Merge branch 'main' into aa/enable-gha

Author: vulkoingim

.github/CODEOWNERS

@@ -8,7 +8,7 @@
 /components/common-go @gitpod-io/engineering-staff-engineers
 /components/content-service-api @gitpod-io/engineering-workspace
 /components/content-service @gitpod-io/engineering-workspace
-/components/dashboard @gitpod-io/engineering-webapp
+/components/dashboard @gitpod-io/engineering-webapp @gtsiolis
 /components/docker-up @gitpod-io/engineering-workspace
 /components/ee/agent-smith @gitpod-io/engineering-workspace
 /components/ee/db-sync @gitpod-io/engineering-webapp
@@ -27,13 +27,15 @@
 /components/image-builder-api @csweichel @geropl
 /components/image-builder-bob @gitpod-io/engineering-workspace
 /components/image-builder-mk3 @gitpod-io/engineering-workspace
-/components/installation-telemetry @gitpod-io/engineering-delivery-operations-experience
-/components/kots-config-check @gitpod-io/engineering-delivery-operations-experience
+/components/installation-telemetry @gitpod-io/engineering-security-infrastructure-and-delivery
+/components/kots-config-check @gitpod-io/engineering-security-infrastructure-and-delivery
 /components/toxic-config @gitpod-io/engineering-webapp
-/install @gitpod-io/engineering-delivery-operations-experience
-/install/installer @gitpod-io/engineering-delivery-operations-experience
+/install @gitpod-io/engineering-security-infrastructure-and-delivery
+/install/installer @gitpod-io/engineering-security-infrastructure-and-delivery
 # For testdata a single review from anyone who is allowed to review PRs is sufficent.
 /install/installer/cmd/testdata
+# Allow everyone to approve config changes
+/install/installer/pgk/config
 /install/installer/pkg/components/agent-smith @gitpod-io/engineering-workspace
 /install/installer/pkg/components/blobserve @gitpod-io/engineering-ide
 /install/installer/pkg/components/components-ide @gitpod-io/engineering-ide
@@ -82,7 +84,7 @@
 /components/supervisor @gitpod-io/engineering-ide
 /components/usage @gitpod-io/engineering-webapp
 /components/usage-api @gitpod-io/engineering-webapp
-/components/workspace-rollout-job @gitpod-io/engineering-delivery-operations-experience @gitpod-io/engineering-workspace
+/components/workspace-rollout-job @gitpod-io/engineering-security-infrastructure-and-delivery @gitpod-io/engineering-workspace
 /components/workspacekit @gitpod-io/engineering-workspace
 /components/ws-daemon-api @aledbf @Furisto
 /components/ws-daemon @gitpod-io/engineering-workspace
@@ -95,28 +97,28 @@
 /dev/gpctl @gitpod-io/engineering-workspace
 /dev/gpctl/api/ @gitpod-io/engineering-webapp
 /dev/loadgen @gitpod-io/engineering-workspace
-/dev/preview @gitpod-io/engineering-delivery-operations-experience
+/dev/preview @gitpod-io/engineering-security-infrastructure-and-delivery
 # The deploy-gitpod.sh is shared between all teams.
 /dev/preview/workflow/preview/deploy-gitpod.sh
-/operations/observability/mixins @gitpod-io/engineering-delivery-operations-experience
-/operations/observability/mixins/platform @gitpod-io/engineering-delivery-operations-experience
+/operations/observability/mixins @gitpod-io/engineering-security-infrastructure-and-delivery
+/operations/observability/mixins/platform @gitpod-io/engineering-security-infrastructure-and-delivery
 /operations/observability/mixins/IDE @gitpod-io/engineering-ide
 /operations/observability/mixins/meta @gitpod-io/engineering-webapp
 /operations/observability/mixins/workspace @gitpod-io/engineering-workspace
-/operations/observability/mixins/cross-teams @gitpod-io/engineering-workspace @gitpod-io/engineering-webapp @gitpod-io/engineering-ide @gitpod-io/engineering-delivery-operations-experience
+/operations/observability/mixins/cross-teams @gitpod-io/engineering-workspace @gitpod-io/engineering-webapp @gitpod-io/engineering-ide @gitpod-io/engineering-security-infrastructure-and-delivery
 
-/.werft/observability @gitpod-io/engineering-delivery-operations-experience
+/.werft/observability @gitpod-io/engineering-security-infrastructure-and-delivery
 
