[db][server][dashboard] Implement Project-level environment variables

Author: jankeromnes

components/dashboard/src/App.tsx

@@ -21,7 +21,6 @@ import { trackButtonOrAnchor, trackPathChange, trackLocation } from './Analytics
 import { User } from '@gitpod/gitpod-protocol';
 import * as GitpodCookie from '@gitpod/gitpod-protocol/lib/util/gitpod-cookie';
 import { Experiment } from './experiments';
-import ProjectSettings from './projects/ProjectSettings';
 
 const Setup = React.lazy(() => import(/* webpackPrefetch: true */ './Setup'));
 const Workspaces = React.lazy(() => import(/* webpackPrefetch: true */ './workspaces/Workspaces'));
@@ -42,6 +41,8 @@ const NewProject = React.lazy(() => import(/* webpackPrefetch: true */ './projec
 const ConfigureProject = React.lazy(() => import(/* webpackPrefetch: true */ './projects/ConfigureProject'));
 const Projects = React.lazy(() => import(/* webpackPrefetch: true */ './projects/Projects'));
 const Project = React.lazy(() => import(/* webpackPrefetch: true */ './projects/Project'));
+const ProjectSettings = React.lazy(() => import(/* webpackPrefetch: true */ './projects/ProjectSettings'));
+const ProjectVariables = React.lazy(() => import(/* webpackPrefetch: true */ './projects/ProjectVariables'));
 const Prebuilds = React.lazy(() => import(/* webpackPrefetch: true */ './projects/Prebuilds'));
 const Prebuild = React.lazy(() => import(/* webpackPrefetch: true */ './projects/Prebuild'));
 const InstallGitHubApp = React.lazy(() => import(/* webpackPrefetch: true */ './projects/InstallGitHubApp'));
@@ -307,6 +308,9 @@ function App() {
                         if (resourceOrPrebuild === "configure") {
                             return <ConfigureProject />;
                         }
+                        if (resourceOrPrebuild === "variables") {
+                            return <ProjectVariables />;
+                        }
                         if (resourceOrPrebuild === "prebuilds") {
                             return <Prebuilds />;
                         }
@@ -337,11 +341,14 @@ function App() {
                             if (maybeProject === "settings") {
                                 return <TeamSettings />;
                             }
+                            if (resourceOrPrebuild === "settings") {
+                                return <ProjectSettings />;
+                            }
                             if (resourceOrPrebuild === "configure") {
                                 return <ConfigureProject />;
                             }
-                            if (resourceOrPrebuild === "settings") {
-                                return <ProjectSettings />;
+                            if (resourceOrPrebuild === "variables") {
+                                return <ProjectVariables />;
                             }
                             if (resourceOrPrebuild === "prebuilds") {
                                 return <Prebuilds />;

components/dashboard/src/Menu.tsx

@@ -47,7 +47,7 @@ export default function Menu() {
     })();
     const prebuildId = (() => {
         const resource = projectSlug && match?.params?.segment3;
-        if (resource !== "workspaces" && resource !== "prebuilds" && resource !== "settings" && resource !== "configure") {
+        if (resource !== "workspaces" && resource !== "prebuilds" && resource !== "settings" && resource !== "configure" && resource !== "variables") {
             return resource;
         }
     })();

components/dashboard/src/components/ItemsList.tsx

@@ -22,7 +22,7 @@ export function Item(props: {
 }) {
     const headerClassName = "text-sm text-gray-400 border-t border-b border-gray-200 dark:border-gray-800";
     const notHeaderClassName = "rounded-xl hover:bg-gray-100 dark:hover:bg-gray-800 focus:bg-gitpod-kumquat-light";
-    return <div className={`flex flex-grow flex-row w-full px-3 py-3 justify-between transition ease-in-out ${props.header ? headerClassName : notHeaderClassName} ${props.className || ""}`}>
+    return <div className={`flex flex-grow flex-row w-full p-3 justify-between transition ease-in-out ${props.header ? headerClassName : notHeaderClassName} ${props.className || ""}`}>
         {props.children}
     </div>;
 }

components/dashboard/src/projects/ProjectSettings.tsx

@@ -25,6 +25,10 @@ export function getProjectSettingsMenu(project?: Project, team?: Team) {
             title: 'Configuration',
             link: [`/${teamOrUserSlug}/${project?.slug || project?.name}/configure`],
         },
+        {
+            title: 'Variables',
+            link: [`/${teamOrUserSlug}/${project?.slug || project?.name}/variables`],
+        },
     ];
 }
 

