[gitlab/webhook] return code 200 on Unauthorized

Otherwise we provoke permanent deactivation of the webhook. In future we need to make the Unauthorized situation fixable from Gitpod.

Author: AlexTugarev

components/server/ee/src/prebuilds/gitlab-app.ts

@@ -60,7 +60,7 @@ export class GitLabApp {
             if (eventType !== "Push Hook" || !secretToken) {
                 log.warn("Unhandled GitLab event.", { event: eventType, secretToken: !!secretToken });
                 res.status(200).send("Unhandled event.");
-                await this.webhookEvents.updateEvent(event.id, { status: "dismissed_unauthorized" });
+                await this.webhookEvents.updateEvent(event.id, { status: "ignored" });
                 return;
             }
 
@@ -75,11 +75,11 @@ export class GitLabApp {
                 TraceContext.setError({ span }, error);
             }
             if (!user) {
-                // If the webhook installer is no longer found in Gitpod's DB
-                // we should send a UNAUTHORIZED signal.
+                // Gitpod is not supposed to return 4xx codes on issues with project permissions.
                 span.finish();
-                res.status(401).send("Unauthorized.");
+                res.status(200).send("Unauthorized.");
                 await this.webhookEvents.updateEvent(event.id, { status: "dismissed_unauthorized" });
+                // TODO(at) explore ways to mark a project having issues with permissions.
                 return;
             }
             /** no await */ this.handlePushHook({ span }, context, user, event).catch((error) => {