 /.werft/ide-* @gitpod-io/engineering-ide
-/.werft/platform-* @gitpod-io/engineering-delivery-operations-experience
+/.werft/platform-* @gitpod-io/engineering-security-infrastructure-and-delivery
 /.werft/webapp-* @gitpod-io/engineering-webapp
 /.werft/workspace-* @gitpod-io/engineering-workspace
-/.werft/self-hosted-* @gitpod-io/engineering-delivery-operations-experience
-/.werft/*installer-tests* @gitpod-io/engineering-delivery-operations-experience
-/.werft/jobs/build/self-hosted-* @gitpod-io/engineering-delivery-operations-experience
+/.werft/self-hosted-* @gitpod-io/engineering-security-infrastructure-and-delivery
+/.werft/*installer-tests* @gitpod-io/engineering-security-infrastructure-and-delivery
+/.werft/jobs/build/self-hosted-* @gitpod-io/engineering-security-infrastructure-and-delivery
 
-/dev/preview/infrastructure/harvester @gitpod-io/engineering-delivery-operations-experience
-/dev/preview/workflow @gitpod-io/engineering-delivery-operations-experience
+/dev/preview/infrastructure/harvester @gitpod-io/engineering-security-infrastructure-and-delivery
+/dev/preview/workflow @gitpod-io/engineering-security-infrastructure-and-delivery
 
 .github/workflows/ide-*.yml @gitpod-io/engineering-ide
 

.github/actions/deploy-gitpod/entrypoint.sh

@@ -30,6 +30,11 @@ previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}
 PREVIEW_NAME="$(previewctl get-name --branch "${INPUT_NAME}")"
 export PREVIEW_NAME
 
+for var in WITH_WS_MANAGER_MK2 WITH_DEDICATED_EMU WITH_EE_LICENSE WITH_SLOW_DATABASE ANALYTICS WORKSPACE_FEATURE_FLAGS; do
+  input="INPUT_${var}"
+  export GITPOD_${var}=${!input}
+done
+
 previewctl install-context --branch "${PREVIEW_NAME}" --log-level debug --timeout 10m --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}"
 leeway run dev/preview:deploy-gitpod
 previewctl report >> "${GITHUB_STEP_SUMMARY}"

.github/actions/deploy-gitpod/metadata.yml

@@ -13,6 +13,24 @@ inputs:
     previewctl_hash:
         description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt"
         required: false
+    with_ws_manager_mk2:
+        description: "Use WS Manager MK2"
+        required: false
+    with_dedicated_emu:
+        description: "Dedicated Auth"
+        required: false
+    with_ee_licencse:
+        description: "Use EE license"
+        required: false
+    with_slow_database:
+        description: "Use slow database"
+        required: false
+    analytics:
+        description: "With analytics"
+        required: false
+    workspace_feature_flags:
+        description: "Workspace feature flags"
+        required: false
 runs:
     using: "docker"
     image: "Dockerfile"

.github/pull_request_template.md

@@ -37,7 +37,24 @@ Does this PR require updates to the documentation at www.gitpod.io/docs?
       leeway-target=components:all
 - [ ] /werft no-test
       Run Leeway with `--dont-test`
+
+<details>
+<summary>Publish Options</summary>
+
 - [ ] /werft publish-to-npm
+- [ ] /werft publish-to-jb-marketplace
+</details>
+
+<details>
+<summary>Installer Options</summary>
+
+- [ ] with-ee-license
+- [ ] with-slow-database
+- [ ] with-dedicated-emulation
+- [ ] with-ws-manager-mk2
+- [ ] workspace-feature-flags
+  Add desired feature flags to the end of the line above, space separated
+</details>
 
 #### Preview Environment Options:
 - [ ] /werft with-local-preview

.github/workflows/build.yml

@@ -1,8 +1,9 @@
 name: Build
 on:
   pull_request:
-    types: [opened, edited]
+    types: [opened, synchronize, edited]
   push:
+    branches: [main]
 
 jobs:
 
