Skip to content

[Improve] Expand source-control setup and OAuth flows#295

Merged
brunobergher merged 31 commits into
developfrom
feature/source-control-setup-guidance-29shgezo16crd
Jul 14, 2026
Merged

[Improve] Expand source-control setup and OAuth flows#295
brunobergher merged 31 commits into
developfrom
feature/source-control-setup-guidance-29shgezo16crd

Conversation

@roomote-roomote

@roomote-roomote roomote-roomote Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Opened on behalf of Bruno Bergher. Follow up by mentioning @roomote-roomote, in the web UI, or in Slack.

What changed

  • Reworked source-control onboarding around focused provider setup and connection steps, including clearer invocation guidance for GitLab, Gitea, and Bitbucket.
  • Added deployment OAuth flows for GitLab and Gitea with state validation, callback handling, repository synchronization, and provider-specific redirect guidance.
  • Preserved path-prefixed self-managed OAuth URLs and proxy origins, registered Gitea webhooks during OAuth sync, and rendered configured invocation examples.
  • Limited Gitea onboarding to the single deployment callback its OAuth application accepts, and documented that personal linking cannot share those credentials.
  • Prevented ambiguous Gitea issue comments from being treated as pull-request comments while retaining webhook delivery records.
  • Restored the GitLab Settings deep link and avoided empty links for providers without a universal creation URL.
  • Replaced polynomial trailing-slash regular expressions in GitLab and Gitea URL normalization with bounded string trimming.

Why this change was made

GitLab and Gitea needed deployment-friendly OAuth paths whose onboarding guidance, repository synchronization, webhook handling, and comment triggers agree on the same connection model. The follow-up fixes also ensure Gitea's single-callback constraint and ambiguous issue events cannot produce broken authorization or unintended PR tasks.

Impact

New deployments can connect GitLab and Gitea through OAuth with correct support for self-managed base paths, while Bitbucket, GitLab, and Gitea setup guidance remains focused on the required path. All identified review findings are addressed, the previously failing web Settings test now passes, and both the CodeQL gate and JavaScript/TypeScript analysis pass on the final head. Browser screenshots remain unavailable because the managed local web preview did not respond after the allowed restart.

@roomote-roomote

roomote-roomote Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

All identified review and CodeQL issues addressed.

  • packages/gitlab/src/oauth.ts preserves a self-managed GitLab base path in the authorization URL.
  • packages/gitea/src/oauth.ts preserves a self-managed Gitea base path in the authorization URL.
  • packages/gitlab/src/api.ts includes originBaseUrl in OAuth proxy credentials.
  • Gitea OAuth-triggered repository sync registers webhooks before environment mappings exist.
  • StepInvoke renders configured identity example prompts.
  • Gitea setup now registers only the deployment callback accepted by its OAuth application and documents the personal-linking limitation.
  • Ambiguous Gitea issue_comment payloads are recorded but ignored unless explicitly marked as pull-request comments.
  • GitLab and Gitea URL normalization no longer use the polynomial trailing-slash regular expressions reported by CodeQL.

Fixed in 623d44e

@brunobergher brunobergher force-pushed the feature/source-control-setup-guidance-29shgezo16crd branch from 0328a16 to a3f9541 Compare July 14, 2026 16:19
@roomote-roomote

roomote-roomote Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor Author

Addressed all review findings and the CodeQL alerts in 623d44e. Gitea setup now uses one deployment callback, ambiguous issue comments cannot launch PR tasks, path-prefixed OAuth and proxy handling remains covered, and GitLab/Gitea trailing-slash normalization no longer uses the polynomial regexes. The CodeQL gate and JavaScript/TypeScript analysis pass on the final head; the affected tests, type checks, lint, docs validation, and pre-push checks also pass. Browser proof was unavailable because the managed local preview remained unresponsive.

@brunobergher brunobergher changed the title [Improve] Simplify GitLab, Gitea, and Bitbucket setup [Improve] Expand source-control setup and OAuth flows Jul 14, 2026
@brunobergher brunobergher marked this pull request as ready for review July 14, 2026 19:03
@brunobergher brunobergher merged commit 957477b into develop Jul 14, 2026
18 checks passed
@brunobergher brunobergher deleted the feature/source-control-setup-guidance-29shgezo16crd branch July 14, 2026 19:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants