Add default workspace image to org setting

Author: mustard-mh

components/gitpod-cli/cmd/validate.go

@@ -88,6 +88,7 @@ func runRebuild(ctx context.Context, supervisorClient *supervisor.SupervisorClie
 	var dockerContext string
 	switch img := gitpodConfig.Image.(type) {
 	case nil:
+		// TODO: GET FROM SERVER
 		image = "gitpod/workspace-full:latest"
 	case string:
 		image = img

components/gitpod-db/src/typeorm/entity/db-team-settings.ts

@@ -18,6 +18,9 @@ export class DBOrgSettings implements OrganizationSettings {
     })
     workspaceSharingDisabled?: boolean;
 
+    @Column()
+    defaultWorkspaceImage?: string; // TODO: migration
+
     @Column()
     deleted: boolean;
 }

components/gitpod-db/src/typeorm/team-db-impl.ts

@@ -368,7 +368,10 @@ export class TeamDBImpl extends TransactionalDBImpl<TeamDB> implements TeamDB {
 
     public async findOrgSettings(orgId: string): Promise<OrganizationSettings | undefined> {
         const repo = await this.getOrgSettingsRepo();
-        return repo.findOne({ where: { orgId, deleted: false }, select: ["orgId", "workspaceSharingDisabled"] });
+        return repo.findOne({
+            where: { orgId, deleted: false },
+            select: ["orgId", "workspaceSharingDisabled", "defaultWorkspaceImage"],
+        });
     }
 
     public async setOrgSettings(orgId: string, settings: Partial<OrganizationSettings>): Promise<void> {
@@ -381,6 +384,7 @@ export class TeamDBImpl extends TransactionalDBImpl<TeamDB> implements TeamDB {
             });
         } else {
             team.workspaceSharingDisabled = settings.workspaceSharingDisabled;
+            team.defaultWorkspaceImage = settings.defaultWorkspaceImage;
             repo.save(team);
         }
     }

components/gitpod-protocol/src/protocol.ts

@@ -972,6 +972,13 @@ export interface WorkspaceConfig {
     _featureFlags?: NamedWorkspaceFeatureFlag[];
 }
 
+// WorkspaceConfigContext is the context to help parse/generate workspace config
+export interface WorkspaceConfigContext {
+    // organizationId is used to find organization related workspace config settings,
+    //      - defaultWorkspaceImage: it will affect `image` field
+    organizationId?: string;
+}
+
 export interface GithubAppConfig {
     prebuilds?: GithubAppPrebuildConfig;
 }

components/gitpod-protocol/src/teams-projects-protocol.ts

@@ -148,6 +148,7 @@ export interface Organization {
 
 export interface OrganizationSettings {
     workspaceSharingDisabled?: boolean;
+    defaultWorkspaceImage?: string;
 }
 
 export type TeamMemberRole = OrgMemberRole;

components/server/src/prebuilds/bitbucket-app.ts

@@ -134,7 +134,9 @@ export class BitbucketApp {
                 branch: context.ref,
                 commit: context.revision,
             });
-            const config = await this.prebuildManager.fetchConfig({ span }, user, context);
+            const config = await this.prebuildManager.fetchConfig({ span }, user, context, {
+                organizationId: projectAndOwner.project?.teamId,
+            });
             if (!this.prebuildManager.shouldPrebuild(config)) {
                 console.log("Bitbucket push event: No config. No prebuild.");
                 await this.webhookEvents.updateEvent(event.id, {

components/server/src/prebuilds/bitbucket-server-app.ts

@@ -128,14 +128,18 @@ export class BitbucketServerApp {
                     })
                     .catch((err) => log.error("cannot update project usage", err));
             }
+            // handle context again with organization settings
+            const commitContext = (await this.contextParser.handle({ span }, user, contextUrl)) as CommitContext;
             await this.webhookEvents.updateEvent(event.id, {
                 authorizedUserId: user.id,
                 projectId: projectAndOwner?.project?.id,
                 cloneUrl,
-                branch: context.ref,
-                commit: context.revision,
+                branch: commitContext.ref,
+                commit: commitContext.revision,
+            });
+            const config = await this.prebuildManager.fetchConfig({ span }, user, commitContext, {
+                organizationId: projectAndOwner.project?.teamId,
             });
-            const config = await this.prebuildManager.fetchConfig({ span }, user, context);
             if (!this.prebuildManager.shouldPrebuild(config)) {
                 log.info("Bitbucket push event: No config. No prebuild.");
                 await this.webhookEvents.updateEvent(event.id, {
@@ -154,7 +158,7 @@ export class BitbucketServerApp {
                 {
                     user: projectAndOwner.user,
                     project: projectAndOwner?.project,
-                    context,
+                    context: commitContext,
                     commitInfo,
                 },
             );

components/server/src/prebuilds/github-app.ts

@@ -295,7 +295,9 @@ export class GithubApp {
             span.setTag("contextURL", contextURL);
 
