* [public-api] add dummy service for testing
* [public-api] proxy dummy to server
* [public-api] hello service server impl
* [server] fix API contribution bindings
* [dashboard] emulate unary call
* only if actually called
* [dummy] auth
* fix tests
* [server] add interceptor to public api
* add server side observability
* fix port name
* change to unimplemented for unknown methods
* [public-api] client metrics
* fix metrics imports
* align server metrics
* actually fix metrics
* add feature flags
* fix server side streams
* [dashboard] hook error reporting
* rebase and fix imports
* feature flagged metrics from dashboard
* revert GRPC_TYPE
* address feedback
* Make db waiter to wait latest migration
* Move generate out of build
* Remove conn require
* Allow to ignore migration check
* Use shell
* Use fail and remote useless log
* Generate service-waiter txt when create migration
* Revert "Generate service-waiter txt when create migration"
This reverts commit 11c12b83544a448f9784f8aa94cdfd69cfb15f45.
* Add log
* Implement user account verification with LinkedIn during onboarding
* updating connect with linked-in banner
* removing unused imports
* Store token, fix binding
* Refactor LinkedInToken to LinkedInProfile
* Actually write the LinkedIn secret to the server config
* Fetch LinkedIn user profile and email address
* Add creationTime column to d_b_linked_in_profile
* Add more debug logging
* Fix LinkedIn API calls, mount LinkedInProfileDB
* Also bind LinkedInProfileDB
* Add LinkedIn scope r_liteprofile
* Enhance LinkedIn profile retrieval, store the profile, ensure uniqueness
* Align with UX spec and complete onboarding flow
* Prevent the LinkedIn button from auto-submitting the onboarding form
* Address nits (LinkedInService to /src and minor spacing)
---------
Co-authored-by: Brad Harris <bmharris@gmail.com>
* Add trust.cert-manager.io for to bundle CA certificates
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
* Configure CA volume and volumemount in components
* Update ws-manager golden files
* Deploy trust manager in preview
* Remove duplicated volume
* Update installer golden files
* Generate a bundle only for registry-facade
* Update golden files
* Fix initcontainer volume mounts
* Update golden files
* Fix registry-facade certificate
* Update golden files
* Disable skip_verify
* Enable force conflict with apply server side
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
* Avoid random werft namespace errors
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
---------
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
Workspace image builds
Update golden output
Deploy ws-manager tls secret in webapp
Remove ws-manager secrets
Update golden outputs
Enable movedImageBuilder by default
Add wsmanager tls to server if not meta install
Update output.golden
Install ws-proxy in meta
Update golden
Move wsproxy to IDE objs
Create experimental flag
Move ws-proxy to idecomponents
Remove ws-manager TLS cert from ws-proxy
skipSelf if WithoutWorkspaceComponents enabled
Fix ws-proxy config
This PR manually sets the `allowPrivilegeEscalation` container
config to false where we don't need extra capabilities. This
is needed as not setting this explicitely could mean that
it could still be `true` based on other settings.
This also helps us future proof on any behaviour changes around
this.
Signed-off-by: Tarun Pothulapati <tarun@gitpod.io>
The @grpc/grpc-node package does not support wildcards in the no_proxy
envvar. Add the FQDN's for the components that the server calls to the
no_grpc_proxy envvar so that these calls are not proxied
