fix(github_app): improve repository updates handling (#79)

- Refactored queries to use parameterized statements for
`installation_id` and `repositories`

## Description
<!-- Describe your changes in detail -->

## Type of Change
<!-- Mark relevant items with an [x] -->
- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] Documentation/Repository docs update
- [ ] Performance improvement
- [ ] Code refactoring
- [ ] Test updates

## Testing
<!-- How has this been tested? -->
- [ ] Unit tests added/updated
- [ ] Integration tests added/updated
- [ ] Manual testing performed
- [ ] Not applicable

## Documentation
<!-- Mark relevant items with an [x] -->
- [ ] Documentation update required
- [ ] Changelog update required

## Related Issues
<!-- Link related issues below. Insert the issue link or issue number
-->
- Closes: <!-- insert issue link here -->
- Related to: <!-- insert issue link here -->

Author: radwo

github_hooks/Makefile

@@ -84,10 +84,10 @@ else
 	docker run --rm $(VOLUME_BIND) $(CONTAINER_ENV_VARS) $(IMAGE):$(IMAGE_TAG) bundle exec rubocop --format progress --format offenses --format junit --out out/results.xml
 endif
 
-check.ruby.code: check.prepare
+check.ruby.code:
 	$(MAKE) check.code LANGUAGE=ruby
 
-check.ruby.deps: check.prepare
+check.ruby.deps:
 	$(MAKE) check.deps LANGUAGE=ruby CHECK_DEPS_OPTS="-w app,rt-watchman"
 
 pb.gen:

github_hooks/lib/semaphore/github_app/hook.rb

@@ -90,14 +90,13 @@ def self.accept_permissions(installation_id)
     end
 
     def self.add_repositories(installation_id, repositories)
-      sql_repositories = "[\"#{repositories.join('", "')}\"]"
       sql = <<-SQL
       UPDATE github_app_installations
-      SET repositories = (SELECT to_jsonb(array_agg(DISTINCT b)) FROM (SELECT jsonb_array_elements_text(repositories || '#{sql_repositories}') as b FROM github_app_installations WHERE installation_id = '#{installation_id}') as c)
-      WHERE installation_id = #{installation_id}
+      SET repositories = (SELECT to_jsonb(array_agg(DISTINCT b)) FROM (SELECT jsonb_array_elements_text(repositories || $1::jsonb) AS b FROM github_app_installations WHERE installation_id = $2 ) AS c )
+      WHERE installation_id = $2
       SQL
 
-      GithubAppInstallation.connection.exec_update(sql, "Adds GitHub App repositories")
+      GithubAppInstallation.connection.exec_update(sql, "Adds GitHub App repositories", [repositories.to_json, installation_id])
 
       repositories.each do |slug|
         # GitHub sends us a webhook before API is ready to admit that changes took place.
@@ -107,14 +106,13 @@ def self.add_repositories(installation_id, repositories)
     end
 
     def self.remove_repositories(installation_id, repositories)
-      sql_repositories = "'#{repositories.join("', '")}'"
       sql = <<-SQL
       UPDATE github_app_installations
-      SET repositories = to_jsonb(array_diff((SELECT array_agg(trim(JsonString::text, '"')) FROM jsonb_array_elements(repositories) JsonString), array[#{sql_repositories}]))
-      WHERE installation_id = #{installation_id}
+      SET repositories = to_jsonb(array_diff((SELECT array_agg(trim(JsonString::text, '"')) FROM jsonb_array_elements(repositories) JsonString), $2::text[]))
+      WHERE installation_id = $1
       SQL
 
-      GithubAppInstallation.connection.exec_update(sql, "Removes GitHub App repositories")
+      GithubAppInstallation.connection.exec_update(sql, "Removes GitHub App repositories", [installation_id, "{#{repositories.join(",")}}"])
 
       repositories.each do |slug|
         # GitHub sends us a webhook before API is ready to admit that changes took place.