feat(github): Handle installation_repositories webhook #111864
Merged
feat(github): Handle installation_repositories webhook #111864
Conversation
github-actions
bot
added
the
Scope: Backend
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Autofix Details
Bugbot Autofix prepared a fix for the issue found in the latest run.
- ✅ Fixed: Duplicate RPC call to fetch organization per iteration
- Eliminated duplicate organization_service.get() call by fetching the organization once in the main loop and passing it to _sync_repos_for_org instead of fetching it again inside the function.
Or push these changes by commenting:
@cursor push 3a1e5c4352
Preview (3a1e5c4352)
diff --git a/src/sentry/integrations/github/tasks/sync_repos_on_install_change.py b/src/sentry/integrations/github/tasks/sync_repos_on_install_change.py
--- a/src/sentry/integrations/github/tasks/sync_repos_on_install_change.py
+++ b/src/sentry/integrations/github/tasks/sync_repos_on_install_change.py
@@ -13,6 +13,7 @@
SCMIntegrationInteractionType,
)
from sentry.organizations.services.organization import organization_service
+from sentry.organizations.services.organization.model import RpcOrganization
from sentry.plugins.providers.integration_repository import (
RepoExistsError,
RepositoryInputConfig,
@@ -78,10 +79,18 @@
for oi in org_integrations:
organization_id = oi.organization_id
+ rpc_org = organization_service.get(id=organization_id)
+ if rpc_org is None:
+ logger.info(
+ "sync_repos_on_install_change.missing_organization",
+ extra={"organization_id": organization_id},
+ )
+ continue
+
if not features.has(
"organizations:github-repo-auto-sync",
- organization_service.get(id=organization_id),
+ rpc_org,
):
continue
@@ -93,7 +102,7 @@
).capture():
_sync_repos_for_org(
integration=integration,
- organization_id=organization_id,
+ rpc_org=rpc_org,
provider=provider,
repos_added=repos_added,
repos_removed=repos_removed,
@@ -103,19 +112,11 @@
def _sync_repos_for_org(
*,
integration: RpcIntegration,
- organization_id: int,
+ rpc_org: RpcOrganization,
provider: str,
repos_added: list[GitHubRepo],
repos_removed: list[GitHubRepo],
) -> None:
- rpc_org = organization_service.get(id=organization_id)
- if rpc_org is None:
- logger.info(
- "sync_repos_on_install_change.missing_organization",
- extra={"organization_id": organization_id},
- )
- return
-
if repos_added:
integration_repo_provider = get_integration_repository_provider(integration)
repo_configs: list[RepositoryInputConfig] = []
@@ -137,7 +138,7 @@
if repos_removed:
external_ids = [str(repo["id"]) for repo in repos_removed]
repository_service.disable_repositories_by_external_ids(
- organization_id=organization_id,
+ organization_id=rpc_org.id,
integration_id=integration.id,
provider=provider,
external_ids=external_ids,This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.
src/sentry/integrations/github/tasks/sync_repos_on_install_change.py
Outdated
Show resolved
Hide resolved
![sentry-warden[bot]](https://avatars.githubusercontent.com/in/2755838?s=60&v=4){kind=small}
jaydgoss
reviewed
Mar 31, 2026
wedamija
force-pushed
the
danf/github-installation-repositories
branch
from
96a796a to
f4fb9f5
Compare
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
src/sentry/integrations/github/tasks/sync_repos_on_install_change.py
Outdated
Show resolved
Hide resolved
wedamija
force-pushed
the
danf/github-installation-repositories
branch
from
4d9b202 to
eb2381e
Compare
Currently, we only sync the available repositories from Github on installing the integration. So over time, if new repositories are added to the github organization, or access to specific repositories is added or removed, we end up out of sync with which repositories we store in Sentry. To fix this, we are going to start handling the `installation_repositories` webhook. This is fired whenever the repositories that a github app can access change. This allows us to keep all the repos in sync. Note that when access to a repo is removed, we only ever disable the repo and never delete it. This allows us to keep the history of commits and so on so far.
wedamija
force-pushed
the
danf/github-installation-repositories
branch
from
9323c8d to
9a5dc41
Compare
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
jaydgoss
reviewed
Apr 2, 2026
Comment on lines
+27
to
+28
| # GHE only routes installation events to control silo. | ||
| # installation_repositories is not yet supported for GHE. |
Member
There was a problem hiding this comment.
Why is it that it's not supported?
Member
There was a problem hiding this comment.
We just didn't have any tests for this file before?
Member
Author
There was a problem hiding this comment.
Yeah, although maybe we tested outside the impl instead? Not sure
evanpurkhiser
approved these changes
Apr 2, 2026
cmanallen
approved these changes
Apr 2, 2026
Contributor
|
PR reverted: ca7fcd4 |
getsentry-bot
added a commit
that referenced
this pull request
Apr 3, 2026
…)" This reverts commit a8a8009. Co-authored-by: wedamija <6288560+wedamija@users.noreply.github.com>
Contributor
Backend Test FailuresFailures on
|
wedamija
added a commit
that referenced
this pull request
Apr 3, 2026
We had to revert #111864 because the webhooks were being routed to cells. This is because we deploy cells first, then control, and so the routing wasn't in place. Adding this routing first, then we'll merge the webhook itself after this deploys.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Currently, we only sync the available repositories from Github on installing the integration. So over time, if new repositories are added to the github organization, or access to specific repositories is added or removed, we end up out of sync with which repositories we store in Sentry.
To fix this, we are going to start handling the
installation_repositorieswebhook. This is fired whenever the repositories that a github app can access change. This allows us to keep all the repos in sync.Note that when access to a repo is removed, we only ever disable the repo and never delete it. This allows us to keep the history of commits and so on so far.