LSIF: replace topics-based verification with GitHub token verification
Created by: chrismwendt
Background
Sourcegraph.com only allows LSIF uploads from users who have push access to the repository on GitHub. This prevents a malicious user from uploading objectionable content to someone else's repository.
Prior to this change
The auth flow was:
- Go to the repository on Sourcegraph.com and copy the challenge string
- Go back to GitHub and add a new topic with the name being the challenge string
- Go back to Sourcegraph.com and click Verify, which would give you an "LSIF upload token"
- Delete the topic you added
- Pass that LSIF upload token as an argument to src-cli at dump upload time
After this change
The auth flow will be:
- Create a new GitHub access token with
public_reposcope only - Pass that token as an argument to src-cli at dump upload time
This also removes the LSIF verification section from repo home pages and site configuration settings lsifVerificationGithubToken and lsifUploadSecret that were added in:
- https://github.com/sourcegraph/sourcegraph/pull/5580
- https://github.com/sourcegraph/sourcegraph/pull/4937
Impact:
-
Our hourly LSIF job for sourcegraph/sourcegraph will need to use an updated to use a new version of src-cli https://github.com/sourcegraph/src-cli/pull/58 -
I checked /lsif-storagein prod and we're pretty much the only ones using this endpoint right now -
Need to update dev-private (to remove some config values) and tell devs to pull to get rid of this warning https://sourcegraph.slack.com/archives/C0EPTDE9L/p1571869796070700
- ... anything I'm missing?
Test plan: locally tried uploading to a nonexistent repo, bad GitHub access token, and a repo for which I don't have write permission
References:
- Code intel roadmap
- Slack thread discussing alternatives https://sourcegraph.slack.com/archives/CHXHX7XAS/p1571339621085300