fix: permission change updates from webhook
This commit is contained in:
Andras Bacsai
parent
f7ebc8a88c
commit
1ca0464957
@ -17,6 +17,7 @@ class Change extends Component
|
|||||||
|
|
||||||
public ?bool $default_permissions = true;
|
public ?bool $default_permissions = true;
|
||||||
public ?bool $preview_deployment_permissions = true;
|
public ?bool $preview_deployment_permissions = true;
|
||||||
|
public ?bool $administration = false;
|
||||||
|
|
||||||
public $parameters;
|
public $parameters;
|
||||||
public ?GithubApp $github_app;
|
public ?GithubApp $github_app;
|
||||||
|
|||||||
@ -86,3 +86,8 @@ function get_installation_path(GithubApp $source)
|
|||||||
$installation_path = $github->html_url === 'https://github.com' ? 'apps' : 'github-apps';
|
$installation_path = $github->html_url === 'https://github.com' ? 'apps' : 'github-apps';
|
||||||
return "$github->html_url/$installation_path/$name/installations/new";
|
return "$github->html_url/$installation_path/$name/installations/new";
|
||||||
}
|
}
|
||||||
|
function get_permissions_path(GithubApp $source) {
|
||||||
|
$github = GithubApp::where('uuid', $source->uuid)->first();
|
||||||
|
$name = Str::of(Str::kebab($github->name));
|
||||||
|
return "$github->html_url/settings/apps/$name/permissions";
|
||||||
|
}
|
||||||
|
|||||||
@ -70,14 +70,25 @@
|
|||||||
</div>
|
</div>
|
||||||
<div class="flex items-end gap-2 ">
|
<div class="flex items-end gap-2 ">
|
||||||
<h3 class="pt-4">Permissions</h3>
|
<h3 class="pt-4">Permissions</h3>
|
||||||
<x-forms.button wire:click.prevent="checkPermissions">Check Permissions</x-forms.button>
|
<x-forms.button wire:click.prevent="checkPermissions">Refetch</x-forms.button>
|
||||||
|
<a href="{{ get_permissions_path($github_app) }}">
|
||||||
|
<x-forms.button>
|
||||||
|
Update
|
||||||
|
<x-external-link />
|
||||||
|
</x-forms.button>
|
||||||
|
</a>
|
||||||
</div>
|
</div>
|
||||||
<div class="flex gap-2">
|
<div class="flex gap-2">
|
||||||
<x-forms.input id="github_app.contents" helper="read - mandatory." label="Content" readonly placeholder="N/A" />
|
<x-forms.input id="github_app.contents" helper="read - mandatory." label="Content" readonly
|
||||||
<x-forms.input id="github_app.metadata" helper="read - mandatory." label="Metadata" readonly placeholder="N/A" />
|
placeholder="N/A" />
|
||||||
<x-forms.input id="github_app.administration" helper="read:write access needed to setup servers as GitHub Runner." label="Administration" readonly
|
<x-forms.input id="github_app.metadata" helper="read - mandatory." label="Metadata" readonly
|
||||||
placeholder="N/A" />
|
placeholder="N/A" />
|
||||||
<x-forms.input id="github_app.pull_requests" helper="write access needed to use deployment status update in previews." label="Pull Request" readonly placeholder="N/A" />
|
<x-forms.input id="github_app.administration"
|
||||||
|
helper="read:write access needed to setup servers as GitHub Runner." label="Administration"
|
||||||
|
readonly placeholder="N/A" />
|
||||||
|
<x-forms.input id="github_app.pull_requests"
|
||||||
|
helper="write access needed to use deployment status update in previews."
|
||||||
|
label="Pull Request" readonly placeholder="N/A" />
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@endif
|
@endif
|
||||||
@ -103,7 +114,7 @@
|
|||||||
<div class="flex gap-2">
|
<div class="flex gap-2">
|
||||||
<h2>Register a GitHub App</h2>
|
<h2>Register a GitHub App</h2>
|
||||||
<x-forms.button class="bg-coollabs hover:bg-coollabs-100"
|
<x-forms.button class="bg-coollabs hover:bg-coollabs-100"
|
||||||
x-on:click.prevent="createGithubApp('{{ $webhook_endpoint }}','{{ $preview_deployment_permissions }}')">
|
x-on:click.prevent="createGithubApp('{{ $webhook_endpoint }}','{{ $preview_deployment_permissions }}',{{ $administration }})">
|
||||||
Register Now
|
Register Now
|
||||||
</x-forms.button>
|
</x-forms.button>
|
||||||
</div>
|
</div>
|
||||||
@ -128,17 +139,18 @@
|
|||||||
</x-forms.select>
|
</x-forms.select>
|
||||||
</div>
|
</div>
|
||||||
@endif
|
@endif
|
||||||
<div class="flex flex-col gap-2 pt-4">
|
<div class="flex flex-col gap-2 pt-4 w-96">
|
||||||
<x-forms.checkbox disabled instantSave id="default_permissions" label="Default Permissions"
|
<x-forms.checkbox disabled instantSave id="default_permissions" label="Mandatory"
|
||||||
helper="Contents: read<br>Metadata: read<br>Email: read" />
|
helper="Contents: read<br>Metadata: read<br>Email: read" />
|
||||||
<x-forms.checkbox instantSave id="preview_deployment_permissions"
|
<x-forms.checkbox instantSave id="preview_deployment_permissions" label="Preview Deployments "
|
||||||
label="Preview Deployments Permission"
|
|
||||||
helper="Necessary for updating pull requests with useful comments (deployment status, links, etc.)<br><br>Pull Request: read & write" />
|
