Implement Project-level environment variables #7295
Conversation
roboquat
added
do-not-merge/work-in-progress
release-note
team: webapp
|
/werft run with-clean-slate-deployment 👍 started the job as gitpod-build-jx-project-variables.3 |
jankeromnes
force-pushed
the
jx/project-variables
branch
from
1d069fd to
015ca6f
Compare
jankeromnes
force-pushed
the
jx/project-variables
branch
3 times, most recently
from
4d73d88 to
a056a54
Compare
jankeromnes
force-pushed
the
jx/project-variables
branch
2 times, most recently
from
600a708 to
8585c0d
Compare
|
/werft run 👍 started the job as gitpod-build-jx-project-variables.10 |
jankeromnes
force-pushed
the
jx/project-variables
branch
6 times, most recently
from
2ceb652 to
641a6bc
Compare
Codecov Report
@@ Coverage Diff @@
## main #7295 +/- ##
=========================================
+ Coverage 8.69% 10.38% +1.68%
=========================================
Files 33 18 -15
Lines 2323 992 -1331
=========================================
- Hits 202 103 -99
+ Misses 2117 888 -1229
+ Partials 4 1 -3
Flags with carried forward coverage won't be shown. Click here to find out more. Continue to review full report at Codecov.
|
jankeromnes
force-pushed
the
jx/project-variables
branch
2 times, most recently
from
b5e00eb to
3801563
Compare
| @@ -41,7 +41,8 @@ export default function Modal(props: { | |||
| return () => { | |||
| window.removeEventListener('keydown', handler); | |||
| }; | |||
| }, []); // Empty array ensures that effect is only run on mount and unmount | |||
| // eslint-disable-next-line react-hooks/exhaustive-deps | |||
| }, [props.onClose, props.onEnter]); | |||
There was a problem hiding this comment.
Note: This was required because apparently state variables (like name: string and value: string in AddVariableModal) get "captured" in the onClose / onEnter lambdas, thus causing these functions to always use initial state values (i.e. empty string) instead of updated state values (i.e. whatever name/value a user typed).
The solution was to make this effect depend on onClose and onEnter, such that, if these functions change (they do change every time a captured state variable changes), the handler gets re-registered properly.
|
Okay, calling this ready for review 🎉
@geropl and/or @AlexTugarev, could you please take a look at the code changes? @gtsiolis could you please take a look at the new Project Variables page UX? (Happy to discuss / answer any question sync or async 🙏) |
|
Taking another look at the UX changes here! 👀 |
|
@jankeromnes Thx for putting in all this effort. Love the explicitness of the new messages! ❤️ /lgtm So @gtsiolis can review as well |
|
LGTM label has been added. Git tree hash: 34d504ab9541adf0333b4aec043af2382ba2786d
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: geropl, gtsiolis Associated issue: #4456 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
This took slightly longer than expected. 💭
@jankeromnes I've left some final comments below regarding UX changes. Feel free to create follow up issues for each one of them if needed. 🏀
| } | ||
|
|
||
| return <Modal visible={true} onClose={props.onClose} onEnter={() => { addVariable(); return false; }}> | ||
| <h3 className="mb-4">Add Variable</h3> |
There was a problem hiding this comment.
suggestion: Even if we don't have the update operations here, renaming this as described in /7295/files#r781502096 to match the voice and tone used in user-specific environment variables would be nice!
| <h3 className="mb-4">Add Variable</h3> | |
| <h3 className="mb-4">New Variable</h3> |
| return <Modal visible={true} onClose={props.onClose} onEnter={() => { addVariable(); return false; }}> | ||
| <h3 className="mb-4">Add Variable</h3> | ||
| <div className="border-t border-b border-gray-200 dark:border-gray-800 -mx-6 px-6 py-4 flex flex-col"> | ||
| <AlertBox><strong>Project variables might be accessible by anyone with read access to your repository.</strong><br/>Secret values can be exposed if they are printed in the logs, persisted to the file system, or made visible in workspaces.</AlertBox> |
There was a problem hiding this comment.
issue(non-blocking): I've been trying to propose some new colors for the alert component as seen in the designs in #7295 (comment) but let's not increase the scope of this PR with this. Added #7613 regarding alert component colors, etc.
There was a problem hiding this comment.
Many thanks for filing this follow-up!
More than happy to implement the adjustments -- really like the new design. Please simply post a spec to the issue + remove needs design label + schedule, as usual 😊 (you could even directly assign me to it 🚀 I'm looking forward to have this fixed)
There was a problem hiding this comment.
Je vous remercie, @jankeromnes!
| <ItemField className="flex justify-end"> | ||
| <ItemFieldContextMenu menuEntries={[ | ||
| { | ||
| title: 'Delete', |
There was a problem hiding this comment.
thought: Still not entirely sure if not being able to edit or update the variable is better but I understand the security concerns. From what I've seen there are two approaches:
Since we do have two different user roles (OWNER, MEMBER), we could hide the variable menu or disable actions on variable for MEMBERS.
suggestion: I'd be in favor of providing more user control and allowing read and update permissions, however, I agree @jankeromnes, let's go with a boring (simple) solution to disable editing the variables for now and come back to this if users find this idea useful.
| <ItemField className="flex justify-end"> | ||
| <ItemFieldContextMenu menuEntries={[ | ||
| { | ||
| title: 'Delete', |
There was a problem hiding this comment.
issue: We should probably ask for user confirmation before deleting, as we do with user-specific environment variables.
