diff --git a/.release-please-manifest.json b/.release-please-manifest.json
index d52d2b97..a26ebfc1 100644
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1,3 +1,3 @@
{
- ".": "0.13.0"
+ ".": "0.14.0"
}
\ No newline at end of file
diff --git a/.stats.yml b/.stats.yml
index 82c3873e..c248682d 100644
--- a/.stats.yml
+++ b/.stats.yml
@@ -1,4 +1,4 @@
configured_endpoints: 193
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/gitpod%2Fgitpod-dabc0ff98cd7b9d91850b3c0dbada4e487e698333cd0b7257959e4819d9a29d6.yml
-openapi_spec_hash: b974bdc6025a26cfa62857bf74ec379b
-config_hash: 13514c5eb422e4eb01767e718798de1e
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/gitpod/gitpod-5c5e706fd0877a91f01455f03ef01c45106b1fad3b4aef5967807bce81bcdd53.yml
+openapi_spec_hash: 9d64ab76ba1843ae85b5c719c2a90a3c
+config_hash: 9052d3b03d620cf6871184b15487e020
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a4864f28..477f9bd0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,54 @@
# Changelog
+## 0.14.0 (2026-05-12)
+
+Full Changelog: [v0.13.0...v0.14.0](https://github.com/gitpod-io/gitpod-sdk-go/compare/v0.13.0...v0.14.0)
+
+### Features
+
+* **api:** add agent_execution_cnf value to RunnerCapability enum ([a2b9e42](https://github.com/gitpod-io/gitpod-sdk-go/commit/a2b9e4207c41110bf2bd7b4122cf9266babe1204))
+* **api:** add allow_unverified_email_scim_fallback_match to scim_configurations ([23c9014](https://github.com/gitpod-io/gitpod-sdk-go/commit/23c90146a14ee8ab1c12135caf0f09c37473d3e6))
+* **api:** add credential_proxy to secrets, remove format from environment secrets ([4cb045e](https://github.com/gitpod-io/gitpod-sdk-go/commit/4cb045ee2a236cdba1f43cf3e28d9abafe434801))
+* **api:** add deprecated accessToken field to runner response types ([0a1c411](https://github.com/gitpod-io/gitpod-sdk-go/commit/0a1c4110fbda059d061363db6ef2002b8cf67024))
+* **api:** add goal field to agent execution status ([9675b1f](https://github.com/gitpod-io/gitpod-sdk-go/commit/9675b1fe7c27d8780fd798bb2f6300aaef4e57d7))
+* **api:** add incident trigger support to workflow triggers and executions ([2d74b1b](https://github.com/gitpod-io/gitpod-sdk-go/commit/2d74b1b1e2557b899477c2e16de80d3dc200297a))
+* **api:** add integration_id, update webhook_id in pull request trigger ([71d164a](https://github.com/gitpod-io/gitpod-sdk-go/commit/71d164aa1e7e29b16ee8531437e1e9969933aa08))
+* **api:** add MaxPortAdmissionLevel field to organization policy ([395d6af](https://github.com/gitpod-io/gitpod-sdk-go/commit/395d6af87f23155027dc42519e5b7b7245af84e2))
+* **api:** add old_path field to environment git changed file model ([9fe1925](https://github.com/gitpod-io/gitpod-sdk-go/commit/9fe19258fc36ca036af7788f5f6a9999734c2563))
+* **api:** add OpenAI Auto value to AgentExecutionStatusSupportedModel enum ([ebeb95e](https://github.com/gitpod-io/gitpod-sdk-go/commit/ebeb95e3b757fac267685faa725d38a277901fff))
+* **api:** add OPUS_4_7 to agent supported models enum ([d2a744b](https://github.com/gitpod-io/gitpod-sdk-go/commit/d2a744be9876078da2a967eea5b71e6d10709fca))
+* **api:** add pagination support and query parameter to runners.ListScmOrganizations ([c5ba3fd](https://github.com/gitpod-io/gitpod-sdk-go/commit/c5ba3fdd26a149c7cbec69a8e938eabbc4afd85d))
+* **api:** add port_authentication capability to RunnerCapability ([6e3178e](https://github.com/gitpod-io/gitpod-sdk-go/commit/6e3178eff7946662bdd2aede907d7d86b4d003f1))
+* **api:** add project_creation_defaults field to organization policy ([8c14eb0](https://github.com/gitpod-io/gitpod-sdk-go/commit/8c14eb081e6ee7cd91126d4e0e5a7e6eafc8cf91))
+* **api:** add readinessTimeout parameter to automation services ([71ef113](https://github.com/gitpod-io/gitpod-sdk-go/commit/71ef113396de91acb089a6a04593b780921f877a))
+* **api:** add ResourceRoleOrgEnvironmentsReader to ResourceRole enum ([9693bfa](https://github.com/gitpod-io/gitpod-sdk-go/commit/9693bfa0c4843da9a589b7a46d4680a946631c92))
+* **api:** add review_requested event to workflow trigger pull request events ([ac58c85](https://github.com/gitpod-io/gitpod-sdk-go/commit/ac58c8578b8564674f5204cadbee1a3ce89e5b94))
+* **api:** remove deprecated AccessToken field from runner responses ([79d8fcf](https://github.com/gitpod-io/gitpod-sdk-go/commit/79d8fcfe9d3591bf13fff2d0f79336242f36e733))
+* **api:** remove Terminal field from RunsOn type ([5b02fe5](https://github.com/gitpod-io/gitpod-sdk-go/commit/5b02fe5111f66ac18a52efb079dcc0a86d82181a))
+* **go:** add default http client with timeout ([5aa4fca](https://github.com/gitpod-io/gitpod-sdk-go/commit/5aa4fca6ee96b6fc19569aa1f419cbe53517d61e))
+* support setting headers via env ([a05eb6b](https://github.com/gitpod-io/gitpod-sdk-go/commit/a05eb6b7268ba0e12c80549506c4a8a01b6d30b5))
+* **types:** add prebuild value to AutomationsFileServicesTriggeredBy enum ([efe0872](https://github.com/gitpod-io/gitpod-sdk-go/commit/efe08724860d1d93c1782725f688a588b755be40))
+* **types:** extract Report types to top-level from WorkflowStep ([d58de25](https://github.com/gitpod-io/gitpod-sdk-go/commit/d58de258a0f8f2f3e1400778b07b91d4ff5ee91e))
+
+
+### Bug Fixes
+
+* **go:** avoid panic when http.DefaultTransport is wrapped ([b5215b9](https://github.com/gitpod-io/gitpod-sdk-go/commit/b5215b91002d11266b5c3eb948c59bc03e115aee))
+
+
+### Chores
+
+* avoid embedding reflect.Type for dead code elimination ([c03525f](https://github.com/gitpod-io/gitpod-sdk-go/commit/c03525f5f6ef24ce53d1af2b4f3995df1d670e14))
+* **internal:** more robust bootstrap script ([7d8a76e](https://github.com/gitpod-io/gitpod-sdk-go/commit/7d8a76ef4e36d2cfba13489347ec03ec5ba83565))
+* **internal:** regenerate SDK with no functional changes ([32e924f](https://github.com/gitpod-io/gitpod-sdk-go/commit/32e924f8ceecdfcf58597b59c671b1489e47cf80))
+* **internal:** regenerate SDK with no functional changes ([f8b376e](https://github.com/gitpod-io/gitpod-sdk-go/commit/f8b376ef7d1eebbdf66252e7ec29893d2fc1541f))
+* redact api-key headers in debug logs ([3ba5280](https://github.com/gitpod-io/gitpod-sdk-go/commit/3ba5280f40993a3b29e630881257c844aca5c06b))
+
+
+### Documentation
+
+* **api:** deprecate isAdmin field in runner list_scm_organizations response ([ed8323d](https://github.com/gitpod-io/gitpod-sdk-go/commit/ed8323d73d95edceb3e445698adde781498a6a58))
+
## 0.13.0 (2026-04-02)
Full Changelog: [v0.12.0...v0.13.0](https://github.com/gitpod-io/gitpod-sdk-go/compare/v0.12.0...v0.13.0)
diff --git a/README.md b/README.md
index 212b8034..8e810cf2 100644
--- a/README.md
+++ b/README.md
@@ -24,7 +24,7 @@ Or to pin the version:
```sh
-go get -u 'github.com/gitpod-io/gitpod-sdk-go@v0.13.0'
+go get -u 'github.com/gitpod-io/gitpod-sdk-go@v0.14.0'
```
diff --git a/agent.go b/agent.go
index 255239ec..8dd51736 100644
--- a/agent.go
+++ b/agent.go
@@ -911,9 +911,11 @@ type AgentExecutionStatus struct {
// failure_message contains the reason the agent run failed to operate.
FailureMessage string `json:"failureMessage"`
// failure_reason contains a structured reason code for the failure.
- FailureReason AgentExecutionStatusFailureReason `json:"failureReason"`
- InputTokensUsed string `json:"inputTokensUsed"`
- Iterations string `json:"iterations"`
+ FailureReason AgentExecutionStatusFailureReason `json:"failureReason"`
+ // goal projects the current native Codex thread goal, if any.
+ Goal AgentExecutionStatusGoal `json:"goal"`
+ InputTokensUsed string `json:"inputTokensUsed"`
+ Iterations string `json:"iterations"`
// judgement is the judgement of the agent run produced by the judgement prompt.
Judgement string `json:"judgement"`
// mcp_integration_statuses contains the status of all MCP integrations used by
@@ -957,6 +959,7 @@ type agentExecutionStatusJSON struct {
CurrentOperation apijson.Field
FailureMessage apijson.Field
FailureReason apijson.Field
+ Goal apijson.Field
InputTokensUsed apijson.Field
Iterations apijson.Field
Judgement apijson.Field
@@ -1076,6 +1079,55 @@ func (r AgentExecutionStatusFailureReason) IsKnown() bool {
return false
}
+// goal projects the current native Codex thread goal, if any.
+type AgentExecutionStatusGoal struct {
+ // objective is the current goal text tracked by the native Codex thread-goal
+ // subsystem.
+ Objective string `json:"objective"`
+ // status is the lifecycle state of the current goal.
+ Status AgentExecutionStatusGoalStatus `json:"status"`
+ // updated_at is the most recent native goal update timestamp, when available.
+ UpdatedAt time.Time `json:"updatedAt" format:"date-time"`
+ JSON agentExecutionStatusGoalJSON `json:"-"`
+}
+
+// agentExecutionStatusGoalJSON contains the JSON metadata for the struct
+// [AgentExecutionStatusGoal]
+type agentExecutionStatusGoalJSON struct {
+ Objective apijson.Field
+ Status apijson.Field
+ UpdatedAt apijson.Field
+ raw string
+ ExtraFields map[string]apijson.Field
+}
+
+func (r *AgentExecutionStatusGoal) UnmarshalJSON(data []byte) (err error) {
+ return apijson.UnmarshalRoot(data, r)
+}
+
+func (r agentExecutionStatusGoalJSON) RawJSON() string {
+ return r.raw
+}
+
+// status is the lifecycle state of the current goal.
