profile
viewpoint
ᴜɴᴋɴᴡᴏɴ unknwon @sourcegraph Hangzhou, China https://unknwon.io ʟɪғᴇ ɪs ᴍᴀɢɪᴄ. ᴄᴏᴅɪɴɢ ɪs ᴀʀᴛ.

unknwon/go-fundamental-programming 7383

《Go 编程基础》是一套针对 Google 出品的 Go 语言的视频语音教程,主要面向新手级别的学习者。

unknwon/go-study-index 3528

Go 语言学习资料索引

unknwon/go-web-foundation 2499

《Go Web 基础》是一套针对 Google 出品的 Go 语言的视频语音教程,主要面向完成《Go 编程基础》教程后希望进一步了解有关 Go Web 开发的学习者。

unknwon/go-rock-libraries-showcases 1516

《Go名库讲解》是一套针对 Google 出品的 Go 语言的第三方库进行评测讲解的集博客、示例与语音视频为一体的综合教程,适合完成学习完成《Go编程基础》教程的学习者。

studygolang/GCTT 1115

GCTT Go中文网翻译组。

unknwon/gowalker 604

Go Walker is a server that generates Go projects API documentation on the fly.

unknwon/com 600

This is an open source project for commonly used functions for the Go programming language.

unknwon/building-web-applications-in-go 544

Go 语言 Web 应用开发系列教程,从新手到双手残废

unknwon/goconfig 538

Package goconfig is a fully functional and comments-support configuration file (.ini) parser.

unknwon/bra 354

Bra (Brilliant Ridiculous Assistant) is a command line utility tool.

issue closedsourcegraph/sourcegraph

Update call sites of ExternalServicesStore.List to avoid application-level aggregation

... over all external services, instead accomplish via SQL query.

TODOs (selective list of this query):

Refs:

  • https://sourcegraph.com/github.com/sourcegraph/sourcegraph@5d73f94a7ad9c8c5a5d30954f737e9dde5c2a8b5/-/blob/internal/db/external_services.go#L405

Part of #12699.

closed time in 18 hours

unknwon

issue openedsourcegraph/sourcegraph

Update ExternalServicesStore.List to support pagination

TODOs:

  • [ ] Add pagination options
  • [ ] Update call sites to use pagination

Refs:

Part of #12699.

created time in 18 hours

IssuesEvent

issue closedsourcegraph/sourcegraph

Update call sites of ExternalServicesStore.List to avoid application-level aggregation

... over all external services, instead accomplish via SQL query.

TODOs (selective list of this query):

Refs:

  • https://sourcegraph.com/github.com/sourcegraph/sourcegraph@5d73f94a7ad9c8c5a5d30954f737e9dde5c2a8b5/-/blob/internal/db/external_services.go#L405

Part of #12699.

closed time in 19 hours

unknwon

push eventsourcegraph/sourcegraph

ᴜɴᴋɴᴡᴏɴ

commit sha fe51a59c6b48761fee9e57b10c48654f7ea87c88

external_services: use SQL to get distinct kinds (#12779)

view details

push time in 20 hours

delete branch sourcegraph/sourcegraph

delete branch : jc/rfc211-use-sql-to-get-distinct-kinds

delete time in 20 hours

PR merged sourcegraph/sourcegraph

external_services: use SQL to get distinct kinds

Instead of listing all external services then get distinct kinds, we do it in SQL.

Part of #12760.

+92 -11

0 comment

3 changed files

unknwon

pr closed time in 20 hours

push eventsourcegraph/sourcegraph

Joe Chen

commit sha 4d43da0c85bf906683acfa13e6cb9fb787603924

Use QueryRowContext to scan one row

view details

push time in a day

push eventsourcegraph/sourcegraph

ᴜɴᴋɴᴡᴏɴ

commit sha ff5324335c279f777959a5c4dbee0b6f462040ae

external_services: add NoNamespace option to the List method (#12781)

view details

push time in a day

delete branch sourcegraph/sourcegraph

delete branch : jc/rfc211-allow-list-external-services-with-no-namespace

delete time in a day

PR merged sourcegraph/sourcegraph

external_services: add NoNamespace option to the List method

The new NoNamespace option allow listing external services under no particular namespace (i.e. site-level external services owned by all site admins).

This option is then used in handling config overrides of external services from config file. This approach has the minimal change without listing any user-added external services (which are not used in the process of config overrides).

Easier to review by commit.

Part of #12760.

+70 -27

0 comment

3 changed files

unknwon

pr closed time in a day

Pull request review commentsourcegraph/sourcegraph

external_services: use SQL to get distinct kinds

 func (e *ExternalServicesStore) List(ctx context.Context, opt ExternalServicesLi 	return e.list(ctx, opt.sqlConditions(), opt.LimitOffset) } +// DistinctKinds returns the distinct list of external services kinds that are stored in the database.+func (e *ExternalServicesStore) DistinctKinds(ctx context.Context) ([]string, error) {+	q := sqlf.Sprintf(`+SELECT ARRAY_AGG(DISTINCT(kind)::TEXT)+FROM external_services+WHERE deleted_at IS NULL+`)++	rows, err := dbconn.Global.QueryContext(ctx, q.Query(sqlf.PostgresBindVar), q.Args()...)

Good idea! I'll give it a try.

unknwon

comment created time in a day

Pull request review commentsourcegraph/sourcegraph

external_services: add NoNamespace option to the List method

 type ExternalServiceKind struct {  // ExternalServicesListOptions contains options for listing external services. type ExternalServicesListOptions struct {+	// When true, only include external services not under any namespace (i.e. owned by all site admins),+	// and value of NamespaceUserID is ignored.+	NoNamespace bool

No problem at all 😛

unknwon

comment created time in a day

push eventsourcegraph/sourcegraph

Joe Chen

commit sha 6f96146ba7db9336ada6980dd0ca1cda879fd9ed

Simplify SQL and exclude soft-deleted rows

view details

push time in a day

Pull request review commentsourcegraph/sourcegraph

external_services: add NoNamespace option to the List method

 type ExternalServiceKind struct {  // ExternalServicesListOptions contains options for listing external services. type ExternalServicesListOptions struct {+	// When true, only include external services not under any namespace (i.e. owned by all site admins),+	// and value of NamespaceUserID is ignored.+	NoNamespace bool

If we use 0 as no namespace, how do we distinguish between list all external services and list external services with no namespace?

unknwon

comment created time in a day

pull request commentsourcegraph/sourcegraph

authz: use `INT[]` to store permissions

Converting back to draft state because I want to provide more smooth experience that when permissions in new format is not available, fall back to use the old format (suggested by @slimsag).

unknwon

comment created time in 2 days

PR opened sourcegraph/sourcegraph

external_services: add NoNamespace option to the List method

The new NoNamespace option allow listing external services under no particular namespace (site-level external services owned by all site admins).

