Adding support for sharepoint backed Hermes#701
Closed
sjaiswalh wants to merge 30 commits into
Closed
Conversation
- Revert dashboard new-features-banner to original dismissible feature banner - Revert isShown logic to localStorage-based (was hardcoded to 'return true') - Remove permanent-migration-banner CSS and pulseRed animation from dashboard.scss - Delete document/sidebar/migration-banner component (hbs + ts) - Remove MigrationBanner reference from document/sidebar.hbs - Add MERGE_PLAN.md for sharepoint merge tracking
- Upgrade go.mod to Go 1.24.0 with SharePoint dependencies - Add back Google-specific deps (cloud.google.com/go, genproto) - Copy 20 new packages: microsoftgraph, sharepointhelper, auth/microsoft, auth/oidcalb, auth/sharepoint, middleware, etc. - Copy 55 differing files from hermes-sharepoint - Merge Document model (Option A): dual GoogleFileID + FileID fields - Add GetFileIdentifier() and hasNoFileID() helpers - Add BeforeCreate validation hook - Fix all 7 redundant vet errors (d.FileID == '' && d.FileID == '') - Update query patterns for dual-field lookups - Merge auth.go: 4-tier auth (OIDC ALB > Okta > Microsoft > Google) - Add Okta backward compat in config.go - Copy hermes-plugin for Go embed compilation - All builds pass (go build ./..., go vet ./...) - pkg/models tests pass
- Replace web/ entirely with hermes-sharepoint frontend (Ember 3.28 -> 5.8) - Clean hermes-plugin manifests: keep only manifest.xml - Remove enterprise AppDomain (hashicorp.com) from manifest.xml - Update Makefile: add plugin/build and build/linux targets - Build verified: go build ./... passes
- Add Dockerfile (public alpine:3.21.5, no enterprise mirror) - Update ci.yml: Go 1.24, add plugin build, workflow_dispatch - Add docker-build-push.yml (generic GHCR, no enterprise doormat) - Merge CODEOWNERS: both @hashicorp-forge/labs and @hashicorp/team-scale-performance-eng - Add SharePoint config templates to configs/config.hcl
- Remove hashicorp.services from CORS allowlist (cors.go) - Fix draft doc number comparison bug: remove .docx from regex replacement - Fix v1 test to use SP draft format (ABC-xxx.docx) - Fix v2 test to use original format (ABC-???) matching v2 regex - All tests pass: go build ./... && go test ./...
…gin/ macOS cp -R did not copy hidden files when target directory existed. This restores all missing dotfiles (.eslintrc.js, .gitignore, .yarnrc.yml, tsconfig.json, postcss.config.js, testem.js, etc.) and hermes-plugin source files (package.json, src/, assets/, webpack.config.js, manifest.xml, etc.). Removes nested src/src/ and assets/assets/ created by cp -R on existing dirs. Removes enterprise AppDomain from hermes-plugin/manifest.xml. Verified: make build passes (web + plugin + go), go test ./... all pass.
…template - Remove hermes-plugin/dist/ from git tracking (build artifact, gitignored) - Remove unused microsoft_auth/microsoft_graph blocks from configs/config.hcl - Update email from_address to Microsoft tenant user
Restored in documents.go: - IsLocked check (Google-only guard) in PATCH handler - Added hcd import Restored in drafts.go: - IsLocked check (Google-only guard) in PATCH handler - Owner photo lookup via SearchPeople in POST handler - Create-as-user flow with impersonation + MoveFile + TemporaryDraftsFolder - Ownership transfer email with SearchPeople name lookups - Added imports: context, hcd, jwt, drive/v3, option Restored in reviews.go: - IsLocked check (Google-only guard) before database transaction - MoveFile to DocsFolder with revert function on review creation - Added hcd import
- Empty publishReaderGroups and publishGroupDisplayNames in documents.go - Use GetFileIdentifier() instead of .FileID for DB-loaded documents in documents_related_resources.go and projects_related_resources.go - Fix model Create() Where clauses to dynamically query google_file_id or file_id based on which field is populated - Wrap SharePoint-only filename sanitization in srv.SharePoint != nil conditional in drafts.go
