These functions are used in test code, which makes it tricker to
pass in loggers for checking requests and responses. Instead, make
the API method-based. This introduces slightly more boilerplate
since Client construction is fallible, but it allows calling code
to pass in loggers more easily for debugging test failures.
Multiple integration tests have essentially the same code for
modifying the site config, and then resetting it to it original
state. Refactor that out into a common method.
Implement expiry for access tokens, by default all newly created access tokens will expire. There is site configuration available at auth.accessToken to enable tokens without expiration and to configure the values in days are presented to users and selected by default.
Co-authored-by: Erik Seliger <erikseliger@me.com>
Whether we remove email org invitations or not, this code is currently not used and increases our ownership surface area, thus I'm removing it here. We can always revert, should we need it again.
The previous approach to enable race detection was too radical and
accidently led to build our binaries with the race flage enabled, which
caused issues when building images down the line.
This happened because putting a `test --something` in bazelrc also sets
it on `build` which is absolutely not what we wanted. Usually folks get
this one working by having a `--stamp` config setting that fixes this
when releasing binaries, which we don't at this stage, as we're still
learning Bazel.
Luckily, this was caught swiftly. The current approach insteads takes a
more granular approach, which makes the `go_test` rule uses our own
variant, which injects the `race = "on"` attribute, but only on
`go_test`.
## Test plan
<!-- All pull requests REQUIRE a test plan:
https://docs.sourcegraph.com/dev/background-information/testing_principles
-->
CI, being a main-dry-run, this will cover the container building jobs,
which were the ones failing.
---------
Co-authored-by: Alex Ostrikov <alex.ostrikov@sourcegraph.com>
This PR ships our freshly rewritten container images built with
rules_oci and Wolfi, which for now will only be used on S2.
*What is this about*
This work is the conjunction of [hardening container
images](https://github.com/orgs/sourcegraph/projects/302?pane=issue&itemId=25019223)
and fully building our container images with Bazel.
* All base images are now distroless, based on Wolfi, meaning we fully
control every little package version and we won't be subject anymore to
Alpine maintainers dropping a postgres version for example.
* Container images are now built with `rules_oci`, meaning we don't have
Dockerfile anymore, but instead created through [Bazel
rules](https://sourcegraph.sourcegraph.com/github.com/sourcegraph/sourcegraph@bzl/oci_wolfi/-/blob/enterprise/cmd/gitserver/BUILD.bazel).
Don't be scared, while this will look a bit strange to you at first,
it's much saner and simpler to do than our Dockerfiles and their muddy
shell scripts calling themselves in cascade.
:spiral_note_pad: *Plan*:
*1/ (NOW) We merge our branch on `main` today, here is what it does
change for you 👇:skin-tone-3::*
* On `main`:
* It will introduce a new job on `main` _Bazel Push_, which will push
those new images on our registries with all tags prefixed by `bazel-`.
* These new images will be picked up by S2 and S2 only.
* The existing jobs building docker images and pushing them will stay in
place until we have QA'ed them enough and are confident to roll them out
on Dotcom.
* Because we'll be building both images, there will be more jobs running
on `main`, but this should not affect the wall clock time.
* On all branches (so your PRs and `main`)
* The _Bazel Test_ job will now run: Backend Integration Tests, E2E
Tests and CodeIntel QA
* This will increase the duration of your test jobs in PRs, but as we
haven't removed yet the `sg lint` step, it should not affect too much
the wall clock time of your PRs.
* But it will also increase your confidence toward your changes, as the
coverage will vastly increased compared to before.
* If you have ongoing branches which are affecting the docker images
(like adding a new binary, like the recent `scip-tags`, reach us out on
#job-fair-bazel so we can help you to port your changes. It's much much
simpler than before, but it's going to be unfamiliar to you).
* If something goes awfully wrong, we'll rollback and update this
thread.
*2/ (EOW / Early next week) Once we're confident enough with what we saw
on S2, we'll roll the new images on Dotcom.*
* After the first successful deploy and a few sanity checks, we will
drop the old images building jobs.
* At this point, we'll reach out to all TLs asking for their help to
exercise all features of our product to ensure we catch any potential
breakage.
## Test plan
<!-- All pull requests REQUIRE a test plan:
https://docs.sourcegraph.com/dev/background-information/testing_principles
-->
* We tested our new images on `scale-testing` and it worked.
* The new container building rules comes with _container tests_ which
ensures that produced images are containing and configured with what
should be in there:
[example](https://sourcegraph.sourcegraph.com/github.com/sourcegraph/sourcegraph@bzl/oci_wolfi/-/blob/enterprise/cmd/gitserver/image_test.yaml)
.
---------
Co-authored-by: Dave Try <davetry@gmail.com>
Co-authored-by: Will Dollman <will.dollman@sourcegraph.com>
- Closes https://github.com/sourcegraph/sourcegraph/issues/49718
This PR refactors the base test router of the executor queue handler to
an explicit `/test` endpoint, and adds a path `/auth` for testing
authorization.
It updates `code_intel_test.go` to make use of this new endpoint.
## Test plan
- [x] Existing and child PRs tests pass
- [x] Tested on scaletesting
```shell
root@sginn-sourcegraph-executor-x1z5:/usr/local/bin# echo
$EXECUTOR_FRONTEND_PASSWORD
<REDACTED>
root@sginn-sourcegraph-executor-x1z5:/usr/local/bin# echo
$EXECUTOR_FRONTEND_URL
https://scaletesting.sgdev.org
root@sginn-sourcegraph-executor-x1z5:/usr/local/bin# executor validate
All checks passed!
root@sginn-sourcegraph-executor-x1z5:/usr/local/bin# export
EXECUTOR_FRONTEND_PASSWORD=denied
root@sginn-sourcegraph-executor-x1z5:/usr/local/bin# executor validate
t=2023-03-24T17:42:57+0000 lvl=eror msg="apiclient got unexpected status
code" code=401 body=
failed to authorize with frontend, is executors.accessToken set
correctly in the site-config?
root@sginn-sourcegraph-executor-x1z5:/usr/local/bin# export
EXECUTOR_FRONTEND_URL=scaletesting.sgdev.org
root@sginn-sourcegraph-executor-x1z5:/usr/local/bin# executor validate
EXECUTOR_FRONTEND_URL must be in the format scheme://host (and
optionally :port)
```
<!-- All pull requests REQUIRE a test plan:
https://docs.sourcegraph.com/dev/background-information/testing_principles
-->
---------
Co-authored-by: Daniel Dides <8784265+danieldides@users.noreply.github.com>
- Add pagination to org members page
- Improve UI by adding avatar and user role
- Remove version of org members page which was available under a feature flag but not used.
This adds a new mutation that lets us trigger a reindex from frontend.
The goal is to add a reindex button, calling this mutation, to the index
status page.
Now that we require go1.18, we can use a builtin type alias for
"interface{}": "any". I've updated all code except lib, which can be
imported by external modules. That is currently pinned at go1.16.
Additionally I had to rerun generate since rewriting generated go code
will fail CI.
find -name '*.go' | xargs gofmt -s -r 'interface{} -> any' -w
git checkout lib
go generate ./...
Test Plan: CI will exercise that the code still compiles. Otherwise this
is a noop.