This option is then used in handling config overrides of external services from config file.

Part of #12760.

+70 -27

0 comment

3 changed files

pr created time in 2 days

PR opened sourcegraph/sourcegraph

external_services: use SQL to get distinct kinds

Instead of listing all external services then get distinct kinds, we do it in SQL.

Part of #12760.

+82 -11

0 comment

3 changed files

pr created time in 2 days

push eventsourcegraph/sourcegraph

Joe Chen

commit sha 000e1d68dcc9b2a852a4e2325b6b4158a643c8ec

Fix wrong columns in down script

view details

push time in 2 days

pull request commentsourcegraph/sourcegraph

authz: use `INT[]` to store permissions

While this PR along won't give us the ability to doing what authzFilter does in the pure-SQL fashion, it is on the right directory moving forward. It is in a good shape to merge.

CHANGELOG entry and upgrade docs will be added in a follow up PR since they're more closely related, and should be review in a single PR.

unknwon

comment created time in 2 days

Pull request review commentsourcegraph/sourcegraph

authz: use `INT[]` to store permissions

 func (s *PermsStore) batchLoadUserPendingPermissions(ctx context.Context, q *sql 	for rows.Next() { 		var id int32 		var spec extsvc.AccountSpec-		var ids []byte-		if err = rows.Scan(&id, &spec.ServiceType, &spec.ServiceID, &spec.AccountID, &ids); err != nil {+		var ids []int64

lib/pq does not support scan []int32 array, so sticking with []int64 for now. We could make the change once we make switch to pgx package.

unknwon

comment created time in 2 days

push eventsourcegraph/sourcegraph

ᴜɴᴋɴᴡᴏɴ

commit sha b777022053ccd46b3cbbc6de8bab9e677e17f720

RFC211: list external services allow filtering by user (#12755)

view details

push time in 2 days

delete branch sourcegraph/sourcegraph

delete branch : jc/allow-list-user-external-services

delete time in 2 days

PR merged sourcegraph/sourcegraph

Reviewers
RFC211: list external services allow filtering by user

Modified our GraphQL query to accept an optional namespace argument to filter external services by user. Besides, site admin is able to list all or arbitrary user's external services.

The namespace argument is used instead of always relying on authenticated user because then we couldn't distinguish if a site admin wants to list all external services or is just viewing his/her user settings (i.e. external services owned by the particular site admin).

Example usage:

{
  externalServices(namespace: "VXNlcjoy") {
    nodes {
      id
      kind
      config
    }
  }
}

Fixes #12704

+215 -32

1 comment

6 changed files

unknwon

pr closed time in 2 days

issue closedsourcegraph/sourcegraph

Update ExternalServicesStore.List to allow filtering by user

..., and site admins are able to list all.

Refs:

  • https://sourcegraph.com/github.com/sourcegraph/sourcegraph@5d73f94a7ad9c8c5a5d30954f737e9dde5c2a8b5/-/blob/internal/db/external_services.go#L405

Part of #12699.

closed time in 2 days

unknwon

Pull request review commentsourcegraph/about

Add handbook section for exposing-service

++### Exposing services++In Go, that looks like this+```+http.ListenAndServe(":80", nil)+```+The above code will bind to all TCP interfaces. Since Kubernetes does support dual-stack IPv4 & IPv6 our services should bind to all interfaces (we do not currently have IPv6 services).++If you must specify an ip address to expose your service on, choosing `0.0.0.0:port` is typically a good choice. What this does can be OS and platform-specific.++Binding to `localhost:port` or `127.0.0.1:port` is binding to a local-only interface that constrained to the same "host". In Kubernetes, other containers within the Pod may still communicate with this service AND you may port-forward this container and associated service+[(Why?)](#How-can-I-port-forward-a-local-only-service?).++This may be preferred in a sidecar pattern where you do not want a container accessible outside a Pod or when you don't want expose your laptop to the cofeeshop wifi but generally, code should not be merged that binds to `localhost` or `127.0.0.1`.+++### How can I port-forward a local only service?++Due to the way that kube-proxy works when you port-forward a pod or a service kube-proxy opens a tunnel to that pod (or a pod that backs that service). This can make debugging why a service is accessible in the pod but not outside of the pod hard to [understand](https://github.com/sourcegraph/zoekt/pull/46/files).++You can also use `kubectl port-forward --address 0.0.0.0` if you need to expose a port-forwarded service outside of your local machine (it defaults to `127.0.0.1`). [link](https://github.com/kubernetes/kubernetes/issues/40053) :exploding_head:++### References++https://stackoverflow.com/questions/20778771/what-is-the-difference-between-0-0-0-0-127-0-0-1-and-localhost++https://serverfault.com/questions/21657/semantics-of-and-0-0-0-0-in-dual-stack-oses/39561#39561++https://stackoverflow.com/questions/49067160/what-is-the-difference-in-listening-on-0-0-0-080-and-80
- https://stackoverflow.com/questions/20778771/what-is-the-difference-between-0-0-0-0-127-0-0-1-and-localhost
- https://serverfault.com/questions/21657/semantics-of-and-0-0-0-0-in-dual-stack-oses/39561#39561
- https://stackoverflow.com/questions/49067160/what-is-the-difference-in-listening-on-0-0-0-080-and-80
daxmc99