helper="Necessary for updating pull requests with useful comments (deployment status, links, etc.)<br><br>Pull Request: read & write" />
|
||||||
|
<x-forms.checkbox instantSave id="administration" label="Administration (for Github Runners)"
|
||||||
|
helper="Necessary for adding Github Runners to repositories.<br><br>Administration: read & write" />
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<script>
|
<script>
|
||||||
function createGithubApp(webhook_endpoint, preview_deployment_permissions) {
|
function createGithubApp(webhook_endpoint, preview_deployment_permissions, administration) {
|
||||||
const {
|
const {
|
||||||
organization,
|
organization,
|
||||||
uuid,
|
uuid,
|
||||||
@ -157,11 +169,15 @@
|
|||||||
const default_permissions = {
|
const default_permissions = {
|
||||||
contents: 'read',
|
contents: 'read',
|
||||||
metadata: 'read',
|
metadata: 'read',
|
||||||
emails: 'read'
|
emails: 'read',
|
||||||
|
administration: 'read'
|
||||||
};
|
};
|
||||||
if (preview_deployment_permissions) {
|
if (preview_deployment_permissions) {
|
||||||
default_permissions.pull_requests = 'write';
|
default_permissions.pull_requests = 'write';
|
||||||
}
|
}
|
||||||
|
if (administration) {
|
||||||
|
default_permissions.administration = 'write';
|
||||||
|
}
|
||||||
const data = {
|
const data = {
|
||||||
name,
|
name,
|
||||||
url: baseUrl,
|
url: baseUrl,
|
||||||
|
|||||||
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
use App\Enums\ProcessStatus;
|
use App\Enums\ProcessStatus;
|
||||||
use App\Jobs\ApplicationPullRequestUpdateJob;
|
use App\Jobs\ApplicationPullRequestUpdateJob;
|
||||||
|
use App\Jobs\GithubAppPermissionJob;
|
||||||
use App\Jobs\SubscriptionInvoiceFailedJob;
|
use App\Jobs\SubscriptionInvoiceFailedJob;
|
||||||
use App\Jobs\SubscriptionTrialEndedJob;
|
use App\Jobs\SubscriptionTrialEndedJob;
|
||||||
use App\Jobs\SubscriptionTrialEndsSoonJob;
|
use App\Jobs\SubscriptionTrialEndsSoonJob;
|
||||||
@ -56,6 +57,7 @@ Route::get('/source/github/install', function () {
|
|||||||
$installation_id = request()->get('installation_id');
|
$installation_id = request()->get('installation_id');
|
||||||
$source = request()->get('source');
|
$source = request()->get('source');
|
||||||
$setup_action = request()->get('setup_action');
|
$setup_action = request()->get('setup_action');
|
||||||
|
ray(request());
|
||||||
$github_app = GithubApp::where('uuid', $source)->firstOrFail();
|
$github_app = GithubApp::where('uuid', $source)->firstOrFail();
|
||||||
if ($setup_action === 'install') {
|
if ($setup_action === 'install') {
|
||||||
$github_app->installation_id = $installation_id;
|
$github_app->installation_id = $installation_id;
|
||||||
@ -555,15 +557,10 @@ Route::post('/source/github/events', function () {
|
|||||||
// Just pong
|
// Just pong
|
||||||
return response('pong');
|
return response('pong');
|
||||||
}
|
}
|
||||||
if ($x_github_event === 'installation' || $x_github_event === 'installation_repositories') {
|
|
||||||
// Installation handled by setup redirect url. Repositories queried on-demand.
|
|
||||||
return response('cool');
|
|
||||||
}
|
|
||||||
$github_app = GithubApp::where('app_id', $x_github_hook_installation_target_id)->first();
|
$github_app = GithubApp::where('app_id', $x_github_hook_installation_target_id)->first();
|
||||||
if (is_null($github_app)) {
|
if (is_null($github_app)) {
|
||||||
return response('Nothing to do. No GitHub App found.');
|
return response('Nothing to do. No GitHub App found.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$webhook_secret = data_get($github_app, 'webhook_secret');
|
$webhook_secret = data_get($github_app, 'webhook_secret');
|
||||||
$hmac = hash_hmac('sha256', request()->getContent(), $webhook_secret);
|
$hmac = hash_hmac('sha256', request()->getContent(), $webhook_secret);
|
||||||
if (config('app.env') !== 'local') {
|
if (config('app.env') !== 'local') {
|
||||||
@ -571,6 +568,14 @@ Route::post('/source/github/events', function () {
|
|||||||
return response('Invalid signature.');
|
return response('Invalid signature.');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if ($x_github_event === 'installation' || $x_github_event === 'installation_repositories') {
|
||||||
|
// Installation handled by setup redirect url. Repositories queried on-demand.
|
||||||
|
$action = data_get($payload, 'action');
|
||||||
|
if ($action === 'new_permissions_accepted') {
|
||||||
|
GithubAppPermissionJob::dispatch($github_app);
|
||||||
|
}
|
||||||
|
return response('cool');
|
||||||
|
}
|
||||||
if ($x_github_event === 'push') {
|
if ($x_github_event === 'push') {
|
||||||
$id = data_get($payload, 'repository.id');
|
$id = data_get($payload, 'repository.id');
|
||||||
$branch = data_get($payload, 'ref');
|
$branch = data_get($payload, 'ref');
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user