Merge branch 'main' into ft/gitlab-compatible-user-scopes-vars

Author: filiptronicek

.github/workflows/code-build.yaml

@@ -69,6 +69,7 @@ jobs:
               - [ ] test `gp open` and `gp preview`
               - [ ] test open in VS Code Desktop, check `gp open` and `gp preview` in task/user terminals
               - [ ] telemetry data like `vscode_extension_gallery` is collected in [Segment](https://app.segment.com/gitpod/sources/staging_trusted/debugger)
+              - [ ] test using `ubuntu 18` is working well, [example repo](https://github.com/jeanp413/test-gp-prebuild/tree/jp/damaged-aardwolf)
 
             ### Preview status
             gitpod:summary

README.md

@@ -17,7 +17,7 @@
 </div>
 
 
-[Gitpod](https://www.gitpod.io)’s developer platform provides on-demand, pre-configured environments that automatically integrate into any tool, library, or dependency required for creating software. Gitpod workspaces are the fastest and most secure way to ship software and are as easy as adding a .gitpod.yml file to the root of any repository.
+[Gitpod](https://www.gitpod.io)’s developer platform provides on-demand, pre-configured environments that automatically integrate into any tool, library, or dependency required for creating software. Gitpod workspaces are the fastest and most secure way to ship software and are as easy as adding a `.gitpod.yml` file to the root of any repository.
 
 📄 [Read Cloud Development Environment white paper](https://www.gitpod.io/whitepaper/cde)
 

WORKSPACE.yaml

@@ -7,8 +7,8 @@ defaultArgs:
   publishToNPM: true
   publishToJBMarketplace: true
   localAppVersion: unknown
-  codeCommit: dbe6cce70f2466a5f716a17d4fccdf198ca6287f
-  codeVersion: 1.93.1
+  codeCommit: df9057e10ad761c6a8378b72b37554c1458256e3
+  codeVersion: 1.94.2
   codeQuality: stable
   codeWebExtensionCommit: 7ff72a2938a7a06cbdf3964590f7e9b7525958f3
   xtermCommit: 8f10c5febf0162a3c2309076302f770fbad38fde
@@ -21,7 +21,7 @@ defaultArgs:
   webstormDownloadUrl: "https://download.jetbrains.com/webstorm/WebStorm-2024.2.3.tar.gz"
   riderDownloadUrl: "https://download.jetbrains.com/rider/JetBrains.Rider-2024.1.4.tar.gz"
   clionDownloadUrl: "https://download.jetbrains.com/cpp/CLion-2024.2.2.tar.gz"
-  rustroverDownloadUrl: "https://download.jetbrains.com/rustrover/RustRover-2024.2.2.tar.gz"
+  rustroverDownloadUrl: "https://download.jetbrains.com/rustrover/RustRover-2024.2.3.tar.gz"
   jbBackendVersion: "latest"
   dockerVersion: "20.10.24"
   dockerComposeVersion: "2.27.0-gitpod.0"

components/blobserve/leeway.Dockerfile

@@ -2,7 +2,7 @@
 # Licensed under the GNU Affero General Public License (AGPL).
 # See License.AGPL.txt in the project root for license information.
 
-FROM cgr.dev/chainguard/wolfi-base:latest@sha256:28f57f6a9fb2478f3a3dd160794831bd0099ec92d0d7b81cd203fae67bcb5339
+FROM cgr.dev/chainguard/wolfi-base:latest@sha256:4857dbc65f7dbf22dd662370a6b211621eba5550d276a9b2ad2596b666cbbdfe
 
 # Ensure latest packages are present, like security updates.
 RUN  apk upgrade --no-cache \

components/content-service/leeway.Dockerfile

@@ -2,7 +2,7 @@
 # Licensed under the GNU Affero General Public License (AGPL).
 # See License.AGPL.txt in the project root for license information.
 
-FROM cgr.dev/chainguard/wolfi-base:latest@sha256:28f57f6a9fb2478f3a3dd160794831bd0099ec92d0d7b81cd203fae67bcb5339
+FROM cgr.dev/chainguard/wolfi-base:latest@sha256:4857dbc65f7dbf22dd662370a6b211621eba5550d276a9b2ad2596b666cbbdfe
 
 # Ensure latest packages are present, like security updates.
 RUN  apk upgrade --no-cache \

components/dashboard/leeway.Dockerfile

@@ -2,7 +2,7 @@
 # Licensed under the GNU Affero General Public License (AGPL).
 # See License.AGPL.txt in the project root for license information.
 
-FROM cgr.dev/chainguard/wolfi-base:latest@sha256:28f57f6a9fb2478f3a3dd160794831bd0099ec92d0d7b81cd203fae67bcb5339 as compress
+FROM cgr.dev/chainguard/wolfi-base:latest@sha256:4857dbc65f7dbf22dd662370a6b211621eba5550d276a9b2ad2596b666cbbdfe as compress
 
 RUN apk add brotli gzip
 

components/dashboard/src/components/podkit/combobox/Combobox.tsx

@@ -84,11 +84,14 @@ export const Combobox: FunctionComponent<ComboboxProps> = ({
 
     const setActiveElement = useCallback(
         (element: string) => {
+            if (!filteredOptions.find((el) => element === el.id)?.isSelectable) {
+                return;
+            }
             setSelectedElementTemp(element);
             const el = document.getElementById(element);
             el?.scrollIntoView({ block: "nearest" });
         },
-        [setSelectedElementTemp],
+        [filteredOptions],
     );
 
     const handleOpenChange = useCallback(

components/dashboard/src/data/git-providers/unified-repositories-search-query.test.ts

