2025-12-12 12:25:22 +00:00
6 changed files with 24 additions and 86 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,15 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## [Unreleased]

-### Fixed
- Fixed review agent so that it works with GHES instances [#611](https://github.com/sourcebot-dev/sourcebot/pull/611)
-
-### Added
- Added support for arbitrary user IDs required for OpenShift. [#658](https://github.com/sourcebot-dev/sourcebot/pull/658) 
-
-### Updated
- Improved error messages in file source api. [#665](https://github.com/sourcebot-dev/sourcebot/pull/665)
-
 ## [4.10.2] - 2025-12-04

 ### Fixed
--- a/8
+++ b/8
@ -195,7 +195,6 @@ RUN addgroup -g $GID sourcebot && \
    adduser -D -u $UID -h /app -S sourcebot && \
    adduser sourcebot postgres && \
    adduser sourcebot redis && \
-    chown -R sourcebot /app && \
    adduser sourcebot node && \
    mkdir /var/log/sourcebot && \
    chown sourcebot /var/log/sourcebot
@ -245,12 +244,7 @@ RUN mkdir -p /run/postgresql && \
    chown -R postgres:postgres /run/postgresql && \
    chmod 775 /run/postgresql

-# Make app directory accessible to both root and sourcebot user
-RUN chown -R sourcebot /app \
-	&& chgrp -R 0  /app \
-	&& chmod -R g=u /app
-# Make data directory accessible to both root and sourcebot user
-RUN chown -R sourcebot /data
+RUN chown -R sourcebot:sourcebot /data

 COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 COPY prefix-output.sh ./prefix-output.sh
--- a/docs/docs/features/permission-syncing.mdx
+++ b/docs/docs/features/permission-syncing.mdx
@ -1,11 +1,14 @@
 ---
 title: "Permission syncing"
 sidebarTitle: "Permission syncing"
+tag: "experimental"
 ---

 import LicenseKeyRequired from '/snippets/license-key-required.mdx'
+import ExperimentalFeatureWarning from '/snippets/experimental-feature-warning.mdx'

 <LicenseKeyRequired />
+<ExperimentalFeatureWarning />

 # Overview

--- a/packages/web/src/actions.ts
+++ b/packages/web/src/actions.ts
@ -38,8 +38,8 @@ const auditService = getAuditService();
 /**
 * "Service Error Wrapper".
 * 
- * Captures any thrown exceptions, logs them to the console and Sentry,
- * and returns a generic unexpected service error.
+ * Captures any thrown exceptions and converts them to a unexpected
+ * service error. Also logs them with Sentry.
 */
 export const sew = async <T>(fn: () => Promise<T>): Promise<T | ServiceError> => {
    try {
@ -52,6 +52,10 @@ export const sew = async <T>(fn: () => Promise<T>): Promise<T | ServiceError> =>
            return e.serviceError;
        }

+        if (e instanceof Error) {
+            return unexpectedError(e.message);
+        }
+
        return unexpectedError(`An unexpected error occurred. Please try again later.`);
    }
 }
--- a/packages/web/src/app/[domain]/browse/[...path]/components/codePreviewPanel.tsx
+++ b/packages/web/src/app/[domain]/browse/[...path]/components/codePreviewPanel.tsx
@ -22,12 +22,8 @@ export const CodePreviewPanel = async ({ path, repoName, revisionName }: CodePre
        getRepoInfoByName(repoName),
    ]);

-    if (isServiceError(fileSourceResponse)) {
-        return <div>Error loading file source: {fileSourceResponse.message}</div>
-    }
-
-    if (isServiceError(repoInfoResponse)) {
-        return <div>Error loading repo info: {repoInfoResponse.message}</div>
+    if (isServiceError(fileSourceResponse) || isServiceError(repoInfoResponse)) {
+        return <div>Error loading file source</div>
    }

    const codeHostInfo = getCodeHostInfoForRepo({
--- a/packages/web/src/app/api/(server)/webhook/route.ts
+++ b/packages/web/src/app/api/(server)/webhook/route.ts
@ -6,32 +6,28 @@ import { WebhookEventDefinition} from "@octokit/webhooks/types";
 import { EndpointDefaults } from "@octokit/types";
 import { env } from "@sourcebot/shared";
 import { processGitHubPullRequest } from "@/features/agents/review-agent/app";
-import { throttling, type ThrottlingOptions } from "@octokit/plugin-throttling";
+import { throttling } from "@octokit/plugin-throttling";
 import fs from "fs";
 import { GitHubPullRequest } from "@/features/agents/review-agent/types";
 import { createLogger } from "@sourcebot/shared";

 const logger = createLogger('github-webhook');

