fix: permission change updates from webhook
This commit is contained in:
Andras Bacsai
parent
f7ebc8a88c
commit
1ca0464957
@ -17,6 +17,7 @@ class Change extends Component
|
||||
|
||||
public ?bool $default_permissions = true;
|
||||
public ?bool $preview_deployment_permissions = true;
|
||||
public ?bool $administration = false;
|
||||
|
||||
public $parameters;
|
||||
public ?GithubApp $github_app;
|
||||
|
||||
@ -86,3 +86,8 @@ function get_installation_path(GithubApp $source)
|
||||
$installation_path = $github->html_url === 'https://github.com' ? 'apps' : 'github-apps';
|
||||
return "$github->html_url/$installation_path/$name/installations/new";
|
||||
}
|
||||
function get_permissions_path(GithubApp $source) {
|
||||
$github = GithubApp::where('uuid', $source->uuid)->first();
|
||||
$name = Str::of(Str::kebab($github->name));
|
||||
return "$github->html_url/settings/apps/$name/permissions";
|
||||
}
|
||||
|
||||
@ -70,14 +70,25 @@
|
||||
</div>
|
||||
<div class="flex items-end gap-2 ">
|
||||
<h3 class="pt-4">Permissions</h3>
|
||||
<x-forms.button wire:click.prevent="checkPermissions">Check Permissions</x-forms.button>
|
||||
<x-forms.button wire:click.prevent="checkPermissions">Refetch</x-forms.button>
|
||||
<a href="{{ get_permissions_path($github_app) }}">
|
||||
<x-forms.button>
|
||||
Update
|
||||
<x-external-link />
|
||||
</x-forms.button>
|
||||
</a>
|
||||
</div>
|
||||
<div class="flex gap-2">
|
||||
<x-forms.input id="github_app.contents" helper="read - mandatory." label="Content" readonly placeholder="N/A" />
|
||||
<x-forms.input id="github_app.metadata" helper="read - mandatory." label="Metadata" readonly placeholder="N/A" />
|
||||
<x-forms.input id="github_app.administration" helper="read:write access needed to setup servers as GitHub Runner." label="Administration" readonly
|
||||
placeholder="N/A" />
|
||||
<x-forms.input id="github_app.pull_requests" helper="write access needed to use deployment status update in previews." label="Pull Request" readonly placeholder="N/A" />
|
||||
<x-forms.input id="github_app.contents" helper="read - mandatory." label="Content" readonly
|
||||
placeholder="N/A" />
|
||||
<x-forms.input id="github_app.metadata" helper="read - mandatory." label="Metadata" readonly
|
||||
placeholder="N/A" />
|
||||
<x-forms.input id="github_app.administration"
|
||||
helper="read:write access needed to setup servers as GitHub Runner." label="Administration"
|
||||
readonly placeholder="N/A" />
|
||||
<x-forms.input id="github_app.pull_requests"
|
||||
helper="write access needed to use deployment status update in previews."
