Adding automatic app install (#2064)

* fixing APP_KEY throughout

* fixing test

* fixing test for auto install app

* fixing e2e failure

* fixing auto install

* fixing a few things

* small fix for staging/production

* updating snapshots

Author: mboudreau

.env.example

@@ -4,8 +4,18 @@ NGROK_AUTHTOKEN=some-token
 # Unique name for the jira app, used in the Atlassian Connect manifest to
 # differentiate this instance from other deployments (staging, dev instances, etc).
 # Recommended to use your github username here
-INSTANCE_NAME=your-app-instance-name
+APP_KEY=com.github.integration.your-unique-instance-name
+
+# Your Jira URL
+ATLASSIAN_URL=https://your-unique-jira-subdomain.atlassian.net
+
+# Add your Jira email/API token for automatic app installation
+# Create a new API token in Jira [https://id.atlassian.com/manage-profile/security/api-tokens]
+JIRA_ADMIN_EMAIL=
+JIRA_ADMIN_API_TOKEN=
 
 # These will be automatically filled when the docker container starts
 APP_URL=http://localhost
 WEBHOOK_PROXY_URL=http://localhost
+
+

.env.test

@@ -23,7 +23,7 @@ DEBUG=nock.*
 MICROS_AWS_REGION=us-west-1
 
 # Do not change these as this will break unit tests
-INSTANCE_NAME=test-atlassian-instance
+APP_KEY=com.github.integration.test-atlassian-instance
 APP_URL=https://test-github-app-instance.com
 
 # The Postgres URL used to connect to the database and secret for encrypting data

.github/workflows/on-push.yml

@@ -37,7 +37,7 @@ jobs:
           echo "${{ secrets.E2E_GITHUB_PRIVATE_KEY }}" > jira-test.pem
           echo "APP_URL=http://localhost" > .env
           echo "WEBHOOK_PROXY_URL=http://localhost" >> .env
-          echo "INSTANCE_NAME=fusion-test" >> .env
+          echo "APP_KEY=com.github.integration.fusion-test" >> .env
           echo "NODE_ENV=test" >> .env
           echo "APP_NAME=jira" >> .env
           echo "APP_ID=${{ secrets.E2E_GITHUB_APP_ID }}" >> .env
@@ -89,7 +89,7 @@ jobs:
           echo "APP_URL=http://localhost" > .env
           echo "WEBHOOK_PROXY_URL=http://localhost" >> .env
           echo "NGROK_AUTHTOKEN=${{ secrets.E2E_NGROK_AUTHTOKEN }}" >> .env
-          echo "INSTANCE_NAME=fusion-arc-e2e" >> .env
+          echo "APP_KEY=com.github.integration.fusion-arc-e2e" >> .env
           echo "NODE_ENV=e2e" >> .env
           echo "APP_NAME=jira-e2e" >> .env
           echo "APP_ID=${{ secrets.E2E_GITHUB_APP_ID }}" >> .env

.gitignore

@@ -1,6 +1,6 @@
 # Environment Files
 .env
-.env.local
+.env.bak.local
 .env.local.*
 .env.*.local
 .env.*.local.*
@@ -55,4 +55,4 @@ test/**/*.js.map
 test/e2e/test-results/
 
 *.drawio.bkp
-*.drawio.dtmp
+*.drawio.dtmp

.husky/post-merge

@@ -1,17 +1,4 @@
 #!/bin/sh
 . "$(dirname "$0")/_/husky.sh"
 
-DIR=$(dirname "$0")
-OLDFILE="${DIR}/../.env"
-NEWFILE="${DIR}/../.env.development.local"
-REGEX="^(APP_URL|WEBHOOK_PROXY_URL|NGROK_AUTHTOKEN|INSTANCE_NAME)=.*"
-if [ -f "$OLDFILE" ] && [ !  -f "$NEWFILE" ]; then
-  echo "Detected old .env file, moving to .env.development.local"
-  mv "$OLDFILE" "$NEWFILE"
-  echo "Moving global values back to .env file"
-  cat "$NEWFILE" | grep -oE "${REGEX}" > "$OLDFILE"
-  echo "Removing moved from .env.development.local file"
-  sed -i '' -E "s/${REGEX}//" "$NEWFILE"
-fi
-
 . "$(dirname "$0")/create-env.sh"

