feat(gitlab): preview deployments for merge requests via webhook (ports #4089)#121
Open
AminDhouib wants to merge 2 commits into
Open
feat(gitlab): preview deployments for merge requests via webhook (ports #4089)#121AminDhouib wants to merge 2 commits into
AminDhouib wants to merge 2 commits into
Conversation
Adds GitLab preview deployment support mirroring the existing GitHub flow. A new webhook endpoint (pages/api/deploy/gitlab.ts) handles Push, Tag Push, and Merge Request hooks: - MR open/update/reopen/labeled create or update a preview; close/merge tear it down. - Push/Tag hooks deploy apps configured with the matching trigger type, filtered by watch paths. - MR-author permission gate: authors without Developer+ access are blocked and notified once via a deduplicated MR note. Server side: - The gitlab table gains a webhook_secret column (migration backfills existing providers) used to authenticate incoming webhooks. - findGitlabByWebhookSecret looks up the provider by token. - utils/providers/gitlab gains checkGitlabMemberPermissions plus the MR-note helpers. - gitlab.one is org-scoped now that it returns the webhook secret. UI: the GitLab provider dialog shows the webhook URL and secret to copy into GitLab; the preview settings describe GitLab access levels for GitLab apps. Ports Dokploy#4089 by @edouard-mangel (open upstream at port time). Fork adaptations: preview limit is enforced only when creating a new preview (as in the Dokploy#4139 fix), not on updates to existing ones; migration uses fork slot 0195; sslip.io preview-domain branding preserved.
createPreviewDeployment posted the initializing PR comment via the GitHub App unconditionally. GitLab preview apps have no GitHub provider, so authGithub threw before the preview row was inserted, which would break GitLab previews. Guard the comment behind application.sourceType === "github"; GitLab previews surface status through MR notes posted by the GitLab webhook handler instead.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ports Dokploy#4089 by @edouard-mangel (open upstream at port time). Adds GitLab merge-request preview deployments, mirroring the existing GitHub flow.
What it does
New webhook endpoint
apps/dokploy/pages/api/deploy/gitlab.ts(authenticated by a per-providerwebhook_secret) handling:open/update/reopen/labeledcreate or update a preview;close/mergetear it down. Label filtering + preview-limit honored.triggerType, filtered by watch paths.checkGitlabMemberPermissions+createSecurityBlockedMRNote).Server:
gitlabtable gainswebhook_secret(migration slot 0195, backfills existing providers withgen_random_bytes);findGitlabByWebhookSecret; MR-note helpers inutils/providers/gitlab;gitlab.oneis now org-scoped since it returns the secret.UI: the GitLab provider dialog shows the webhook URL + secret (copy buttons); preview settings describe GitLab access levels for GitLab apps.
Fork adaptations
createPreviewDeploymentGitHub-comment guard (separate commit, my own fix): the fork'screatePreviewDeploymentposted the GitHub App comment unconditionally, andauthGithub(null)throws for GitLab apps — which would break GitLab previews. Guarded behindsourceType === "github". Upstream feat: GitLab preview deployments via webhook Dokploy/dokploy#4089 does not touchcreatePreviewDeployment; this is required for the fork.sslip.iopreview-domain wildcard preserved (dropped upstream'straefik.meandshadow-smreverts).when, own_journal.jsonentry only.Verification
pnpm --filter=dokploy typecheckclean.__test__/deploy/gitlab.test.ts(15) +__test__/utils/gitlab-preview-utils.test.ts(12).application.real.test.ts.Overlaps (for the conflict matrix)
packages/server/src/utils/providers/gitlab.ts: appended new functions; open fork PR fix: GitLab OAuth callback ignores Internal URL, attempts HTTPS causing ECONNREFUSED #48 edits a different function in this file (internal-URL OAuth fix) — should compose.packages/server/src/services/preview-deployment.ts: thesourceTypecomment-guard overlaps the fix: prevent duplicate preview deployments from concurrent pull_request webhooks Dokploy/dokploy#4289 idempotency rewrite (my other PR). Merged form: insert-first idempotent create + guard the GitHub comment bysourceTypeinside its try/catch.