@@ -22,6 +23,13 @@ jobs:
       build_leeway_target: ${{ steps.output.outputs.build_leeway_target }}
       with_large_vm: ${{ steps.output.outputs.with_large_vm }}
       publish_to_npm: ${{ steps.output.outputs.publish_to_npm }}
+      publish_to_jbmp: ${{ steps.output.outputs.publish_to_jbmp }}
+      with_ws_manager_mk2: ${{ steps.output.outputs.with_ws_manager_mk2 }}
+      with_dedicated_emulation: ${{ steps.output.outputs.with_dedicated_emulation }}
+      with_ee_license: ${{ steps.output.outputs.with_ee_license }}
+      with_slow_database: ${{ steps.output.outputs.with_slow_database }}
+      analytics: ${{ steps.output.outputs.analytics }}
+      workspace_feature_flags: ${{ steps.output.outputs.workspace_feature_flags }}
     steps:
       - name: "Determine Branch"
         id: branches
@@ -42,6 +50,13 @@ jobs:
             echo "build_leeway_target=$(echo "$PR_DESC" | sed -n -e 's/^.*leeway-target=//p' | sed 's/\r$//')"
             echo "with_large_vm=${{ contains(github.event.pull_request.body, '[X] /werft with-large-vm') }}"
             echo "publish_to_npm=${{ contains(github.event.pull_request.body, '[X] /werft publish-to-npm') }}"
+            echo "publish_to_jbmp=${{ contains(github.event.pull_request.body, '[X] /werft publish-to-jb-marketplace') }}"
+            echo "with_ws_manager_mk2=${{ contains(github.event.pull_request.body, '[X] with-ws-manager-mk2') }}"
+            echo "with_dedicated_emulation=${{ contains(github.event.pull_request.body, '[X] with-dedicated-emulation') }}"
+            echo "with_ee_license=${{ contains(github.event.pull_request.body, '[X] with-ee-license') }}"
+            echo "with_slow_database=${{ contains(github.event.pull_request.body, '[X] with-slow-database') }}"
+            echo "analytics=${{ contains(github.event.pull_request.body, '[X] analytics') }}"
+            echo "workspace_feature_flags=$(echo "$PR_DESC" | grep -oP '(?<=\[X\] workspace-feature-flags).*')"
           } >> $GITHUB_OUTPUT
 
   build-previewctl:
@@ -165,6 +180,8 @@ jobs:
           secrets: |-
             segment-io-token:gitpod-core-dev/segment-io-token
             npm-auth-token:gitpod-core-dev/npm-auth-token
+            jb-marketplace-publish-token:gitpod-core-dev/jb-marketplace-publish-token
+            codecov-token:gitpod-core-dev/codecov
       - name: Leeway Build
         id: leeway
         shell: bash
@@ -177,7 +194,10 @@ jobs:
           PR_NO_TEST: ${{needs.configuration.outputs.build_no_test}}
           PR_LEEWAY_TARGET: ${{needs.configuration.outputs.build_leeway_target}}
           NPM_AUTH_TOKEN: '${{ steps.secrets.outputs.npm-auth-token }}'
-          PUBLISH_TO_NPM: ${{ needs.configuration.outputs.publish_to_npm == 'true' || needs.configuration.outputs.is_main_branch == 'true' }}
+          PUBLISH_TO_NPM: ${{ needs.configuration.outputs.publish_to_npm == 'true'  || needs.configuration.outputs.is_main_branch == 'true' }}
+          JB_MARKETPLACE_PUBLISH_TOKEN: '${{ steps.secrets.outputs.jb-marketplace-publish-token }}'
+          PUBLISH_TO_JBPM: ${{ needs.configuration.outputs.publish_to_jbmp == 'true'  || needs.configuration.outputs.is_main_branch == 'true' }}
+          CODECOV_TOKEN: '${{ steps.secrets.outputs.codecov-token }}'
         run: |
           [[ "$PR_NO_CACHE" = "true" ]] && CACHE="none"       || CACHE="remote"
           [[ "$PR_NO_TEST"  = "true" ]] && TEST="--dont-test" || TEST=""
@@ -192,9 +212,11 @@ jobs:
             --cache $CACHE \
             $TEST \
             -Dversion=$VERSION \
+            -DlocalAppVersion=$VERSION \
             -DSEGMENT_IO_TOKEN=$SEGMENT_IO_TOKEN \
             -DpublishToNPM="${PUBLISH_TO_NPM}" \
             -DnpmPublishTrigger="${NPM_PUBLISH_TRIGGER}" \
+            -DpublishToJBMarketplace="${PUBLISH_TO_JBPM}" \
             --coverage-output-path=/__w/gitpod/gitpod/test-coverage-report \
             --report report.html || RESULT=$?
           set +x
@@ -226,6 +248,12 @@ jobs:
           version: ${{needs.configuration.outputs.version}}
           sa_key: ${{ secrets.GCP_CREDENTIALS }}
           previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }}
+          with_ws_manager_mk2: ${{needs.configuration.outputs.with_ws_manager_mk2}}
+          with_dedicated_emulation: ${{needs.configuration.outputs.with_dedicated_emulation}}
+          with_ee_license: ${{needs.configuration.outputs.with_ee_license}}
+          with_slow_database: ${{needs.configuration.outputs.with_slow_database}}
+          analytics: ${{needs.configuration.outputs.analytics}}
+          workspace_feature_flags: ${{needs.configuration.outputs.workspace_feature_flags}}
 
