fix: add support for anyuid to Dockerfile (#658 )

* fix: add support for anyuid to Dockerfile * changelog --------- Co-authored-by: Cade Schlaefli <cade.schlaefli@mouser.com> Co-authored-by: Brendan Kellam <bshizzle1234@gmail.com>
Add GHES support to the review agent (#611 )
2025-12-12 04:15:30 +00:00 · 2025-12-04 22:29:23 -08:00 · 2025-12-04 22:08:24 -08:00
3 changed files with 75 additions and 13 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 ### Fixed
 - Fixed review agent so that it works with GHES instances [#611](https://github.com/sourcebot-dev/sourcebot/pull/611)
 ### Added
 - Added support for arbitrary user IDs required for OpenShift. [#658](https://github.com/sourcebot-dev/sourcebot/pull/658) 
 ## [4.10.2] - 2025-12-04
 ### Fixed
--- a/8
+++ b/8
@ -195,6 +195,7 @@ RUN addgroup -g $GID sourcebot && \
    adduser -D -u $UID -h /app -S sourcebot && \
    adduser sourcebot postgres && \
    adduser sourcebot redis && \
    chown -R sourcebot /app && \
    adduser sourcebot node && \
    mkdir /var/log/sourcebot && \
    chown sourcebot /var/log/sourcebot
@ -244,7 +245,12 @@ RUN mkdir -p /run/postgresql && \
    chown -R postgres:postgres /run/postgresql && \
    chmod 775 /run/postgresql
-RUN chown -R sourcebot:sourcebot /data
+# Make app directory accessible to both root and sourcebot user
 RUN chown -R sourcebot /app \
 	&& chgrp -R 0  /app \
 	&& chmod -R g=u /app
 # Make data directory accessible to both root and sourcebot user
 RUN chown -R sourcebot /data
 COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 COPY prefix-output.sh ./prefix-output.sh
--- a/packages/web/src/app/api/(server)/webhook/route.ts
+++ b/packages/web/src/app/api/(server)/webhook/route.ts
@ -6,28 +6,32 @@ import { WebhookEventDefinition} from "@octokit/webhooks/types";
 import { EndpointDefaults } from "@octokit/types";
 import { env } from "@sourcebot/shared";
 import { processGitHubPullRequest } from "@/features/agents/review-agent/app";
-import { throttling } from "@octokit/plugin-throttling";
+import { throttling, type ThrottlingOptions } from "@octokit/plugin-throttling";
 import fs from "fs";
 import { GitHubPullRequest } from "@/features/agents/review-agent/types";
 import { createLogger } from "@sourcebot/shared";
 const logger = createLogger('github-webhook');
-let githubApp: App | undefined;
+const DEFAULT_GITHUB_API_BASE_URL = "https://api.github.com";
 type GitHubAppBaseOptions = Omit<ConstructorParameters<typeof App>[0], "Octokit"> & { throttle: ThrottlingOptions };
 let githubAppBaseOptions: GitHubAppBaseOptions | undefined;
 const githubAppCache = new Map<string, App>();
 if (env.GITHUB_REVIEW_AGENT_APP_ID && env.GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET && env.GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATH) {
    try {
        const privateKey = fs.readFileSync(env.GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATH, "utf8");
-        const throttledOctokit = Octokit.plugin(throttling);
+        githubAppBaseOptions = {
        githubApp = new App({
            appId: env.GITHUB_REVIEW_AGENT_APP_ID,
-            privateKey: privateKey,
+            privateKey,
            webhooks: {
                secret: env.GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET,
            },
            Octokit: throttledOctokit,
            throttle: {
-                onRateLimit: (retryAfter: number, options: Required<EndpointDefaults>, octokit: Octokit, retryCount: number) => {
+                enabled: true,
                onRateLimit: (retryAfter, _options, _octokit, retryCount) => {
                    if (retryCount > 3) {
                        logger.warn(`Rate limit exceeded: ${retryAfter} seconds`);
                        return false;