+type AgentExecutionStatusGoalStatus string
+
+const (
+ AgentExecutionStatusGoalStatusGoalStatusUnspecified AgentExecutionStatusGoalStatus = "GOAL_STATUS_UNSPECIFIED"
+ AgentExecutionStatusGoalStatusGoalStatusActive AgentExecutionStatusGoalStatus = "GOAL_STATUS_ACTIVE"
+ AgentExecutionStatusGoalStatusGoalStatusPaused AgentExecutionStatusGoalStatus = "GOAL_STATUS_PAUSED"
+ AgentExecutionStatusGoalStatusGoalStatusCompleted AgentExecutionStatusGoalStatus = "GOAL_STATUS_COMPLETED"
+ AgentExecutionStatusGoalStatusGoalStatusBudgetExhausted AgentExecutionStatusGoalStatus = "GOAL_STATUS_BUDGET_EXHAUSTED"
+)
+
+func (r AgentExecutionStatusGoalStatus) IsKnown() bool {
+ switch r {
+ case AgentExecutionStatusGoalStatusGoalStatusUnspecified, AgentExecutionStatusGoalStatusGoalStatusActive, AgentExecutionStatusGoalStatusGoalStatusPaused, AgentExecutionStatusGoalStatusGoalStatusCompleted, AgentExecutionStatusGoalStatusGoalStatusBudgetExhausted:
+ return true
+ }
+ return false
+}
+
// MCPIntegrationStatus represents the status of a single MCP integration within an
// agent execution context
type AgentExecutionStatusMcpIntegrationStatus struct {
@@ -1197,16 +1249,18 @@ const (
AgentExecutionStatusSupportedModelSupportedModelOpus4_5Extended AgentExecutionStatusSupportedModel = "SUPPORTED_MODEL_OPUS_4_5_EXTENDED"
AgentExecutionStatusSupportedModelSupportedModelOpus4_6 AgentExecutionStatusSupportedModel = "SUPPORTED_MODEL_OPUS_4_6"
AgentExecutionStatusSupportedModelSupportedModelOpus4_6Extended AgentExecutionStatusSupportedModel = "SUPPORTED_MODEL_OPUS_4_6_EXTENDED"
+ AgentExecutionStatusSupportedModelSupportedModelOpus4_7 AgentExecutionStatusSupportedModel = "SUPPORTED_MODEL_OPUS_4_7"
AgentExecutionStatusSupportedModelSupportedModelHaiku4_5 AgentExecutionStatusSupportedModel = "SUPPORTED_MODEL_HAIKU_4_5"
AgentExecutionStatusSupportedModelSupportedModelOpenAI4O AgentExecutionStatusSupportedModel = "SUPPORTED_MODEL_OPENAI_4O"
AgentExecutionStatusSupportedModelSupportedModelOpenAI4OMini AgentExecutionStatusSupportedModel = "SUPPORTED_MODEL_OPENAI_4O_MINI"
AgentExecutionStatusSupportedModelSupportedModelOpenAIO1 AgentExecutionStatusSupportedModel = "SUPPORTED_MODEL_OPENAI_O1"
AgentExecutionStatusSupportedModelSupportedModelOpenAIO1Mini AgentExecutionStatusSupportedModel = "SUPPORTED_MODEL_OPENAI_O1_MINI"
+ AgentExecutionStatusSupportedModelSupportedModelOpenAIAuto AgentExecutionStatusSupportedModel = "SUPPORTED_MODEL_OPENAI_AUTO"
)
func (r AgentExecutionStatusSupportedModel) IsKnown() bool {
switch r {
- case AgentExecutionStatusSupportedModelSupportedModelUnspecified, AgentExecutionStatusSupportedModelSupportedModelSonnet3_5, AgentExecutionStatusSupportedModelSupportedModelSonnet3_7, AgentExecutionStatusSupportedModelSupportedModelSonnet3_7Extended, AgentExecutionStatusSupportedModelSupportedModelSonnet4, AgentExecutionStatusSupportedModelSupportedModelSonnet4Extended, AgentExecutionStatusSupportedModelSupportedModelSonnet4_5, AgentExecutionStatusSupportedModelSupportedModelSonnet4_5Extended, AgentExecutionStatusSupportedModelSupportedModelSonnet4_6, AgentExecutionStatusSupportedModelSupportedModelSonnet4_6Extended, AgentExecutionStatusSupportedModelSupportedModelOpus4, AgentExecutionStatusSupportedModelSupportedModelOpus4Extended, AgentExecutionStatusSupportedModelSupportedModelOpus4_5, AgentExecutionStatusSupportedModelSupportedModelOpus4_5Extended, AgentExecutionStatusSupportedModelSupportedModelOpus4_6, AgentExecutionStatusSupportedModelSupportedModelOpus4_6Extended, AgentExecutionStatusSupportedModelSupportedModelHaiku4_5, AgentExecutionStatusSupportedModelSupportedModelOpenAI4O, AgentExecutionStatusSupportedModelSupportedModelOpenAI4OMini, AgentExecutionStatusSupportedModelSupportedModelOpenAIO1, AgentExecutionStatusSupportedModelSupportedModelOpenAIO1Mini:
+ case AgentExecutionStatusSupportedModelSupportedModelUnspecified, AgentExecutionStatusSupportedModelSupportedModelSonnet3_5, AgentExecutionStatusSupportedModelSupportedModelSonnet3_7, AgentExecutionStatusSupportedModelSupportedModelSonnet3_7Extended, AgentExecutionStatusSupportedModelSupportedModelSonnet4, AgentExecutionStatusSupportedModelSupportedModelSonnet4Extended, AgentExecutionStatusSupportedModelSupportedModelSonnet4_5, AgentExecutionStatusSupportedModelSupportedModelSonnet4_5Extended, AgentExecutionStatusSupportedModelSupportedModelSonnet4_6, AgentExecutionStatusSupportedModelSupportedModelSonnet4_6Extended, AgentExecutionStatusSupportedModelSupportedModelOpus4, AgentExecutionStatusSupportedModelSupportedModelOpus4Extended, AgentExecutionStatusSupportedModelSupportedModelOpus4_5, AgentExecutionStatusSupportedModelSupportedModelOpus4_5Extended, AgentExecutionStatusSupportedModelSupportedModelOpus4_6, AgentExecutionStatusSupportedModelSupportedModelOpus4_6Extended, AgentExecutionStatusSupportedModelSupportedModelOpus4_7, AgentExecutionStatusSupportedModelSupportedModelHaiku4_5, AgentExecutionStatusSupportedModelSupportedModelOpenAI4O, AgentExecutionStatusSupportedModelSupportedModelOpenAI4OMini, AgentExecutionStatusSupportedModelSupportedModelOpenAIO1, AgentExecutionStatusSupportedModelSupportedModelOpenAIO1Mini, AgentExecutionStatusSupportedModelSupportedModelOpenAIAuto:
return true
}
return false
diff --git a/aliases.go b/aliases.go
index 8de5747f..691a16e9 100644
--- a/aliases.go
+++ b/aliases.go
@@ -21,8 +21,8 @@ type Error = apierror.Error
// automation during a prebuild of an environment. This phase does not have user
// secrets available. The `before_snapshot` field triggers the automation after all
// prebuild tasks complete but before the snapshot is taken. This is used for tasks
-// that need to run last during prebuilds, such as IDE warmup. Note: The prebuild
-// and before_snapshot triggers can only be used with tasks, not services.
+// that need to run last during prebuilds, such as IDE warmup. Note: The
+// before_snapshot trigger can only be used with tasks, not services.
//
// This is an alias to an internal type.
type AutomationTrigger = shared.AutomationTrigger
@@ -39,8 +39,8 @@ type AutomationTrigger = shared.AutomationTrigger
// automation during a prebuild of an environment. This phase does not have user
// secrets available. The `before_snapshot` field triggers the automation after all
// prebuild tasks complete but before the snapshot is taken. This is used for tasks
-// that need to run last during prebuilds, such as IDE warmup. Note: The prebuild
-// and before_snapshot triggers can only be used with tasks, not services.
+// that need to run last during prebuilds, such as IDE warmup. Note: The
+// before_snapshot trigger can only be used with tasks, not services.
//
// This is an alias to an internal type.
type AutomationTriggerParam = shared.AutomationTriggerParam
@@ -237,6 +237,9 @@ const ResourceRoleOrgAutomationsAdmin = shared.ResourceRoleOrgAutomationsAdmin
// This is an alias to an internal value.
const ResourceRoleOrgGroupsAdmin = shared.ResourceRoleOrgGroupsAdmin
+// This is an alias to an internal value.
+const ResourceRoleOrgEnvironmentsReader = shared.ResourceRoleOrgEnvironmentsReader
+
// This is an alias to an internal value.
const ResourceRoleOrgAuditLogReader = shared.ResourceRoleOrgAuditLogReader
diff --git a/api.md b/api.md
index 7e6c7250..0f7205d1 100644
--- a/api.md
+++ b/api.md
@@ -550,6 +550,7 @@ Response Types:
- gitpod.CrowdStrikeConfig
- gitpod.KernelControlsAction
- gitpod.OrganizationPolicies
+- gitpod.ProjectCreationDefaults
- gitpod.SecurityAgentPolicy
- gitpod.VetoExecPolicy
- gitpod.OrganizationPolicyGetResponse
@@ -774,7 +775,7 @@ Methods:
- client.Runners.CheckRepositoryAccess(ctx context.Context, body gitpod.RunnerCheckRepositoryAccessParams) (\*gitpod.RunnerCheckRepositoryAccessResponse, error)
- client.Runners.NewLogsToken(ctx context.Context, body gitpod.RunnerNewLogsTokenParams) (\*gitpod.RunnerNewLogsTokenResponse, error)
- client.Runners.NewRunnerToken(ctx context.Context, body gitpod.RunnerNewRunnerTokenParams) (\*gitpod.RunnerNewRunnerTokenResponse, error)
-- client.Runners.ListScmOrganizations(ctx context.Context, params gitpod.RunnerListScmOrganizationsParams) (\*gitpod.RunnerListScmOrganizationsResponse, error)
+- client.Runners.ListScmOrganizations(ctx context.Context, params gitpod.RunnerListScmOrganizationsParams) (\*pagination.OrganizationsPage[gitpod.RunnerListScmOrganizationsResponse], error)
- client.Runners.ParseContextURL(ctx context.Context, body gitpod.RunnerParseContextURLParams) (\*gitpod.RunnerParseContextURLResponse, error)
- client.Runners.SearchRepositories(ctx context.Context, body gitpod.RunnerSearchRepositoriesParams) (\*gitpod.RunnerSearchRepositoriesResponse, error)
diff --git a/automation.go b/automation.go
index 4cf5f52e..79bb9614 100644
--- a/automation.go
+++ b/automation.go
@@ -2496,7 +2496,6 @@ type WorkflowStep struct {
Agent WorkflowStepAgent `json:"agent"`
// WorkflowPullRequestStep represents a pull request creation step.
PullRequest WorkflowStepPullRequest `json:"pullRequest"`
- Report WorkflowStepReport `json:"report"`
// WorkflowTaskStep represents a task step that executes a command.
Task WorkflowStepTask `json:"task"`
JSON workflowStepJSON `json:"-"`
@@ -2506,7 +2505,6 @@ type WorkflowStep struct {
type workflowStepJSON struct {
Agent apijson.Field
PullRequest apijson.Field
- Report apijson.Field
Task apijson.Field
raw string
ExtraFields map[string]apijson.Field
@@ -2590,51 +2588,6 @@ func (r workflowStepPullRequestJSON) RawJSON() string {
return r.raw
}
-type WorkflowStepReport struct {
- // Report must have at least one output:
- //
- // ```
- // size(this) >= 1
- // ```
- Outputs []WorkflowStepReportOutput `json:"outputs"`
- JSON workflowStepReportJSON `json:"-"`
-}
-
-// workflowStepReportJSON contains the JSON metadata for the struct
-// [WorkflowStepReport]
-type workflowStepReportJSON struct {
- Outputs apijson.Field
- raw string
- ExtraFields map[string]apijson.Field
-}
-
-func (r *WorkflowStepReport) UnmarshalJSON(data []byte) (err error) {
- return apijson.UnmarshalRoot(data, r)
-}
-
-func (r workflowStepReportJSON) RawJSON() string {
- return r.raw
-}
-
-type WorkflowStepReportOutput struct {
- JSON workflowStepReportOutputJSON `json:"-"`
-}
-
-// workflowStepReportOutputJSON contains the JSON metadata for the struct
-// [WorkflowStepReportOutput]
-type workflowStepReportOutputJSON struct {
- raw string
- ExtraFields map[string]apijson.Field
-}
-
-func (r *WorkflowStepReportOutput) UnmarshalJSON(data []byte) (err error) {
- return apijson.UnmarshalRoot(data, r)
-}
-
-func (r workflowStepReportOutputJSON) RawJSON() string {
- return r.raw
-}
-
// WorkflowTaskStep represents a task step that executes a command.
type WorkflowStepTask struct {
// Command must be between 1 and 20,000 characters:
@@ -2668,7 +2621,6 @@ type WorkflowStepParam struct {
Agent param.Field[WorkflowStepAgentParam] `json:"agent"`
// WorkflowPullRequestStep represents a pull request creation step.
PullRequest param.Field[WorkflowStepPullRequestParam] `json:"pullRequest"`
- Report param.Field[WorkflowStepReportParam] `json:"report"`
// WorkflowTaskStep represents a task step that executes a command.
Task param.Field[WorkflowStepTaskParam] `json:"task"`
}
@@ -2718,26 +2670,6 @@ func (r WorkflowStepPullRequestParam) MarshalJSON() (data []byte, err error) {
return apijson.MarshalRoot(r)
}
-type WorkflowStepReportParam struct {
- // Report must have at least one output:
- //
- // ```
- // size(this) >= 1
- // ```
- Outputs param.Field[[]WorkflowStepReportOutputParam] `json:"outputs"`
-}
-
-func (r WorkflowStepReportParam) MarshalJSON() (data []byte, err error) {
- return apijson.MarshalRoot(r)
-}
-
-type WorkflowStepReportOutputParam struct {
-}
-
-func (r WorkflowStepReportOutputParam) MarshalJSON() (data []byte, err error) {
- return apijson.MarshalRoot(r)
-}
-
// WorkflowTaskStep represents a task step that executes a command.
type WorkflowStepTaskParam struct {
// Command must be between 1 and 20,000 characters:
@@ -2779,9 +2711,11 @@ type WorkflowTrigger struct {
//
// Context Usage by Trigger Type:
//
- // - Manual: Can use any context type
- // - Time: Typically uses Projects or Repositories context
- // - PullRequest: Can use any context, FromTrigger uses PR repository context
+ // - Manual: Can use any context type
+ // - Time: Typically uses Projects or Repositories context
+ // - PullRequest: Can use any context, FromTrigger uses PR repository context
+ // - Incident: Typically uses Projects or Repositories context (no inherent repo
+ // context)
Context WorkflowTriggerContext `json:"context" api:"required"`
// Manual trigger - executed when StartWorkflow RPC is called. No additional
// configuration needed.
@@ -2817,6 +2751,10 @@ func (r workflowTriggerJSON) RawJSON() string {
// for PRs in repositories matching the trigger context.
type WorkflowTriggerPullRequest struct {
Events []WorkflowTriggerPullRequestEvent `json:"events"`
+ // integration_id is the optional ID of an integration that acts as the source of
+ // webhook events. When set, the trigger will be activated when the webhook
+ // receives events.
+ IntegrationID string `json:"integrationId" api:"nullable" format:"uuid"`
// webhook_id is the optional ID of a webhook that this trigger is bound to. When
// set, the trigger will be activated when the webhook receives events. This allows
// multiple workflows to share a single webhook endpoint.
