner, repo }))).data;
+            for (const webhook of webhooks) {
+                if (webhook.config.url === this.getHookUrl()) {
+                    await this.githubApi.run(user, (gh) =>
+                        gh.repos.deleteWebhook({ owner, repo, hook_id: webhook.id }),
+                    );
+                }
+            }
+            tokenEntry = await this.tokenService.createGitpodToken(user, "prebuild", cloneUrl);
+            const config = {
+                url: this.getHookUrl(),
+                content_type: "json",
+                secret: user.id + "|" + tokenEntry.token.value,
+            };
+            await this.githubApi.run(user, (gh) => gh.repos.createWebhook({ owner, repo, config }));
+        } catch (error) {
+            // Hint: here we catch all GH API errors to forward them as Unauthorized to FE,
+            // eventually that should be done depending on the error code.
+            // Also, if user is not connected at all, then the GH API wrapper is throwing
+            // the same error type, but with `providerIsConnected: false`.
+
+            if (GitHubApiError.is(error)) {
+                // TODO check for `error.code`
+                throw UnauthorizedError.create({
+                    host: parsedRepoUrl.host,
+                    providerType: "GitHub",
+                    repoName: parsedRepoUrl.repo,
+                    requiredScopes: GitHubOAuthScopes.Requirements.PRIVATE_REPO,
+                    providerIsConnected: true,
+                    isMissingScopes: containsScopes(
+                        tokenEntry?.token.scopes,
+                        GitHubOAuthScopes.Requirements.PRIVATE_REPO,
+                    ),
+                });
+            }
+            throw error;
+        }
+    }
+
     protected getHookUrl() {
         return this.config.hostUrl
             .asPublicServices()

components/server/src/projects/projects-service.ts

@@ -39,6 +39,7 @@ import type { PrebuildManager } from "../prebuilds/prebuild-manager";
 import { TraceContext } from "@gitpod/gitpod-protocol/lib/util/tracing";
 import { ContextParser } from "../workspace/context-parser-service";
 import { UnauthorizedError } from "../errors";
+import { ScmService } from "../scm/scm-service";
 
 // to resolve circular dependency issues
 export const LazyPrebuildManager = Symbol("LazyPrebuildManager");
@@ -58,6 +59,7 @@ export class ProjectsService {
         @inject(LazyPrebuildManager) private readonly prebuildManager: LazyPrebuildManager,
         @inject(ContextParser) private readonly contextParser: ContextParser,
         @inject(WebhookEventDB) private readonly webhookEventDb: WebhookEventDB,
+        @inject(ScmService) private readonly scmService: ScmService,
 
         @inject(InstallationService) private readonly installationService: InstallationService,
     ) {}
@@ -431,7 +433,8 @@ export class ProjectsService {
             const enablePrebuildsPrev = !!existingProject.settings?.prebuilds?.enable;
             if (!enablePrebuildsPrev) {
                 // new default
-                partialProject.settings.prebuilds.triggerStrategy = "activity-based";
+                await this.scmService.installWebhookForPrebuilds(existingProject, user);
+                partialProject.settings.prebuilds.triggerStrategy = "webhook-based";
             }
         }
         return this.projectDB.updateProject(partialProject);

components/server/src/repohost/repo-service.ts

@@ -12,4 +12,8 @@ export class RepositoryService {
     async isGitpodWebhookEnabled(user: User, cloneUrl: string): Promise<boolean> {
         throw new Error("unsupported");
     }
+
+    async installAutomatedPrebuilds(user: User, cloneUrl: string): Promise<void> {
+        throw new Error("unsupported");
+    }
 }

components/server/src/scm/scm-service.ts

@@ -8,7 +8,7 @@ import { inject, injectable } from "inversify";
 import { Authorizer } from "../authorization/authorizer";
 import { Config } from "../config";
 import { TokenProvider } from "../user/token-provider";
-import { CommitContext, Project, SuggestedRepository, Token, WorkspaceInfo } from "@gitpod/gitpod-protocol";
+import { CommitContext, Project, SuggestedRepository, Token, User, WorkspaceInfo } from "@gitpod/gitpod-protocol";
 import { HostContextProvider } from "../auth/host-context-provider";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 import { AuthProviderService } from "../auth/auth-provider-service";
@@ -22,6 +22,7 @@ import {
     suggestionFromRecentWorkspace,
     suggestionFromUserRepo,
 } from "../workspace/suggested-repos-sorter";
+import { RepoURL } from "../repohost";
 
 @injectable()
 export class ScmService {
@@ -52,6 +53,29 @@ export class ScmService {
         return token;
     }
 
+    public async installWebhookForPrebuilds(project: Project, installer: User) {
+        // Install the prebuilds webhook if possible
+        const { teamId, cloneUrl } = project;
+        const parsedUrl = RepoURL.parseRepoUrl(project.cloneUrl);
+        const hostContext = parsedUrl?.host ? this.hostContextProvider.get(parsedUrl?.host) : undefined;
+
+        if (!hostContext) {
+            throw new ApplicationError(ErrorCodes.NOT_FOUND, `SCM provider not found.`);
+        }
+
+        const repositoryService = hostContext.services?.repositoryService;
+        if (repositoryService) {
+            const logPayload = { organizationId: teamId, installer: installer.id, cloneUrl: project.cloneUrl };
+            try {
+                await repositoryService.installAutomatedPrebuilds(installer, cloneUrl);
+                log.info("Webhook for prebuilds installed.", logPayload);
+            } catch (error) {
+                log.error("Failed to install webhook for prebuilds.", error, logPayload);
+                throw error;
+            }
+        }
+    }
+
     /**
      * `guessTokenScopes` allows clients to retrieve scopes that would be necessary for a specified
      * git operation on a specified repository.