CONTRIBUTING.md

@@ -75,7 +75,7 @@ Once you've set up your GitHub app and cloned this repo, copy the file `.env.dev
 + `GITHUB_CLIENT_SECRET`: You'll need to generate a new one on your GitHub app page by hitting the `Generate a new client secret` button. Copy and paste the generated secret.
 + `PRIVATE_KEY_PATH`: You'll also need to generate a new private key on your GitHub app page, download it, move it to the source root of this repo, and set `PRIVATE_KEY_PATH=<your-private-key-name>.pem`
 + `ATLASSIAN_URL`: The URL for the Jira instance you're testing on. If you don't have one now, [please set the value of this variable from the steps mentioned here](#create-your-jira-instance).
-+ `INSTANCE_NAME`: Your Jira app name - will show as "GitHub for Jira (instance-name)"
++ `APP_KEY`: Your Jira app key - need to be unique for your development app
 
 Lastly, you need to replace the value of the follow variables in the global `.env` file:
 

Dockerfile

@@ -4,10 +4,7 @@ FROM node:14.21-alpine3.16 as build
 RUN apk add g++ make python3
 
 # adding to solve vuln
-RUN apk add --update --upgrade busybox
-RUN apk add --update --upgrade libretls
-RUN apk add --update --upgrade openssl
-RUN apk add --update --upgrade zlib
+RUN apk add --update --upgrade busybox libretls openssl zlib
 
 COPY . /app
 WORKDIR /app

docker-compose.yml

@@ -70,4 +70,15 @@ services:
       SQS_BRANCH_QUEUE_URL: http://localstack:4566/000000000000/branch
       SQS_TEST_QUEUE_URL: http://localstack:4566/000000000000/test-sqs-client
       REDISX_CACHE_HOST: redis
-      NODE_ENV: $NODE_ENV
+      NODE_ENV: ${NODE_ENV:-development} # defaults to development if NODE_ENV not set
+
+  installation:
+    depends_on:
+      - app
+    volumes:
+      - ./etc/app-install:/app
+    build:
+      context: .
+      dockerfile: etc/app-install/Dockerfile
+    env_file:
+      - .env

etc/app-install/Dockerfile

@@ -0,0 +1,8 @@
+FROM alpine:latest as build
+
+RUN apk --no-cache add curl jq
+
+COPY ./etc/app-install/app-install.sh ./app/app-install.sh
+WORKDIR /app
+
+CMD ["sh", "app-install.sh"]

