* Implement user account verification with LinkedIn during onboarding
* updating connect with linked-in banner
* removing unused imports
* Store token, fix binding
* Refactor LinkedInToken to LinkedInProfile
* Actually write the LinkedIn secret to the server config
* Fetch LinkedIn user profile and email address
* Add creationTime column to d_b_linked_in_profile
* Add more debug logging
* Fix LinkedIn API calls, mount LinkedInProfileDB
* Also bind LinkedInProfileDB
* Add LinkedIn scope r_liteprofile
* Enhance LinkedIn profile retrieval, store the profile, ensure uniqueness
* Align with UX spec and complete onboarding flow
* Prevent the LinkedIn button from auto-submitting the onboarding form
* Address nits (LinkedInService to /src and minor spacing)
---------
Co-authored-by: Brad Harris <bmharris@gmail.com>
* Add trust.cert-manager.io for to bundle CA certificates
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
* Configure CA volume and volumemount in components
* Update ws-manager golden files
* Deploy trust manager in preview
* Remove duplicated volume
* Update installer golden files
* Generate a bundle only for registry-facade
* Update golden files
* Fix initcontainer volume mounts
* Update golden files
* Fix registry-facade certificate
* Update golden files
* Disable skip_verify
* Enable force conflict with apply server side
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
* Avoid random werft namespace errors
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
---------
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
Workspace image builds
Update golden output
Deploy ws-manager tls secret in webapp
Remove ws-manager secrets
Update golden outputs
Enable movedImageBuilder by default
Add wsmanager tls to server if not meta install
Update output.golden
Install ws-proxy in meta
Update golden
Move wsproxy to IDE objs
Create experimental flag
Move ws-proxy to idecomponents
Remove ws-manager TLS cert from ws-proxy
skipSelf if WithoutWorkspaceComponents enabled
Fix ws-proxy config
This PR manually sets the `allowPrivilegeEscalation` container
config to false where we don't need extra capabilities. This
is needed as not setting this explicitely could mean that
it could still be `true` based on other settings.
This also helps us future proof on any behaviour changes around
this.
Signed-off-by: Tarun Pothulapati <tarun@gitpod.io>
The @grpc/grpc-node package does not support wildcards in the no_proxy
envvar. Add the FQDN's for the components that the server calls to the
no_grpc_proxy envvar so that these calls are not proxied