comment created time in 2 days

Pull request review commentsourcegraph/about

Add handbook section for exposing-service

++### Exposing services++In Go, that looks like this+```+http.ListenAndServe(":80", nil)+```+The above code will bind to all TCP interfaces. Since Kubernetes does support dual-stack IPv4 & IPv6 our services should bind to all interfaces (we do not currently have IPv6 services).++If you must specify an ip address to expose your service on, choosing `0.0.0.0:port` is typically a good choice. What this does can be OS and platform-specific.++Binding to `localhost:port` or `127.0.0.1:port` is binding to a local-only interface that constrained to the same "host". In Kubernetes, other containers within the Pod may still communicate with this service AND you may port-forward this container and associated service+[(Why?)](#How-can-I-port-forward-a-local-only-service?).++This may be preferred in a sidecar pattern where you do not want a container accessible outside a Pod or when you don't want expose your laptop to the cofeeshop wifi but generally, code should not be merged that binds to `localhost` or `127.0.0.1`.++
daxmc99

comment created time in 2 days

Pull request review commentsourcegraph/about

Add handbook section for exposing-service

++### Exposing services++In Go, that looks like this
In Go, that looks like this:
daxmc99

comment created time in 2 days

Pull request review commentsourcegraph/about

Add handbook section for exposing-service

 For all things not covered in this document, defer to [Go Code Review Comments](https://code.google.com/p/go-wiki/wiki/CodeReviewComments) and [Effective Go](http://golang.org/doc/effective_go.html). +We also have subsections here
We also have subsections here:
daxmc99

comment created time in 2 days

Pull request review commentsourcegraph/about

Add handbook section for exposing-service

+
daxmc99

comment created time in 2 days

Pull request review commentsourcegraph/about

Add handbook section for exposing-service

++### Exposing services

qq: why not

# Exposing services
daxmc99

comment created time in 2 days

push eventsourcegraph/sourcegraph

Joe Chen

commit sha a74f3e9f7c2c5f186e49d08d3222e8dd516991e9

Return more specific error

view details

push time in 2 days

Pull request review commentsourcegraph/sourcegraph

RFC211: list external services allow filtering by user

 func (*schemaResolver) DeleteExternalService(ctx context.Context, args *struct { 	return &EmptyResponse{}, nil } -func (r *schemaResolver) ExternalServices(ctx context.Context, args *struct {+type ExternalServicesArgs struct {+	Namespace *graphql.ID 	graphqlutil.ConnectionArgs-}) (*externalServiceConnectionResolver, error) {-	// 🚨 SECURITY: Only site admins may read external services (they have secrets).-	if err := backend.CheckCurrentUserIsSiteAdmin(ctx); err != nil {-		return nil, err+}++func (r *schemaResolver) ExternalServices(ctx context.Context, args *ExternalServicesArgs) (*externalServiceConnectionResolver, error) {+	var namespaceUserID int32+	if args.Namespace != nil {+		var err error+		switch relay.UnmarshalKind(*args.Namespace) {+		case "User":+			err = relay.UnmarshalSpec(*args.Namespace, &namespaceUserID)+		default:+			err = errors.Errorf("invalid namespace %q", *args.Namespace)+		}++		if err != nil {+			return nil, err+		}+	}++	// 🚨 SECURITY: Only site admins may read all or a user's external services.+	// Otherwise, the authenticated user can only read external services under the same namespace.+	if backend.CheckSiteAdminOrSameUser(ctx, namespaceUserID) != nil {+		// NOTE: We do not directly return the err here because it contains the desired username,+		// which then allows attacker to brute force over our database ID and get corresponding+		// username.+		return nil, backend.ErrMustBeSiteAdmin

I see, let me update it!

unknwon

comment created time in 2 days

issue commentsourcegraph/sourcegraph

Update ExternalServicesStore.List to allow filtering by user

@ryanslade: No, that would be another issue (see tracking issue down the list of same section).

unknwon

comment created time in 2 days

issue commentsourcegraph/sourcegraph

Race condition having to do with search and SQL

cc @sourcegraph/cloud ^ WDYT about changing lib/pg to pgx?

ijt

comment created time in 2 days

Pull request review commentsourcegraph/sourcegraph

RFC211: list external services allow filtering by user

 func (*schemaResolver) DeleteExternalService(ctx context.Context, args *struct { 	return &EmptyResponse{}, nil } -func (r *schemaResolver) ExternalServices(ctx context.Context, args *struct {+type ExternalServicesArgs struct {+	Namespace *graphql.ID 	graphqlutil.ConnectionArgs-}) (*externalServiceConnectionResolver, error) {-	// 🚨 SECURITY: Only site admins may read external services (they have secrets).-	if err := backend.CheckCurrentUserIsSiteAdmin(ctx); err != nil {-		return nil, err+}++func (r *schemaResolver) ExternalServices(ctx context.Context, args *ExternalServicesArgs) (*externalServiceConnectionResolver, error) {+	var namespaceUserID int32+	if args.Namespace != nil {+		var err error+		switch relay.UnmarshalKind(*args.Namespace) {+		case "User":+			err = relay.UnmarshalSpec(*args.Namespace, &namespaceUserID)+		default:+			err = errors.Errorf("invalid namespace %q", *args.Namespace)+		}++		if err != nil {+			return nil, err+		}+	}++	// 🚨 SECURITY: Only site admins may read all or a user's external services.+	// Otherwise, the authenticated user can only read external services under the same namespace.+	if backend.CheckSiteAdminOrSameUser(ctx, namespaceUserID) != nil {+		// NOTE: We do not directly return the err here because it contains the desired username,+		// which then allows attacker to brute force over our database ID and get corresponding+		// username.+		return nil, backend.ErrMustBeSiteAdmin

I thought "the current user doesn't match namespaceUserID" is exactly the ability of a site admin and the reason for this if-check?

unknwon

comment created time in 2 days

issue commentsourcegraph/sourcegraph

Upload Plugin on Microsoft Edge Plugin Store?

cc @sourcegraph/web

yizems

comment created time in 2 days

issue openedsourcegraph/sourcegraph

Update call sites of ExternalServicesStore.List to avoid application-level aggregation

... over all external services, instead accomplish via SQL query.