Production code fixes (16 files): - Restore Google domain sharing in drafts_shareable.go (wrapped in useSharePoint guard) - Restore createGoogleShortcut in v2/reviews.go alongside createSharePointShortcut - Restore email notifications in v1/reviews.go with EmailSenderAdapter - Restore entire Google indexing path (runGoogleWorkspace) in indexer.go - Fix validate() to require at least one backend, not mandate SharePoint - Restore auth conditional in server.go (OidcAlb/Okta web auth) - Fix .FileID bugs to use GetFileIdentifier() in 5 API handler files (v1+v2) - Fix FileID-only validation to use hasNoFileID() in document_review.go, document_group_review.go, document_related_resource_external_link.go - Add dual-provider design comments in document.go, document_file_revision.go - Fix new-owner email in drafts.go to be dual-backend aware Test files (8 files): - Revert test files to use GoogleFileID (restore original Google path coverage) - Fix document_file_revision_test.go for FileRevisionID (new PK) and pointer type - Add TestDocumentDualBackend: parameterized Create/Get/Upsert/Delete for both backends - Add TestDocumentDualBackendCoexistence: Google + SharePoint docs coexist, independent CRUD, GetFileIdentifier(), hasNoFileID() validation - Add TestDocumentReviewDualBackend: review Get/Update/Find for both backends - Add TestDocumentGroupReviewDualBackend: group review Get/Find for both backends - Add TestDocumentFileRevisionDualBackend: revision Create/Find for both backends All changes compile clean (go build ./... and go vet ./pkg/models/...)
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes Have you signed the CLA already but the status is still pending? Recheck it. |
1 similar comment
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes Have you signed the CLA already but the status is still pending? Recheck it. |
There was a problem hiding this comment.
Pull request overview
This PR adds initial SharePoint/Microsoft Graph support alongside Google Workspace, introduces an Office/Word add-in (“hermes-plugin”), and updates build/CI/container workflows to build and ship the new artifacts.
Changes:
- Added SharePoint-aware API behavior (people, groups, “me”, related resources, and file identifiers) and new draft archive endpoint.
- Introduced
hermes-pluginOffice add-in source + embedded static serving via Go. - Updated CI/Makefile/Docker workflow to build plugin + Linux binary and publish a container image.
Reviewed changes
Copilot reviewed 87 out of 485 changed files in this pull request and generated 14 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/api/v2/projects_related_resources.go | Switches Hermes document identifier field usage for project related resources |
| internal/api/v2/projects.go | Adds request validation warning logs for query/body params |
| internal/api/v2/people.go | Routes People API to Microsoft Graph when SharePoint is configured + photo endpoint |
| internal/api/v2/me_recently_viewed_docs.go | Uses backend-agnostic file identifier for recently viewed docs (v2) |
| internal/api/v2/me.go | Adds SharePoint-backed /me response mapping + photo URL strategy |
| internal/api/v2/helpers_test.go | Updates tests to use FileID / FileRevisionID naming |
| internal/api/v2/helpers.go | Makes email comparisons case-insensitive; adds SharePoint group membership logic |
| internal/api/v2/groups.go | Adds SharePoint-backed group search + refactors handlers/helpers |
| internal/api/v2/drafts_shareable.go | Switches DB lookup to file-id constructor; skips Google permission updates for SharePoint |
| internal/api/v2/drafts_archived.go | Adds v2 endpoint for reading/updating draft “Archived” state + Algolia update |
| internal/api/v2/documents_test.go | Adds tests for case-insensitive authorization behaviors |
| internal/api/v2/documents_related_resources.go | Makes related-resources handler file-id aware and SharePoint-aware (v2) |
| internal/api/reviews.go | Migrates DB doc lookup to file-id constructor; tweaks email sender adapter usage |
| internal/api/me_recently_viewed_docs.go | Uses backend-agnostic file identifier for recently viewed docs (v1) |
| internal/api/helpers_test.go | Updates v1 helper tests for FileID / FileRevisionID + draft doc number format |
| internal/api/helpers.go | Updates v1 helper comparisons to use backend-agnostic file identifier + doc number normalization |
| internal/api/drafts_shareable.go | Switches v1 draft shareable DB lookup to file-id constructor |
