chore: improve app install ID error (#26178)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2026-02-20 01:28:45 +01:00 · 2026-02-09 17:04:59 -05:00
parent 2615be441d
commit 8515358413
4 changed files with 87 additions and 34 deletions
--- a/pkg/apis/application/v1alpha1/repository_types.go
+++ b/pkg/apis/application/v1alpha1/repository_types.go
@@ -1,11 +1,9 @@
 package v1alpha1

 import (
-	"context"
 	"fmt"
 	"net/url"
 	"strings"
-	"time"

 	"github.com/argoproj/argo-cd/v3/util/oci"

@@ -242,32 +240,7 @@ func (repo *Repository) GetGitCreds(store git.CredsStore) git.Creds {
 		return git.NewSSHCreds(repo.SSHPrivateKey, getCAPath(repo.Repo), repo.IsInsecure(), repo.Proxy)
 	}
 	if repo.GithubAppPrivateKey != "" && repo.GithubAppId != 0 { // Promoter MVP: remove github-app-installation-id check since it is no longer a required field
-		installationId := repo.GithubAppInstallationId
-
-		// Auto-discover installation ID if not provided
-		if installationId == 0 {
-			org, err := git.ExtractOrgFromRepoURL(repo.Repo)
-			if err != nil {
-				log.Warnf("Failed to extract organization from repository URL %s for GitHub App auto-discovery: %v", repo.Repo, err)
-				return git.NopCreds{}
-			}
-			if org != "" {
-				ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
-				defer cancel()
-
-				discoveredId, err := git.DiscoverGitHubAppInstallationID(ctx, repo.GithubAppId, repo.GithubAppPrivateKey, repo.GitHubAppEnterpriseBaseURL, org)
-				if err != nil {
-					log.Warnf("Failed to auto-discover GitHub App installation ID for org %s: %v. Proceeding with installation ID 0.", org, err)
-				} else {
-					log.Infof("Auto-discovered GitHub App installation ID %d for org %s", discoveredId, org)
-					installationId = discoveredId
-				}
-			} else {
-				log.Warnf("Could not extract organization from repository URL %s for GitHub App auto-discovery", repo.Repo)
-			}
-		}
-
-		return git.NewGitHubAppCreds(repo.GithubAppId, installationId, repo.GithubAppPrivateKey, repo.GitHubAppEnterpriseBaseURL, repo.TLSClientCertData, repo.TLSClientCertKey, repo.IsInsecure(), repo.Proxy, repo.NoProxy, store)
+		return git.NewGitHubAppCreds(repo.GithubAppId, repo.GithubAppInstallationId, repo.GithubAppPrivateKey, repo.GitHubAppEnterpriseBaseURL, repo.TLSClientCertData, repo.TLSClientCertKey, repo.IsInsecure(), repo.Proxy, repo.NoProxy, store, repo.Repo)
 	}
 	if repo.GCPServiceAccountKey != "" {
 		return git.NewGoogleCloudCreds(repo.GCPServiceAccountKey, store)
--- a/pkg/apis/application/v1alpha1/repository_types_test.go
+++ b/pkg/apis/application/v1alpha1/repository_types_test.go
@@ -73,11 +73,12 @@ func TestGetGitCreds(t *testing.T) {
 		{
 			name: "GitHub App credentials",
 			repo: &Repository{
+				Repo:                    "https://github.com/argoproj/argo-cd",
 				GithubAppPrivateKey:     "github-key",
 				GithubAppId:             123,
 				GithubAppInstallationId: 456,
 			},
-			expected: git.NewGitHubAppCreds(123, 456, "github-key", "", "", "", false, "", "", nil),
+			expected: git.NewGitHubAppCreds(123, 456, "github-key", "", "", "", false, "", "", nil, "https://github.com/argoproj/argo-cd"),
 		},
 		{
 			name: "Google Cloud credentials",
@@ -100,3 +101,53 @@ func TestGetGitCreds(t *testing.T) {
 		})
 	}
 }
+
+func TestGetGitCreds_GitHubApp_InstallationNotFound(t *testing.T) {
+	// This test verifies that when GitHub App credentials are provided but the installation
+	// cannot be discovered (e.g., non-existent org), the error is raised when the credentials
+	// are used (lazily), providing a clear error message.
+	repo := &Repository{
+		Repo:                "https://github.com/nonexistent-org-12345/repo.git",
+		GithubAppPrivateKey: "github-key",
+		GithubAppId:         123,
+		// GithubAppInstallationId is 0 (not set), triggering auto-discovery
+	}
+
+	creds := repo.GetGitCreds(nil)
+
+	// We should get GitHubAppCreds
+	ghAppCreds, isGitHubAppCreds := creds.(git.GitHubAppCreds)
+	require.True(t, isGitHubAppCreds, "expected GitHubAppCreds, got %T", creds)
+
+	// When we try to use these credentials, we should get a clear error about installation discovery failure
+	_, _, err := ghAppCreds.Environ()
+
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "failed to discover GitHub App installation ID")
+	assert.Contains(t, err.Error(), "nonexistent-org-12345")
+	assert.Contains(t, err.Error(), "ID: 123")
+}
+
+func TestGetGitCreds_GitHubApp_OrgExtractionFails(t *testing.T) {
+	// This test verifies that when the organization cannot be extracted from the repo URL,
+	// the credentials are still created but will provide a clear error when used.
+	repo := &Repository{
+		Repo:                "invalid-url-format",
+		GithubAppPrivateKey: "github-key",
+		GithubAppId:         123,
+		// GithubAppInstallationId is 0 (not set), triggering auto-discovery
+	}
+
+	creds := repo.GetGitCreds(nil)
+
+	// We should get GitHubAppCreds
+	ghAppCreds, isGitHubAppCreds := creds.(git.GitHubAppCreds)
+	require.True(t, isGitHubAppCreds, "expected GitHubAppCreds, got %T", creds)
+
+	// When we try to use these credentials, we should get a clear error about org extraction failure
+	_, _, err := ghAppCreds.Environ()
+
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "failed to extract organization")
+	assert.Contains(t, err.Error(), "invalid-url-format")
+}