             const context = (await this.contextParser.handle({ span }, user, contextURL)) as CommitContext;
-            const config = await this.prebuildManager.fetchConfig({ span }, user, context);
+            const config = await this.prebuildManager.fetchConfig({ span }, user, context, {
+                organizationId: project?.teamId,
+            });
 
             const r = await this.ensureMainProjectAndUser(user, project, context, installationId);
             user = r.user;
@@ -435,7 +437,9 @@ export class GithubApp {
             }
 
             const context = (await this.contextParser.handle({ span }, user, contextURL)) as CommitContext;
-            const config = await this.prebuildManager.fetchConfig({ span }, user, context);
+            const config = await this.prebuildManager.fetchConfig({ span }, user, context, {
+                organizationId: project?.teamId,
+            });
 
             const r = await this.ensureMainProjectAndUser(user, project, context, installationId);
             user = r.user;

components/server/src/prebuilds/github-enterprise-app.ts

@@ -168,7 +168,9 @@ export class GitHubEnterpriseApp {
                 commit: context.revision,
             });
 
-            const config = await this.prebuildManager.fetchConfig({ span }, user, context);
+            const config = await this.prebuildManager.fetchConfig({ span }, user, context, {
+                organizationId: projectAndOwner.project?.teamId,
+            });
             if (
                 !this.prebuildManager.shouldPrebuild(config) ||
                 !this.appRules.shouldRunPrebuild(config, context.ref === context.repository.defaultBranch, false, false)

components/server/src/prebuilds/gitlab-app.ts

@@ -158,7 +158,9 @@ export class GitLabApp {
                 commit: context.revision,
             });
 
-            const config = await this.prebuildManager.fetchConfig({ span }, user, context);
+            const config = await this.prebuildManager.fetchConfig({ span }, user, context, {
+                organizationId: projectAndOwner.project?.teamId,
+            });
             if (!this.prebuildManager.shouldPrebuild(config)) {
                 log.debug({ userId: user.id }, "GitLab push hook: There is no prebuild config.", {
                     context: body,

components/server/src/prebuilds/prebuild-manager.ts

@@ -16,6 +16,7 @@ import {
     User,
     Workspace,
     WorkspaceConfig,
+    WorkspaceConfigContext,
     WorkspaceInstance,
 } from "@gitpod/gitpod-protocol";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
@@ -137,7 +138,9 @@ export class PrebuildManager {
             }
             await this.checkUsageLimitReached(user, project.teamId); // throws if out of credits
 
-            const config = await this.fetchConfig({ span }, user, context);
+            const config = await this.fetchConfig({ span }, user, context, {
+                organizationId: project.teamId,
+            });
 
             if (!forcePrebuild) {
                 // Check for an existing, successful prebuild, before triggering a new one.
@@ -366,10 +369,15 @@ export class PrebuildManager {
         return this.config.incrementalPrebuilds.repositoryPasslist.some((url) => trimRepoUrl(url) === repoUrl);
     }
 
-    async fetchConfig(ctx: TraceContext, user: User, context: CommitContext): Promise<WorkspaceConfig> {
+    async fetchConfig(
+        ctx: TraceContext,
+        user: User,
+        context: CommitContext,
+        configContext: WorkspaceConfigContext,
+    ): Promise<WorkspaceConfig> {
         const span = TraceContext.startSpan("fetchConfig", ctx);
         try {
-            return (await this.configProvider.fetchConfig({ span }, user, context)).config;
+            return (await this.configProvider.fetchConfig({ span }, user, context, configContext)).config;
         } catch (err) {
             TraceContext.setError({ span }, err);
             throw err;

components/server/src/workspace/config-provider.ts

@@ -22,6 +22,8 @@ import {
     AdditionalContentContext,
     WithDefaultConfig,
     ProjectConfig,
+    OrganizationSettings,
+    WorkspaceConfigContext,
 } from "@gitpod/gitpod-protocol";
 import { GitpodFileParser } from "@gitpod/gitpod-protocol/lib/gitpod-file-parser";
 
@@ -49,6 +51,7 @@ export class ConfigProvider {
         ctx: TraceContext,
         user: User,
         commit: CommitContext,
+        configContext: WorkspaceConfigContext,
     ): Promise<{ config: WorkspaceConfig; literalConfig?: ProjectConfig }> {
         const span = TraceContext.startSpan("fetchConfig", ctx);
         span.addTags({
@@ -59,6 +62,11 @@ export class ConfigProvider {
         try {
             let customConfig: WorkspaceConfig | undefined;
             let literalConfig: ProjectConfig | undefined;
+            let orgSettings: OrganizationSettings | undefined;
+
+            if (configContext.organizationId) {
+                orgSettings = await this.teamDB.findOrgSettings(configContext.organizationId);
+            }
 
