TravisCi Web enterprise merge.

.dockerignore

@@ -7,6 +7,7 @@ tmp
 # dependencies
 bower_components
 node_modules
+tests
 
 # misc
 .env*

.travis.yml

@@ -1,6 +1,7 @@
 ---
 language: node_js
 node_js: 10
+group: edge
 
 env:
   global:
@@ -21,6 +22,7 @@ cache:
 before_install:
   - npm config set spin false
   - npm install -g greenkeeper-lockfile@1
+  - gem install bundler:2.3.7
 
 install:
   - npm ci

Dockerfile.ycie

@@ -0,0 +1,67 @@
+FROM ruby:3.2.2 as build
+
+LABEL maintainer Travis CI GmbH <[email protected]>
+
+ENV NPM_CONFIG_LOGLEVEL info
+ENV NODE_VERSION 10.7.0
+ENV YARN_VERSION 0.22.0
+
+RUN ( \
+  groupadd --gid 1000 node \
+  && useradd --uid 1000 --gid node --shell /bin/bash --create-home node; \
+  curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.xz" \
+  && tar -xJf "node-v$NODE_VERSION-linux-x64.tar.xz" -C /usr/local --strip-components=1 \
+  && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \
+  curl -fSL -o yarn.js "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-legacy-$YARN_VERSION.js" \
+  && mv yarn.js /usr/local/bin/yarn \
+  && chmod +x /usr/local/bin/yarn; \
+  mkdir -p /app; \
+)
+COPY package.json /app
+COPY package-lock.json /app
+COPY . /app
+
+WORKDIR /app
+
+RUN (\
+  npm install --silent -g ember-cli; \
+  npm ci; \
+  ember build --environment=production; \
+  ls -l /app; \
+  ls -l /app/dist; \
+)
+
+FROM ruby:2.7.5-slim
+
+LABEL maintainer Travis CI GmbH <[email protected]>
+
+RUN ( \
+  gem install bundler:2.3.7; \
+  bundle config --global frozen 1; \
+  mkdir -p /app/dist; \
+)
+
+WORKDIR /app
+
+COPY --from=build /app/dist/ /app/dist/
+COPY --from=build /app/maintenance/ /app/maintenance/
+COPY Gemfile* /app/
+COPY waiter /app/waiter
+COPY public /app/public
+COPY ssl    /app/ssl
+
+RUN (\
+
+  cp -a public/* dist/; \
+  rm -rf public; \
+  apt-get update ; \
+  apt-get upgrade -y ; \
+  apt-get install -y --no-install-recommends git make gcc g++ libpq-dev libjemalloc-dev; \
+  rm -rf /var/lib/apt/lists/*; \
+  bundle install --without assets development test; \
+  sed -i "/stripe.com\/v3/d" /app/dist/index.html; \
+  apt-get remove -y gcc g++ make git perl && apt-get -y autoremove; \
+)
+
+
+CMD ["bundle", "exec", "puma", "-I", "lib", "-p", "${PORT:-4000}", "-t", "${PUMA_MIN_THREADS:-8}:${PUMA_MAX_THREADS:-12}", "-w", "${PUMA_WORKERS:-2}", "--preload", "waiter/config.ru" ]

Gemfile

@@ -7,11 +7,12 @@ source 'https://rubygems.org'
 gem 'hashr'
 gem 'puma', '~> 6'
 gem 'rack-mobile-detect'
-gem 'rack-protection', '~> 3.0'
+gem 'rack-protection', '~> 3.0', '~> 2'
 gem 'rack-ssl', '~> 1.4'
 gem 'sanitize'
 gem 'sinatra'
 gem 'travis-web', path: 'waiter'
+gem 'nokogiri', '~> 1.13.6'
 
 group :development, :test do
   gem 'rake'

Makefile

@@ -27,7 +27,7 @@ DOCKER ?= docker
 
 .PHONY: docker-build
 docker-build:
-	$(DOCKER) build -t $(DOCKER_DEST) .
+	$(DOCKER) build --pull --no-cache -t $(DOCKER_DEST) . -f Dockerfile.ycie
 
