Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate GitHub OAuth App to GitHub App #11942

Draft
wants to merge 71 commits into
base: main
Choose a base branch
from
Draft

Migrate GitHub OAuth App to GitHub App #11942

wants to merge 71 commits into from

Conversation

stsewd
Copy link
Member

@stsewd stsewd commented Jan 22, 2025

Ref #11780

@stsewd stsewd requested a review from a team as a code owner January 22, 2025 20:50
@stsewd stsewd requested a review from humitos January 22, 2025 20:50
@stsewd stsewd marked this pull request as draft January 22, 2025 20:50
@stsewd stsewd mentioned this pull request Jan 22, 2025
Open
humitos
humitos reviewed Jan 27, 2025
View reviewed changes
Copy link
Member

@humitos humitos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't tested this locally, but it seems it could work.

I understand our "Login/Signup with GitHub" button will now point to the new GitHub App, right?

@humitos
Copy link
Member

humitos commented Jan 27, 2025

I haven't tested this locally, but it seems it could work.

If you have this environment already setup locally, can you record a small GIF that shows the workflow to understand what is the UX?

@stsewd
Copy link
Member Author

stsewd commented Jan 28, 2025

I understand our "Login/Signup with GitHub" button will now point to the new GitHub App, right?

Yep.

If you have this environment already setup locally, can you record a small GIF that shows the workflow to understand what is the UX?

Screencast.From.2025-01-28.16-17-42.mp4

The old login option will be hidden in production, of course.

@humitos
Copy link
Member

humitos commented Jan 29, 2025

The UX looks great to me! 🎉

I see we are showing both GitHub integrations in the user settings, which could be a little confusing. Maybe we can hide the old integration once the new one is approved if we want to.

@humitos
Copy link
Member

humitos commented Feb 3, 2025

It seems you are writing the code for a bigger migration that we talked for the first chunk of work. We wanted to scope this work down to be able to login with GitHub Application first. That will give us a lot of information about the workflow and confirm this is possible. Once there, we should be able to move forward with webhooks, clonning and all the other integrations we want to build on top of GitHub Application.

I'm not saying this work is wrong --we definitely need/want it-- but it will be safer to move forward using smaller steps to avoid such a big change all at once.

@stsewd
Copy link
Member Author

stsewd commented Feb 3, 2025

We wanted to scope this work down to be able to login with GitHub Application first. That will give us a lot of information about the workflow and confirm this is possible.

That was already done.

Exposing the new GH app as login option is the last step, we can't expose it first without having the integration working since new users won't be able to import projects.

My plan is:

  • Have the modeling and integrations working
  • Have a migration path for existing users
  • Expose new login option and hide the old one

@humitos
Copy link
Member

humitos commented Feb 3, 2025

we can't expose it first without having the integration working since new users won't be able to import projects.

Ah, you are right here. I was only thinking about old users with a OAuth application in place already 🙃

humitos
humitos reviewed Feb 6, 2025
View reviewed changes
stsewd added a commit that referenced this pull request Feb 19, 2025
@stsewd
Projects: require users to have admin permissions to link repositorie…
ec75b8f 
…s to projects

Our current logic allows any user (or member) to link a public repository to a project,
this was fine since we use the user session to create the webhook and ssh key on .com,
and if they don't have permissions, nothing will happen.

But with #11942
operations won't be done on behalf of the user, but the installation,
so we need to make sure that the user has permissions to link the
repository to the project.
@stsewd stsewd mentioned this pull request Feb 19, 2025
Open
stsewd added a commit that referenced this pull request Feb 19, 2025
@stsewd
Service: kwargs only when sending build statuses
7615e0e 
A small refactor extracted from #11942
stsewd added a commit that referenced this pull request Feb 19, 2025
@stsewd
Service: kwargs only when sending build statuses
8856778 
A small refactor extracted from #11942
This was referenced Feb 19, 2025
Merged
Merged
stsewd added a commit that referenced this pull request Feb 19, 2025
@stsewd
Service: kwargs only when sending build statuses (#12007)
b333b97 
A small refactor extracted from
#11942
@stsewd stsewd mentioned this pull request Feb 19, 2025
Draft
stsewd added a commit that referenced this pull request Feb 20, 2025
@stsewd
Webhooks: refactor branch/tag building
50d6943 
Extracted from #11942
@stsewd stsewd mentioned this pull request Feb 20, 2025
Open
stsewd added a commit that referenced this pull request Feb 20, 2025
@stsewd
Git service: add method to sync user access to remote repositories
3f665fc 
Extracted from
#11942.

Instead of getting a service for the user and manually syncing the
repositories, this abstracts syncing the access to the repositories
in another method. This is since with GH apps, syncing the access
to the repositories is done in a different way.
@stsewd stsewd mentioned this pull request Feb 20, 2025
Merged
stsewd added a commit that referenced this pull request Feb 24, 2025
@stsewd
Git service: add method to sync user access to remote repositories (#…
af79b77 
…12016)

Extracted from
#11942.

Instead of getting a service for the user and manually syncing the
repositories, this abstracts syncing the access to the repositories in
another method. This is since with GH apps, syncing the access to the
repositories is done in a different way.
@stsewd stsewd mentioned this pull request Feb 26, 2025
Open
@stsewd stsewd mentioned this pull request Mar 4, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@humitos humitos humitos left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@stsewd stsewd

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stsewd @humitos