@@ -2827,10 +2765,11 @@ type WorkflowTriggerPullRequest struct {
// workflowTriggerPullRequestJSON contains the JSON metadata for the struct
// [WorkflowTriggerPullRequest]
type workflowTriggerPullRequestJSON struct {
- Events apijson.Field
- WebhookID apijson.Field
- raw string
- ExtraFields map[string]apijson.Field
+ Events apijson.Field
+ IntegrationID apijson.Field
+ WebhookID apijson.Field
+ raw string
+ ExtraFields map[string]apijson.Field
}
func (r *WorkflowTriggerPullRequest) UnmarshalJSON(data []byte) (err error) {
@@ -2845,18 +2784,19 @@ func (r workflowTriggerPullRequestJSON) RawJSON() string {
type WorkflowTriggerPullRequestEvent string
const (
- WorkflowTriggerPullRequestEventPullRequestEventUnspecified WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_UNSPECIFIED"
- WorkflowTriggerPullRequestEventPullRequestEventOpened WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_OPENED"
- WorkflowTriggerPullRequestEventPullRequestEventUpdated WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_UPDATED"
- WorkflowTriggerPullRequestEventPullRequestEventApproved WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_APPROVED"
- WorkflowTriggerPullRequestEventPullRequestEventMerged WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_MERGED"
- WorkflowTriggerPullRequestEventPullRequestEventClosed WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_CLOSED"
- WorkflowTriggerPullRequestEventPullRequestEventReadyForReview WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_READY_FOR_REVIEW"
+ WorkflowTriggerPullRequestEventPullRequestEventUnspecified WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_UNSPECIFIED"
+ WorkflowTriggerPullRequestEventPullRequestEventOpened WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_OPENED"
+ WorkflowTriggerPullRequestEventPullRequestEventUpdated WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_UPDATED"
+ WorkflowTriggerPullRequestEventPullRequestEventApproved WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_APPROVED"
+ WorkflowTriggerPullRequestEventPullRequestEventMerged WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_MERGED"
+ WorkflowTriggerPullRequestEventPullRequestEventClosed WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_CLOSED"
+ WorkflowTriggerPullRequestEventPullRequestEventReadyForReview WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_READY_FOR_REVIEW"
+ WorkflowTriggerPullRequestEventPullRequestEventReviewRequested WorkflowTriggerPullRequestEvent = "PULL_REQUEST_EVENT_REVIEW_REQUESTED"
)
func (r WorkflowTriggerPullRequestEvent) IsKnown() bool {
switch r {
- case WorkflowTriggerPullRequestEventPullRequestEventUnspecified, WorkflowTriggerPullRequestEventPullRequestEventOpened, WorkflowTriggerPullRequestEventPullRequestEventUpdated, WorkflowTriggerPullRequestEventPullRequestEventApproved, WorkflowTriggerPullRequestEventPullRequestEventMerged, WorkflowTriggerPullRequestEventPullRequestEventClosed, WorkflowTriggerPullRequestEventPullRequestEventReadyForReview:
+ case WorkflowTriggerPullRequestEventPullRequestEventUnspecified, WorkflowTriggerPullRequestEventPullRequestEventOpened, WorkflowTriggerPullRequestEventPullRequestEventUpdated, WorkflowTriggerPullRequestEventPullRequestEventApproved, WorkflowTriggerPullRequestEventPullRequestEventMerged, WorkflowTriggerPullRequestEventPullRequestEventClosed, WorkflowTriggerPullRequestEventPullRequestEventReadyForReview, WorkflowTriggerPullRequestEventPullRequestEventReviewRequested:
return true
}
return false
@@ -2917,9 +2857,11 @@ type WorkflowTriggerParam struct {
//
// Context Usage by Trigger Type:
//
- // - Manual: Can use any context type
- // - Time: Typically uses Projects or Repositories context
- // - PullRequest: Can use any context, FromTrigger uses PR repository context
+ // - Manual: Can use any context type
+ // - Time: Typically uses Projects or Repositories context
+ // - PullRequest: Can use any context, FromTrigger uses PR repository context
+ // - Incident: Typically uses Projects or Repositories context (no inherent repo
+ // context)
Context param.Field[WorkflowTriggerContextParam] `json:"context" api:"required"`
// Manual trigger - executed when StartWorkflow RPC is called. No additional
// configuration needed.
@@ -2940,6 +2882,10 @@ func (r WorkflowTriggerParam) MarshalJSON() (data []byte, err error) {
// for PRs in repositories matching the trigger context.
type WorkflowTriggerPullRequestParam struct {
Events param.Field[[]WorkflowTriggerPullRequestEvent] `json:"events"`
+ // integration_id is the optional ID of an integration that acts as the source of
+ // webhook events. When set, the trigger will be activated when the webhook
+ // receives events.
+ IntegrationID param.Field[string] `json:"integrationId" format:"uuid"`
// webhook_id is the optional ID of a webhook that this trigger is bound to. When
// set, the trigger will be activated when the webhook receives events. This allows
// multiple workflows to share a single webhook endpoint.
@@ -2976,9 +2922,11 @@ func (r WorkflowTriggerTimeParam) MarshalJSON() (data []byte, err error) {
//
// Context Usage by Trigger Type:
//
-// - Manual: Can use any context type
-// - Time: Typically uses Projects or Repositories context
-// - PullRequest: Can use any context, FromTrigger uses PR repository context
+// - Manual: Can use any context type
+// - Time: Typically uses Projects or Repositories context
+// - PullRequest: Can use any context, FromTrigger uses PR repository context
+// - Incident: Typically uses Projects or Repositories context (no inherent repo
+// context)
type WorkflowTriggerContext struct {
// Execute workflow in agent-managed environments. Agent receives the specified
// prompt and manages execution context.
@@ -3160,9 +3108,11 @@ func (r workflowTriggerContextRepositoriesRepositoryURLsJSON) RawJSON() string {
//
// Context Usage by Trigger Type:
//
-// - Manual: Can use any context type
-// - Time: Typically uses Projects or Repositories context
-// - PullRequest: Can use any context, FromTrigger uses PR repository context
+// - Manual: Can use any context type
+// - Time: Typically uses Projects or Repositories context
+// - PullRequest: Can use any context, FromTrigger uses PR repository context
+// - Incident: Typically uses Projects or Repositories context (no inherent repo
+// context)
type WorkflowTriggerContextParam struct {
// Execute workflow in agent-managed environments. Agent receives the specified
// prompt and manages execution context.
diff --git a/automation_test.go b/automation_test.go
index bfb8c99d..6e6a243f 100644
--- a/automation_test.go
+++ b/automation_test.go
@@ -47,9 +47,6 @@ func TestAutomationNewWithOptionalParams(t *testing.T) {
Draft: gitpod.F(true),
Title: gitpod.F("title"),
}),
- Report: gitpod.F(gitpod.WorkflowStepReportParam{
- Outputs: gitpod.F([]gitpod.WorkflowStepReportOutputParam{{}}),
- }),
Task: gitpod.F(gitpod.WorkflowStepTaskParam{
Command: gitpod.F("command"),
}),
@@ -79,9 +76,6 @@ func TestAutomationNewWithOptionalParams(t *testing.T) {
Draft: gitpod.F(true),
Title: gitpod.F("title"),
}),
- Report: gitpod.F(gitpod.WorkflowStepReportParam{
- Outputs: gitpod.F([]gitpod.WorkflowStepReportOutputParam{{}}),
- }),
Task: gitpod.F(gitpod.WorkflowStepTaskParam{
Command: gitpod.F("command"),
}),
@@ -109,8 +103,9 @@ func TestAutomationNewWithOptionalParams(t *testing.T) {
}),
Manual: gitpod.F[any](map[string]interface{}{}),
PullRequest: gitpod.F(gitpod.WorkflowTriggerPullRequestParam{
- Events: gitpod.F([]gitpod.WorkflowTriggerPullRequestEvent{gitpod.WorkflowTriggerPullRequestEventPullRequestEventUnspecified}),
- WebhookID: gitpod.F("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"),
+ Events: gitpod.F([]gitpod.WorkflowTriggerPullRequestEvent{gitpod.WorkflowTriggerPullRequestEventPullRequestEventUnspecified}),
+ IntegrationID: gitpod.F("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"),
+ WebhookID: gitpod.F("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"),
}),
Time: gitpod.F(gitpod.WorkflowTriggerTimeParam{
CronExpression: gitpod.F("cronExpression"),
@@ -183,9 +178,6 @@ func TestAutomationUpdateWithOptionalParams(t *testing.T) {
Draft: gitpod.F(true),
Title: gitpod.F("title"),
}),
- Report: gitpod.F(gitpod.WorkflowStepReportParam{
- Outputs: gitpod.F([]gitpod.WorkflowStepReportOutputParam{{}}),
- }),
Task: gitpod.F(gitpod.WorkflowStepTaskParam{
Command: gitpod.F("command"),
}),
@@ -216,9 +208,6 @@ func TestAutomationUpdateWithOptionalParams(t *testing.T) {
Draft: gitpod.F(true),
Title: gitpod.F("title"),
}),
- Report: gitpod.F(gitpod.WorkflowStepReportParam{
- Outputs: gitpod.F([]gitpod.WorkflowStepReportOutputParam{{}}),
- }),
Task: gitpod.F(gitpod.WorkflowStepTaskParam{
Command: gitpod.F("command"),
}),
@@ -246,8 +235,9 @@ func TestAutomationUpdateWithOptionalParams(t *testing.T) {
}),
Manual: gitpod.F[any](map[string]interface{}{}),
PullRequest: gitpod.F(gitpod.WorkflowTriggerPullRequestParam{
- Events: gitpod.F([]gitpod.WorkflowTriggerPullRequestEvent{gitpod.WorkflowTriggerPullRequestEventPullRequestEventUnspecified}),
- WebhookID: gitpod.F("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"),
+ Events: gitpod.F([]gitpod.WorkflowTriggerPullRequestEvent{gitpod.WorkflowTriggerPullRequestEventPullRequestEventUnspecified}),
+ IntegrationID: gitpod.F("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"),
+ WebhookID: gitpod.F("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"),
}),
Time: gitpod.F(gitpod.WorkflowTriggerTimeParam{
CronExpression: gitpod.F("cronExpression"),
diff --git a/client.go b/client.go
index 7895b32f..ca53e0e2 100644
--- a/client.go
+++ b/client.go
@@ -7,6 +7,7 @@ import (
"net/http"
"os"
"slices"
+ "strings"
"github.com/gitpod-io/gitpod-sdk-go/internal/requestconfig"
"github.com/gitpod-io/gitpod-sdk-go/option"
@@ -45,13 +46,21 @@ type Client struct {
// DefaultClientOptions read from the environment (GITPOD_API_KEY,
// GITPOD_BASE_URL). This should be used to initialize new clients.
func DefaultClientOptions() []option.RequestOption {
- defaults := []option.RequestOption{option.WithEnvironmentProduction()}
+ defaults := []option.RequestOption{option.WithHTTPClient(defaultHTTPClient()), option.WithEnvironmentProduction()}
if o, ok := os.LookupEnv("GITPOD_BASE_URL"); ok {
defaults = append(defaults, option.WithBaseURL(o))
}
if o, ok := os.LookupEnv("GITPOD_API_KEY"); ok {
defaults = append(defaults, option.WithBearerToken(o))
}
+ if o, ok := os.LookupEnv("GITPOD_CUSTOM_HEADERS"); ok {
+ for _, line := range strings.Split(o, "\n") {
+ colon := strings.Index(line, ":")
+ if colon >= 0 {
+ defaults = append(defaults, option.WithHeader(strings.TrimSpace(line[:colon]), strings.TrimSpace(line[colon+1:])))
+ }
+ }
+ }
return defaults
}
diff --git a/default_http_client.go b/default_http_client.go
new file mode 100644
index 00000000..80a5ef15
--- /dev/null
+++ b/default_http_client.go
@@ -0,0 +1,30 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package gitpod
+
+import (
+ "net/http"
+ "time"
+)
+
+// defaultResponseHeaderTimeout bounds the time between a fully written request
+// and the server's response headers. It does not apply to the response body,
+// so long-running streams are unaffected. Without this, a server that accepts
+// the connection but never responds would hang the request indefinitely.
+const defaultResponseHeaderTimeout = 10 * time.Minute
+
+// defaultHTTPClient returns an [*http.Client] used when the caller does not
+// supply one via [option.WithHTTPClient]. When [http.DefaultTransport] is the
+// stdlib [*http.Transport], it is cloned and a [http.Transport.ResponseHeaderTimeout]
+// is set so stuck connections fail fast instead of compounding across retries.
+// If [http.DefaultTransport] has been wrapped (for example by otelhttp for
+// distributed tracing), the wrapping is preserved and the header timeout is
+// skipped.
+func defaultHTTPClient() *http.Client {
+ if t, ok := http.DefaultTransport.(*http.Transport); ok {
+ t = t.Clone()
+ t.ResponseHeaderTimeout = defaultResponseHeaderTimeout
+ return &http.Client{Transport: t}
+ }
+ return &http.Client{Transport: http.DefaultTransport}
+}
diff --git a/environment.go b/environment.go
index a870d108..f1e93495 100644
--- a/environment.go
+++ b/environment.go
@@ -1043,9 +1043,6 @@ func (r environmentSpecSecretJSON) RawJSON() string {
// field is orthogonal to mount — a secret can be both mounted (e.g. as a git
// credential) and proxied at the same time.
type EnvironmentSpecSecretsCredentialProxy struct {
- // format describes how the secret value is encoded. The proxy uses this to decode
- // the value before injecting it into the header.
- Format EnvironmentSpecSecretsCredentialProxyFormat `json:"format"`
// header is the HTTP header name to inject (e.g. "Authorization").