 .PHONY: docker-login
 docker-login:

app/components/github-apps-repository.js

@@ -77,6 +77,28 @@ export default Component.extend({
     }
   }),
 
+  hasEmailSubscription: computed('repository', 'repository.emailSubscribed', function () {
+    return this.repository.emailSubscribed;
+  }),
+
+  emailSubscriptionDescription: computed('repository', 'repository.emailSubscribed', function () {
+    return `${this.repository.emailSubscribed ? 'Disable ' : 'Enable '} build mails for ${this.repository.name}`;
+  }),
+
+  toggleRepositoryEmailSubscription: task(function* () {
+    const repository = this.repository;
+    try {
+      if (repository.emailSubscribed) {
+        yield repository.unsubscribe.perform();
+      } else {
+        yield repository.subscribe.perform();
+      }
+      yield repository.reload();
+    } catch (error) {
+      this.set('apiError', error);
+    }
+  }),
+
   toggleRepositoryTask: task(function* () {
     const repository = this.repository;
     try {

app/components/owner/repositories.js

@@ -35,7 +35,6 @@ export default Component.extend({
   isMatchGithub: match('owner.vcsType', /Github\S+$/),
   isOwnerVcsTypeEmpty: empty('owner.vcsType'),
   isNotGithubRepository: not('isGithubRepository'),
-  hasGitHubAppsInstallation: notEmpty('owner.installation'),
 
   isEnterprise: reads('features.enterpriseVersion'),
   isNotEnterprise: not('isEnterprise'),
@@ -102,13 +101,30 @@ export default Component.extend({
       let isOrganization = this.get('owner.isOrganization');
       let ownerGithubId = this.get('owner.githubId');
       let installationGithubId = this.get('owner.installation.githubId');
+      let sourceEndpoint = `${config.sourceEndpoint}`;
 
-      if (appName && appName.length) {
+      if (sourceEndpoint === 'undefined') {
+        sourceEndpoint = 'https://github.com';
+      }
+
+      if (!installationGithubId) {
+        let ownerId = this.get('owner.id');
+        let ownerType = this.get('owner.type');
+        const installations = this.store.peekAll('installation').filterBy('owner.id', ownerId) || null;
+        if (installations) {
+          const installation = installations.findBy('owner.type', ownerType) || null;
+          if (installation) {
+            installationGithubId = installation.githubId;
+          }
+        }
+      }
+
+      if (!installationGithubId && appName && appName.length) {
         return `${config.githubAppsEndpoint}/${appName}/installations/new/permissions?suggested_target_id=${ownerGithubId}`;
       } else if (isOrganization) {
-        return `https://github.com/organizations/${login}/settings/installations/${installationGithubId}`;
+        return `${sourceEndpoint}/organizations/${login}/settings/installations/${installationGithubId}`;
       } else {
-        return `https://github.com/settings/installations/${installationGithubId}`;
+        return `${sourceEndpoint}/settings/installations/${installationGithubId}`;
       }
     }
   ),

app/styles/app/layouts/settings.scss

@@ -498,3 +498,12 @@ $env-var-value-background: lighten($cement-grey, 20);
     margin-left: 20px;
   }
 }
+
+.ember-tooltip {
+  min-width: 200px;
+  max-width: 1316px;
+
+  .tooltip-inner {
+  }
+
+}

app/templates/components/env-var.hbs

@@ -1,4 +1,5 @@
-<div class="env-var-name">
+<EmberTooltip @text={{this.envVar.name}} @targetId='env-var-name-{{envVar.id}}'  @popperContainer='body'/>
+<div class="env-var-name" id='env-var-name-{{envVar.id}}'>
   {{this.envVar.name}}
 </div>
 <div class="env-var-value">

app/templates/components/requests-item.hbs

@@ -34,7 +34,10 @@
   </span>
 </div>
 <div class="row-item fade-out" data-requests-item-commit-message>
-  {{{format-message this.request.commit.message short="true" repo=this.build.repo}}}
+  <span id='requests-item-{{request.id}}-commit-message'>
+    <EmberTooltip @text={{this.request.commit.message}} @targetId='requests-item-{{request.id}}-commit-message' @popperContainer='body'/>
+    {{{format-message this.request.commit.message short="true" repo=this.build.repo}}}
+  </span>
 </div>
 <div class="row-item" data-requests-item-build>
   {{#if this.build}}

