Skip to content

Introduce org-level GITPOD_IMAGE_AUTH #20538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Jan 24, 2025
Merged

Introduce org-level GITPOD_IMAGE_AUTH #20538

merged 10 commits into from
Jan 24, 2025

Conversation

geropl
Copy link
Member

@geropl geropl commented Jan 22, 2025
edited
Loading

Description

Introduces an org-level setting to set GITPOD_IMAGE_AUTH.
image

Turned out to be a bit more work due to old bugs that surfaced now, and suboptimal design around the EnvVar shapes and how they are used. I did not clean it up completely, as I did not want to delay merging this further, but clearly moved in that direction by removing some cruft from the defintions and tests.

ToDo:

  • backend
  • API
  • dashboard

Related Issue(s)

Fixes CLC-1091

How to test

Unit tests

  • are green 🟢

Manual

  1. signup here: https://gpl-1089-auth.preview.gitpod-dev.com/workspaces
  2. start a workspace on https://gpl-1089-auth.preview.gitpod-dev.com/#https://github.com/geropl/gitpod-test-repo/tree/gpl/test-img-auth and see the error message ("insufficient_scope" etc.) ✔️
  3. join my org: https://gpl-1089-auth.preview.gitpod-dev.com/orgs/join?inviteId=7c86eaf0-c9ad-4a24-8e59-a5758c593c38
  1. start the workspace again: https://gpl-1089-auth.preview.gitpod-dev.com/#https://github.com/geropl/gitpod-test-repo/tree/gpl/test-img-auth and see how it works now ✔️

Documentation

Preview status

gitpod:summary

Build Options

Build
  • /werft with-werft
    Run the build with werft instead of GHA
  • leeway-no-cache
  • /werft no-test
    Run Leeway with --dont-test
Publish
  • /werft publish-to-npm
  • /werft publish-to-jb-marketplace
Installer
  • analytics=segment
  • with-dedicated-emulation
  • workspace-feature-flags
    Add desired feature flags to the end of the line above, space separated
Preview Environment / Integration Tests
  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-large-vm
  • /werft with-gce-vm
    If enabled this will create the environment on GCE infra
  • /werft preemptible
    Saves cost. Untick this only if you're really sure you need a non-preemtible machine.
  • with-integration-tests=all
    Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
  • with-monitoring

/hold

@geropl geropl marked this pull request as ready for review January 23, 2025 13:12
@geropl geropl requested review from a team as code owners January 23, 2025 13:12
geropl
geropl commented Jan 23, 2025
View reviewed changes
geropl
geropl commented Jan 23, 2025
View reviewed changes
geropl
geropl commented Jan 23, 2025
View reviewed changes
filiptronicek
filiptronicek approved these changes Jan 23, 2025
View reviewed changes
Copy link
Member

@filiptronicek filiptronicek left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks amazing @geropl! Let's :shipit:

Left a couple of non-blocking comments

image

components/public-api/typescript-common/src/public-api-converter.ts
@@ -834,6 +836,14 @@ export class PublicAPIConverter {
return result;
}

toOrganizationEnvironmentVariable(envVar: OrgEnvVar): OrganizationEnvironmentVariable {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: can we add converter tests for this new method?

@geropl
Copy link
Member Author

geropl commented Jan 24, 2025

/unhold

@roboquat roboquat merged commit ad4b7a8 into main Jan 24, 2025
19 checks passed
@roboquat roboquat deleted the gpl/1089-auth branch January 24, 2025 08:43
@filiptronicek filiptronicek mentioned this pull request Jan 28, 2025
Merged
geropl added a commit that referenced this pull request Apr 25, 2025
@geropl
[server] Allow org env vars in repos that don't have projects
3b3bb5a 
Enables the use case of collaborators allowing to use projects with a private default workspace image configured on the org-level. This is enabled by the optional `enableDockerdAuthentication` that was implemented in #20586 - shortly _after_ org-level-env vars was implemented in #20538.
@geropl geropl mentioned this pull request Apr 25, 2025
Merged
15 tasks
roboquat pushed a commit that referenced this pull request Apr 25, 2025
@geropl
[server] Allow org env vars in repos that don't have projects (#20774)
a3db4f1 
Enables the use case of collaborators allowing to use projects with a private default workspace image configured on the org-level. This is enabled by the optional `enableDockerdAuthentication` that was implemented in #20586 - shortly _after_ org-level-env vars was implemented in #20538.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@filiptronicek filiptronicek filiptronicek approved these changes

Assignees
No one assigned
Labels
size/XXL team: team-enterprise team: team-experience
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@geropl @filiptronicek @roboquat