Skip to content

fix(worker): Fix user driven permission syncing for self-hosted code hosts #729

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
brendan-kellam merged 4 commits into from
Jan 13, 2026
Merged

fix(worker): Fix user driven permission syncing for self-hosted code hosts #729

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6837bee
fix
brendan-kellam Jan 13, 2026
d21e3aa
Merge branch 'main' into bkellam/fix-SOU-122
brendan-kellam Jan 13, 2026
28150b5
comment about hack
brendan-kellam Jan 13, 2026
37ed386
changelog
brendan-kellam Jan 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 11 additions & 3 deletions packages/backend/src/ee/accountPermissionSyncer.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import * as Sentry from "@sentry/node";
import { PrismaClient, AccountPermissionSyncJobStatus, Account} from "@sourcebot/db";
import { env, hasEntitlement, createLogger } from "@sourcebot/shared";
import { env, hasEntitlement, createLogger, loadConfig } from "@sourcebot/shared";
import { Job, Queue, Worker } from "bullmq";
import { Redis } from "ioredis";
import { PERMISSION_SYNC_SUPPORTED_CODE_HOST_TYPES } from "../constants.js";
Expand Down Expand Up @@ -148,6 +148,8 @@ export class AccountPermissionSyncer {
}
});

const config = await loadConfig(env.CONFIG_PATH);

logger.info(`Syncing permissions for ${account.provider} account (id: ${account.id}) for user ${account.user.email}...`);

// Get a list of all repos that the user has access to from all connected accounts.
Expand All @@ -159,9 +161,12 @@ export class AccountPermissionSyncer {
throw new Error(`User '${account.user.email}' does not have an GitHub OAuth access token associated with their GitHub account.`);
}

const baseUrl = Array.from(Object.values(config.connections ?? {}))
.find(connection => connection.type === 'github')?.url;

const { octokit } = await createOctokitFromToken({
token: account.access_token,
url: env.AUTH_EE_GITHUB_BASE_URL,
url: baseUrl,
});
// @note: we only care about the private repos since we don't need to build a mapping
// for public repos.
Expand All @@ -184,9 +189,12 @@ export class AccountPermissionSyncer {
throw new Error(`User '${account.user.email}' does not have a GitLab OAuth access token associated with their GitLab account.`);
}

const baseUrl = Array.from(Object.values(config.connections ?? {}))
.find(connection => connection.type === 'gitlab')?.url

const api = await createGitLabFromOAuthToken({
oauthToken: account.access_token,
url: env.AUTH_EE_GITLAB_BASE_URL,
url: baseUrl,
});

// @note: we only care about the private and internal repos since we don't need to build a mapping
Expand Down