Make sure everything works on an org-level as well. Currently, I think the permissions checks don't do the org part. It's possible one can't spawn an execution in an org namespace.
This PR adds full support for creating and applying batch changes within organisations from SSBC. The vast majority of the work here was around our permission handling, rather than anything to do with SSBC or the UI specifically.
As a refresher (because I certainly needed one), this is how permissions are documented to work in Batch Changes.
I discovered that our organisation handling was basically broken when querying batch changes that the user has admin rights to — batch changes owned by organisations that the user belongs to would never be returned. This affected both client and server side batch change functionality, and has been fixed.
Fixing this broke a number of tests that didn't set up full user, organisation, and user/org membership fixtures. These tests have been updated to set up more realistic environments.
Fixing that made me realise how hard some of the batch change store tests were to update, since their state was essentially linked to specific
cs indices doing magic things upon creation. I made that creation explicit, rather than implicit, and updated tests that needed updating from there. (I chose not to do a full conversion of those tests to use
require, but did make spot updates as I rewrote specific subtests.)
One remaining issue here is that (non-admin) users belonging to an organisation may not be able to see all executions of a batch change in that organisation — right now, they only have access to their own executions. On balance, this might be the right thing to do, but input welcome there.
This PR reverted #37187 to reinstate a usable namespace selector when creating a batch change from the UI. I took the opportunity to simplify the
NamespaceSelector prop types along the way, since our cases are now somewhat simpler.
While testing this work, I also realised that there were a few potential banners on the batch change details page that are unactionable if the user doesn't have admin access to that batch change, so I've removed those in that case.
One final change that I would like feedback on is that users who cannot administer a batch change will now not see the Edit and Close buttons on the batch change. The alternative here would be to disable them with tooltips, but showing them at all feels a bit wrong to me. Thoughts?
I believe I've tested all the possible combinations here (site admin in an org, site admin not in an org but using their site admin powers (maybe) responsibly, user in an org, user not in an org), and have added what I think are reasonable unit tests covering this at the resolver and store levels.
Do you mind adding the comment summary descriptor for
Sure thing! Added.
dev/release: remove mi upgrade tracking issue (#42202)
update with pricing page (#42206)
Fix search context menu labels copy (#42168)
Fix search context menu labels copy
Fix code monitoring label
Make fuzzy finder modal wide again (#41736)
The width of the fuzzy finder modal recently became very narrow. I
wasn't able to track down the exact PR that impacted the width, but at
some point the priority of the Wildcard
Modal component overwrote
width: 80vw style we defined specifically for the fuzzy
finder. This commit fixes the priority by use an
id attribute instead
Co-authored-by: Valery Bugakov firstname.lastname@example.org
insights: reduce historical backfill queueing delay to 30s (#42166)
codeintel: reduce search based definition query count to 50 (#42224)
When we disabled legacy extensions on Sourcegraph.com (around 13:40 20th Sep UTC), Zoekt's CPU usage and contention went up significantly. In code-intel-extensions repository, the definition query uses count:50. However, in the Sourcegraph repo we use count:500. We believe this is the root cause for the regression.
Using the bubble up feature on honeycomb, it shows that the difference between our bad queries and good is a max shard match count of 500.
Test Plan: CI and then monitoring CPU usage in production.
Co-authored-by: Stefan Hengl email@example.com
database: Don't allow empty code host config (#41985)
We already have a db constraint to stop this in most cases, but when we have encryption enabled then even an empty config is converted into an encrypted value so we need to do the check in our application layer too.
While investigating this we already had code to validate our config but it had not been included in the Upsert path. That is now fixed and tests were updated where necessary.
CodeMirror Blob: Improve search input styles (#42014)
This commit replaces the default search panel with a custom implementation that uses Wildcard styles. Because I wanted to avoid interfacing with React as much as possible I used plain DOM.
stub render test
populated dashboard rendering correctly
fix fixture types
assert each type of insightt renders
add compute insight to assertions
add jsdoc for getLinks helper
fix GetInsightView to return by id
Update create/update dashboard integration tests
Fix add and delete dashboard integration test after merge commit
Fix render populated dashboard test
Co-authored-by: vovakulikov firstname.lastname@example.org
Format main (#42227)
ci: go generate ./enterprise/dev/ci/... (#42233)
The steps recently changed, so we need to regenerate the docs. Currently CI is broken due to this.
Test Plan: CI
docker-images: update alpine image's bind-tools for many CVEs (#42232)
There is a whole slew of CVEs currently which is affecting all our images:
Note: This only updates the base image, another commit will need to update all images to use this.