   monitoring:
     name: "Install Monitoring Satellite"

WORKSPACE.yaml

@@ -7,7 +7,7 @@ defaultArgs:
   publishToNPM: true
   publishToJBMarketplace: true
   localAppVersion: unknown
-  codeCommit: a22e18bcce821d889b541107a695dd93835c7cc7
+  codeCommit: 0180d69921094cacdaa8d4b6ef007a0783a95e3b
   codeVersion: 1.75.0
   codeQuality: stable
   noVerifyJBPlugin: false
@@ -22,6 +22,7 @@ defaultArgs:
   jbBackendVersion: "latest"
   REPLICATED_API_TOKEN: ""
   REPLICATED_APP: ""
+  dockerVersion: 20.10.17
 provenance:
   enabled: true
   slsa: true

components/common-go/kubernetes/kubernetes.go

@@ -171,3 +171,27 @@ func GetCondition(conds []metav1.Condition, tpe string) *metav1.Condition {
 	}
 	return nil
 }
+
+// ConditionPresentAndTrue returns whether a condition is present and its status set to True.
+func ConditionPresentAndTrue(cond []metav1.Condition, tpe string) bool {
+	for _, c := range cond {
+		if c.Type == tpe {
+			return c.Status == metav1.ConditionTrue
+		}
+	}
+	return false
+}
+
+// ConditionWithStatusAndReason returns whether a condition is present, and with the given Reason.
+func ConditionWithStatusAndReason(cond []metav1.Condition, tpe string, status bool, reason string) bool {
+	st := metav1.ConditionFalse
+	if status {
+		st = metav1.ConditionTrue
+	}
+	for _, c := range cond {
+		if c.Type == tpe {
+			return c.Type == tpe && c.Status == st && c.Reason == reason
+		}
+	}
+	return false
+}

components/common-go/namegen/workspaceid.go

@@ -13,11 +13,25 @@ import (
 	"strings"
 )
 
-// WorkspaceIDPattern is the expected Worksapce ID pattern
+// PossibleWorkspaceIDPatterns
 // gitpod-protocol/src/util/generate-workspace-id.ts is authoritative over the generation
 // ws-proxy/pkg/proxy/workspacerouter.go is authoritative for this regexp
+var PossibleWorkspaceIDPatterns = []string{
+	"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}",
+	"[0-9a-z]{2,16}-[0-9a-z]{2,16}-[0-9a-z]{8,11}",
+}
+
+var workspaceIDPattern = regexp.MustCompile(getWorkspaceIDPatternStr())
 
-var WorkspaceIDPattern = regexp.MustCompile(`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^[0-9a-z]{2,16}-[0-9a-z]{2,16}-[0-9a-z]{8,11}$`)
+// getWorkspaceIDPatternStr is the expected Workspace ID pattern str
+// ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^[0-9a-z]{2,16}-[0-9a-z]{2,16}-[0-9a-z]{8,11}$
+func getWorkspaceIDPatternStr() string {
+	patterns := []string{}
+	for _, p := range PossibleWorkspaceIDPatterns {
+		patterns = append(patterns, fmt.Sprintf("^%s$", p))
+	}
+	return strings.Join(patterns, "|")
+}
 
 func GenerateWorkspaceID() (string, error) {
 	s1, err := chooseRandomly(colors, 1)
@@ -41,8 +55,8 @@ var (
 )
 