Header string `json:"header"`
// target_hosts lists the hostnames to intercept (for example "github.com" or
@@ -1057,7 +1054,6 @@ type EnvironmentSpecSecretsCredentialProxy struct {
// environmentSpecSecretsCredentialProxyJSON contains the JSON metadata for the
// struct [EnvironmentSpecSecretsCredentialProxy]
type environmentSpecSecretsCredentialProxyJSON struct {
- Format apijson.Field
Header apijson.Field
TargetHosts apijson.Field
raw string
@@ -1072,24 +1068,6 @@ func (r environmentSpecSecretsCredentialProxyJSON) RawJSON() string {
return r.raw
}
-// format describes how the secret value is encoded. The proxy uses this to decode
-// the value before injecting it into the header.
-type EnvironmentSpecSecretsCredentialProxyFormat string
-
-const (
- EnvironmentSpecSecretsCredentialProxyFormatFormatUnspecified EnvironmentSpecSecretsCredentialProxyFormat = "FORMAT_UNSPECIFIED"
- EnvironmentSpecSecretsCredentialProxyFormatFormatPlain EnvironmentSpecSecretsCredentialProxyFormat = "FORMAT_PLAIN"
- EnvironmentSpecSecretsCredentialProxyFormatFormatBase64 EnvironmentSpecSecretsCredentialProxyFormat = "FORMAT_BASE64"
-)
-
-func (r EnvironmentSpecSecretsCredentialProxyFormat) IsKnown() bool {
- switch r {
- case EnvironmentSpecSecretsCredentialProxyFormatFormatUnspecified, EnvironmentSpecSecretsCredentialProxyFormatFormatPlain, EnvironmentSpecSecretsCredentialProxyFormatFormatBase64:
- return true
- }
- return false
-}
-
// scope indicates where this secret originated from. Used to filter secrets during
// build (only org and project secrets are injected).
type EnvironmentSpecSecretsScope string
@@ -1346,9 +1324,6 @@ func (r EnvironmentSpecSecretParam) MarshalJSON() (data []byte, err error) {
// field is orthogonal to mount — a secret can be both mounted (e.g. as a git
// credential) and proxied at the same time.
type EnvironmentSpecSecretsCredentialProxyParam struct {
- // format describes how the secret value is encoded. The proxy uses this to decode
- // the value before injecting it into the header.
- Format param.Field[EnvironmentSpecSecretsCredentialProxyFormat] `json:"format"`
// header is the HTTP header name to inject (e.g. "Authorization").
Header param.Field[string] `json:"header"`
// target_hosts lists the hostnames to intercept (for example "github.com" or
@@ -1628,6 +1603,9 @@ func (r environmentStatusContentGitJSON) RawJSON() string {
type EnvironmentStatusContentGitChangedFile struct {
// ChangeType is the type of change that happened to the file
ChangeType EnvironmentStatusContentGitChangedFilesChangeType `json:"changeType"`
+ // old_path is the previous path of the file before a rename or copy. Only set when
+ // change_type is RENAMED or COPIED.
+ OldPath string `json:"oldPath"`
// path is the path of the file
Path string `json:"path"`
JSON environmentStatusContentGitChangedFileJSON `json:"-"`
@@ -1637,6 +1615,7 @@ type EnvironmentStatusContentGitChangedFile struct {
// struct [EnvironmentStatusContentGitChangedFile]
type environmentStatusContentGitChangedFileJSON struct {
ChangeType apijson.Field
+ OldPath apijson.Field
Path apijson.Field
raw string
ExtraFields map[string]apijson.Field
diff --git a/environment_test.go b/environment_test.go
index 5910c4e8..dedb297f 100644
--- a/environment_test.go
+++ b/environment_test.go
@@ -98,7 +98,6 @@ func TestEnvironmentNewWithOptionalParams(t *testing.T) {
APIOnly: gitpod.F(true),
ContainerRegistryBasicAuthHost: gitpod.F("containerRegistryBasicAuthHost"),
CredentialProxy: gitpod.F(gitpod.EnvironmentSpecSecretsCredentialProxyParam{
- Format: gitpod.F(gitpod.EnvironmentSpecSecretsCredentialProxyFormatFormatUnspecified),
Header: gitpod.F("header"),
TargetHosts: gitpod.F([]string{"string"}),
}),
@@ -411,7 +410,6 @@ func TestEnvironmentNewFromProjectWithOptionalParams(t *testing.T) {
APIOnly: gitpod.F(true),
ContainerRegistryBasicAuthHost: gitpod.F("containerRegistryBasicAuthHost"),
CredentialProxy: gitpod.F(gitpod.EnvironmentSpecSecretsCredentialProxyParam{
- Format: gitpod.F(gitpod.EnvironmentSpecSecretsCredentialProxyFormatFormatUnspecified),
Header: gitpod.F("header"),
TargetHosts: gitpod.F([]string{"string"}),
}),
diff --git a/environmentautomation.go b/environmentautomation.go
index b4523b77..a501c27f 100644
--- a/environmentautomation.go
+++ b/environmentautomation.go
@@ -95,9 +95,67 @@ type AutomationsFileServiceParam struct {
Commands param.Field[AutomationsFileServicesCommandsParam] `json:"commands"`
Description param.Field[string] `json:"description"`
Name param.Field[string] `json:"name"`
- Role param.Field[AutomationsFileServicesRole] `json:"role"`
- RunsOn param.Field[shared.RunsOnParam] `json:"runsOn"`
- TriggeredBy param.Field[[]AutomationsFileServicesTriggeredBy] `json:"triggeredBy"`
+ // A Duration represents a signed, fixed-length span of time represented as a count
+ // of seconds and fractions of seconds at nanosecond resolution. It is independent
+ // of any calendar and concepts like "day" or "month". It is related to Timestamp
+ // in that the difference between two Timestamp values is a Duration and it can be
+ // added or subtracted from a Timestamp. Range is approximately +-10,000 years.
+ //
+ // # Examples
+ //
+ // Example 1: Compute Duration from two Timestamps in pseudo code.
+ //
+ // Timestamp start = ...;
+ // Timestamp end = ...;
+ // Duration duration = ...;
+ //
+ // duration.seconds = end.seconds - start.seconds;
+ // duration.nanos = end.nanos - start.nanos;
+ //
+ // if (duration.seconds < 0 && duration.nanos > 0) {
+ // duration.seconds += 1;
+ // duration.nanos -= 1000000000;
+ // } else if (duration.seconds > 0 && duration.nanos < 0) {
+ // duration.seconds -= 1;
+ // duration.nanos += 1000000000;
+ // }
+ //
+ // Example 2: Compute Timestamp from Timestamp + Duration in pseudo code.
+ //
+ // Timestamp start = ...;
+ // Duration duration = ...;
+ // Timestamp end = ...;
+ //
+ // end.seconds = start.seconds + duration.seconds;
+ // end.nanos = start.nanos + duration.nanos;
+ //
+ // if (end.nanos < 0) {
+ // end.seconds -= 1;
+ // end.nanos += 1000000000;
+ // } else if (end.nanos >= 1000000000) {
+ // end.seconds += 1;
+ // end.nanos -= 1000000000;
+ // }
+ //
+ // Example 3: Compute Duration from datetime.timedelta in Python.
+ //
+ // td = datetime.timedelta(days=3, minutes=10)
+ // duration = Duration()
+ // duration.FromTimedelta(td)
+ //
+ // # JSON Mapping
+ //
+ // In JSON format, the Duration type is encoded as a string rather than an object,
+ // where the string ends in the suffix "s" (indicating seconds) and is preceded by
+ // the number of seconds, with nanoseconds expressed as fractional seconds. For
+ // example, 3 seconds with 0 nanoseconds should be encoded in JSON format as "3s",
+ // while 3 seconds and 1 nanosecond should be expressed in JSON format as
+ // "3.000000001s", and 3 seconds and 1 microsecond should be expressed in JSON
+ // format as "3.000001s".
+ ReadinessTimeout param.Field[string] `json:"readinessTimeout" format:"regex"`
+ Role param.Field[AutomationsFileServicesRole] `json:"role"`
+ RunsOn param.Field[shared.RunsOnParam] `json:"runsOn"`
+ TriggeredBy param.Field[[]AutomationsFileServicesTriggeredBy] `json:"triggeredBy"`
}
func (r AutomationsFileServiceParam) MarshalJSON() (data []byte, err error) {
@@ -153,11 +211,12 @@ const (
AutomationsFileServicesTriggeredByManual AutomationsFileServicesTriggeredBy = "manual"
AutomationsFileServicesTriggeredByPostEnvironmentStart AutomationsFileServicesTriggeredBy = "postEnvironmentStart"
AutomationsFileServicesTriggeredByPostDevcontainerStart AutomationsFileServicesTriggeredBy = "postDevcontainerStart"
+ AutomationsFileServicesTriggeredByPrebuild AutomationsFileServicesTriggeredBy = "prebuild"
)
func (r AutomationsFileServicesTriggeredBy) IsKnown() bool {
switch r {
- case AutomationsFileServicesTriggeredByManual, AutomationsFileServicesTriggeredByPostEnvironmentStart, AutomationsFileServicesTriggeredByPostDevcontainerStart:
+ case AutomationsFileServicesTriggeredByManual, AutomationsFileServicesTriggeredByPostEnvironmentStart, AutomationsFileServicesTriggeredByPostDevcontainerStart, AutomationsFileServicesTriggeredByPrebuild:
return true
}
return false
diff --git a/environmentautomation_test.go b/environmentautomation_test.go
index c8ad0144..9d987a59 100644
--- a/environmentautomation_test.go
+++ b/environmentautomation_test.go
@@ -36,16 +36,16 @@ func TestEnvironmentAutomationUpsertWithOptionalParams(t *testing.T) {
Start: gitpod.F("npm run dev"),
Stop: gitpod.F("stop"),
}),
- Description: gitpod.F("Development web server"),
- Name: gitpod.F("Web Server"),
- Role: gitpod.F(gitpod.AutomationsFileServicesRoleEmpty),
+ Description: gitpod.F("Development web server"),
+ Name: gitpod.F("Web Server"),
+ ReadinessTimeout: gitpod.F("+9125115.360s"),
+ Role: gitpod.F(gitpod.AutomationsFileServicesRoleEmpty),
RunsOn: gitpod.F(shared.RunsOnParam{
Docker: gitpod.F(shared.RunsOnDockerParam{
Environment: gitpod.F([]string{"string"}),
Image: gitpod.F("x"),
}),
- Machine: gitpod.F[any](map[string]interface{}{}),
- Terminal: gitpod.F[any](map[string]interface{}{}),
+ Machine: gitpod.F[any](map[string]interface{}{}),
}),
TriggeredBy: gitpod.F([]gitpod.AutomationsFileServicesTriggeredBy{gitpod.AutomationsFileServicesTriggeredByPostDevcontainerStart}),
},
@@ -61,8 +61,7 @@ func TestEnvironmentAutomationUpsertWithOptionalParams(t *testing.T) {
Environment: gitpod.F([]string{"string"}),
Image: gitpod.F("x"),
}),
- Machine: gitpod.F[any](map[string]interface{}{}),
- Terminal: gitpod.F[any](map[string]interface{}{}),
+ Machine: gitpod.F[any](map[string]interface{}{}),
}),
TriggeredBy: gitpod.F([]gitpod.AutomationsFileTasksTriggeredBy{gitpod.AutomationsFileTasksTriggeredByPostEnvironmentStart}),
},
diff --git a/environmentautomationservice.go b/environmentautomationservice.go
index 7d0cdff6..cf8b8e2b 100644
--- a/environmentautomationservice.go
+++ b/environmentautomationservice.go
@@ -472,6 +472,9 @@ type ServiceSpec struct {
DesiredPhase ServicePhase `json:"desiredPhase"`
// env specifies environment variables for the service.
Env []shared.EnvironmentVariableItem `json:"env"`
+ // readiness_timeout is the maximum duration a service may remain in the Starting
+ // phase while readiness checks run. 0s disables the timeout.
+ ReadinessTimeout string `json:"readinessTimeout" format:"regex"`
// runs_on specifies the environment the service should run on.
RunsOn shared.RunsOn `json:"runsOn"`
// session should be changed to trigger a restart of the service. If a service
@@ -486,14 +489,15 @@ type ServiceSpec struct {
// serviceSpecJSON contains the JSON metadata for the struct [ServiceSpec]
type serviceSpecJSON struct {
- Commands apijson.Field
- DesiredPhase apijson.Field
- Env apijson.Field
- RunsOn apijson.Field
- Session apijson.Field
- SpecVersion apijson.Field
- raw string
- ExtraFields map[string]apijson.Field
+ Commands apijson.Field
+ DesiredPhase apijson.Field
+ Env apijson.Field
+ ReadinessTimeout apijson.Field
+ RunsOn apijson.Field
+ Session apijson.Field
+ SpecVersion apijson.Field
+ raw string
+ ExtraFields map[string]apijson.Field
}
func (r *ServiceSpec) UnmarshalJSON(data []byte) (err error) {
@@ -556,6 +560,9 @@ type ServiceSpecParam struct {
DesiredPhase param.Field[ServicePhase] `json:"desiredPhase"`
// env specifies environment variables for the service.
Env param.Field[[]shared.EnvironmentVariableItemParam] `json:"env"`
+ // readiness_timeout is the maximum duration a service may remain in the Starting
+ // phase while readiness checks run. 0s disables the timeout.
+ ReadinessTimeout param.Field[string] `json:"readinessTimeout" format:"regex"`
// runs_on specifies the environment the service should run on.