etc/app-install/app-install.sh

@@ -0,0 +1,34 @@
+# Checks to see if required env vars are set
+if [[ -z "$JIRA_ADMIN_EMAIL" ]] || [[ -z "$JIRA_ADMIN_API_TOKEN" ]] || [[ -z "$ATLASSIAN_URL" ]] || [[ -z "$APP_KEY" ]]
+then
+  echo "Missing environment variables from .env - Please fill in 'JIRA_ADMIN_EMAIL', 'JIRA_ADMIN_API_TOKEN', 'ATLASSIAN_URL' and 'APP_KEY' to be able to have the app install automatically."
+  exit 1
+fi
+
+curl --head -X GET -f --retry 30 --retry-all-errors --retry-delay 5 http://app:8080/healthcheck
+
+# Fetching the new ngrok URL, not fetching the one from the .env because its not updated
+BASE_URL=$(curl -s http://ngrok:4040/api/tunnels | jq -r '.tunnels[] | select(.proto == "https") | .public_url')
+ID="${APP_KEY##*.}"
+# Uninstalling the app first
+curl -s -X DELETE -u "$JIRA_ADMIN_EMAIL:$JIRA_ADMIN_API_TOKEN" -H "Content-Type: application/vnd.atl.plugins.install.uri+json" "${ATLASSIAN_URL}/rest/plugins/1.0/${APP_KEY}-key"
+echo "Uninstalling old version of the app"
+
+# Getting the UPM token first, which will be used for app installation
+UPM_TOKEN=$(curl -s -u "$JIRA_ADMIN_EMAIL:$JIRA_ADMIN_API_TOKEN" --head "${ATLASSIAN_URL}/rest/plugins/1.0/" | fgrep upm-token | cut -c 12- | tr -d '\r\n')
+
+# Installing the app
+curl -s  -o /dev/null -u "$JIRA_ADMIN_EMAIL:$JIRA_ADMIN_API_TOKEN" -H "Content-Type: application/vnd.atl.plugins.install.uri+json" -X POST "${ATLASSIAN_URL}/rest/plugins/1.0/?token=${UPM_TOKEN}" -d "{\"pluginUri\":\"${BASE_URL}/jira/atlassian-connect.json\", \"pluginName\": \"Github for Jira (${ID})\"}"
+echo ""
+echo "The app has been successfully installed."
+echo "
+*********************************************************************************************************************
+IF YOU ARE USING A FREE NGROK ACCOUNT, PLEASE DO THIS STEP FIRST!!!
+Before going to your app, please open this URL first: ${BASE_URL}.
+This will open up the ngrok page, don't worry just click on the Visit button.
+That's it, you're all ready!
+*********************************************************************************************************************
+*********************************************************************************************************************
+Now open your app in this URL: ${ATLASSIAN_URL}/plugins/servlet/ac/${APP_KEY}/gh-addon-admin
+*********************************************************************************************************************
+"

etc/cryptor-mock/cryptor-mock.js

@@ -1,15 +1,18 @@
 /**
- * Mimicks APIs from https://developer.atlassian.com/platform/cryptor/integration/integrating-sidecar/#rest-api
+ * Mimics APIs from https://developer.atlassian.com/platform/cryptor/integration/integrating-sidecar/#rest-api
  */
 
 const express = require("express");
 const bodyParser = require("body-parser");
 
 const app = express();
+
 app.use(bodyParser.json());
-app.get("/healthcheck", (_, res)=>{
-	res.send({ok: true});
+
+app.get("/healthcheck", (_, res) => {
+	res.send({ ok: true });
 });
+
 app.post("/cryptor/encrypt/*", (req, res) => {
 	if (req.headers["x-cryptor-client"] !== process.env.CRYPTOR_SIDECAR_CLIENT_IDENTIFICATION_CHALLENGE) {
 		res.status(403).send("Wrong challenge");
@@ -24,9 +27,10 @@ app.post("/cryptor/encrypt/*", (req, res) => {
 		cipherText: `encrypted:${plainText}`,
 		originPlainText: plainText
 	};
-	console.log('-- cyrptor mock encrypt', {ret});
+	console.log("-- cyrptor mock encrypt", { ret });
 	res.status(200).json(ret);
 });
+
 app.post("/cryptor/decrypt", (req, res) => {
 	if (req.headers["x-cryptor-client"] !== process.env.CRYPTOR_SIDECAR_CLIENT_IDENTIFICATION_CHALLENGE) {
 		res.status(403).send("Wrong challenge");
@@ -45,10 +49,27 @@ app.post("/cryptor/decrypt", (req, res) => {
 		plainText: cipherText.substring("encrypted:".length),
 		originCipherText: cipherText
 	};
-	console.log('-- cyrptor mock decrypt', {ret});
+	console.log("-- cyrptor mock decrypt", { ret });
 	res.status(200).json(ret);
 });
 
