Skip to content

Webhooks for GitLab projects are disabled on Unauthorized Errors #13985

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
AlexTugarev opened this issue Oct 19, 2022 · 1 comment · Fixed by #14421
Closed

Webhooks for GitLab projects are disabled on Unauthorized Errors #13985

AlexTugarev opened this issue Oct 19, 2022 · 1 comment · Fixed by #14421
Assignees
@AlexTugarev
Labels
feature: prebuilds feature: teams and projects [DEPRECATED] Please, use feature: organizations or feature: projects labels instead. git provider: gitlab type: bug Something isn't working

Comments

@AlexTugarev
Copy link
Member

Issue

We've learned now that GitLab webhooks are disabled automatically if the receiver (Gitpod) is responding with status codes other than 2xx. The rules for failing webhooks are basically:

  • on 5xx responses -> disable temporarily
  • on 4xx responses -> disable permanently, which requires manual re-enabling on GitLab

There seems to be at least two cases where the Unauthorized Error might occur:

  • when the Gitpod user who created the project disconnects from the GitLab integration.
  • (as we assume after scanning logs) when there are repository forks involved, for which webhook events are registered, but the Gitpod users is not authorized.

In any case, we should not upset GitLabs when webhooks cannot be triggered.

Solution

On Unauthorized Errors the GitLab webhook handler should respond with a code 2xx.

Further we should investigate

  • the errors on events for repository forks.
  • how to make Unauthorized Errors visible to project owners.
@AlexTugarev AlexTugarev added type: bug Something isn't working git provider: gitlab feature: prebuilds feature: teams and projects [DEPRECATED] Please, use feature: organizations or feature: projects labels instead. labels Oct 19, 2022
@AlexTugarev AlexTugarev moved this to Scheduled in 🍎 WebApp Team Oct 19, 2022
@AlexTugarev AlexTugarev mentioned this issue Oct 19, 2022
Open
@AlexTugarev AlexTugarev moved this from Scheduled to In Progress in 🍎 WebApp Team Nov 4, 2022
@AlexTugarev AlexTugarev self-assigned this Nov 4, 2022
@AlexTugarev AlexTugarev mentioned this issue Nov 4, 2022
Merged
4 tasks
Repository owner moved this from In Progress to In Validation in 🍎 WebApp Team Nov 7, 2022
@geropl
Copy link
Member

geropl commented Nov 23, 2022

@AlexTugarev Can we close this one? Looking at the activities it looks this might be a left-over.

@AlexTugarev AlexTugarev moved this from In Validation to Done in 🍎 WebApp Team Dec 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlexTugarev AlexTugarev

Labels
feature: prebuilds feature: teams and projects [DEPRECATED] Please, use feature: organizations or feature: projects labels instead. git provider: gitlab type: bug Something isn't working
Projects
🍎 WebApp Team
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[gitlab/webhook] return code 200 on Unauthorized gitpod-io/gitpod
2 participants
@AlexTugarev @geropl