RunsOn param.Field[shared.RunsOnParam] `json:"runsOn"`
// session should be changed to trigger a restart of the service. If a service
@@ -752,7 +759,65 @@ func (r EnvironmentAutomationServiceUpdateParamsMetadataTriggeredBy) MarshalJSON
type EnvironmentAutomationServiceUpdateParamsSpec struct {
Commands param.Field[EnvironmentAutomationServiceUpdateParamsSpecCommands] `json:"commands"`
Env param.Field[[]shared.EnvironmentVariableItemParam] `json:"env"`
- RunsOn param.Field[shared.RunsOnParam] `json:"runsOn"`
+ // A Duration represents a signed, fixed-length span of time represented as a count
+ // of seconds and fractions of seconds at nanosecond resolution. It is independent
+ // of any calendar and concepts like "day" or "month". It is related to Timestamp
+ // in that the difference between two Timestamp values is a Duration and it can be
+ // added or subtracted from a Timestamp. Range is approximately +-10,000 years.
+ //
+ // # Examples
+ //
+ // Example 1: Compute Duration from two Timestamps in pseudo code.
+ //
+ // Timestamp start = ...;
+ // Timestamp end = ...;
+ // Duration duration = ...;
+ //
+ // duration.seconds = end.seconds - start.seconds;
+ // duration.nanos = end.nanos - start.nanos;
+ //
+ // if (duration.seconds < 0 && duration.nanos > 0) {
+ // duration.seconds += 1;
+ // duration.nanos -= 1000000000;
+ // } else if (duration.seconds > 0 && duration.nanos < 0) {
+ // duration.seconds -= 1;
+ // duration.nanos += 1000000000;
+ // }
+ //
+ // Example 2: Compute Timestamp from Timestamp + Duration in pseudo code.
+ //
+ // Timestamp start = ...;
+ // Duration duration = ...;
+ // Timestamp end = ...;
+ //
+ // end.seconds = start.seconds + duration.seconds;
+ // end.nanos = start.nanos + duration.nanos;
+ //
+ // if (end.nanos < 0) {
+ // end.seconds -= 1;
+ // end.nanos += 1000000000;
+ // } else if (end.nanos >= 1000000000) {
+ // end.seconds += 1;
+ // end.nanos -= 1000000000;
+ // }
+ //
+ // Example 3: Compute Duration from datetime.timedelta in Python.
+ //
+ // td = datetime.timedelta(days=3, minutes=10)
+ // duration = Duration()
+ // duration.FromTimedelta(td)
+ //
+ // # JSON Mapping
+ //
+ // In JSON format, the Duration type is encoded as a string rather than an object,
+ // where the string ends in the suffix "s" (indicating seconds) and is preceded by
+ // the number of seconds, with nanoseconds expressed as fractional seconds. For
+ // example, 3 seconds with 0 nanoseconds should be encoded in JSON format as "3s",
+ // while 3 seconds and 1 nanosecond should be expressed in JSON format as
+ // "3.000000001s", and 3 seconds and 1 microsecond should be expressed in JSON
+ // format as "3.000001s".
+ ReadinessTimeout param.Field[string] `json:"readinessTimeout" format:"regex"`
+ RunsOn param.Field[shared.RunsOnParam] `json:"runsOn"`
}
func (r EnvironmentAutomationServiceUpdateParamsSpec) MarshalJSON() (data []byte, err error) {
diff --git a/environmentautomationservice_test.go b/environmentautomationservice_test.go
index ff0f3d82..0ccec73e 100644
--- a/environmentautomationservice_test.go
+++ b/environmentautomationservice_test.go
@@ -65,13 +65,13 @@ func TestEnvironmentAutomationServiceNewWithOptionalParams(t *testing.T) {
}),
}),
}}),
+ ReadinessTimeout: gitpod.F("+9125115.360s"),
RunsOn: gitpod.F(shared.RunsOnParam{
Docker: gitpod.F(shared.RunsOnDockerParam{
Environment: gitpod.F([]string{"string"}),
Image: gitpod.F("x"),
}),
- Machine: gitpod.F[any](map[string]interface{}{}),
- Terminal: gitpod.F[any](map[string]interface{}{}),
+ Machine: gitpod.F[any](map[string]interface{}{}),
}),
Session: gitpod.F("session"),
SpecVersion: gitpod.F("specVersion"),
@@ -156,13 +156,13 @@ func TestEnvironmentAutomationServiceUpdateWithOptionalParams(t *testing.T) {
}),
}),
}}),
+ ReadinessTimeout: gitpod.F("+9125115.360s"),
RunsOn: gitpod.F(shared.RunsOnParam{
Docker: gitpod.F(shared.RunsOnDockerParam{
Environment: gitpod.F([]string{"string"}),
Image: gitpod.F("x"),
}),
- Machine: gitpod.F[any](map[string]interface{}{}),
- Terminal: gitpod.F[any](map[string]interface{}{}),
+ Machine: gitpod.F[any](map[string]interface{}{}),
}),
}),
Status: gitpod.F(gitpod.EnvironmentAutomationServiceUpdateParamsStatus{
diff --git a/environmentautomationtask_test.go b/environmentautomationtask_test.go
index 21a0f712..3d110ccb 100644
--- a/environmentautomationtask_test.go
+++ b/environmentautomationtask_test.go
@@ -65,8 +65,7 @@ func TestEnvironmentAutomationTaskNewWithOptionalParams(t *testing.T) {
Environment: gitpod.F([]string{"string"}),
Image: gitpod.F("x"),
}),
- Machine: gitpod.F[any](map[string]interface{}{}),
- Terminal: gitpod.F[any](map[string]interface{}{}),
+ Machine: gitpod.F[any](map[string]interface{}{}),
}),
}),
})
@@ -150,8 +149,7 @@ func TestEnvironmentAutomationTaskUpdateWithOptionalParams(t *testing.T) {
Environment: gitpod.F([]string{"string"}),
Image: gitpod.F("x"),
}),
- Machine: gitpod.F[any](map[string]interface{}{}),
- Terminal: gitpod.F[any](map[string]interface{}{}),
+ Machine: gitpod.F[any](map[string]interface{}{}),
}),
}),
})
diff --git a/internal/apiform/encoder.go b/internal/apiform/encoder.go
index 9528f58f..681a7670 100644
--- a/internal/apiform/encoder.go
+++ b/internal/apiform/encoder.go
@@ -42,7 +42,7 @@ type encoderField struct {
}
type encoderEntry struct {
- reflect.Type
+ typ reflect.Type
dateFormat string
root bool
}
@@ -59,7 +59,7 @@ func (e *encoder) marshal(value interface{}, writer *multipart.Writer) error {
func (e *encoder) typeEncoder(t reflect.Type) encoderFunc {
entry := encoderEntry{
- Type: t,
+ typ: t,
dateFormat: e.dateFormat,
root: e.root,
}
diff --git a/internal/apijson/decoder.go b/internal/apijson/decoder.go
index bf01bf6b..f5fe7e3c 100644
--- a/internal/apijson/decoder.go
+++ b/internal/apijson/decoder.go
@@ -75,7 +75,7 @@ type decoderField struct {
}
type decoderEntry struct {
- reflect.Type
+ typ reflect.Type
dateFormat string
root bool
}
@@ -91,7 +91,7 @@ func (d *decoderBuilder) unmarshal(raw []byte, to any) error {
func (d *decoderBuilder) typeDecoder(t reflect.Type) decoderFunc {
entry := decoderEntry{
- Type: t,
+ typ: t,
dateFormat: d.dateFormat,
root: d.root,
}
diff --git a/internal/apijson/encoder.go b/internal/apijson/encoder.go
index 96fd57a5..bc1a0d5e 100644
--- a/internal/apijson/encoder.go
+++ b/internal/apijson/encoder.go
@@ -46,7 +46,7 @@ type encoderField struct {
}
type encoderEntry struct {
- reflect.Type
+ typ reflect.Type
dateFormat string
root bool
}
@@ -63,7 +63,7 @@ func (e *encoder) marshal(value interface{}) ([]byte, error) {
func (e *encoder) typeEncoder(t reflect.Type) encoderFunc {
entry := encoderEntry{
- Type: t,
+ typ: t,
dateFormat: e.dateFormat,
root: e.root,
}
diff --git a/internal/apiquery/encoder.go b/internal/apiquery/encoder.go
index 8820f0db..37252f32 100644
--- a/internal/apiquery/encoder.go
+++ b/internal/apiquery/encoder.go
@@ -29,7 +29,7 @@ type encoderField struct {
}
type encoderEntry struct {
- reflect.Type
+ typ reflect.Type
dateFormat string
root bool
settings QuerySettings
@@ -42,7 +42,7 @@ type Pair struct {
func (e *encoder) typeEncoder(t reflect.Type) encoderFunc {
entry := encoderEntry{
- Type: t,
+ typ: t,
dateFormat: e.dateFormat,
root: e.root,
settings: e.settings,
diff --git a/internal/version.go b/internal/version.go
index 871f0965..870e575a 100644
--- a/internal/version.go
+++ b/internal/version.go
@@ -2,4 +2,4 @@
package internal
-const PackageVersion = "0.13.0" // x-release-please-version
+const PackageVersion = "0.14.0" // x-release-please-version
diff --git a/option/middleware.go b/option/middleware.go
index 8ec9dd60..4be09875 100644
--- a/option/middleware.go
+++ b/option/middleware.go
@@ -8,6 +8,10 @@ import (
"net/http/httputil"
)
+// sensitiveLogHeaders are redacted before request and response content is
+// written to the debug logger.
+var sensitiveLogHeaders = []string{"authorization", "api-key", "x-api-key", "cookie", "set-cookie"}
+
// WithDebugLog logs the HTTP request and response content.
// If the logger parameter is nil, it uses the default logger.
//
@@ -20,7 +24,7 @@ func WithDebugLog(logger *log.Logger) RequestOption {
logger = log.Default()
}
- if reqBytes, err := httputil.DumpRequest(req, true); err == nil {
+ if reqBytes, err := dumpRedactedRequest(req); err == nil {
logger.Printf("Request Content:\n%s\n", reqBytes)
}
@@ -29,10 +33,48 @@ func WithDebugLog(logger *log.Logger) RequestOption {
return resp, err
}
- if respBytes, err := httputil.DumpResponse(resp, true); err == nil {
+ if respBytes, err := dumpRedactedResponse(resp); err == nil {
logger.Printf("Response Content:\n%s\n", respBytes)
}
return resp, err
})
}
+
+// dumpRedactedRequest dumps req with sensitive headers replaced. The
+// original headers are restored via defer so a panic in DumpRequest cannot
+// leak the placeholder map into the live request sent downstream.
+func dumpRedactedRequest(req *http.Request) ([]byte, error) {
+ origHeaders := req.Header
+ req.Header = redactDebugHeaders(origHeaders)
+ defer func() { req.Header = origHeaders }()
+ return httputil.DumpRequest(req, true)
+}
+
+func dumpRedactedResponse(resp *http.Response) ([]byte, error) {
+ origHeaders := resp.Header
+ resp.Header = redactDebugHeaders(origHeaders)
+ defer func() { resp.Header = origHeaders }()
+ return httputil.DumpResponse(resp, true)
+}
+
+func redactDebugHeaders(headers http.Header) http.Header {
+ var redacted http.Header
+ for _, name := range sensitiveLogHeaders {
+ values := headers.Values(name)
+ if len(values) == 0 {
+ continue
+ }
+ if redacted == nil {
+ redacted = headers.Clone()
+ }
+ redacted.Del(name)
+ for range values {
+ redacted.Add(name, "***")
+ }
+ }
+ if redacted == nil {
+ return headers
+ }
+ return redacted
+}
diff --git a/organizationpolicy.go b/organizationpolicy.go
index 88824740..a951dc95 100644
--- a/organizationpolicy.go
+++ b/organizationpolicy.go
@@ -271,6 +271,9 @@ type OrganizationPolicies struct {
// this == duration('0s') || this >= duration('1800s')
// ```
MaximumEnvironmentTimeout string `json:"maximumEnvironmentTimeout" format:"regex"`
+ // project_creation_defaults contains default settings applied to newly created
+ // projects.
+ ProjectCreationDefaults ProjectCreationDefaults `json:"projectCreationDefaults"`
// security_agent_policy contains security agent configuration for the
// organization. When configured, security agents are automatically deployed to all
// environments.
@@ -300,6 +303,7 @@ type organizationPoliciesJSON struct {
EditorVersionRestrictions apijson.Field
MaximumEnvironmentLifetime apijson.Field
MaximumEnvironmentTimeout apijson.Field
+ ProjectCreationDefaults apijson.Field
SecurityAgentPolicy apijson.Field
VetoExecPolicy apijson.Field
raw string
@@ -340,6 +344,31 @@ func (r organizationPoliciesEditorVersionRestrictionJSON) RawJSON() string {
return r.raw
}
+// ProjectCreationDefaults contains default settings applied to newly created
+// projects.
+type ProjectCreationDefaults struct {
+ // insights_enabled controls whether Insights (co-author attribution) is
+ // automatically enabled on newly created projects.
+ InsightsEnabled bool `json:"insightsEnabled"`
+ JSON projectCreationDefaultsJSON `json:"-"`
+}
+
+// projectCreationDefaultsJSON contains the JSON metadata for the struct
+// [ProjectCreationDefaults]
+type projectCreationDefaultsJSON struct {
+ InsightsEnabled apijson.Field
+ raw string
+ ExtraFields map[string]apijson.Field
+}
+
+func (r *ProjectCreationDefaults) UnmarshalJSON(data []byte) (err error) {
+ return apijson.UnmarshalRoot(data, r)
+}
+
+func (r projectCreationDefaultsJSON) RawJSON() string {
+ return r.raw
+}
+
// SecurityAgentPolicy contains security agent configuration for an organization.