-app.listen(26272, () => {
+const server = app.listen(26272, () => {
 	console.log(`Cryptor mock app running on 26272`);
 });
+
+let connections = [];
+server.on('connection', connection => {
+	connections.push(connection);
+	connection.on('close', () => connections = connections.filter(curr => curr !== connection));
+});
+
+const exit = () => {
+	server.close(() => process.exit(0));
+	connections.forEach(connection => {
+		connection.end();
+		connection.destroy();
+	});
+}
+
+process.on('SIGTERM', exit);
+process.on('SIGINT', exit);

github-for-jira.sd.yml

@@ -327,7 +327,7 @@ environmentOverrides:
       environmentVariables:
         APP_URL: https://github-for-jira.dev.services.atlassian.com
         WEBHOOK_PROXY_URL: https://github-for-jira.dev.services.atlassian.com
-        INSTANCE_NAME: development
+        APP_KEY: com.github.integration.development
         NODE_OPTIONS: "--no-deprecation"
         LOG_LEVEL: debug
         SENTRY_ENVIRONMENT: ddev
@@ -399,7 +399,7 @@ environmentOverrides:
       environmentVariables:
         APP_URL: https://github.stg.atlassian.com
         WEBHOOK_PROXY_URL: https://github.stg.atlassian.com
-        INSTANCE_NAME: staging
+        APP_KEY: com.github.integration.staging
         LOG_LEVEL: debug
         SENTRY_ENVIRONMENT: stg-west
         APP_ID: '12645'
@@ -500,7 +500,7 @@ environmentOverrides:
       environmentVariables:
         APP_URL:  https://github.atlassian.com
         WEBHOOK_PROXY_URL:  https://github.atlassian.com
-        INSTANCE_NAME: production
+        APP_KEY: com.github.integration.production
         SENTRY_ENVIRONMENT: prod-west
         APP_ID: '14320'
         GITHUB_CLIENT_ID: Iv1.45aafbb099e1c1d7

src/config/env.ts

@@ -46,7 +46,7 @@ export const envVars: EnvVars = new Proxy<object>({}, {
 envCheck(
 	"APP_ID",
 	"APP_URL",
-	"INSTANCE_NAME",
+	"APP_KEY",
 	"WEBHOOK_SECRET",
 	"GITHUB_CLIENT_ID",
 	"GITHUB_CLIENT_SECRET",
@@ -82,10 +82,10 @@ export interface EnvVars {
 
 	APP_ID: string;
 	APP_URL: string;
+	APP_KEY: string;
 	WEBHOOK_SECRET: string;
 	GITHUB_CLIENT_ID: string;
 	GITHUB_CLIENT_SECRET: string;
-	INSTANCE_NAME: string;
 	DATABASE_URL: string;
 	STORAGE_SECRET: string;
 	PRIVATE_KEY_PATH: string;

src/models/jira-client.ts

@@ -2,7 +2,7 @@ import { getAxiosInstance, JiraClientError } from "../jira/client/axios";
 import { AxiosInstance } from "axios";
 import { Installation } from "./installation";
 import Logger from "bunyan";
-import { getAppKey } from "utils/app-properties-utils";
+import { envVars } from "config/env";
 
 // TODO: why are there 2 jira clients?
 // Probably because this one has types :mindpop:
@@ -40,17 +40,17 @@ export class JiraClient {
 	}
 
 	async appPropertiesCreate(isConfiguredState: boolean) {
-		return await this.axios.put(`/rest/atlassian-connect/latest/addons/${getAppKey()}/properties/is-configured`, {
+		return await this.axios.put(`/rest/atlassian-connect/latest/addons/${envVars.APP_KEY}/properties/is-configured`, {
 			"isConfigured": isConfiguredState
 		});
 	}
 
 	async appPropertiesGet() {
-		return await this.axios.get(`/rest/atlassian-connect/latest/addons/${getAppKey()}/properties/is-configured`);
+		return await this.axios.get(`/rest/atlassian-connect/latest/addons/${envVars.APP_KEY}/properties/is-configured`);
 	}
 
 	async appPropertiesDelete() {
-		return await this.axios.delete(`/rest/atlassian-connect/latest/addons/${getAppKey()}/properties/is-configured`);
+		return await this.axios.delete(`/rest/atlassian-connect/latest/addons/${envVars.APP_KEY}/properties/is-configured`);
 	}
 