@@ -5,7 +5,7 @@
  */
 
 import { SuggestedRepository } from "@gitpod/public-api/lib/gitpod/v1/scm_pb";
-import { deduplicateAndFilterRepositories } from "./unified-repositories-search-query";
+import { deduplicateAndFilterRepositories, isValidGitUrl } from "./unified-repositories-search-query";
 
 function repo(name: string, project?: string): SuggestedRepository {
     return new SuggestedRepository({
@@ -95,3 +95,27 @@ test("it should return all repositories without duplicates when excludeProjects
     expect(deduplicated[0].repoName).toEqual("foo");
     expect(deduplicated[1].repoName).toEqual("bar");
 });
+
+test("should perform weak validation for git URLs", () => {
+    expect(isValidGitUrl("a:")).toEqual(false);
+    expect(isValidGitUrl("a:b")).toEqual(false);
+    expect(isValidGitUrl("https://b")).toEqual(false);
+    expect(isValidGitUrl("https://b/repo.git")).toEqual(false);
+    expect(isValidGitUrl("https://b.com/repo.git")).toEqual(true);
+    expect(isValidGitUrl("[email protected]:")).toEqual(false);
+    expect(isValidGitUrl("[email protected]:")).toEqual(false);
+    expect(isValidGitUrl("[email protected]:22:")).toEqual(false);
+    expect(isValidGitUrl("[email protected]:g/g")).toEqual(true);
+
+    // some "from the wild" cases
+    expect(isValidGitUrl("https://github.com/gitpod-io/gitpod/pull/20281")).toEqual(true);
+    expect(isValidGitUrl("https://gitlab.com/filiptronicek/gitpod.git")).toEqual(true);
+    expect(isValidGitUrl("[email protected]:gitpod-io/gitpod.git")).toEqual(true);
+    expect(isValidGitUrl("[email protected]:filiptronicek/gitpod.git")).toEqual(true);
+    expect(isValidGitUrl("ssh://[email protected]:12345/~/repository.git")).toBe(true);
+    expect(isValidGitUrl("https://bitbucket.gitpod-dev.com/scm/~geropl/test-user-repo.git")).toBe(true);
+    expect(isValidGitUrl("git://gitlab.com/gitpod/spring-petclinic")).toBe(true);
+    expect(isValidGitUrl("[email protected]:v3/services-azure/open-to-edit-project2/open-to-edit-project2")).toBe(
+        true,
+    );
+});

components/dashboard/src/data/git-providers/unified-repositories-search-query.ts

@@ -11,6 +11,7 @@ import { useMemo } from "react";
 import { useListConfigurations } from "../configurations/configuration-queries";
 import type { UseInfiniteQueryResult } from "@tanstack/react-query";
 import { Configuration } from "@gitpod/public-api/lib/gitpod/v1/configuration_pb";
+import { parseUrl } from "../../utils";
 
 export const flattenPagedConfigurations = (
     data: UseInfiniteQueryResult<{ configurations: Configuration[] }>["data"],
@@ -125,17 +126,62 @@ export function deduplicateAndFilterRepositories(
     }
 
     if (results.length === 0) {
-        try {
-            // If the searchString is a URL, and it's not present in the proposed results, "artificially" add it here.
-            new URL(searchString);
+        // If the searchString is a URL, and it's not present in the proposed results, "artificially" add it here.
+        if (isValidGitUrl(searchString)) {
+            console.log("It's valid man");
             results.push(
                 new SuggestedRepository({
                     url: searchString,
                 }),
             );
-        } catch {}
+        }
+
+        console.log("Valid after man");
     }
 
     // Limit what we show to 200 results
     return results.slice(0, 200);
 }
+
+const ALLOWED_GIT_PROTOCOLS = ["ssh:", "git:", "http:", "https:"];
+/**
+ * An opionated git URL validator
+ *
+ * Assumptions:
+ * - Git hosts are not themselves TLDs (like .com) or reserved names like `localhost`
+ * - Git clone URLs can operate over ssh://, git:// and http(s)://
+ * - Git clone URLs (both SSH and HTTP ones) must have a nonempty path
+ */
+export const isValidGitUrl = (input: string): boolean => {
+    const url = parseUrl(input);
+    if (!url) {
+        // SSH URLs with no protocol, such as [email protected]:gitpod-io/gitpod.git
+        const sshMatch = input.match(/^\w+@([^:]+):(.+)$/);
+        if (!sshMatch) return false;
+
+        const [, host, path] = sshMatch;
+
+        // Check if the path is not empty
+        if (!path || path.trim().length === 0) return false;
+
+        if (path.includes(":")) return false;
+
+        return isHostValid(host);
+    }
+
+    if (!url) return false;
+
+    if (!ALLOWED_GIT_PROTOCOLS.includes(url.protocol)) return false;
+    if (url.pathname.length <= 1) return false; // make sure we have some path
+
+    return isHostValid(url.host);
+};
+
+const isHostValid = (input?: string): boolean => {
+    if (!input) return false;
+
+    const hostSegments = input.split(".");
+    if (hostSegments.length < 2 || hostSegments.some((chunk) => chunk === "")) return false; // check that there are no consecutive periods as well as no leading or trailing ones
+
+    return true;
+};