Refs:

  • https://sourcegraph.com/github.com/sourcegraph/sourcegraph@5d73f94a7ad9c8c5a5d30954f737e9dde5c2a8b5/-/blob/internal/db/external_services.go#L405

Part of #12699.

created time in 2 days

issue closedsourcegraph/sourcegraph

Use serializable transactions for updating permissions

Our current code that interacts with DB for permissions (enterprise/cmd/frontend/internal/authz/store.go) uses Postgres's row-level locking (mostly FOR UPDATE) to ensure data consistency, but as @beyang noted, we might encounter lock-contention performance issues at scale because FOR UPDATE prevents regular reads (i.e. FOR NO KEY UPDATE locks while checking permissions in authzFilter) according to the documentation: https://www.postgresql.org/docs/9.6/explicit-locking.html#LOCKING-ROWS.

@beyang suggested we should revisit this issue (ideally) and be lockless in 3.13.

closed time in 2 days

unknwon

issue commentsourcegraph/sourcegraph

Use serializable transactions for updating permissions

Close until further input.

unknwon

comment created time in 2 days

issue closedsourcegraph/sourcegraph

PoC: src-expose push based

tl;dr a fun and technical proof of concept to try and make using src-expose 1 step and zero configuration.

Problem

src-expose serve serves up an API and git endpoints which Sourcegraph uses to discover and clone repositories. However, this requires Sourcegraph to be able to reach src-expose serve. This adds the friction (and often confusion) of ensuring that networking is setup correctly such that it is reachable. Additionally it is difficult for us to document correctly across all our deployment environments.

Proposal

Instead of src-expose serve listening on a port, it directly connects to Sourcegraph and keeps a persistent connection. Sourcegraph then uses that connection to query the API and perform git operations. This is motivated by the fact we want src-expose to be part of src-cli #9243. When part of src-cli we will get all the infra around authenticating and communicating with Sourcegraph. Additionally this will allow a magical experience where src-expose can also create/manage the external service configuration to connect to it.

This doesn't exist, and solving reliability and persistence for src-expose connecting to sourcegraph may prove to be too difficult/not possible. For example nginx/other load balancer may just constantly kill the connection. I would think using websockets + some abstraction over it to hide the unreliability would make sense.

closed time in 2 days

keegancsmith

issue commentsourcegraph/sourcegraph

PoC: src-expose push based

Close until further input.

keegancsmith

comment created time in 2 days

push eventsourcegraph/sourcegraph

Keegan Carruthers-Smith

commit sha 3cb30b5ff3f15ba152a9153873ea4b1ad3929519

honey: sample 1 in 16 events (#12317) Band-aid solution until we can investigate further. Again hitting very high usage. Likely due to recent scaling up of the indexed search cluster. Will require more investigation, but we should probably segment user request path.

view details

ᴜɴᴋɴᴡᴏɴ

commit sha 74159cd2319a43b08e7da75591fead5ba04d8758

authz: return empty `permissionsInfo` in OSS version (#12313)

view details

Ryan Slade

commit sha 9da26cb86fbf866625cd5133c23ee21c16dd124c

repo-updater: Sleep on error during syncClone (#12299) * repo-updater: Sleep on error during syncClone Instead of immediatley looping around and potentially putting more pressure on gitserver or the repo store. * Changes from review * Move err check * Refactor to remove sleep / continue pattern

view details

github-actions[bot]

commit sha 7fec1bcc70080af496621516526cd67851f6606e

Update third-party licenses (#12116) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

view details

ᴜɴᴋɴᴡᴏɴ

commit sha 4644536a09e4864073a60a812341b6d9342c418b

Update CHANGELOG.md (#12320)

view details

Keegan Carruthers-Smith

commit sha 2b195bf4f627fea8001aba68efbbf6bc2452b62c

doc: Update and add docs for multiple index search (#12295) Lots of changes have happened due to indexing multiple branches. We update the dev architecture docs to mention options (how we configure multiple branch search) as well as shallow cloning. We mention multiple revision search syntax. We mention how to configure multi branch indexing. We mention how to search HEAD explicitly.

view details

Keegan Carruthers-Smith

commit sha 42f81405fad86921e76e9b317d38ad5358e5dd34

ci: only run go steps if only changing go (#12321) This should significantly speed up Go PR checks.

view details

Thorsten Ball

commit sha d6d2fcdd1ab0ebfd50cb5431083b60853f2bfd04

Rename MockGitHubChangesetSync to more generic name (#12315) We've talked about this when the mock was introduced, but I think it got lost. So, here we go: this mock is not tied to GitHub, since its mocks are called in `SetDerivedState` when computing the `SyncState`, let's get rid of the `GitHub` in the name.

view details

Thorsten Ball

commit sha f18421a031104323cec4c830063efae1c6f28875

Remove unneeded context and error from CheckState method (#12316)

view details

Felix Becker

commit sha c6de674fa8b71600d28f4ab0028ccad8d97795b0

Automatically accept Chromatic baseline on master (#12325)

view details

Asdine El Hrychy

commit sha 90c8a30e6a4dbf48f23692658ca5be39e741df74

Replace gophermail by jordan-wright/email (#12239)

view details

Asdine El Hrychy

commit sha df326976fe6f99d344a1c6b66bf52f241370b998

Skip TLS Verify check if TLS is disabled (#12243)

view details

Erik Seliger

commit sha caa5695a399417f8f933ca30f55329e46a0368c4

Fix flacky chromatic snapshots (#12338)

view details

하광일 / CE / TC

commit sha 9161e3ef106ccc4ed1804b221f9db8fcd5d3fb96

Fix jaeger config in single docker container (#12312)

view details

Bunny

commit sha 219cc4d341d9fd293230a811d099bece7d777d9d

Revisions (#12217) * Revisions Updated the first paragraph and last sentence. Made a handful of other minor changes for readability * Removed redundancy about changeset * Fixed typo