// When enabled, security agents are automatically deployed to all environments.
type SecurityAgentPolicy struct {
@@ -483,6 +512,11 @@ type OrganizationPolicyUpdateParams struct {
// maximum_running_environments_per_user limits simultaneously running environments
// per user
MaximumRunningEnvironmentsPerUser param.Field[string] `json:"maximumRunningEnvironmentsPerUser"`
+ // max_port_admission_level caps the maximum admission level a user-opened port may
+ // use. UNSPECIFIED means no cap (any AdmissionLevel value is allowed). System
+ // ports (VS Code Browser, agents) are exempt. The legacy port_sharing_disabled
+ // field, when true, takes precedence and blocks all user-initiated port sharing.
+ MaxPortAdmissionLevel param.Field[AdmissionLevel] `json:"maxPortAdmissionLevel"`
// members_create_projects controls whether members can create projects
MembersCreateProjects param.Field[bool] `json:"membersCreateProjects"`
// members_require_projects controls whether environments can only be created from
@@ -492,6 +526,9 @@ type OrganizationPolicyUpdateParams struct {
// in the organization. System ports (VS Code Browser, agents) are always exempt
// from this policy.
PortSharingDisabled param.Field[bool] `json:"portSharingDisabled"`
+ // project_creation_defaults contains updates to default settings applied to newly
+ // created projects.
+ ProjectCreationDefaults param.Field[OrganizationPolicyUpdateParamsProjectCreationDefaults] `json:"projectCreationDefaults"`
// require_custom_domain_access controls whether users must access via custom
// domain when one is configured. When true, access via app.gitpod.io is blocked.
RequireCustomDomainAccess param.Field[bool] `json:"requireCustomDomainAccess"`
@@ -548,6 +585,18 @@ func (r OrganizationPolicyUpdateParamsEditorVersionRestrictions) MarshalJSON() (
return apijson.MarshalRoot(r)
}
+// project_creation_defaults contains updates to default settings applied to newly
+// created projects.
+type OrganizationPolicyUpdateParamsProjectCreationDefaults struct {
+ // insights_enabled controls whether Insights (co-author attribution) is
+ // automatically enabled on newly created projects.
+ InsightsEnabled param.Field[bool] `json:"insightsEnabled"`
+}
+
+func (r OrganizationPolicyUpdateParamsProjectCreationDefaults) MarshalJSON() (data []byte, err error) {
+ return apijson.MarshalRoot(r)
+}
+
// security_agent_policy contains security agent configuration updates
type OrganizationPolicyUpdateParamsSecurityAgentPolicy struct {
// crowdstrike contains CrowdStrike Falcon configuration updates
diff --git a/organizationpolicy_test.go b/organizationpolicy_test.go
index 0a778ada..9f7ca9c8 100644
--- a/organizationpolicy_test.go
+++ b/organizationpolicy_test.go
@@ -75,11 +75,15 @@ func TestOrganizationPolicyUpdateWithOptionalParams(t *testing.T) {
MaximumEnvironmentsPerUser: gitpod.F("20"),
MaximumEnvironmentTimeout: gitpod.F("3600s"),
MaximumRunningEnvironmentsPerUser: gitpod.F("5"),
+ MaxPortAdmissionLevel: gitpod.F(gitpod.AdmissionLevelUnspecified),
MembersCreateProjects: gitpod.F(true),
MembersRequireProjects: gitpod.F(true),
PortSharingDisabled: gitpod.F(true),
- RequireCustomDomainAccess: gitpod.F(true),
- RestrictAccountCreationToScim: gitpod.F(true),
+ ProjectCreationDefaults: gitpod.F(gitpod.OrganizationPolicyUpdateParamsProjectCreationDefaults{
+ InsightsEnabled: gitpod.F(true),
+ }),
+ RequireCustomDomainAccess: gitpod.F(true),
+ RestrictAccountCreationToScim: gitpod.F(true),
SecurityAgentPolicy: gitpod.F(gitpod.OrganizationPolicyUpdateParamsSecurityAgentPolicy{
Crowdstrike: gitpod.F(gitpod.OrganizationPolicyUpdateParamsSecurityAgentPolicyCrowdstrike{
AdditionalOptions: gitpod.F(map[string]string{
diff --git a/organizationscimconfiguration.go b/organizationscimconfiguration.go
index af96042b..95120251 100644
--- a/organizationscimconfiguration.go
+++ b/organizationscimconfiguration.go
@@ -257,6 +257,10 @@ type ScimConfiguration struct {
TokenExpiresAt time.Time `json:"tokenExpiresAt" api:"required" format:"date-time"`
// updated_at is when the SCIM configuration was last updated
UpdatedAt time.Time `json:"updatedAt" api:"required" format:"date-time"`
+ // allow_unverified_email_account_linking allows SCIM to link provisioned users to
+ // existing accounts when the identity provider does not mark the email address as
+ // verified
+ AllowUnverifiedEmailAccountLinking bool `json:"allowUnverifiedEmailAccountLinking"`
// enabled indicates if SCIM provisioning is active
Enabled bool `json:"enabled"`
// name is a human-readable name for the SCIM configuration
@@ -269,16 +273,17 @@ type ScimConfiguration struct {
// scimConfigurationJSON contains the JSON metadata for the struct
// [ScimConfiguration]
type scimConfigurationJSON struct {
- ID apijson.Field
- CreatedAt apijson.Field
- OrganizationID apijson.Field
- TokenExpiresAt apijson.Field
- UpdatedAt apijson.Field
- Enabled apijson.Field
- Name apijson.Field
- SSOConfigurationID apijson.Field
- raw string
- ExtraFields map[string]apijson.Field
+ ID apijson.Field
+ CreatedAt apijson.Field
+ OrganizationID apijson.Field
+ TokenExpiresAt apijson.Field
+ UpdatedAt apijson.Field
+ AllowUnverifiedEmailAccountLinking apijson.Field
+ Enabled apijson.Field
+ Name apijson.Field
+ SSOConfigurationID apijson.Field
+ raw string
+ ExtraFields map[string]apijson.Field
}
func (r *ScimConfiguration) UnmarshalJSON(data []byte) (err error) {
@@ -397,6 +402,10 @@ type OrganizationScimConfigurationNewParams struct {
// sso_configuration_id is the SSO configuration to link (required for user
// provisioning)
SSOConfigurationID param.Field[string] `json:"ssoConfigurationId" api:"required" format:"uuid"`
+ // allow_unverified_email_account_linking allows SCIM to link provisioned users to
+ // existing accounts when the identity provider does not mark the email address as
+ // verified
+ AllowUnverifiedEmailAccountLinking param.Field[bool] `json:"allowUnverifiedEmailAccountLinking"`
// name is a human-readable name for the SCIM configuration
Name param.Field[string] `json:"name"`
// token_expires_in is the duration until the token expires. Defaults to 1 year.
@@ -420,6 +429,10 @@ func (r OrganizationScimConfigurationGetParams) MarshalJSON() (data []byte, err
type OrganizationScimConfigurationUpdateParams struct {
// scim_configuration_id is the ID of the SCIM configuration to update
ScimConfigurationID param.Field[string] `json:"scimConfigurationId" api:"required" format:"uuid"`
+ // allow_unverified_email_account_linking allows SCIM to link provisioned users to
+ // existing accounts when the identity provider does not mark the email address as
+ // verified
+ AllowUnverifiedEmailAccountLinking param.Field[bool] `json:"allowUnverifiedEmailAccountLinking"`
// enabled controls whether SCIM provisioning is active
Enabled param.Field[bool] `json:"enabled"`
// name is a human-readable name for the SCIM configuration
diff --git a/organizationscimconfiguration_test.go b/organizationscimconfiguration_test.go
index 5ecb0d2b..00e26893 100644
--- a/organizationscimconfiguration_test.go
+++ b/organizationscimconfiguration_test.go
@@ -27,10 +27,11 @@ func TestOrganizationScimConfigurationNewWithOptionalParams(t *testing.T) {
option.WithBearerToken("My Bearer Token"),
)
_, err := client.Organizations.ScimConfigurations.New(context.TODO(), gitpod.OrganizationScimConfigurationNewParams{
- OrganizationID: gitpod.F("b0e12f6c-4c67-429d-a4a6-d9838b5da047"),
- SSOConfigurationID: gitpod.F("d2c94c27-3b76-4a42-b88c-95a85e392c68"),
- Name: gitpod.F("name"),
- TokenExpiresIn: gitpod.F("+9125115.360s"),
+ OrganizationID: gitpod.F("b0e12f6c-4c67-429d-a4a6-d9838b5da047"),
+ SSOConfigurationID: gitpod.F("d2c94c27-3b76-4a42-b88c-95a85e392c68"),
+ AllowUnverifiedEmailAccountLinking: gitpod.F(true),
+ Name: gitpod.F("name"),
+ TokenExpiresIn: gitpod.F("+9125115.360s"),
})
if err != nil {
var apierr *gitpod.Error
@@ -80,10 +81,11 @@ func TestOrganizationScimConfigurationUpdateWithOptionalParams(t *testing.T) {
option.WithBearerToken("My Bearer Token"),
)
_, err := client.Organizations.ScimConfigurations.Update(context.TODO(), gitpod.OrganizationScimConfigurationUpdateParams{
- ScimConfigurationID: gitpod.F("d2c94c27-3b76-4a42-b88c-95a85e392c68"),
- Enabled: gitpod.F(false),
- Name: gitpod.F("name"),
- SSOConfigurationID: gitpod.F("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"),
+ ScimConfigurationID: gitpod.F("d2c94c27-3b76-4a42-b88c-95a85e392c68"),
+ AllowUnverifiedEmailAccountLinking: gitpod.F(true),
+ Enabled: gitpod.F(false),
+ Name: gitpod.F("name"),
+ SSOConfigurationID: gitpod.F("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"),
})
if err != nil {
var apierr *gitpod.Error
diff --git a/packages/pagination/pagination.go b/packages/pagination/pagination.go
index c85373c8..c9e2f5a6 100644
--- a/packages/pagination/pagination.go
+++ b/packages/pagination/pagination.go
@@ -1754,6 +1754,131 @@ func (r *MembersPageAutoPager[T]) Index() int {
return r.run
}
+type OrganizationsPagePagination struct {
+ NextToken string `json:"nextToken"`
+ JSON organizationsPagePaginationJSON `json:"-"`
+}
+
+// organizationsPagePaginationJSON contains the JSON metadata for the struct
+// [OrganizationsPagePagination]
+type organizationsPagePaginationJSON struct {
+ NextToken apijson.Field
+ raw string
+ ExtraFields map[string]apijson.Field
+}
+
+func (r *OrganizationsPagePagination) UnmarshalJSON(data []byte) (err error) {
+ return apijson.UnmarshalRoot(data, r)
+}
+
+func (r organizationsPagePaginationJSON) RawJSON() string {
+ return r.raw
+}
+
+type OrganizationsPage[T any] struct {
+ Organizations []T `json:"organizations"`
+ Pagination OrganizationsPagePagination `json:"pagination"`
+ JSON organizationsPageJSON `json:"-"`
+ cfg *requestconfig.RequestConfig
+ res *http.Response
+}
+
+// organizationsPageJSON contains the JSON metadata for the struct
+// [OrganizationsPage[T]]
+type organizationsPageJSON struct {
+ Organizations apijson.Field
+ Pagination apijson.Field
+ raw string
+ ExtraFields map[string]apijson.Field
+}
+
+func (r *OrganizationsPage[T]) UnmarshalJSON(data []byte) (err error) {
+ return apijson.UnmarshalRoot(data, r)
+}
+
+func (r organizationsPageJSON) RawJSON() string {
+ return r.raw
+}
+
+// GetNextPage returns the next page as defined by this pagination style. When
+// there is no next page, this function will return a 'nil' for the page value, but
+// will not return an error
+func (r *OrganizationsPage[T]) GetNextPage() (res *OrganizationsPage[T], err error) {
+ if len(r.Organizations) == 0 {
+ return nil, nil
+ }
+ next := r.Pagination.NextToken
+ if len(next) == 0 {
+ return nil, nil
+ }
+ cfg := r.cfg.Clone(r.cfg.Context)
+ err = cfg.Apply(option.WithQuery("token", next))
+ if err != nil {
+ return nil, err
+ }
+ var raw *http.Response
+ cfg.ResponseInto = &raw
+ cfg.ResponseBodyInto = &res
+ err = cfg.Execute()
+ if err != nil {
+ return nil, err
+ }
+ res.SetPageConfig(cfg, raw)
+ return res, nil
+}
+
+func (r *OrganizationsPage[T]) SetPageConfig(cfg *requestconfig.RequestConfig, res *http.Response) {
+ if r == nil {
+ r = &OrganizationsPage[T]{}
+ }
+ r.cfg = cfg
+ r.res = res
+}
+
+type OrganizationsPageAutoPager[T any] struct {
+ page *OrganizationsPage[T]
+ cur T
+ idx int
+ run int
+ err error
+}
+
+func NewOrganizationsPageAutoPager[T any](page *OrganizationsPage[T], err error) *OrganizationsPageAutoPager[T] {
+ return &OrganizationsPageAutoPager[T]{
+ page: page,
+ err: err,
+ }
+}
+
+func (r *OrganizationsPageAutoPager[T]) Next() bool {
+ if r.page == nil || len(r.page.Organizations) == 0 {
+ return false
+ }
+ if r.idx >= len(r.page.Organizations) {
+ r.idx = 0
+ r.page, r.err = r.page.GetNextPage()
+ if r.err != nil || r.page == nil || len(r.page.Organizations) == 0 {
+ return false
+ }
+ }
+ r.cur = r.page.Organizations[r.idx]
+ r.run += 1
+ r.idx += 1
+ return true
+}
+
+func (r *OrganizationsPageAutoPager[T]) Current() T {
+ return r.cur
+}
+
+func (r *OrganizationsPageAutoPager[T]) Err() error {
+ return r.err
+}
+
+func (r *OrganizationsPageAutoPager[T]) Index() int {
+ return r.run
+}
+
type OutputsPagePagination struct {
NextToken string `json:"nextToken"`
JSON outputsPagePaginationJSON `json:"-"`
diff --git a/runner.go b/runner.go
index cef57832..8c420013 100644
--- a/runner.go
+++ b/runner.go
@@ -365,11 +365,66 @@ func (r *RunnerService) NewRunnerToken(ctx context.Context, body RunnerNewRunner
// runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
// scmHost: "github.com"
// ```
-func (r *RunnerService) ListScmOrganizations(ctx context.Context, params RunnerListScmOrganizationsParams, opts ...option.RequestOption) (res *RunnerListScmOrganizationsResponse, err error) {
+//
+// - Search GitLab groups:
+//
+// Returns the first page of GitLab groups matching the substring.