             if (!WithDefaultConfig.is(commit)) {
                 const cc = await this.fetchCustomConfig(ctx, user, commit);
@@ -78,13 +86,16 @@ export class ConfigProvider {
                 if (!ImageConfigString.is(config.image)) {
                     throw new Error(`Default config must contain a base image!`);
                 }
+                if (orgSettings?.defaultWorkspaceImage) {
+                    config.image = orgSettings.defaultWorkspaceImage;
+                }
                 config._origin = "default";
                 return { config, literalConfig };
             }
 
             const config = customConfig;
             if (!config.image) {
-                config.image = this.config.workspaceDefaults.workspaceImage;
+                config.image = orgSettings?.defaultWorkspaceImage ?? this.config.workspaceDefaults.workspaceImage;
             } else if (ImageConfigFile.is(config.image)) {
                 const dockerfilePath = [configBasePath, config.image.file].filter((s) => !!s).join("/");
                 const repo = commit.repository;

components/server/src/workspace/context-parser-service.ts

@@ -117,7 +117,9 @@ export class ContextParser {
         }
         const span = TraceContext.startSpan("ContextParser.handleMultiRepositoryContext", ctx);
         try {
-            let config = await this.configProvider.fetchConfig({ span }, user, context);
+            // Note: we only care about repo related stuff in this function.
+            // Fields like `config.image` will not be exposed, so pass an empty WorkspaceConfigContext here
+            let config = await this.configProvider.fetchConfig({ span }, user, context, {});
             let mainRepoContext: WorkspaceContext | undefined;
             if (config.config.mainConfiguration) {
                 mainRepoContext = await this.internalHandleWithoutPrefix(
@@ -130,7 +132,9 @@ export class ContextParser {
                         `Cannot find main repository '${config.config.mainConfiguration}'.`,
                     ]);
                 }
-                config = await this.configProvider.fetchConfig({ span }, user, mainRepoContext);
+                // Note: we only care about repo related stuff in this function.
+                // Fields like `config.image` will not be exposed, so pass an empty WorkspaceConfigContext here
+                config = await this.configProvider.fetchConfig({ span }, user, mainRepoContext, {});
             }
 
             if (config.config.additionalRepositories && config.config.additionalRepositories.length > 0) {

components/server/src/workspace/gitpod-server-impl.ts

@@ -132,6 +132,7 @@ import {
     ProjectEnvVar,
     UserEnvVar,
     UserFeatureSettings,
+    WorkspaceConfigContext,
     WorkspaceTimeoutSetting,
 } from "@gitpod/gitpod-protocol/lib/protocol";
 import { ListUsageRequest, ListUsageResponse } from "@gitpod/gitpod-protocol/lib/usage";
@@ -330,6 +331,7 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
         parentCtx: TraceContext,
         user: User,
         context: WorkspaceContext,
+        configContext: WorkspaceConfigContext,
         ignoreRunningPrebuild?: boolean,
         allowUsingPreviousPrebuilds?: boolean,
     ): Promise<WorkspaceCreationResult | PrebuiltWorkspaceContext | undefined> {
@@ -366,7 +368,7 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
                     .trace(ctx)
                     .findPrebuiltWorkspaceByCommit(cloneUrl, commitSHAs);
                 if (!prebuiltWorkspace && allowUsingPreviousPrebuilds) {
-                    const { config } = await this.configProvider.fetchConfig({}, user, context);
+                    const { config } = await this.configProvider.fetchConfig({}, user, context, configContext);
                     const history = await this.incrementalPrebuildsService.getCommitHistoryForContext(context, user);
                     prebuiltWorkspace = await this.incrementalPrebuildsService.findGoodBaseForIncrementalBuild(
                         context,
@@ -1344,6 +1346,7 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
                 ctx,
                 user,
                 context,
+                { organizationId: options.organizationId },
                 options.ignoreRunningPrebuild,
                 options.allowUsingPreviousPrebuilds || project?.settings?.allowUsingPreviousPrebuilds,
             );

components/server/src/workspace/workspace-factory.ts

@@ -110,7 +110,9 @@ export class WorkspaceFactory {
 
             await assertNoPrebuildIsRunningForSameCommit();
 
-            const { config } = await this.configProvider.fetchConfig({ span }, user, context.actual);
+            const { config } = await this.configProvider.fetchConfig({ span }, user, context.actual, {
+                organizationId,
+            });
 
             // If an incremental prebuild was requested, see if we can find a recent prebuild to act as a base.
             let ws;
@@ -371,7 +373,9 @@ export class WorkspaceFactory {
         const span = TraceContext.startSpan("createForCommit", ctx);
 
         try {
-            const { config, literalConfig } = await this.configProvider.fetchConfig({ span }, user, context);
+            const { config, literalConfig } = await this.configProvider.fetchConfig({ span }, user, context, {
+                organizationId,
+            });
             const imageSource = await this.imageSourceProvider.getImageSource(ctx, user, context, config);
             if (config._origin === "derived" && literalConfig) {
                 (context as any as AdditionalContentContext).additionalFiles = { ...literalConfig };