 func ValidateWorkspaceID(id string) error {
-	if !WorkspaceIDPattern.MatchString(id) {
-		return fmt.Errorf("id '%s' does not match workspace ID regex '%s': %w", id, WorkspaceIDPattern.String(), InvalidWorkspaceID)
+	if !workspaceIDPattern.MatchString(id) {
+		return fmt.Errorf("id '%s' does not match workspace ID regex '%s': %w", id, workspaceIDPattern.String(), InvalidWorkspaceID)
 	}
 
 	return nil

components/dashboard/package.json

@@ -66,6 +66,7 @@
   "scripts": {
     "start": "craco start",
     "build": "craco build --verbose",
+    "lint": "eslint --ext=.jsx,.js,.tsx,.ts ./src",
     "test": "yarn test:unit && ./scripts/run-integration-tests.sh",
     "test:unit": "craco test --all --watchAll=false",
     "test:unit:watch": "craco test --all",

components/dashboard/src/app/AppRoutes.tsx

@@ -69,6 +69,7 @@ const Members = React.lazy(() => import(/* webpackPrefetch: true */ "../teams/Me
 const TeamSettings = React.lazy(() => import(/* webpackPrefetch: true */ "../teams/TeamSettings"));
 const TeamBilling = React.lazy(() => import(/* webpackPrefetch: true */ "../teams/TeamBilling"));
 const SSO = React.lazy(() => import(/* webpackPrefetch: true */ "../teams/SSO"));
+const TeamGitIntegrations = React.lazy(() => import(/* webpackPrefetch: true */ "../teams/GitIntegrationsPage"));
 const NewProject = React.lazy(() => import(/* webpackPrefetch: true */ "../projects/NewProject"));
 const Projects = React.lazy(() => import(/* webpackPrefetch: true */ "../projects/Projects"));
 const Project = React.lazy(() => import(/* webpackPrefetch: true */ "../projects/Project"));
@@ -221,6 +222,9 @@ export const AppRoutes: FunctionComponent<AppRoutesProps> = ({ user, teams }) =>
                             <p className="mt-4 text-lg text-gitpod-red">{decodeURIComponent(getURLHash())}</p>
                         </div>
                     </Route>
+                    <Route exact path="/teams">
+                        <Redirect to="/old-team-plans" />
+                    </Route>
                     <Route exact path="/old-team-plans" component={ChargebeeTeams} />
                     {/* TODO remove the /teams/join navigation after a few weeks */}
                     <Route exact path="/teams/join" component={JoinTeam} />
@@ -229,6 +233,8 @@ export const AppRoutes: FunctionComponent<AppRoutesProps> = ({ user, teams }) =>
                     <Route exact path="/members" component={Members} />
                     <Route exact path="/projects" component={Projects} />
                     <Route exact path="/settings" component={TeamSettings} />
+                    <Route exact path="/settings/git" component={TeamGitIntegrations} />
+                    {/* TODO: migrate other org settings pages underneath /settings prefix */}
                     <Route exact path="/billing" component={TeamBilling} />
                     <Route exact path="/sso" component={SSO} />
                     <Route exact path={`/projects/:projectSlug`} component={Project} />
@@ -241,6 +247,34 @@ export const AppRoutes: FunctionComponent<AppRoutesProps> = ({ user, teams }) =>
                     <Route path={["/t/"]} exact>
                         <Redirect to="/projects" />
                     </Route>
+                    {/* redirect for old user settings slugs */}
+                    <Route path="/account" exact>
+                        <Redirect to={settingsPathAccount} />
+                    </Route>
+                    <Route path="/integrations" exact>
+                        <Redirect to={settingsPathIntegrations} />
+                    </Route>
+                    <Route path="/notifications" exact>
+                        <Redirect to={settingsPathNotifications} />
+                    </Route>
+                    <Route path="/billing" exact>
+                        <Redirect to={settingsPathBilling} />
+                    </Route>
+                    <Route path="/plans" exact>
+                        <Redirect to={settingsPathPlans} />
+                    </Route>
+                    <Route path="/preferences" exact>
+                        <Redirect to={settingsPathPreferences} />
+                    </Route>
+                    <Route path="/variables" exact>
+                        <Redirect to={settingsPathVariables} />
+                    </Route>
+                    <Route path="/tokens">
+                        <Redirect to={settingsPathPersonalAccessTokens} />
+                    </Route>
+                    <Route path="/keys" exact>
+                        <Redirect to={settingsPathSSHKeys} />
+                    </Route>
                     <Route
                         path="*"
                         render={(_match) => {