+//
+// ```yaml
+// runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
+// scmHost: "gitlab.com"
+// query: "platform"
+// pagination:
+// pageSize: 25
+// ```
+func (r *RunnerService) ListScmOrganizations(ctx context.Context, params RunnerListScmOrganizationsParams, opts ...option.RequestOption) (res *pagination.OrganizationsPage[RunnerListScmOrganizationsResponse], err error) {
+ var raw *http.Response
opts = slices.Concat(r.Options, opts)
+ opts = append([]option.RequestOption{option.WithResponseInto(&raw)}, opts...)
path := "gitpod.v1.RunnerService/ListSCMOrganizations"
- err = requestconfig.ExecuteNewRequest(ctx, http.MethodPost, path, params, &res, opts...)
- return res, err
+ cfg, err := requestconfig.NewRequestConfig(ctx, http.MethodPost, path, params, &res, opts...)
+ if err != nil {
+ return nil, err
+ }
+ err = cfg.Execute()
+ if err != nil {
+ return nil, err
+ }
+ res.SetPageConfig(cfg, raw)
+ return res, nil
+}
+
+// Lists SCM organizations the user belongs to.
+//
+// Use this method to:
+//
+// - Get all organizations for a user on a specific SCM host
+// - Check organization admin permissions for webhook creation
+//
+// ### Examples
+//
+// - List GitHub organizations:
+//
+// Lists all organizations the user belongs to on GitHub.
+//
+// ```yaml
+// runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
+// scmHost: "github.com"
+// ```
+//
+// - Search GitLab groups:
+//
+// Returns the first page of GitLab groups matching the substring.
+//
+// ```yaml
+// runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
+// scmHost: "gitlab.com"
+// query: "platform"
+// pagination:
+// pageSize: 25
+// ```
+func (r *RunnerService) ListScmOrganizationsAutoPaging(ctx context.Context, params RunnerListScmOrganizationsParams, opts ...option.RequestOption) *pagination.OrganizationsPageAutoPager[RunnerListScmOrganizationsResponse] {
+ return pagination.NewOrganizationsPageAutoPager(r.ListScmOrganizations(ctx, params, opts...))
}
// Parses a context URL and returns the parsed result.
@@ -599,11 +654,14 @@ const (
RunnerCapabilityRunnerSideAgent RunnerCapability = "RUNNER_CAPABILITY_RUNNER_SIDE_AGENT"
RunnerCapabilityWarmPool RunnerCapability = "RUNNER_CAPABILITY_WARM_POOL"
RunnerCapabilityAsgWarmPool RunnerCapability = "RUNNER_CAPABILITY_ASG_WARM_POOL"
+ RunnerCapabilityPortAuthentication RunnerCapability = "RUNNER_CAPABILITY_PORT_AUTHENTICATION"
+ RunnerCapabilityHorizontalScaling RunnerCapability = "RUNNER_CAPABILITY_HORIZONTAL_SCALING"
+ RunnerCapabilityAgentExecutionCnf RunnerCapability = "RUNNER_CAPABILITY_AGENT_EXECUTION_CNF"
)
func (r RunnerCapability) IsKnown() bool {
switch r {
- case RunnerCapabilityUnspecified, RunnerCapabilityFetchLocalScmIntegrations, RunnerCapabilitySecretContainerRegistry, RunnerCapabilityAgentExecution, RunnerCapabilityAllowEnvTokenPopulation, RunnerCapabilityDefaultDevContainerImage, RunnerCapabilityEnvironmentSnapshot, RunnerCapabilityPrebuildsBeforeSnapshotTrigger, RunnerCapabilityListScmOrganizations, RunnerCapabilityCheckRepositoryAccess, RunnerCapabilityRunnerSideAgent, RunnerCapabilityWarmPool, RunnerCapabilityAsgWarmPool:
+ case RunnerCapabilityUnspecified, RunnerCapabilityFetchLocalScmIntegrations, RunnerCapabilitySecretContainerRegistry, RunnerCapabilityAgentExecution, RunnerCapabilityAllowEnvTokenPopulation, RunnerCapabilityDefaultDevContainerImage, RunnerCapabilityEnvironmentSnapshot, RunnerCapabilityPrebuildsBeforeSnapshotTrigger, RunnerCapabilityListScmOrganizations, RunnerCapabilityCheckRepositoryAccess, RunnerCapabilityRunnerSideAgent, RunnerCapabilityWarmPool, RunnerCapabilityAsgWarmPool, RunnerCapabilityPortAuthentication, RunnerCapabilityHorizontalScaling, RunnerCapabilityAgentExecutionCnf:
return true
}
return false
@@ -1168,41 +1226,26 @@ func (r runnerNewRunnerTokenResponseJSON) RawJSON() string {
}
type RunnerListScmOrganizationsResponse struct {
- // List of organizations the user belongs to
- Organizations []RunnerListScmOrganizationsResponseOrganization `json:"organizations"`
- JSON runnerListScmOrganizationsResponseJSON `json:"-"`
-}
-
-// runnerListScmOrganizationsResponseJSON contains the JSON metadata for the struct
-// [RunnerListScmOrganizationsResponse]
-type runnerListScmOrganizationsResponseJSON struct {
- Organizations apijson.Field
- raw string
- ExtraFields map[string]apijson.Field
-}
-
-func (r *RunnerListScmOrganizationsResponse) UnmarshalJSON(data []byte) (err error) {
- return apijson.UnmarshalRoot(data, r)
-}
-
-func (r runnerListScmOrganizationsResponseJSON) RawJSON() string {
- return r.raw
-}
-
-type RunnerListScmOrganizationsResponseOrganization struct {
- // Whether the user has admin permissions in this organization. Admin permissions
- // typically allow creating organization-level webhooks.
+ // Deprecated: this field is unused by all known consumers and is scheduled for
+ // removal in a future release. Do not read it.
+ //
+ // Originally intended to gate organization-level webhook creation in the
+ // dashboard, but that gating was never implemented. Populating this field on the
+ // GitLab path requires a second fully-paginated ListGroups call, which is the main
+ // reason we are deprecating it.
+ //
+ // Deprecated: deprecated
IsAdmin bool `json:"isAdmin"`
// Organization name/slug (e.g., "gitpod-io")
Name string `json:"name"`
// Organization URL (e.g., "https://github.com/gitpod-io")
- URL string `json:"url"`
- JSON runnerListScmOrganizationsResponseOrganizationJSON `json:"-"`
+ URL string `json:"url"`
+ JSON runnerListScmOrganizationsResponseJSON `json:"-"`
}
-// runnerListScmOrganizationsResponseOrganizationJSON contains the JSON metadata
-// for the struct [RunnerListScmOrganizationsResponseOrganization]
-type runnerListScmOrganizationsResponseOrganizationJSON struct {
+// runnerListScmOrganizationsResponseJSON contains the JSON metadata for the struct
+// [RunnerListScmOrganizationsResponse]
+type runnerListScmOrganizationsResponseJSON struct {
IsAdmin apijson.Field
Name apijson.Field
URL apijson.Field
@@ -1210,11 +1253,11 @@ type runnerListScmOrganizationsResponseOrganizationJSON struct {
ExtraFields map[string]apijson.Field
}
-func (r *RunnerListScmOrganizationsResponseOrganization) UnmarshalJSON(data []byte) (err error) {
+func (r *RunnerListScmOrganizationsResponse) UnmarshalJSON(data []byte) (err error) {
return apijson.UnmarshalRoot(data, r)
}
-func (r runnerListScmOrganizationsResponseOrganizationJSON) RawJSON() string {
+func (r runnerListScmOrganizationsResponseJSON) RawJSON() string {
return r.raw
}
@@ -1715,6 +1758,16 @@ func (r RunnerNewRunnerTokenParams) MarshalJSON() (data []byte, err error) {
type RunnerListScmOrganizationsParams struct {
Token param.Field[string] `query:"token"`
PageSize param.Field[int64] `query:"pageSize"`
+ // Pagination parameters. When unset, defaults to the standard PaginationRequest
+ // defaults (page_size 25, max 100). Tokens are opaque and provider-specific.
+ Pagination param.Field[RunnerListScmOrganizationsParamsPagination] `json:"pagination"`
+ // Optional substring filter applied to the organization name.
+ //
+ // - GitLab: forwarded to the upstream `search` parameter (server-side,
+ // case-insensitive substring on name/path).
+ // - GitHub and Bitbucket: not implemented as they don't support searching Empty
+ // value means no filter.
+ Query param.Field[string] `json:"query"`
RunnerID param.Field[string] `json:"runnerId" format:"uuid"`
// The SCM host to list organizations from (e.g., "github.com", "gitlab.com")
ScmHost param.Field[string] `json:"scmHost"`
@@ -1733,6 +1786,21 @@ func (r RunnerListScmOrganizationsParams) URLQuery() (v url.Values) {
})
}
+// Pagination parameters. When unset, defaults to the standard PaginationRequest
+// defaults (page_size 25, max 100). Tokens are opaque and provider-specific.
+type RunnerListScmOrganizationsParamsPagination struct {
+ // Token for the next set of results that was returned as next_token of a
+ // PaginationResponse
+ Token param.Field[string] `json:"token"`
+ // Page size is the maximum number of results to retrieve per page. Defaults to 25.
+ // Maximum 100.
+ PageSize param.Field[int64] `json:"pageSize"`
+}
+
+func (r RunnerListScmOrganizationsParamsPagination) MarshalJSON() (data []byte, err error) {
+ return apijson.MarshalRoot(r)
+}
+
type RunnerParseContextURLParams struct {
ContextURL param.Field[string] `json:"contextUrl" format:"uri"`
RunnerID param.Field[string] `json:"runnerId" format:"uuid"`
diff --git a/runner_test.go b/runner_test.go
index d33a4577..b217c755 100644
--- a/runner_test.go
+++ b/runner_test.go
@@ -313,6 +313,11 @@ func TestRunnerListScmOrganizationsWithOptionalParams(t *testing.T) {
_, err := client.Runners.ListScmOrganizations(context.TODO(), gitpod.RunnerListScmOrganizationsParams{
Token: gitpod.F("token"),
PageSize: gitpod.F(int64(0)),
+ Pagination: gitpod.F(gitpod.RunnerListScmOrganizationsParamsPagination{
+ Token: gitpod.F("token"),
+ PageSize: gitpod.F(int64(100)),
+ }),
+ Query: gitpod.F("query"),
RunnerID: gitpod.F("d2c94c27-3b76-4a42-b88c-95a85e392c68"),
ScmHost: gitpod.F("github.com"),
})
diff --git a/scripts/bootstrap b/scripts/bootstrap
index 5ab30665..46547f18 100755
--- a/scripts/bootstrap
+++ b/scripts/bootstrap
@@ -4,7 +4,7 @@ set -e
cd "$(dirname "$0")/.."
-if [ -f "Brewfile" ] && [ "$(uname -s)" = "Darwin" ] && [ "$SKIP_BREW" != "1" ] && [ -t 0 ]; then
+if [ -f "Brewfile" ] && [ "$(uname -s)" = "Darwin" ] && [ "${SKIP_BREW:-}" != "1" ] && [ -t 0 ]; then
brew bundle check >/dev/null 2>&1 || {
echo -n "==> Install Homebrew dependencies? (y/N): "
read -r response
diff --git a/secret.go b/secret.go
index 504d9634..1b7640e1 100644
--- a/secret.go
+++ b/secret.go
@@ -340,6 +340,13 @@ type Secret struct {
CreatedAt time.Time `json:"createdAt" format:"date-time"`
// creator is the identity of the creator of the secret
Creator shared.Subject `json:"creator"`
+ // credential_proxy configures transparent credential injection via the credential
+ // proxy. When set, the credential proxy intercepts HTTPS traffic to the target
+ // hosts and replaces the dummy mounted value with the real value in the specified
+ // HTTP header. The real secret value is never exposed in the environment. This
+ // field is orthogonal to mount — a secret can be both mounted and proxied at the
+ // same time.
+ CredentialProxy SecretCredentialProxy `json:"credentialProxy"`
// secret will be created as an Environment Variable with the same name as the
// secret
EnvironmentVariable bool `json:"environmentVariable"`
@@ -451,6 +458,7 @@ type secretJSON struct {
ContainerRegistryBasicAuthHost apijson.Field
CreatedAt apijson.Field
Creator apijson.Field
+ CredentialProxy apijson.Field
EnvironmentVariable apijson.Field
FilePath apijson.Field
Name apijson.Field
@@ -469,6 +477,38 @@ func (r secretJSON) RawJSON() string {
return r.raw
}
+// credential_proxy configures transparent credential injection via the credential
+// proxy. When set, the credential proxy intercepts HTTPS traffic to the target
+// hosts and replaces the dummy mounted value with the real value in the specified
+// HTTP header. The real secret value is never exposed in the environment. This
+// field is orthogonal to mount — a secret can be both mounted and proxied at the
+// same time.