components/dashboard/src/projects/ProjectVariables.tsx

@@ -0,0 +1,121 @@
+/**
+ * Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+import { Project, ProjectEnvVar } from "@gitpod/gitpod-protocol";
+import { useContext, useEffect, useState } from "react";
+import AlertBox from "../components/AlertBox";
+import { Item, ItemField, ItemFieldContextMenu, ItemsList } from "../components/ItemsList";
+import Modal from "../components/Modal";
+import { getGitpodService } from "../service/service";
+import { ProjectContext } from "./project-context";
+import { ProjectSettingsPage } from "./ProjectSettings";
+
+export default function () {
+    const { project } = useContext(ProjectContext);
+    const [ envVars, setEnvVars ] = useState<ProjectEnvVar[]>([]);
+    const [ showAddVariableModal, setShowAddVariableModal ] = useState<boolean>(false);
+
+    const updateEnvVars = async () => {
+        if (!project) {
+            return;
+        }
+        const vars = await getGitpodService().server.getProjectEnvironmentVariables(project.id);
+        const sortedVars = vars.sort((a, b) => a.name.toLowerCase() > b.name.toLowerCase() ? 1 : -1);
+        setEnvVars(sortedVars);
+    }
+
+    useEffect(() => {
+        updateEnvVars();
+        // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, [project]);
+
+    const deleteEnvVar = async (variableId: string) => {
+        await getGitpodService().server.deleteProjectEnvironmentVariable(variableId);
+        updateEnvVars();
+    }
+
+    return <ProjectSettingsPage project={project}>
+        {showAddVariableModal && <AddVariableModal project={project} onClose={() => { updateEnvVars(); setShowAddVariableModal(false); }} />}
+        <div className="mb-2 flex">
+            <div className="flex-grow">
+                <h3>Environment Variables</h3>
+                <h2 className="text-gray-500">Manage environment variables for your project.</h2>
+            </div>
+            {envVars.length > 0 && <button onClick={() => setShowAddVariableModal(true)}>Add Variable</button>}
+        </div>
+        {envVars.length === 0
+            ? <div className="bg-gray-100 dark:bg-gray-800 rounded-xl w-full py-28 flex flex-col items-center">
+                <h3 className="text-center pb-3 text-gray-500 dark:text-gray-400">No Environment Variables</h3>
+                <p className="text-center pb-6 text-gray-500 text-base w-96">Here you can set <strong>project-specific environment variables</strong> that will be visible during prebuilds and (optionally) in workspaces for this project.</p>
+                <button onClick={() => setShowAddVariableModal(true)}>New Variable</button>
+            </div>
+            : <>
+                <ItemsList>
+                    <Item header={true} className="grid grid-cols-3 items-center">
+                        <ItemField>Name</ItemField>
+                        <ItemField>Value</ItemField>
+                        <ItemField></ItemField>
+                    </Item>
+                    {envVars.map(variable => {
+                        return <Item className="grid grid-cols-3 items-center">
+                            <ItemField>{variable.name}</ItemField>
+                            <ItemField>****</ItemField>
+                            <ItemField className="flex justify-end">
+                                <ItemFieldContextMenu menuEntries={[
+                                    {
+                                        title: 'Delete',
+                                        customFontStyle: 'text-red-600 dark:text-red-400 hover:text-red-800 dark:hover:text-red-300',
+                                        onClick: () => deleteEnvVar(variable.id),
+                                    },
+                                ]} />
+                            </ItemField>
+                        </Item>
+                    })}
+                </ItemsList>
+            </>
+        }
+    </ProjectSettingsPage>;
+}
+
+function AddVariableModal(props: { project?: Project, onClose: () => void }) {
+    const [ name, setName ] = useState<string>("");
+    const [ value, setValue ] = useState<string>("");
+    const [ error, setError ] = useState<Error | undefined>();
+
+    const addVariable = async () => {
+        if (!props.project) {
+            return;
+        }
+        try {
+            await getGitpodService().server.setProjectEnvironmentVariable(props.project.id, name, value);
+            props.onClose();
+        } catch (err) {
+            setError(err);
+        }
+    }
+
+    return <Modal visible={true} onClose={props.onClose} onEnter={() => { addVariable(); return false; }}>
+        <h3 className="mb-4">Add Variable</h3>
+        <div className="border-t border-b border-gray-200 dark:border-gray-800 -mx-6 px-6 py-4 flex flex-col">
+            <AlertBox><strong>Project variables might be accessible by anyone with read access to your repository.</strong><br/>Secret values can be exposed if they are printed in the logs, persisted to the file system, or made visible in workspaces.</AlertBox>
+            {error && <div className="bg-gitpod-kumquat-light rounded-md p-3 text-gitpod-red text-sm mb-2">
+                {error}
+            </div>}
+            <div className="mt-4">
+                <h4>Name</h4>
+                <input autoFocus className="w-full" type="text" name="name" value={name} onChange={e => setName(e.target.value)} />
+            </div>
+            <div className="mt-4">
+                <h4>Value</h4>
+                <input className="w-full" type="text" name="value" value={value} onChange={e => setValue(e.target.value)} />
+            </div>
+        </div>
+        <div className="flex justify-end mt-6">
+            <button className="secondary" onClick={props.onClose}>Cancel</button>
+            <button className="ml-2" onClick={addVariable} >Add Variable</button>
+        </div>
+    </Modal>;
+}

components/dashboard/src/settings/EnvironmentVariables.tsx

@@ -181,8 +181,6 @@ export default function EnvVars() {
         return '';
     };
 