view details

Keegan Carruthers-Smith

commit sha 1dffc994280aef9626250b1d64bc6b531e26636d

zoekt: improve logs and resource usage when loading (#12322) When an instance has a lot of shards it can take a while to start. This update includes two improvements to zoekt: - shards: throttle loading in watcher https://gerrit-review.googlesource.com/c/zoekt/+/275902 - shards: a progress message every 10s when loading https://gerrit-review.googlesource.com/c/zoekt/+/275903

view details

Dax McDonald

commit sha aa821d01117f83c7b5081f7f36e086655bbd7f2b

Update latest release to 3.18.0 (#12305)

view details

Felix Becker

commit sha 23b198aecbaf5dceb780176795d6dcc26cb116d2

Integration test improvements (#12324)

view details

Keegan Carruthers-Smith

commit sha 08e13f12caccde4960d2c49f98d9592639b2c1ac

src-expose: avoid git update-server-info in request path (#12342) We now only run git update-server-info if a repository has not been configured. This change exposed a bug in our hook setting being incorrect. This wasn't visible before since we would always run update-server-info when listing repos.

view details

Pooja Jain

commit sha 22dfa7cbd08d25676ad184b001d9e21d518fb50c

Update slow lang:python example with repogroup:python example (#12343) Co-authored-by: Pooja Jsin <poojajain@poojas-mbp.attlocal.net>

view details

push time in 2 days

Pull request review commentsourcegraph/sourcegraph

web: Add codehost entry for src serve-git

 const GITLAB_SELF_MANAGED: AddExternalServiceOptions = {   ] }`, }+const SRC_SERVE_GIT: AddExternalServiceOptions = {+    kind: GQL.ExternalServiceKind.OTHER,+    title: 'Sourcegraph CLI Serve-Git',+    icon: GitIcon,+    jsonSchema: otherExternalServiceSchemaJSON,+    defaultDisplayName: 'src serve-git',+    defaultConfig: `{+  // url is the http url to 'src serve-git'.+  // url should be reachable by Sourcegraph.+  "url": "http://addr.for.src.serve:3434", +  // Do not change this. Sourcegraph uses this as a signal that url is 'src serve'.+  "repos": ["src-serve"]+}`,+    instructions: (+        <div>+            <p>+                In the configuration below, set <Field>url</Field> to be the URL of src serve-git.+            </p>+            <p>+                Install the{' '}+                <a rel="noopener noreferrer" target="_blank" href="https://github.com/sourcegraph/src-cli">+                    Sourcegraph CLI (src)+                </a>+                . src serve-git allows you to serve any git repositories that you have on disk.+            </p>+        </div>+    ),+    editorActions: [+        {+            id: 'setURL',+            label: 'Sourcegraph in docker and src serve-git running on host',
            label: 'Sourcegraph in Docker and src serve-git running on host',
keegancsmith

comment created time in 2 days

push eventsourcegraph/sourcegraph

ᴜɴᴋɴᴡᴏɴ

commit sha 459388941f1959a8029ad28ab770dad62669d3c4

authz: always use msResolutionClock (#12757)

view details

push time in 2 days

delete branch sourcegraph/sourcegraph

delete branch : jc/authz-use-msResolutionClock

delete time in 2 days

PR merged sourcegraph/sourcegraph

authz: always use msResolutionClock

Follow up of https://github.com/sourcegraph/sourcegraph/pull/12539#discussion_r464516098.

+1 -3

0 comment

1 changed file

unknwon

pr closed time in 2 days

PR opened sourcegraph/sourcegraph

authz: always use msResolutionClock

Follow up of https://github.com/sourcegraph/sourcegraph/pull/12539#discussion_r464516098.

+1 -3

0 comment

1 changed file

pr created time in 2 days

create barnchsourcegraph/sourcegraph

branch : jc/authz-use-msResolutionClock

created branch time in 2 days

Pull request review commentsourcegraph/sourcegraph

RFC211: list external services allow filtering by user

 func TestDeleteExternalService(t *testing.T) { 		}, 	}) }++func TestExternalServices(t *testing.T) {+	t.Run("authenticated as non-admin", func(t *testing.T) {+		t.Run("read someone else's external services", func(t *testing.T) {

Doing in this style so later on we can have another t.Run for namespace_org_id.

unknwon

comment created time in 2 days

create barnchsourcegraph/sourcegraph

branch : jc/allow-list-user-external-services

created branch time in 2 days

issue openedsourcegraph/sourcegraph

Update ExternalServicesStore.List to allow filtering by user

..., and site admins are able to list all.

Refs:

  • https://sourcegraph.com/github.com/sourcegraph/sourcegraph@5d73f94a7ad9c8c5a5d30954f737e9dde5c2a8b5/-/blob/internal/db/external_services.go#L405

Part of #12699.

created time in 3 days

Pull request review commentsourcegraph/sourcegraph

tracer: set URL to trace in x-trace header

 func initTracer(serviceName string) { 	// Initially everything is disabled since we haven't read conf yet. 	oldOpts := jaegerOpts{ 		ServiceName: serviceName,+		ExternalURL: conf.Get().ExternalURL,

Gotcha, thanks! Always have uncertainties when I think about our configuration init process :D

keegancsmith

comment created time in 4 days

Pull request review commentsourcegraph/sourcegraph

Categorize enterprise frontend startup behaviors

+package authz++import (+	"context"+	"time"++	"github.com/sourcegraph/sourcegraph/cmd/frontend/enterprise"+	eauthz "github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/authz"+	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/authz/resolvers"+	eiauthz "github.com/sourcegraph/sourcegraph/enterprise/internal/authz"+	"github.com/sourcegraph/sourcegraph/internal/authz"+	"github.com/sourcegraph/sourcegraph/internal/conf"+	"github.com/sourcegraph/sourcegraph/internal/db"+	"github.com/sourcegraph/sourcegraph/internal/db/dbconn"+)++func Init(ctx context.Context, enterpriseServices *enterprise.Services) error {+	eauthz.Init(dbconn.Global, msResolutionClock)++	go func() {+		t := time.NewTicker(5 * time.Second)+		for range t.C {+			allowAccessByDefault, authzProviders, _, _ :=+				eiauthz.ProvidersFromConfig(ctx, conf.Get(), db.ExternalServices)+			authz.SetProviders(allowAccessByDefault, authzProviders)+		}+	}()++	enterpriseServices.AuthzResolver = resolvers.NewResolver(dbconn.Global, func() time.Time {+		return time.Now().UTC().Truncate(time.Microsecond)+	})