 	async checkAdminPermissions(accountId: string) {

src/routes/github/create-branch/github-create-branch-get.ts

@@ -6,6 +6,7 @@ import { AnalyticsEventTypes, AnalyticsScreenEventsEnum } from "interfaces/commo
 import { Repository, Subscription } from "models/subscription";
 import Logger from "bunyan";
 import { getLogger } from "config/logger";
+import { envVars } from "config/env";
 const MAX_REPOS_RETURNED = 20;
 
 export const GithubCreateBranchGet = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
@@ -37,10 +38,9 @@ export const GithubCreateBranchGet = async (req: Request, res: Response, next: N
 	// TODO move to middleware or shared for create-branch-options-get
 	// Redirecting when the users are not configured (have no subscriptions)
 	if (!subscriptions) {
-		const instance = process.env.INSTANCE_NAME;
 		res.render("no-configuration.hbs", {
 			nonce: res.locals.nonce,
-			configurationUrl: `${jiraHost}/plugins/servlet/ac/com.github.integration.${instance}/github-select-product-page`
+			configurationUrl: `${jiraHost}/plugins/servlet/ac/${envVars.APP_KEY}/github-select-product-page`
 		});
 
 		sendAnalytics(AnalyticsEventTypes.ScreenEvent, {

src/routes/github/create-branch/github-create-branch-options-get.ts

@@ -5,6 +5,7 @@ import { GitHubServerApp } from "~/src/models/github-server-app";
 import { sendAnalytics } from "utils/analytics-client";
 import { AnalyticsEventTypes, AnalyticsScreenEventsEnum } from "interfaces/common";
 import { getLogger } from "config/logger";
+import { envVars } from "config/env";
 
 // TODO - this entire route could be abstracted out into a generic get instance route on github/instance
 export const GithubCreateBranchOptionsGet = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
@@ -33,10 +34,9 @@ export const GithubCreateBranchOptionsGet = async (req: Request, res: Response,
 	const servers = await getGitHubServers(jiraHost);
 
 	if (!servers.hasCloudServer && !servers.gheServerInfos.length) {
-		const instance = process.env.INSTANCE_NAME;
 		res.render("no-configuration.hbs", {
 			nonce: res.locals.nonce,
-			configurationUrl: `${jiraHost}/plugins/servlet/ac/com.github.integration.${instance}/github-select-product-page`
+			configurationUrl: `${jiraHost}/plugins/servlet/ac/${envVars.APP_KEY}/github-select-product-page`
 		});
 
 		sendAnalytics(AnalyticsEventTypes.ScreenEvent, {

src/routes/github/setup/github-setup-router.test.ts

@@ -10,8 +10,10 @@ import singleInstallation from "fixtures/jira-configuration/single-installation.
 
 describe("Github Setup", () => {
 	let frontendApp: Application;
+	let jiraDomain: string;
 
 	beforeEach(async () => {
+		jiraDomain = jiraHost.replace(/https?:\/\//, "").replace(/\.atlassian\.(net|com)/, "");
 		frontendApp = getFrontendApp();
 	});
 
@@ -110,7 +112,7 @@ describe("Github Setup", () => {
 					})
 				)
 				.send({
-					jiraDomain: envVars.INSTANCE_NAME
+					jiraDomain
 				})
 				.expect(res => {
 					expect(res.status).toBe(200);
@@ -138,11 +140,11 @@ describe("Github Setup", () => {
 					})
 				)
 				.send({
-					jiraDomain: envVars.INSTANCE_NAME
+					jiraDomain
 				})
 				.expect(res => {
 					expect(res.status).toBe(200);
-					expect(res.body.redirect).toBe(`${jiraHost}/plugins/servlet/ac/com.github.integration.${envVars.INSTANCE_NAME}/github-post-install-page`);
+					expect(res.body.redirect).toBe(`${jiraHost}/plugins/servlet/ac/${envVars.APP_KEY}/github-post-install-page`);
 				});
 		});