-
-
     return <PageWithSubMenu subMenu={settingsMenu} title='Variables' subtitle='Configure environment variables for all workspaces.'>
         {isAddEnvVarModalVisible && <AddEnvVarModal
             save={save}

components/gitpod-db/src/project-db.ts

@@ -4,7 +4,7 @@
  * See License.enterprise.txt in the project root folder.
  */
 
-import { PartialProject, Project } from "@gitpod/gitpod-protocol";
+import { PartialProject, Project, ProjectEnvVar, ProjectEnvVarWithValue } from "@gitpod/gitpod-protocol";
 
 export const ProjectDB = Symbol('ProjectDB');
 export interface ProjectDB {
@@ -16,4 +16,9 @@ export interface ProjectDB {
     storeProject(project: Project): Promise<Project>;
     updateProject(partialProject: PartialProject): Promise<void>;
     markDeleted(projectId: string): Promise<void>;
+    setProjectEnvironmentVariable(projectId: string, name: string, value: string): Promise<void>;
+    getProjectEnvironmentVariables(projectId: string): Promise<ProjectEnvVar[]>;
+    getProjectEnvironmentVariableById(variableId: string): Promise<ProjectEnvVar | undefined>;
+    deleteProjectEnvironmentVariable(variableId: string): Promise<void>;
+    getProjectEnvironmentVariableValues(envVars: ProjectEnvVar[]): Promise<ProjectEnvVarWithValue[]>;
 }

components/gitpod-db/src/tables.ts

@@ -47,7 +47,7 @@ export class GitpodSessionTableDescriptionProvider implements TableDescriptionPr
 /**
  * BEWARE
  *
- * When updating this list, make sure you update the deleted-entry-gc in gitpod-db
+ * When updating this list, make sure you update the deleted-entry-gc.ts in gitpod-db
  * as well, if you're adding a table that needs some of its entries deleted.
  */
 @injectable()
@@ -245,6 +245,18 @@ export class GitpodTableDescriptionProvider implements TableDescriptionProvider
             deletionColumn: 'deleted',
             timeColumn: '_lastModified',
         },
+        {
+            name: 'd_b_project_env_var',
+            primaryKeys: ['id', 'projectId'],
+            deletionColumn: 'deleted',
+            timeColumn: '_lastModified',
+        },
+        /**
+         * BEWARE
+         *
+         * When updating this list, make sure you update the deleted-entry-gc.ts in gitpod-db
+         * as well, if you're adding a table that needs some of its entries deleted.
+         */
     ]
 
     public getSortedTables(): TableDescription[] {

components/gitpod-db/src/typeorm/deleted-entry-gc.ts

@@ -58,6 +58,7 @@ const tables: TableWithDeletion[] = [
     { deletionColumn: "deleted", name: "d_b_project" },
     { deletionColumn: "deleted", name: "d_b_prebuild_info" },
     { deletionColumn: "deleted", name: "d_b_oss_allow_list" },
+    { deletionColumn: "deleted", name: "d_b_project_env_var" },
 ];
 
 interface TableWithDeletion {

components/gitpod-db/src/typeorm/entity/db-project-env-vars.ts

@@ -0,0 +1,43 @@
+/**
+ * Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+import { PrimaryColumn, Entity, Column } from "typeorm";
+import { TypeORM } from "../typeorm";
+import { ProjectEnvVarWithValue } from "@gitpod/gitpod-protocol";
+import { Transformer } from "../transformer";
+import { encryptionService } from "../user-db-impl";
+
+@Entity()
+// on DB but not Typeorm: @Index("ind_lastModified", ["_lastModified"])   // DBSync
+export class DBProjectEnvVar implements ProjectEnvVarWithValue {
+    @PrimaryColumn(TypeORM.UUID_COLUMN_TYPE)
+    id: string;
+
+    // `projectId` is part of the primary key for safety reasons: This way it's impossible that a user
+    // (maliciously or by accident) sends us an environment variable that has the same private key (`id`)
+    // as the environment variable from another project.
+    @PrimaryColumn(TypeORM.UUID_COLUMN_TYPE)
+    projectId: string;
+
+    @Column()
+    name: string;
+
+    @Column({
+        type: "simple-json",
+        transformer: Transformer.compose(
+            Transformer.SIMPLE_JSON([]),
+            Transformer.encrypted(() => encryptionService)
+        )
+    })
+    value: string;
+
+    @Column("varchar")
+    creationTime: string;
+
+    // This column triggers the db-sync deletion mechanism. It's not intended for public consumption.
+    @Column()
+    deleted: boolean;
+}

components/gitpod-db/src/typeorm/migration/1639735838107-ProjectEnvVars.ts

@@ -0,0 +1,18 @@
+/**
+ * Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class ProjectEnvVars1639735838107 implements MigrationInterface {
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query("CREATE TABLE IF NOT EXISTS `d_b_project_env_var` (`id` char(36) NOT NULL, `projectId` char(36) NOT NULL, `name` varchar(255) NOT NULL, `value` text NOT NULL, `creationTime` varchar(255) NOT NULL, `deleted` tinyint(4) NOT NULL DEFAULT '0', `_lastModified` timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6), PRIMARY KEY (`id`, `projectId`), KEY `ind_projectid` (projectId), KEY `ind_dbsync` (`_lastModified`)) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;");
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+    }
+
+}