feat(github-enterprise): Add API-driven pipeline backend for GHE integration setup#114366
Conversation
github-actions
Bot
added
the
Scope: Backend
![sentry-warden[bot]](https://avatars.githubusercontent.com/in/2755838?s=60&v=4){kind=small}
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
|
This pull request has gone three weeks without activity. In another week, I will close it. But! If you comment or otherwise update it, I will reset the clock, and if you add the label "A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀 |
evanpurkhiser
force-pushed
the
evanpurkhiser/feat-github-enterprise-add-api-driven-pipeline-backend-for-ghe-integration-setup
branch
from
a0cb2a8 to
0ead907
Compare
evanpurkhiser
force-pushed
the
evanpurkhiser/feat-github-enterprise-add-api-driven-pipeline-backend-for-ghe-integration-setup
branch
from
0ead907 to
4b21e39
Compare
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
evanpurkhiser
force-pushed
the
evanpurkhiser/feat-github-enterprise-add-api-driven-pipeline-backend-for-ghe-integration-setup
branch
from
4b21e39 to
1726074
Compare
evanpurkhiser
force-pushed
the
evanpurkhiser/feat-github-enterprise-add-api-driven-pipeline-backend-for-ghe-integration-setup
branch
3 times, most recently
from
6c1a048 to
f5d0fc3
Compare
| url = URLField(required=True) | ||
| id = CharField(required=True) | ||
| name = CharField(required=True) | ||
| public_link = URLField(required=False, allow_blank=True, default="") |
There was a problem hiding this comment.
Bug: The new GHEInstallationConfigSerializer uses URLField, which requires a URL scheme. This is a regression from the old form that accepted URLs without a scheme like github.example.com.
Severity: MEDIUM
Suggested Fix
Modify the GHEInstallationConfigSerializer to handle URLs without a scheme, similar to the old form-based logic. This could involve using a custom field or overriding the validate_url method to prepend https:// if a scheme is missing before validation. This would restore the previous, more user-friendly behavior.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.
Location: src/sentry/integrations/github_enterprise/integration.py#L565
Potential issue: The new API endpoint for configuring GitHub Enterprise integrations,
which uses `GHEInstallationConfigSerializer`, now requires the URL to include a scheme
(e.g., `https://`). This is because it uses `rest_framework.fields.URLField` for
validation. The previous form-based implementation was more lenient, using
`forms.CharField` and custom logic to handle URLs submitted without a scheme, such as
`github.example.com`. This change introduces a regression where users may encounter
unexpected validation errors for input that was previously accepted.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit f5d0fc3. Configure here.
| pipeline: IntegrationPipeline, | ||
| request: HttpRequest, | ||
| ) -> PipelineStepResult: | ||
| validated_data["url"] = urlparse(validated_data["url"]).netloc.lower() |
There was a problem hiding this comment.
API URL host normalization mismatch
Medium Severity
The GHEInstallationConfigApiStep incorrectly parses installation URLs when the hostname is in the path (e.g., example.com instead of https://example.com). This results in an empty host, leading to malformed OAuth URLs and bypassing the github.com feature gate.
Reviewed by Cursor Bugbot for commit f5d0fc3. Configure here.
…gration setup Implement `get_pipeline_api_steps()` on `GitHubEnterpriseIntegrationProvider` with three steps: installation config (URL, app credentials, keys), app install redirect (popup-based GitHub app installation with polling), and a late-bound OAuth step constructed from the config step's data. Includes serializers for each step and updates `build_integration()` to handle both legacy and API state paths. Ref [VDY-40](https://linear.app/getsentry/issue/VDY-40/github-enterprise-api-driven-integration-setup)
evanpurkhiser
force-pushed
the
evanpurkhiser/feat-github-enterprise-add-api-driven-pipeline-backend-for-ghe-integration-setup
branch
from
f5d0fc3 to
5c9c3ba
Compare
evanpurkhiser
deleted the
evanpurkhiser/feat-github-enterprise-add-api-driven-pipeline-backend-for-ghe-integration-setup
branch
2 participants
Implement
get_pipeline_api_steps()onGitHubEnterpriseIntegrationProviderwith three steps: installation config (URL, app credentials, keys), app install redirect (popup-based GitHub app installation with polling), and a late-bound OAuth step constructed from the config step's data. Includes serializers for each step and updatesbuild_integration()to handle both legacy and API state paths.Ref VDY-40