Seems we could just use msResolutionClock here to replace func() time.Time {...?

efritz

comment created time in 4 days

Pull request review commentsourcegraph/sourcegraph

tracer: set URL to trace in x-trace header

 func initTracer(serviceName string) { 	// Initially everything is disabled since we haven't read conf yet. 	oldOpts := jaegerOpts{ 		ServiceName: serviceName,+		ExternalURL: conf.Get().ExternalURL,

Is it possible that the initTracer is called before configuration is fully initialized? (ie. you would always get default value of ExternalURL)

keegancsmith

comment created time in 4 days

Pull request review commentsourcegraph/sourcegraph

Remove cloneInProgress option from the Repositories API

 All notable changes to Sourcegraph are documented in this file. - Fixed site admins are getting errors when visiting user settings page in OSS version. [#12313](https://github.com/sourcegraph/sourcegraph/pull/12313) - `github-proxy` now respects the environment variables `HTTP_PROXY`, `HTTPS_PROXY` and `NO_PROXY` (or the lowercase versions thereof). Other services already respect these variables, but this was missed. If you need a proxy to access github.com set the environment variable for the github-proxy container. [#12377](https://github.com/sourcegraph/sourcegraph/issues/12377) +### Removed++- Remove `CloneInProgress` option from GraphQL Repositories API. [#12560](https://github.com/sourcegraph/sourcegraph/pull/12560).
- Removed `CloneInProgress` option from GraphQL Repositories API. [#12560](https://github.com/sourcegraph/sourcegraph/pull/12560)
asdine

comment created time in 4 days

Pull request review commentsourcegraph/sourcegraph

tracer: remove support for lightstep

 var requireRestart = []string{ 	"auth.providers", 	"externalURL", 	"update.channel",-	"useJaeger",

Intentional or mistake?

keegancsmith

comment created time in 4 days

pull request commentsourcegraph/sourcegraph

reposource: ParseConfig function to simplify callers

@tsenart @unknwon authz also depends on these List*Connections in the database. Should we:

  • Provide a helper ListConnections then the client needs to do type switches on the conn?
  • Not provide a helper and authz directly uses extsvc.ParseConfig
  • Just leave the List*Connection functions.

FYI, current List*Connection methods actually do something extra that get the URN of each external service: https://sourcegraph.com/github.com/sourcegraph/sourcegraph/-/blob/cmd/frontend/types/external_services.go#L72:30 (note they return types.*Connection not schema.*Connection), so I'm afraid having extsvc.ParseConfig alone is not enough. RFC 211 wants to add pagination to list external services endpoint, so I think the first bullet point makes the most sense (that minimizes the number of List methods). WDYT?

keegancsmith

comment created time in 4 days

push eventunknwon/the-way-to-go_ZH_CN

polarisxu

commit sha 69ee6e759d453c9ea427fc43ab5b44dc5ed8b5c8

add studygolang qrcode for learning (#774)

view details

push time in 4 days

Pull request review commentsourcegraph/sourcegraph

campaigns: add GitLab webhook support

+package webhooks

qq: what's the rationale to make a new subpackage? 🤔

LawnGnome

comment created time in 4 days

push eventsourcegraph/about

ᴜɴᴋɴᴡᴏɴ

commit sha 7116d46744429e23f6f37321160c8575fedfe7cc

Update cheatsheet command for port-forward Jaeger (#701)

view details

push time in 4 days

delete branch sourcegraph/about

delete branch : jc/update-cheatsheet

delete time in 4 days

PR merged sourcegraph/about

Reviewers
Update cheatsheet command for port-forward Jaeger

Sometimes --namespace prod is required.

+1 -1

1 comment

1 changed file

unknwon

pr closed time in 4 days

pull request commentsourcegraph/about

Update cheatsheet command for port-forward Jaeger

Merging as-is, happy to address any post-merge comments!

unknwon

comment created time in 4 days

push eventsourcegraph/about

ᴜɴᴋɴᴡᴏɴ

commit sha b8af6f5ecaba50f4b234c079fc95c964ee8bece2

Fix line break and remove extra colon (#1328)

view details

push time in 4 days

delete branch sourcegraph/about

delete branch : jc/fix-line-break

delete time in 4 days

PR merged sourcegraph/about

Reviewers
Fix line break and remove extra colon
+2 -2

1 comment

1 changed file

unknwon

pr closed time in 4 days

pull request commentsourcegraph/about

Fix line break and remove extra colon

Merging as-is, happy to address any post-merge comments!

unknwon

comment created time in 4 days

pull request commentsourcegraph/sourcegraph

repo-updater: add HTML version of repo-updater-state page

Thanks for the awesome addition to this page! ❤️

However, this page also contains update queue dump of permissions (you can find it when request JSON format), but I don't see it's been reflected in the fancy HTML version? Could be an oversight 🤔

anukul

comment created time in 5 days

PR opened sourcegraph/about

Reviewers
Fix line break and remove extra colon
+2 -2

0 comment

1 changed file

pr created time in 5 days

create barnchsourcegraph/about

branch : jc/fix-line-break

created branch time in 5 days

issue commentsourcegraph/sourcegraph

Sourcegraph not recognizing that GitHub Enterprise repos are archived

Is it possible that there's some race-condition-y thing where the repo got put into a weird state? E.g.:

  • We had the repo (before it was archived) on Sourcegraph
  • They archived it
  • Repo-updater checks for the repo list... The external service config tells it that we should exclude archived repos, and the GitHub API tells us that that repo was archived, so we stop fetching it and stop updating its metadata (WITHOUT going and flipping the "archived" flag in the db)
  • The syncer doesn't realize that it is archived, so it keeps getting re-scheduled for syncing (without ever updating the repo metadata)

This is a totally made up image of how these things all work together, but I hope you can get the idea that I'm going for here :)

@dadlerj: This scenario makes total sense to me, so knowing what's the value of updated_at column for that specific repo would help (as @tsenart suggested).

select archived, metadata, updated_at from repo where name like '%my/archived/repo%';
dadlerj

comment created time in 5 days

issue commentsourcegraph/sourcegraph

Cloud: 3.19 Tracking issue

Last week

On vacation 🌴

This week

  • Catch up things
  • I guess my main focus this week would be RFC 211 (haven't actually looked it yet but saw it is mentioned on daily updates)
tsenart

comment created time in 5 days

issue commentsourcegraph/sourcegraph

Cloud: 3.19 Tracking issue

Goal 1 Update (2020-07-23):

@ryanslade, @asdine and I paired and worked on the product document (link might change because it's not the "Product docs" folder as other PDs) that @ryanslade drafted.