There was a problem hiding this comment.
Thanks for noticing! I personally think we don't need to be overly cautious here (i.e. clicking once on a red Delete button is likely already sufficient intent, and this action doesn't have surprising chain reactions as consequence).
Leaving this as an optional follow-up if we really feel we need the extra user confirmation.
| return <Modal visible={true} onClose={props.onClose} onEnter={() => { addVariable(); return false; }}> | ||
| <h3 className="mb-4">Add Variable</h3> | ||
| <div className="border-t border-b border-gray-200 dark:border-gray-800 -mx-6 px-6 py-4 flex flex-col"> | ||
| <AlertBox><strong>Project variables might be accessible by anyone with read access to your repository.</strong><br/>Secret values can be exposed if they are printed in the logs, persisted to the file system, or made visible in workspaces.</AlertBox> |
There was a problem hiding this comment.
thought: It took me a while to wrap my head around the security cases here. 😇
Some improvements could include:
- Making the alert title brief and short in one line.
- Avoiding complex state handling for users by default.
suggestion: For the second point I still think that having a sensible default where variables can be exposed everywhere by default instead of requiring users to think everytime could be better. Here's how the copy could look like although I could be wrong on terminal access only:
| BEFORE | AFTER |
|---|---|
 |
 |
Let me know what you think!
There was a problem hiding this comment.
- The message at the top could be a little clearer about how prebuild variables could leak into workspaces.
- The current default to Hide in workspaces is good IMO because it errs on the side of less exposure.
- I think we can leave out the extra instruction for what it means to uncheck the checkbox.
Suggest the following:
Warning
Even with Hide in Workspaces checked, a project-specific environment variable may become exposed to anyone who can start a workspace e.g. if logged or persisted to the file system.
Name
[ _ _ _ ]
Value
[ _ _ _ ]
☑️ Hide in Workspaces
Project-specific environment variables are always visible in prebuilds.
(after unchecking)
NOTE
This environment variable will be visible to anyone who starts a Gitpod workspace on this repository.
There was a problem hiding this comment.
Thanks for the excellent feedback here! 🙏
Phew. After splitting a few more hairs on this, I think I've reached an optimum consensus solution on the wording:
|
|
Going to ship this 🚢 (but happy to further split hairs in follow-up PRs 😅)
|
Awesome work @jankeromnes - thanks for going the extra mile with hiding in workspaces 🙏 |
jankeromnes
force-pushed
the
jx/project-variables
branch
from
d466a9f to
40b579a
Compare
|
New changes are detected. LGTM label has been removed. |
jankeromnes
force-pushed
the
jx/project-variables
branch
from
98155d0 to
5bebd98
Compare
…Enter} are changed
… out of Workspaces
Co-authored-by: George Tsiolis <[email protected]> Co-authored-by: jldec <[email protected]>
jankeromnes
force-pushed
the
jx/project-variables
branch
from
5bebd98 to
1f6b435
Compare
|
Just waiting for a last build to triple-check everything, then shipping this. 🚢 (Manually carrying over pre-nit / pre-rebase LGTM, keeping hold for now.) |
|
Everything seems to still work as expected! (Tested the variable management UI, but couldn't test prebuilds/workspaces because they're currently broken in core-dev (internal)). Thus, releasing the breaks! 🚀 ✨ /unhold |
|
Thank you for working on this! |
|
@shaal Sure, my pleasure! This should go live in about an hour with the regular twice-a-week deployment. 📅📅 EDIT: Deployment got delayed a bit due to technical issues. Should still go live |
roboquat
added
deployed: webapp
Description
Introduce Project-level environment variables:
project-getting code into aProjectContexthelperserverandgitpod-dbDrive-by: Export(EDIT: Commit removed, censor code copy/pasted and specialized)server'scensorfunction viagitpod-protocol(in order to use it ingitpod-db)Drive-by: Always use the actual function name ((EDIT: Commit removed again,arguments.callee.name) incheckUserandcheckAndBlockUser(instead of re-typing/copy-pasting the function name and sometimes making mistakes)arguments.calleeis deprecated 🙄)Related Issue(s)
Fixes #4456
How to test
USERwith valueuserand pattern*/*PROJECTwith valueproject, visible in both Prebuilds and Workspaces).gitpod.ymlfile that looks like this:PROJECTvariable is defined (USERshould still be undefined in the prebuild)USERandPROJECTshould be defined (not in the printed Prebuild logs, but in the interactive command & also in live Terminals)Open question: If you open a workspace for the new branch as a new user who doesn't have access to the Project (i.e. the repository is public, and you open a workspace for it, which gives you a prebuild, but you have no access to the Gitpod Project) -- should you be able to see the Project variables? (Prebuild/non-prebuild consistency says "yes", secrets say "no", maybe this should be configurable for each variable, see #4456 (comment))(EDIT: Visibility is now configurable)Release Notes
Documentation
/uncc