+type SecretCredentialProxy struct {
+ // header is the HTTP header name to inject (e.g. "Authorization").
+ Header string `json:"header"`
+ // target_hosts lists the hostnames to intercept (for example "github.com" or
+ // "\*.github.com"). Wildcards are subdomain-only and do not match the apex domain.
+ TargetHosts []string `json:"targetHosts"`
+ JSON secretCredentialProxyJSON `json:"-"`
+}
+
+// secretCredentialProxyJSON contains the JSON metadata for the struct
+// [SecretCredentialProxy]
+type secretCredentialProxyJSON struct {
+ Header apijson.Field
+ TargetHosts apijson.Field
+ raw string
+ ExtraFields map[string]apijson.Field
+}
+
+func (r *SecretCredentialProxy) UnmarshalJSON(data []byte) (err error) {
+ return apijson.UnmarshalRoot(data, r)
+}
+
+func (r secretCredentialProxyJSON) RawJSON() string {
+ return r.raw
+}
+
type SecretScope struct {
// organization_id is the Organization ID this Secret belongs to
OrganizationID string `json:"organizationId" format:"uuid"`
@@ -568,6 +608,13 @@ type SecretNewParams struct {
// secret will be mounted as a docker config in the environment VM, mount will have
// the docker registry host
ContainerRegistryBasicAuthHost param.Field[string] `json:"containerRegistryBasicAuthHost"`
+ // credential_proxy configures transparent credential injection when environments
+ // materialize this secret. When set, the credential proxy intercepts HTTPS traffic
+ // to the target hosts and replaces the dummy mounted value with the real value in
+ // the specified HTTP header. The real secret value is never exposed in the
+ // environment. This field is orthogonal to mount — a secret can be both mounted
+ // and proxied at the same time.
+ CredentialProxy param.Field[SecretNewParamsCredentialProxy] `json:"credentialProxy"`
// secret will be created as an Environment Variable with the same name as the
// secret
EnvironmentVariable param.Field[bool] `json:"environmentVariable"`
@@ -591,6 +638,24 @@ func (r SecretNewParams) MarshalJSON() (data []byte, err error) {
return apijson.MarshalRoot(r)
}
+// credential_proxy configures transparent credential injection when environments
+// materialize this secret. When set, the credential proxy intercepts HTTPS traffic
+// to the target hosts and replaces the dummy mounted value with the real value in
+// the specified HTTP header. The real secret value is never exposed in the
+// environment. This field is orthogonal to mount — a secret can be both mounted
+// and proxied at the same time.
+type SecretNewParamsCredentialProxy struct {
+ // header is the HTTP header name to inject (e.g. "Authorization").
+ Header param.Field[string] `json:"header"`
+ // target_hosts lists the hostnames to intercept (for example "github.com" or
+ // "\*.github.com"). Wildcards are subdomain-only and do not match the apex domain.
+ TargetHosts param.Field[[]string] `json:"targetHosts"`
+}
+
+func (r SecretNewParamsCredentialProxy) MarshalJSON() (data []byte, err error) {
+ return apijson.MarshalRoot(r)
+}
+
type SecretListParams struct {
Token param.Field[string] `query:"token"`
PageSize param.Field[int64] `query:"pageSize"`
diff --git a/secret_test.go b/secret_test.go
index 46f758ce..f9bcd693 100644
--- a/secret_test.go
+++ b/secret_test.go
@@ -29,10 +29,14 @@ func TestSecretNewWithOptionalParams(t *testing.T) {
_, err := client.Secrets.New(context.TODO(), gitpod.SecretNewParams{
APIOnly: gitpod.F(true),
ContainerRegistryBasicAuthHost: gitpod.F("containerRegistryBasicAuthHost"),
- EnvironmentVariable: gitpod.F(true),
- FilePath: gitpod.F("filePath"),
- Name: gitpod.F("DATABASE_URL"),
- ProjectID: gitpod.F("b0e12f6c-4c67-429d-a4a6-d9838b5da047"),
+ CredentialProxy: gitpod.F(gitpod.SecretNewParamsCredentialProxy{
+ Header: gitpod.F("header"),
+ TargetHosts: gitpod.F([]string{"string"}),
+ }),
+ EnvironmentVariable: gitpod.F(true),
+ FilePath: gitpod.F("filePath"),
+ Name: gitpod.F("DATABASE_URL"),
+ ProjectID: gitpod.F("b0e12f6c-4c67-429d-a4a6-d9838b5da047"),
Scope: gitpod.F(gitpod.SecretScopeParam{
OrganizationID: gitpod.F("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"),
ProjectID: gitpod.F("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"),
diff --git a/shared/shared.go b/shared/shared.go
index 19afda4b..eb96ce10 100644
--- a/shared/shared.go
+++ b/shared/shared.go
@@ -21,8 +21,8 @@ import (
// automation during a prebuild of an environment. This phase does not have user
// secrets available. The `before_snapshot` field triggers the automation after all
// prebuild tasks complete but before the snapshot is taken. This is used for tasks
-// that need to run last during prebuilds, such as IDE warmup. Note: The prebuild
-// and before_snapshot triggers can only be used with tasks, not services.
+// that need to run last during prebuilds, such as IDE warmup. Note: The
+// before_snapshot trigger can only be used with tasks, not services.
type AutomationTrigger struct {
BeforeSnapshot bool `json:"beforeSnapshot"`
Manual bool `json:"manual"`
@@ -66,8 +66,8 @@ func (r automationTriggerJSON) RawJSON() string {
// automation during a prebuild of an environment. This phase does not have user
// secrets available. The `before_snapshot` field triggers the automation after all
// prebuild tasks complete but before the snapshot is taken. This is used for tasks
-// that need to run last during prebuilds, such as IDE warmup. Note: The prebuild
-// and before_snapshot triggers can only be used with tasks, not services.
+// that need to run last during prebuilds, such as IDE warmup. Note: The
+// before_snapshot trigger can only be used with tasks, not services.
type AutomationTriggerParam struct {
BeforeSnapshot param.Field[bool] `json:"beforeSnapshot"`
Manual param.Field[bool] `json:"manual"`
@@ -435,6 +435,7 @@ const (
ResourceRoleOrgProjectsAdmin ResourceRole = "RESOURCE_ROLE_ORG_PROJECTS_ADMIN"
ResourceRoleOrgAutomationsAdmin ResourceRole = "RESOURCE_ROLE_ORG_AUTOMATIONS_ADMIN"
ResourceRoleOrgGroupsAdmin ResourceRole = "RESOURCE_ROLE_ORG_GROUPS_ADMIN"
+ ResourceRoleOrgEnvironmentsReader ResourceRole = "RESOURCE_ROLE_ORG_ENVIRONMENTS_READER"
ResourceRoleOrgAuditLogReader ResourceRole = "RESOURCE_ROLE_ORG_AUDIT_LOG_READER"
ResourceRoleGroupAdmin ResourceRole = "RESOURCE_ROLE_GROUP_ADMIN"
ResourceRoleGroupViewer ResourceRole = "RESOURCE_ROLE_GROUP_VIEWER"
@@ -494,7 +495,7 @@ const (
func (r ResourceRole) IsKnown() bool {
switch r {
- case ResourceRoleUnspecified, ResourceRoleOrgAdmin, ResourceRoleOrgMember, ResourceRoleOrgRunnersAdmin, ResourceRoleOrgProjectsAdmin, ResourceRoleOrgAutomationsAdmin, ResourceRoleOrgGroupsAdmin, ResourceRoleOrgAuditLogReader, ResourceRoleGroupAdmin, ResourceRoleGroupViewer, ResourceRoleUserIdentity, ResourceRoleUserViewer, ResourceRoleUserAdmin, ResourceRoleEnvironmentIdentity, ResourceRoleEnvironmentAdmin, ResourceRoleEnvironmentUser, ResourceRoleEnvironmentViewer, ResourceRoleEnvironmentRunner, ResourceRoleRunnerIdentity, ResourceRoleRunnerAdmin, ResourceRoleRunnerLocalAdmin, ResourceRoleRunnerManagedAdmin, ResourceRoleRunnerUser, ResourceRoleRunnerConfigurationReader, ResourceRoleHostAuthenticationTokenAdmin, ResourceRoleHostAuthenticationTokenUpdater, ResourceRoleProjectAdmin, ResourceRoleProjectUser, ResourceRoleProjectEditor, ResourceRoleEnvironmentServiceAdmin, ResourceRoleEnvironmentServiceViewer, ResourceRoleEnvironmentServiceUser, ResourceRoleEnvironmentServiceEnv, ResourceRoleEnvironmentTaskAdmin, ResourceRoleEnvironmentTaskViewer, ResourceRoleEnvironmentTaskUser, ResourceRoleEnvironmentTaskEnv, ResourceRoleServiceAccountIdentity, ResourceRoleServiceAccountAdmin, ResourceRoleAgentExecutionUser, ResourceRoleAgentExecutionAdmin, ResourceRoleAgentExecutionRunner, ResourceRoleAgentExecutionOutputsReporter, ResourceRoleAgentExecutionViewer, ResourceRoleAgentAdmin, ResourceRoleAgentViewer, ResourceRoleAgentExecutor, ResourceRoleWorkflowAdmin, ResourceRoleWorkflowUser, ResourceRoleWorkflowViewer, ResourceRoleWorkflowExecutor, ResourceRoleSnapshotAdmin, ResourceRoleSnapshotRunner, ResourceRoleWebhookAdmin, ResourceRoleWebhookViewer, ResourceRoleWarmpoolRunner, ResourceRoleWarmpoolAdmin, ResourceRoleWarmpoolViewer, ResourceRoleSessionAdmin, ResourceRoleSessionUser, ResourceRoleTeamAdmin, ResourceRoleTeamViewer:
+ case ResourceRoleUnspecified, ResourceRoleOrgAdmin, ResourceRoleOrgMember, ResourceRoleOrgRunnersAdmin, ResourceRoleOrgProjectsAdmin, ResourceRoleOrgAutomationsAdmin, ResourceRoleOrgGroupsAdmin, ResourceRoleOrgEnvironmentsReader, ResourceRoleOrgAuditLogReader, ResourceRoleGroupAdmin, ResourceRoleGroupViewer, ResourceRoleUserIdentity, ResourceRoleUserViewer, ResourceRoleUserAdmin, ResourceRoleEnvironmentIdentity, ResourceRoleEnvironmentAdmin, ResourceRoleEnvironmentUser, ResourceRoleEnvironmentViewer, ResourceRoleEnvironmentRunner, ResourceRoleRunnerIdentity, ResourceRoleRunnerAdmin, ResourceRoleRunnerLocalAdmin, ResourceRoleRunnerManagedAdmin, ResourceRoleRunnerUser, ResourceRoleRunnerConfigurationReader, ResourceRoleHostAuthenticationTokenAdmin, ResourceRoleHostAuthenticationTokenUpdater, ResourceRoleProjectAdmin, ResourceRoleProjectUser, ResourceRoleProjectEditor, ResourceRoleEnvironmentServiceAdmin, ResourceRoleEnvironmentServiceViewer, ResourceRoleEnvironmentServiceUser, ResourceRoleEnvironmentServiceEnv, ResourceRoleEnvironmentTaskAdmin, ResourceRoleEnvironmentTaskViewer, ResourceRoleEnvironmentTaskUser, ResourceRoleEnvironmentTaskEnv, ResourceRoleServiceAccountIdentity, ResourceRoleServiceAccountAdmin, ResourceRoleAgentExecutionUser, ResourceRoleAgentExecutionAdmin, ResourceRoleAgentExecutionRunner, ResourceRoleAgentExecutionOutputsReporter, ResourceRoleAgentExecutionViewer, ResourceRoleAgentAdmin, ResourceRoleAgentViewer, ResourceRoleAgentExecutor, ResourceRoleWorkflowAdmin, ResourceRoleWorkflowUser, ResourceRoleWorkflowViewer, ResourceRoleWorkflowExecutor, ResourceRoleSnapshotAdmin, ResourceRoleSnapshotRunner, ResourceRoleWebhookAdmin, ResourceRoleWebhookViewer, ResourceRoleWarmpoolRunner, ResourceRoleWarmpoolAdmin, ResourceRoleWarmpoolViewer, ResourceRoleSessionAdmin, ResourceRoleSessionUser, ResourceRoleTeamAdmin, ResourceRoleTeamViewer:
return true
}
return false
@@ -567,17 +568,13 @@ type RunsOn struct {
Docker RunsOnDocker `json:"docker"`
// Machine runs the service/task directly on the VM/machine level.
Machine interface{} `json:"machine"`
- // Terminal runs the service inside a managed PTY terminal in the devcontainer.
- // Users can attach to the terminal interactively via the terminal API.
- Terminal interface{} `json:"terminal"`
- JSON runsOnJSON `json:"-"`
+ JSON runsOnJSON `json:"-"`
}
// runsOnJSON contains the JSON metadata for the struct [RunsOn]
type runsOnJSON struct {
Docker apijson.Field
Machine apijson.Field
- Terminal apijson.Field
raw string
ExtraFields map[string]apijson.Field
}
@@ -616,9 +613,6 @@ type RunsOnParam struct {
Docker param.Field[RunsOnDockerParam] `json:"docker"`
// Machine runs the service/task directly on the VM/machine level.
Machine param.Field[interface{}] `json:"machine"`
- // Terminal runs the service inside a managed PTY terminal in the devcontainer.
- // Users can attach to the terminal interactively via the terminal API.
- Terminal param.Field[interface{}] `json:"terminal"`
}
func (r RunsOnParam) MarshalJSON() (data []byte, err error) {