|
||||
label="Pull Request" readonly placeholder="N/A" />
|
||||
</div>
|
||||
</div>
|
||||
@endif
|
||||
@ -103,7 +114,7 @@
|
||||
<div class="flex gap-2">
|
||||
<h2>Register a GitHub App</h2>
|
||||
<x-forms.button class="bg-coollabs hover:bg-coollabs-100"
|
||||
x-on:click.prevent="createGithubApp('{{ $webhook_endpoint }}','{{ $preview_deployment_permissions }}')">
|
||||
x-on:click.prevent="createGithubApp('{{ $webhook_endpoint }}','{{ $preview_deployment_permissions }}',{{ $administration }})">
|
||||
Register Now
|
||||
</x-forms.button>
|
||||
</div>
|
||||
@ -128,17 +139,18 @@
|
||||
</x-forms.select>
|
||||
</div>
|
||||
@endif
|
||||
<div class="flex flex-col gap-2 pt-4">
|
||||
<x-forms.checkbox disabled instantSave id="default_permissions" label="Default Permissions"
|
||||
<div class="flex flex-col gap-2 pt-4 w-96">
|
||||
<x-forms.checkbox disabled instantSave id="default_permissions" label="Mandatory"
|
||||
helper="Contents: read<br>Metadata: read<br>Email: read" />
|
||||
<x-forms.checkbox instantSave id="preview_deployment_permissions"
|
||||
label="Preview Deployments Permission"
|
||||
<x-forms.checkbox instantSave id="preview_deployment_permissions" label="Preview Deployments "
|
||||
helper="Necessary for updating pull requests with useful comments (deployment status, links, etc.)<br><br>Pull Request: read & write" />
|
||||
<x-forms.checkbox instantSave id="administration" label="Administration (for Github Runners)"
|
||||
helper="Necessary for adding Github Runners to repositories.<br><br>Administration: read & write" />
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<script>
|
||||
function createGithubApp(webhook_endpoint, preview_deployment_permissions) {
|
||||
function createGithubApp(webhook_endpoint, preview_deployment_permissions, administration) {
|
||||
const {
|
||||
organization,
|
||||
uuid,
|
||||
@ -157,11 +169,15 @@ function createGithubApp(webhook_endpoint, preview_deployment_permissions) {
|
||||
const default_permissions = {
|
||||
contents: 'read',
|
||||
metadata: 'read',
|
||||
emails: 'read'
|
||||
emails: 'read',
|
||||
administration: 'read'
|
||||
};
|
||||
if (preview_deployment_permissions) {
|
||||
default_permissions.pull_requests = 'write';
|
||||
}
|
||||
if (administration) {
|
||||
default_permissions.administration = 'write';
|
||||
}
|
||||
const data = {
|
||||
name,
|
||||
url: baseUrl,
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
|
||||
use App\Enums\ProcessStatus;
|
||||
use App\Jobs\ApplicationPullRequestUpdateJob;
|
||||
use App\Jobs\GithubAppPermissionJob;
|
||||
use App\Jobs\SubscriptionInvoiceFailedJob;
|
||||
use App\Jobs\SubscriptionTrialEndedJob;
|
||||
use App\Jobs\SubscriptionTrialEndsSoonJob;
|
||||
@ -56,6 +57,7 @@
|
||||
$installation_id = request()->get('installation_id');
|
||||
$source = request()->get('source');
|
||||
$setup_action = request()->get('setup_action');
|
||||
ray(request());
|
||||
$github_app = GithubApp::where('uuid', $source)->firstOrFail();
|
||||
if ($setup_action === 'install') {
|
||||
$github_app->installation_id = $installation_id;
|
||||
@ -555,15 +557,10 @@
|
||||
// Just pong
|
||||
return response('pong');
|
||||
}
|
||||
if ($x_github_event === 'installation' || $x_github_event === 'installation_repositories') {
|
||||
// Installation handled by setup redirect url. Repositories queried on-demand.
|
||||
return response('cool');
|
||||
}
|
||||
$github_app = GithubApp::where('app_id', $x_github_hook_installation_target_id)->first();
|
||||
if (is_null($github_app)) {
|
||||
return response('Nothing to do. No GitHub App found.');
|
||||
}
|
||||
|
||||
$webhook_secret = data_get($github_app, 'webhook_secret');
|
||||
$hmac = hash_hmac('sha256', request()->getContent(), $webhook_secret);
|
||||
if (config('app.env') !== 'local') {
|
||||
@ -571,6 +568,14 @@
|
||||
return response('Invalid signature.');
|
||||
}
|
||||
}
|
||||
if ($x_github_event === 'installation' || $x_github_event === 'installation_repositories') {
|
||||
// Installation handled by setup redirect url. Repositories queried on-demand.
|
||||
$action = data_get($payload, 'action');
|
||||
if ($action === 'new_permissions_accepted') {
|
||||
GithubAppPermissionJob::dispatch($github_app);
|
||||
}
|
||||
return response('cool');
|
||||
}
|
||||
if ($x_github_event === 'push') {
|
||||
$id = data_get($payload, 'repository.id');
|
||||
$branch = data_get($payload, 'ref');
|
||||
|
||||
Loading…
Reference in New Issue
Block a user