-const DEFAULT_GITHUB_API_BASE_URL = "https://api.github.com";
-type GitHubAppBaseOptions = Omit<ConstructorParameters<typeof App>[0], "Octokit"> & { throttle: ThrottlingOptions };
-
-let githubAppBaseOptions: GitHubAppBaseOptions | undefined;
-const githubAppCache = new Map<string, App>();
-
+let githubApp: App | undefined;
 if (env.GITHUB_REVIEW_AGENT_APP_ID && env.GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET && env.GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATH) {
    try {
        const privateKey = fs.readFileSync(env.GITHUB_REVIEW_AGENT_APP_PRIVATE_KEY_PATH, "utf8");

-        githubAppBaseOptions = {
+        const throttledOctokit = Octokit.plugin(throttling);
+        githubApp = new App({
            appId: env.GITHUB_REVIEW_AGENT_APP_ID,
-            privateKey,
+            privateKey: privateKey,
            webhooks: {
                secret: env.GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET,
            },
+            Octokit: throttledOctokit,
            throttle: {
-                enabled: true,
-                onRateLimit: (retryAfter, _options, _octokit, retryCount) => {
+                onRateLimit: (retryAfter: number, options: Required<EndpointDefaults>, octokit: Octokit, retryCount: number) => {
                    if (retryCount > 3) {
                        logger.warn(`Rate limit exceeded: ${retryAfter} seconds`);
                        return false;
@ -39,55 +35,13 @@ if (env.GITHUB_REVIEW_AGENT_APP_ID && env.GITHUB_REVIEW_AGENT_APP_WEBHOOK_SECRET

                    return true;
                },
-                onSecondaryRateLimit: (_retryAfter, options) => {
-                  // no retries on secondary rate limits
-                  logger.warn(`SecondaryRateLimit detected for ${options.method} ${options.url}`);
-                }
-            },
-        };
+            }
+        });
    } catch (error) {
        logger.error(`Error initializing GitHub app: ${error}`);
    }
 }

-const normalizeGithubApiBaseUrl = (baseUrl?: string) => {
-    if (!baseUrl) {
-        return DEFAULT_GITHUB_API_BASE_URL;
-    }
-
-    return baseUrl.replace(/\/+$/, "");
-};
-
-const resolveGithubApiBaseUrl = (headers: Record<string, string>) => {
-    const enterpriseHost = headers["x-github-enterprise-host"];
-    if (enterpriseHost) {
-        return normalizeGithubApiBaseUrl(`https://${enterpriseHost}/api/v3`);
-    }
-
-    return DEFAULT_GITHUB_API_BASE_URL;
-};
-
-const getGithubAppForBaseUrl = (baseUrl: string) => {
-    if (!githubAppBaseOptions) {
-        return undefined;
-    }
-
-    const normalizedBaseUrl = normalizeGithubApiBaseUrl(baseUrl);
-    const cachedApp = githubAppCache.get(normalizedBaseUrl);
-    if (cachedApp) {
-        return cachedApp;
-    }
-
-    const OctokitWithBaseUrl = Octokit.plugin(throttling).defaults({ baseUrl: normalizedBaseUrl });
-    const app = new App({
-        ...githubAppBaseOptions,
-        Octokit: OctokitWithBaseUrl,
-    });
-
-    githubAppCache.set(normalizedBaseUrl, app);
-    return app;
-};
-
 function isPullRequestEvent(eventHeader: string, payload: unknown): payload is WebhookEventDefinition<"pull-request-opened"> | WebhookEventDefinition<"pull-request-synchronize"> {
    return eventHeader === "pull_request" && typeof payload === "object" && payload !== null && "action" in payload && typeof payload.action === "string" && (payload.action === "opened" || payload.action === "synchronize");
 }
@ -98,16 +52,12 @@ function isIssueCommentEvent(eventHeader: string, payload: unknown): payload is

 export const POST = async (request: NextRequest) => {
    const body = await request.json();
-    const headers = Object.fromEntries(Array.from(request.headers.entries(), ([key, value]) => [key.toLowerCase(), value]));
+    const headers = Object.fromEntries(request.headers.entries());

-    const githubEvent = headers['x-github-event'];
+    const githubEvent = headers['x-github-event'] || headers['X-GitHub-Event'];
    if (githubEvent) {
        logger.info('GitHub event received:', githubEvent);

-        const githubApiBaseUrl = resolveGithubApiBaseUrl(headers);
-        logger.debug('Using GitHub API base URL for event', { githubApiBaseUrl });
-        const githubApp = getGithubAppForBaseUrl(githubApiBaseUrl);
-
        if (!githubApp) {
            logger.warn('Received GitHub webhook event but GitHub app env vars are not set');
            return Response.json({ status: 'ok' });
@ -163,4 +113,4 @@ export const POST = async (request: NextRequest) => {
    }

    return Response.json({ status: 'ok' });
-}
+}