Next step:

  • @ryanslade will publish the product document and get feedback from stakeholders.
  • @asdine will start auditing sync notes Q14: What places in our codebase assume a small number of external services in the database and would break or not scale when that assumption doesn’t hold anymore?
  • We will have another pair session on Friday (2020-07-24) to read code together and get us familiar with relevant codebase.
tsenart

comment created time in 15 days

delete branch sourcegraph/sourcegraph

delete branch : jc/gqltest-20200721

delete time in 17 days

PR merged sourcegraph/sourcegraph

gqltest: migrate commit, diff and global text search

Migrated following tests to dev/gqltest:

https://github.com/sourcegraph/sourcegraph/blob/5ce8ae587d734252af7d8ab439510a8fddb4f421/internal/cmd/search-integration-tester/search_tests.go#L48-L75

Easier to review by commit.

Part of #12143.

+174 -127

0 comment

2 changed files

unknwon

pr closed time in 17 days

push eventsourcegraph/sourcegraph

ᴜɴᴋɴᴡᴏɴ

commit sha 37ea28aeee5f1b8e186b826504246cc0f4dff0e2

gqltest: migrate commit, diff and global text search (#12355)

view details

push time in 17 days

issue commentsourcegraph/sourcegraph

"Go to definition" broken for code host on non-standard port

Thanks, @rgalonso.

I'd be surprised if this was a code intel issue since it depends on external services which we don't talk to directly. Is this a thing that @sourcegraph/cloud would be able to triage?

@sourcegraph/cloud needs to confirm port number is lost when passing around. Also cc @sourcegraph/web seems related to native integration / browser extension.

rgalonso

comment created time in 17 days

Pull request review commentsourcegraph/sourcegraph

gqltest: migrate commit, diff and global text search

 func TestSearch(t *testing.T) { 			}) 		} 	})++	t.Run("commit search", func(t *testing.T) {+		tests := []struct {+			name       string+			query      string+			zeroResult bool+		}{+			{+				name:  "commit search, nonzero result",+				query: `repo:^github\.com/sgtest/go-diff$ type:commit count:1`,+			},+		}+		for _, test := range tests {+			t.Run(test.name, func(t *testing.T) {+				results, err := client.SearchFiles(test.query)+				if err != nil {+					t.Fatal(err)+				}++				if test.zeroResult {+					if len(results.Results) > 0 {+						t.Fatalf("Want zero result but got %d", len(results.Results))+					}+				} else {+					if len(results.Results) == 0 {+						t.Fatal("Want non-zero results but got 0")+					}+				}+			})+		}+	})++	t.Run("diff search", func(t *testing.T) {+		tests := []struct {+			name       string+			query      string+			zeroResult bool+		}{+			{+				name:  "diff search, nonzero result",+				query: `repo:^github\.com/sgtest/go-diff$ type:diff main count:1`,+			},+		}+		for _, test := range tests {+			t.Run(test.name, func(t *testing.T) {+				results, err := client.SearchFiles(test.query)+				if err != nil {+					t.Fatal(err)+				}++				if test.zeroResult {+					if len(results.Results) > 0 {+						t.Fatalf("Want zero result but got %d", len(results.Results))+					}+				} else {+					if len(results.Results) == 0 {+						t.Fatal("Want non-zero results but got 0")+					}+				}+			})+		}+	})

Good catch, updated!

unknwon

comment created time in 17 days

push eventsourcegraph/sourcegraph

Joe Chen

commit sha bd38fdee177fcd10ad9629e714d78a323dfda33b

Reduce boilerplate

view details

push time in 17 days

push eventsourcegraph/sourcegraph

ᴜɴᴋɴᴡᴏɴ

commit sha 806465d8812f888e69508470916b886c309a85c4

authz: remove on-demand permissions fetching (#12319) Co-authored-by: Ryan Slade <ryanslade@gmail.com>

view details

push time in 17 days

delete branch sourcegraph/sourcegraph

delete branch : jc/remove-on-demand-perms-fetch

delete time in 17 days

PR merged sourcegraph/sourcegraph

Reviewers
authz: remove on-demand permissions fetching

As background permissions syncing has been enabled by default for last two iterations, it's time to remove the old on-demand implementation.

Please check Hide whitespace changes and review by commit.

Fixes #10973.

+657 -4784

2 comments

54 changed files

unknwon

pr closed time in 17 days

issue closedsourcegraph/sourcegraph

Remove on-demand implementation of permissions

A follow up of https://github.com/sourcegraph/sourcegraph/issues/10657.

