Feat/config installer #13
Conversation
QA with official plugin URL: demo-sbs.mp4@zugdev I saw you say that this codebase is your scope, perhaps you want to start reviewing my PRs as I think 0x4007 is busy. |
|
I'm going to move on and complete other tasks while reviews are pending |
|
If I sign in with an account that has nothing to show, we should tell that to the user.
The auth token is not being cleared on sign out, the only way for me to currently logout is to clear my cookies manually. Screen.Recording.2024-11-12.001120.mp4Also we have a scope error that is not allowing it to fetch my orgs correctly, I've pinpointed the issue in my review comments:
|
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
|
I think you should try catch whatever can fail, that certainly includes HTTP requests. For instance, to get the list of app installations you need an authenticated GitHub app. I couldn't login with my org so I got deadlocked. We should at least show a message in those cases. |
Ignore what I previously said about auth, already hid my comments, my Supabase is set for OAuth - my bad. However I still believe there should be try catches. How should I set this up? I don't see a way to do it in Supabase's dashboard. Or did you mean signing in with a GitHub app? If that's the case, I wasn't able to. |
static/scripts/authentication.ts
Outdated
| public async getGitHubUserOrgs(): Promise<string[]> { | ||
| const octokit = await this.getOctokit(); | ||
| const response = await octokit.request("GET /user/orgs"); |
There was a problem hiding this comment.
This is failing, it seems that the correct endpoint for this request would be "GET /organizations", based on this piece of docs: https://docs.github.com/pt/rest/orgs/orgs?apiVersion=2022-11-28#list-organizations
There was a problem hiding this comment.
No that's list all organizations I'm calling listForAuthenticatedUser
I'll use octokit.rest.listForAuthneticated method to clear any confusion
There was a problem hiding this comment.
It's likely failing due to your permissions.
When I was showing you how to run the kernel and plugins I told you to update your kernel app's permissions at it had very very few, I trust you did this yeah?
- GitHub App needs permissions set.
- Supabase auth needs updated with your GitHub app Client ID and secret.
- Update the GH App callback URL to be Supabase.
- Login and it should be able to list your orgs bud.
For OAuth app tokens and personal access tokens (classic), this endpoint only lists organizations that your authorization allows you to operate on in some way (e.g., you can list teams with read:org scope, you can publicize your organization membership with user scope, etc.). Therefore, this API requires at least user or read:org scope for OAuth app tokens and personal access tokens (classic). Requests with insufficient scope will receive a 403 Forbidden response.
There was a problem hiding this comment.
- Supabase auth needs updated with your GitHub app Client ID and secret.
What do you mean with this, exactly? Is it in a secrets format, or an oauth config perhaps? Where do I set this up?
|
@Keyrxng, this task has been idle for a while. Please provide an update. |
|
So the only changes requested I can implement is to ensure the auth token is popped from local? I'll also wrap main in a try-catch and capture any errors |
There was a problem hiding this comment.
- Getting the
authentication.ts:127 GET https://api.github.com/user/orgs 403 (Forbidden)on github auth:
Perhaps we should pass the read:org scope similarly to how it works in work.ubq.fi?
- Pls make all CI workflows passing:
a) For failing build you may hardcode values
b) For failing empty strings workflow you may refactor the code
c) For failing knip unused dependencies should be removed
d) For failing cypress values can be hardcoded
e) For failing jest either remove the test either fix the octokit related error
Yeah that's right, using the methods but the approach has changed.
I setup my auth using a ubiquity-os-plugin-installer/static/main.ts Lines 38 to 45 in 27b6a42
You'll find that in the
I'll make changes so that they pass for now no problem |
|
Thanks for the guide, I'll QA it soon. |
Np. It would be better if I could QA with the production app details but I'm basing my logic on these responses. I have only one org but my dev app is installed on my personal account too (production will only ever be installed to orgs) so it follows that the owner of the org (or admins etc if we support that) would be the one to install plugins (at least the initial setup).
I assume we'd support other roles besides owner but that will require additional logic for validating the user has permissions to update the config etc. Which roles would be allowed to install/update/remove, is this configurable at the partner level or UI level for example (org config sounds good for this) |
|
Empty strings CI is not failing because of empty strings in the code it presents warnings in the review diff as sometimes their usage is needed, instead it's failing because of:
I've implemented the requested changes and previous auth issues were not because of the code itself so I think this is ready for review. |
Resolves #3
Requires #11 and #12 (reviewing those could be skipped and focus placed just on this PR)
ubiquity-os-marketplaceand grabbing manifestsStill buggy with some plugins I need to inspect the more complex ones and handle their configs better but this shows what it looks like with a plugin with a medium size config. It should be ready to over the next day.
@zugdev Idk if you want to work your magic after this is merged, branch off and PR against dev or into this before that or just review and create a spec for what's needed? What do you think?
We can still build this UI with the ability to read from a query param directly too but it's a cleaner approach housing them all imo.
.tswe use JSDoc comments on input props and it fills the IDE. This would be handy af if we had a workflow to parse these and write them to the manifest which could be read on this UI: e.grequiredLabelsToStartwithout defaults might be confusing to a partnerQA:
plugin-installer-demo.mp4