@ -35,13 +39,55 @@ if (env.GITHUB_REVIEW_AGENT_APP_ID && env.GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET
                    return true;
                },
                onSecondaryRateLimit: (_retryAfter, options) => {
                  // no retries on secondary rate limits
                  logger.warn(`SecondaryRateLimit detected for ${options.method} ${options.url}`);
                }
-        });
+            },
        };
    } catch (error) {
        logger.error(`Error initializing GitHub app: ${error}`);
    }
 }
 const normalizeGithubApiBaseUrl = (baseUrl?: string) => {
    if (!baseUrl) {
        return DEFAULT_GITHUB_API_BASE_URL;
    }
    return baseUrl.replace(/\/+$/, "");
 };
 const resolveGithubApiBaseUrl = (headers: Record<string, string>) => {
    const enterpriseHost = headers["x-github-enterprise-host"];
    if (enterpriseHost) {
        return normalizeGithubApiBaseUrl(`https://${enterpriseHost}/api/v3`);
    }
    return DEFAULT_GITHUB_API_BASE_URL;
 };
 const getGithubAppForBaseUrl = (baseUrl: string) => {
    if (!githubAppBaseOptions) {
        return undefined;
    }
    const normalizedBaseUrl = normalizeGithubApiBaseUrl(baseUrl);
    const cachedApp = githubAppCache.get(normalizedBaseUrl);
    if (cachedApp) {
        return cachedApp;
    }
    const OctokitWithBaseUrl = Octokit.plugin(throttling).defaults({ baseUrl: normalizedBaseUrl });
    const app = new App({
        ...githubAppBaseOptions,
        Octokit: OctokitWithBaseUrl,
    });
    githubAppCache.set(normalizedBaseUrl, app);
    return app;
 };
 function isPullRequestEvent(eventHeader: string, payload: unknown): payload is WebhookEventDefinition<"pull-request-opened"> | WebhookEventDefinition<"pull-request-synchronize"> {
    return eventHeader === "pull_request" && typeof payload === "object" && payload !== null && "action" in payload && typeof payload.action === "string" && (payload.action === "opened" || payload.action === "synchronize");
 }
@ -52,12 +98,16 @@ function isIssueCommentEvent(eventHeader: string, payload: unknown): payload is
 export const POST = async (request: NextRequest) => {
    const body = await request.json();
-    const headers = Object.fromEntries(request.headers.entries());
+    const headers = Object.fromEntries(Array.from(request.headers.entries(), ([key, value]) => [key.toLowerCase(), value]));
-    const githubEvent = headers['x-github-event'] || headers['X-GitHub-Event'];
+    const githubEvent = headers['x-github-event'];
    if (githubEvent) {
        logger.info('GitHub event received:', githubEvent);
        const githubApiBaseUrl = resolveGithubApiBaseUrl(headers);
        logger.debug('Using GitHub API base URL for event', { githubApiBaseUrl });
        const githubApp = getGithubAppForBaseUrl(githubApiBaseUrl);
        if (!githubApp) {
            logger.warn('Received GitHub webhook event but GitHub app env vars are not set');
            return Response.json({ status: 'ok' });
Author	SHA1	Message	Date
Cade 🐀	3d85a0595c	fix: add support for anyuid to Dockerfile (#658 ) Some checks are pending Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run Details Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run Details Publish to ghcr / merge (push) Blocked by required conditions Details Update Roadmap Released / update (push) Waiting to run Details * fix: add support for anyuid to Dockerfile * changelog --------- Co-authored-by: Cade Schlaefli <cade.schlaefli@mouser.com> Co-authored-by: Brendan Kellam <bshizzle1234@gmail.com>	2025-12-04 22:29:23 -08:00
Brian Phillips	84cf524d84	Add GHES support to the review agent (#611 ) * add support for GHES to the review agent * fix throttling types --------- Co-authored-by: Brendan Kellam <bshizzle1234@gmail.com>	2025-12-04 22:08:24 -08:00