Test Plan: docker build docker-images/alpine-3.14 and output indicates a version greater than or equal to 9.16.33-r0
gitoltite: Check for header before executing gitolite list (#42226)
This ensures that the request came from use and we can assume some level of scrutiny was given to the parameters being passed.
gomod: update golang.org/x/net for CVE-2022-27664 (#42230)
Test Plan: CI
Release: update release config for 4.1.0 (#42237)
update release config for 4.1.0
insights: docs: update broken link to oob migration (#42223)
Code insights: Add dashboard cards integration test (#42254)
RFC 619: Inline
httpapi package into uploads service (#42197)
[code-nav]: Moving graphql transport layer to individual service layers (#41596)
all: update Dockerfile to use latest alpine-3.14 (#42259)
We updated sourcegraph/alpine-3.14 today in 3b3879b9 to remove a bunch of CVEs in bind-tools. This commit makes it so we use the new image.
Test Plan: CI works and has far less security reports.
@Piszmog Thanks for trying that. Sorry about the breakage.
I think the check constraint idea is a reasonable one, but I'm also OK merging this as-is given we've made an honest effort to improve things. 😄
web: format stream.ts (#42127)
docs/update add AWS AMI instances guide (#41889)
Move AWS manual deploy docs to One-click
Update deployment logs and adjust theme
Update logs with gcp bucket links
Add AWS AMI deployment docs
Add aws ami backup section
Add notes about cloning from private repo
Add notes about using scripts with private repos
Update resource estimator info
Remove public IP info
Update estimator build version
Add instruction on choosing instance size
Add steps to search for AMIs
Update network configuration dashboards url
Remove Size S and M
Update instance types
update button layout
Signed-off-by: Stephen Gutekanst email@example.com
release: firstname.lastname@example.org (#42130)
update aws ami docs (#42133)
Co-authored-by: Beatrix email@example.com
Remove experimental analytics docs badge (#42135)
remove experimental badge
docs/update Add region to AMI links (#42137)
Add region to AMI links
Remove space from DigitalOcean
doc: aws ami: use text from AWS UI checkboxes (#42138)
doc: aws ami: use text from AWS UI checkboxes and set auto-assign IP to "enable"
Remove core workflow improvements flag (#41986)
vsce: patch release v2.2.10 (#42079)
web: collapse navbar on smaller screens than before (#42057)
Revert "Don't announce 4.0.0 release in update check yet (#41976)" (#41977)
This reverts commit 30811fe1fc80631973fd433042be75bb28c69752.
docs: fix exhaustive search page (#42146)
upgrade: Update docker-compose instructions (#42052)
Allow to cancel running external service sync jobs (#41518)
This PR makes use of dbworker cancellation which we recently added as a feature to allow to cancel a running external service sync, so customers don't need to shoot down their instance in case of misconfiguration (eg when syncing the entirety of github.com).
It also contains a couple of tweaks to honor context cancellation better in the sync jobs, so that we bail out early. Worker cancellation is async, and the UI handles that with a canceling state.
docs: fix typo (#42139)
Bundle legacy code intel extension for native integrations (#42106)
Part of #41921
We have a deployment method of the browser extensions that we call "native integrations". The idea here is that we inject the browser extension code directly from the code host so that users do not need to install an extension. Most prominently, this is used by GitLab who currently bundles a version of the native integrations package with their on-premise builds so instance admins can enable this for users.
The issue with this deployment model is that we have no impact on when these clients are updated. We rely on GitLabs rollout and update policies so these cycles are super slow. For the upcoming release, we had to cut a corner for this and made the extensions GraphQL endpoints handle eventual native integration requests with special care to not break them.
Since we eventually want to remove these APIs, we want to move fast here and provide a new native integration build that does not use these APIs anymore. Before we can update the bundled version on the GitLab end, we need to make sure that the package contains a bundled version of the code intel APIs (similar to our browser extensions right now). This is what's happening here:
Co-authored-by: Taras Yemets firstname.lastname@example.org
Create Cloud Instance onboarding doc (#41993)
As part of the growth initiative we need to offer proper guidance for new cloud users. Due to lack of a better onboarding experience right now we are relliyng on this document to offer some guidance.
This will be shared on the welcome email, and there is not need to be linked from anywhere else in the Docs,
Co-authored-by: David Veszelovszki email@example.com
Changes discord link to a short url
Includes Malo's feedback
small markdown tweaks
Fixes spacings between headings
Adds link from Cloud page
Adds link to onboarding
Fixes the link
Remove Ben from search-product label notify (#42160)
dev/sg: create .bin if it does not exist (#42162)
Formatting fixes (#42158)
This PR adds the top ten (or up to ten) contributors to this repository to a CODEOWNERS file.
This PR adds the top ten (or up to ten) contributors to this repository to a CODEOWNERS file.
This will fix #36536 when complete.
The major issue here is permissions. I'm not totally sure I've got them right at present. There are also some lingering issues elsewhere in our codebase that probably caused bugs for original flavour Batch Changes users as well, such as batch change counts filtered by
viewerCanAdminister not including batch changes owned by organisations.
I've also smoothed out some rough edges in our UI when a user is viewing a batch change they don't have admin rights on: there are boxes and buttons that don't make sense to display in that case, since they're not actionable.
viewerCanAdministermore consistently: right now, these degrade into
CreatorIDchecks, which don't account for organisation membership.