app/templates/settings.hbs

@@ -146,6 +146,102 @@
       </li>
     </ul>
   </section>
+  <section class="settings-section">
+    <h2 class="small-title">
+      Security settings
+    </h2>
+    <p>
+      The {{vcs-vocab this.repo.vcsType 'pullRequest' lower=true}} ({{vcs-vocab this.repo.vcsType 'pr'}}) settings are applicable for git-based {{vcs-vocab this.repo.vcsType 'pullRequest' plural=true lower=true}} from forks of this repository filed against this repository.
+    </p>
+    <p>
+      Sharing data with forks allows more comfortable collaboration when collaborators are forking from your repository, but builds initiated by the {{vcs-vocab this.repo.vcsType 'pullRequest' plural=true lower=true}} from forks against your base repository get access to your decrypted environmental variables and/or keys.
+    </p>
+    <p>
+      Not sharing secrets is more secure but makes it much less convenient to collaborate using forks.
+    </p>
+    <ul class="settings-list--columns">
+      <li>
+        <SettingsSwitch
+          @active={{this.model.settings.share_encrypted_env_with_forks}}
+          @repo={{this.repo}}
+          @description="Share encrypted env variables with forks ({{vcs-vocab this.repo.vcsType 'pr' plural=true}})"
+          @key="share_encrypted_env_with_forks"
+        />
+        <ExternalLinkTo
+          href="https://docs.travis-ci.com/user/web-ui/#share-encrypted-variables-with-forks-pull-request"
+          title="about sharing encrypted environmental variables with forks ({{vcs-vocab this.repo.vcsType 'pullRequest' plural=true lower=true}})"
+          class="settings-tooltip"
+        >
+          <EmberTooltip @text="Read more about sharing encrypted environmental variables with forks ({{vcs-vocab this.repo.vcsType 'pullRequest' plural=true lower=true}})" />
+          <SvgImage @name="icon-help" @class="icon-help" />
+        </ExternalLinkTo>
+      </li>
+      {{#if (or this.features.enterpriseVersion this.repo.private)}}
+        <li>
+          <SettingsSwitch
+            @active={{this.model.settings.share_ssh_keys_with_forks}}
+            @repo={{this.repo}}
+            @description="Share SSH keys with forks ({{vcs-vocab this.repo.vcsType 'pr' plural=true}})"
+            @key="share_ssh_keys_with_forks"
+          />
+          <ExternalLinkTo
+            href="https://docs.travis-ci.com/user/web-ui/#share-ssh-keys-with-forks-pull-request"
+            title="about sharing SSH keys with forks ({{vcs-vocab this.repo.vcsType 'pullRequest'}})"
+            class="settings-tooltip"
+          >
+            <EmberTooltip @text="Read more about sharing SSH keys with forks ({{vcs-vocab this.repo.vcsType 'pullRequest' plural=true lower=true}})" />
+            <SvgImage @name="icon-help" @class="icon-help" />
+          </ExternalLinkTo>
+        </li>
+      {{/if}}
+    </ul>
+    <p>
+      Enable access to build job logs older than {{this.model.settings.job_log_access_older_than_days}} days. When set to OFF logs older than {{this.model.settings.job_log_access_older_than_days}} days are
+      not available either via UI or API. Please consider if there's a risk of confidential information
+      being leaked prior to enabling access to old build job logs. If you want to modify the time
+      threshold, please contact support.
+    </p>
+    <ul class="settings-list--row">
+      <li>
+        <SettingsSwitch
+          @active={{this.model.settings.job_log_time_based_limit}}
+          @repo={{this.repo}}
+          @description="Enable access to old build job logs."
+          @key="job_log_time_based_limit"
+        />
+        <ExternalLinkTo
+          href="https://docs.travis-ci.com/user/web-ui/#share-encrypted-variables-with-forks-pull-request"
+          title="about enabling access to old build jobs"
+          class="settings-tooltip"
+        >
+          <EmberTooltip @text="Read more about enabling access to old build jobs" />
+          <SvgImage @name="icon-help" @class="icon-help" />
+        </ExternalLinkTo>
+      </li>
+    </ul>
+    <p>
+      Enabling access to build job logs only for users with write/push permissions to this repository will limit access to build job logs via UI and API. When set to OFF, all users with read access to the
+      repository can access the build job logs.
+    </p>
+    <ul class="settings-list--row">
+      <li>
+        <SettingsSwitch
+          @active={{this.model.settings.job_log_access_based_limit}}
+          @repo={{this.repo}}
+          @description="Limit access to build job logs (users with write/push access only)"
+          @key="job_log_access_based_limit"
+        />
+        <ExternalLinkTo
+          href="https://docs.travis-ci.com/user/web-ui/#share-encrypted-variables-with-forks-pull-request"
+          title="about limiting access to build job logs."
+          class="settings-tooltip"
+        >
+          <EmberTooltip @text="Read more about limiting access to build job logs" />
+          <SvgImage @name="icon-help" @class="icon-help" />
+        </ExternalLinkTo>
+      </li>
+    </ul>
+  </section>
   {{#if this.showAutoCancellationSwitches}}
     <section class="settings-section auto-cancellation">
       <h2 class="small-title display-inline">