[server] Separate instance creation from instance starting (again)

[geropl]

Description

In preparation of making sure we don't break workspace starts during rollouts, this PR does some cleanup in WorkspaceStarter. Most importantly, we ensure that after a WorkspaceInstance is stored in the DB, we can start a workspace from it. 👍 (also, makes the code cleaner).

Short summary to make the changes easier to digest:

• introduced buildImageAndStartWorkspace to "mark" that separation, but also for usage in upcoming PRs
• remove options.rethrow: not used anymore
• instead of piping lastValidWorkspaceInstanceId through multiple layers for a simple check, condense it into fromBackup right away
• persist the parts of ideConfig that we need during workspace start into instance.configuration.ideSetup

Summary generated by Copilot

🤖 Generated by Copilot at f4fa9fd

This pull request adds a new interface for IDE setup, refactors the workspace-starter and ide-service modules, and makes the configuration field mandatory for workspace instances.

Related Issue(s)

Related to EXP-549
Depends on: #18641

How to test

Documentation

Preview status

Gitpod was successfully deployed to your preview environment.

• 🏷️ Name - gpl-ws-starter-2
• 🔗 URL - gpl-ws-starter-2.preview.gitpod-dev.com/workspaces.
• 📚 Documentation - See our internal documentation for information on how to interact with your preview environment.
• 📦 Version - gpl-ws-starter-2-gha.16325
• 🗒️ Logs - GCP Logs Explorer

Build Options

Build

• /werft with-werft
  Run the build with werft instead of GHA
• leeway-no-cache
• /werft no-test
  Run Leeway with --dont-test

Publish

• /werft publish-to-npm
• /werft publish-to-jb-marketplace

Installer

• analytics=segment
• with-dedicated-emulation
• workspace-feature-flags
  Add desired feature flags to the end of the line above, space separated

Preview Environment / Integration Tests

• /werft with-local-preview
  If enabled this will build install/preview
• /werft with-preview
• /werft with-large-vm
• /werft with-gce-vm
  If enabled this will create the environment on GCE infra
• with-integration-tests=all
  Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
• with-monitoring

/hold

[geropl]

I checked the DB: We have 0 instances where this field is NULL or "".

[geropl]

I checked the DB: We have 0 instances where this field is NULL or "".

[geropl]

rethrow was never anywhere anymore.

[geropl]

With this change, after instance creation, there is no need for any further lookup: The instance shape contains everything that is needed to start a workspace.

Only exception that is up for discussion: envVars. Ideally we should store those as well, but I refrained because we might store unencrypted passwords or similar.
Open for comments and ideas here!

[akosyakov]

Is it because JSON stored unencrypted? i.e. how is it different to value in env var tables?

[geropl]

i.e. how is it different to value in env var tables?

There we use an encrypting transformer (source).

[geropl]

This check was the only reason we piped lastValidWorkspaceInstanceId: string through 4 layers... 🙈

[geropl]

@akosyakov Would be great to get your feedback for the changes around ideConfig. I assumed that ideConfig.tasks or .envvars never contain secrets or similar, but would be great if you could confirm. 🙏

[akosyakov]

@geropl You can check here:

gitpod/components/ide-service/pkg/server/server.go

Line 352 in 938f0ba

func (s *IDEServiceServer) ResolveWorkspaceConfig(ctx context.Context, req *api.ResolveWorkspaceConfigRequest) (resp *api.ResolveWorkspaceConfigResponse, err error) {

I think we don't have any tasks anymore, we added them for JB prebuild, but they moved to supervisor by now. There are couple env vars but they are not secrets.

[akosyakov]

/gh run recreate-vm=true

Comment triggered a workflow run

Started workflow run: 6069970179

• recreate_vm: true

[akosyakov]

I smoke tested that workspace with custom settings still can be started. Code changes also look reasonable.

[akosyakov]

@geropl Prebuilds are another path right? We will need to take care about them separately from PrebuildManager?

[geropl]

Prebuilds are another path right?

Prebuilds are using this path as well (source).

[geropl]

/unhold