Also remove corresponding configurations and web app checks: https://github.com/sourcegraph/sourcegraph/pull/10473/files

closed time in 17 days

unknwon

pull request commentsourcegraph/sourcegraph

authz: remove on-demand permissions fetching

Thanks everyone! Let's land it.

unknwon

comment created time in 17 days

issue commentsourcegraph/sourcegraph

Support for HTTPS_PROXY, HTTP_PROXY, and NO_PROXY env vars

I think we're using a common HTTP cli underneath already (IIRC @keegancsmith did that), so theoretically shouldn't be a problem.

dadlerj

comment created time in 17 days

Pull request review commentsourcegraph/sourcegraph

unit tests for secrets database code

+package db++import (+	"context"+	"testing"++	"github.com/sourcegraph/sourcegraph/internal/db/dbtesting"+)++func TestAllByKeyValue(t *testing.T) {+	if testing.Short() {+		t.Skip()+	}++	dbtesting.SetupGlobalTestDB(t)+	ctx := context.Background()++	key := "arthur dent"+	value := "heart of gold"+	err := Secrets.InsertKeyValue(ctx, key, value)+	if err != nil {+		t.Fatal(err)+	}++	sec, err := Secrets.GetByKeyName(ctx, key)+	if err != nil {+		t.Fatal(err)+	}+	if sec.KeyName.String != key {+		t.Fatalf("Expected %s received %s", value, sec.Value)+	}++	newVal := "infinite improbability drive"+	err = Secrets.UpdateByKeyName(ctx, key, newVal)+	if err != nil {+		t.Fatal(err)+	}++	s, err := Secrets.GetByKeyName(ctx, key)+	if s.Value != newVal {+		t.Fatalf("Expected %s received %s", newVal, s.Value)+	}++	Secrets.DeleteByKeyName(ctx, key)+	s, err = Secrets.GetByKeyName(ctx, key)+	if err == nil {+		t.Fatal(err)

@chayim: Seems missed this?

Instead of checking nil, is there a specific error type we could/should check?

chayim

comment created time in 17 days

issue commentsourcegraph/sourcegraph

Cloud: 3.19 Tracking issue

Goal 1 Update (2020-07-21):

@ryanslade, @asdine and I paired and worked out the prototype for allowing users to add external services end-to-end. Few more questions raised and added to our sync notes (Q8-Q11).

Next step: @ryanslade will own writing the initial draft of product document and we will pair again on Thursday to finalize the product document for review.

tsenart

comment created time in 17 days

create barnchsourcegraph/sourcegraph

branch : cloud/3.19-prototype

created branch time in 17 days

push eventsourcegraph/sourcegraph

Joe Chen

commit sha daced05a1c0e92b738dcbfac5a762b3ffaaab785

Fix some linting issues

view details

push time in 17 days

push eventsourcegraph/sourcegraph

ᴜɴᴋɴᴡᴏɴ

commit sha 2888f3d2769ffd7a7d2dcc87b6a6bad0a49423de

Update CHANGELOG.md Co-authored-by: Ryan Slade <ryanslade@gmail.com>

view details

push time in 18 days

Pull request review commentsourcegraph/sourcegraph

Check namespace perms in CreateCampaignSpec/MoveCampaign

 func TestService(t *testing.T) { 			ct.AuthzFilterRepos(t, changesetSpecs[0].RepoID)  			opts := CreateCampaignSpecOpts{-				UserID:               user.ID,-				NamespaceUserID:      user.ID,+				NamespaceUserID:      admin.ID, 				RawSpec:              ct.TestRawCampaignSpec, 				ChangesetSpecRandIDs: changesetSpecRandIDs, 			} -			if _, err := svc.CreateCampaignSpec(ctx, opts); !errcode.IsNotFound(err) {+			if _, err := svc.CreateCampaignSpec(adminCtx, opts); !errcode.IsNotFound(err) { 				t.Fatalf("expected not-found error but got %s", err) 			}- 		})  		t.Run("invalid changesetspec id", func(t *testing.T) { 			containsInvalidID := []string{changesetSpecRandIDs[0], "foobar"} 			opts := CreateCampaignSpecOpts{-				UserID:               user.ID,-				NamespaceUserID:      user.ID,+				NamespaceUserID:      admin.ID, 				RawSpec:              ct.TestRawCampaignSpec, 				ChangesetSpecRandIDs: containsInvalidID, 			} -			if _, err := svc.CreateCampaignSpec(ctx, opts); !errcode.IsNotFound(err) {+			if _, err := svc.CreateCampaignSpec(adminCtx, opts); !errcode.IsNotFound(err) { 				t.Fatalf("expected not-found error but got %s", err) 			} 		})++		t.Run("namespace user is not admin and not creator", func(t *testing.T) {

Not sure if it's already covered, seems not from diffs. "namespace user is admin but not creator" (i.e. site admin create campaigns on behalf of another user). Is it even a valid use case?

mrnugget

comment created time in 18 days

Pull request review commentsourcegraph/sourcegraph

Add missing changelog entry

 All notable changes to Sourcegraph are documented in this file. - Revisions listed in `experimentalFeatures.versionContext` or `experimentalFeatures.search.index.branches` will be indexed for faster searching. This is the first support towards indexing non-default branches. [#6728](https://github.com/sourcegraph/sourcegraph/issues/6728) - Campaigns are now supported on GitLab. - Campaigns now support GitLab and allow users to create, update and track merge requests on GitLab instances.+- Emails can be now be sent to SMTP servers with self-signed certificates.

Worth mentioning the exact site config that allows site admin to disable TLS verification.

asdine

comment created time in 18 days

Pull request review commentsourcegraph/sourcegraph

monitoring: alert owners

 func (r Row) validate() error { 	return nil } +// ObservableOwner denotes a team that owns an Observable. The current teams are described in+// the handbook: https://about.sourcegraph.com/handbook/engineering/2021_org+type ObservableOwner string++const (+	// Core Products teams
	// Core products teams

Unless you copied from handhook?

bobheadxi

comment created time in 18 days

Pull request review commentsourcegraph/sourcegraph

monitoring: alert owners

 func (r Row) validate() error { 	return nil } +// ObservableOwner denotes a team that owns an Observable. The current teams are described in+// the handbook: https://about.sourcegraph.com/handbook/engineering/2021_org+type ObservableOwner string++const (+	// Core Products teams+	ObservableOwnerSearch               ObservableOwner = "search"+	ObservableOwnerCampaigns            ObservableOwner = "campaigns"+	ObservableOwnerCodeIntel            ObservableOwner = "code-intel"+	ObservableOwnerExtensibility        ObservableOwner = "extensibility"+	ObservableOwnerCodeHostIntegrations ObservableOwner = "code-host-integrations"++	// Core Services teams
	// Core services teams
bobheadxi

comment created time in 18 days

more