| internal/api/drafts.go | Adds MS template selection, changes draft numbering/title format, attempts SharePoint draft creation |
| internal/api/documents_related_resources.go | Makes v1 related-resources handler file-id aware |
| internal/api/documents.go | Switches v1 DB doc lookup to file-id constructor throughout |
| internal/api/approvals.go | Refactors revision/header logic and switches to file-id constructor for DB queries |
| hermes-plugin/webpack.config.js | Adds webpack build for Office add-in bundle, HTML generation, manifest copying |
| hermes-plugin/tsconfig.json | TypeScript compile configuration for add-in |
| hermes-plugin/src/taskpane/utils/timeAgo.ts | Adds time-ago formatting helper |
| hermes-plugin/src/taskpane/utils/themeContext.tsx | Adds theme state + persistence via localStorage |
| hermes-plugin/src/taskpane/utils/storageAccess.ts | Adds Storage Access API helpers for third-party cookie scenarios |
| hermes-plugin/src/taskpane/utils/productUtils.ts | Adds product hashing/color/icon utilities |
| hermes-plugin/src/taskpane/utils/lightTheme.ts | Adds light theme token set |
| hermes-plugin/src/taskpane/utils/darkTheme.ts | Adds dark theme token set + shared style helpers |
| hermes-plugin/src/taskpane/utils/authPopup.ts | Adds Office Dialog-based auth flow + fallback window.open |
| hermes-plugin/src/taskpane/taskpane.ts | Adds Word runtime helpers (table scanning/editing) |
| hermes-plugin/src/taskpane/taskpane.html | Adds add-in taskpane HTML shell (Office.js bootstrap) |
| hermes-plugin/src/taskpane/interfaces/relatedResources.ts | Adds related resource interfaces aligned to new API payloads |
| hermes-plugin/src/taskpane/interfaces/project.ts | Adds project interfaces/enums + status colors |
| hermes-plugin/src/taskpane/interfaces/products.ts | Adds minimal product interface |
| hermes-plugin/src/taskpane/interfaces/person.ts | Adds Google People-shaped interfaces |
| hermes-plugin/src/taskpane/interfaces/group.ts | Adds group interface |
| hermes-plugin/src/taskpane/interfaces/documentMetadata.ts | Adds document metadata interface + wrapper class |
| hermes-plugin/src/taskpane/interfaces/currentUser.ts | Adds current user interface |
| hermes-plugin/src/taskpane/index.tsx | Boots add-in React app after Office ready + baseUrl selection |
| hermes-plugin/src/taskpane/components/ThemeToggleButton.tsx | Adds UI to toggle theme |
| hermes-plugin/src/taskpane/components/RelatedResourcesList.tsx | Adds related-resources list UI with add/edit/remove forms |
| hermes-plugin/src/taskpane/components/RelatedResourceItem.tsx | Adds per-related-resource rendering + open/edit/remove actions |
| hermes-plugin/src/taskpane/components/ProjectsList.tsx | Adds projects list + search/add/remove UI |
| hermes-plugin/src/taskpane/components/ProjectStatusIcon.tsx | Adds status icon SVG rendering |
| hermes-plugin/src/taskpane/components/ProjectIcon.tsx | Adds project icon SVG component |
| hermes-plugin/src/taskpane/components/ProductIcon.tsx | Adds product badge/icon rendering (SVG + abbreviations) |
| hermes-plugin/src/taskpane/components/EditableText.tsx | Adds editable text UI with save/cancel + error UX |
| hermes-plugin/src/taskpane/components/EditResourceForm.tsx | Adds inline editing form for external link resources |
| hermes-plugin/src/taskpane/components/EditRelatedResourceModal.tsx | Adds dialog-based resource editing |
| hermes-plugin/src/taskpane/components/DocumentThumbnail.tsx | Adds doc thumbnail with product/status overlays |
| hermes-plugin/src/taskpane/components/AddRelatedResourceModal.tsx | Adds dialog-based “add external link” flow |
| hermes-plugin/src/safari-init/safari-init.ts | Adds Safari auth bootstrap w/ redirect allow-list checks |
| hermes-plugin/src/safari-init/safari-init.html | Adds Safari init HTML shell with CSP |
| hermes-plugin/src/safari-init/safari-init.css | Adds Safari init styles |
| hermes-plugin/src/config.json | Adds add-in runtime config (host/static base URL) |
| hermes-plugin/src/commands/commands.ts | Adds commands runtime script (template-based) |
| hermes-plugin/src/commands/commands.html | Adds commands HTML (currently malformed—see suggestions) |
| hermes-plugin/src/auth-callback.ts | Adds auth callback handler page logic + opener messaging |
| hermes-plugin/src/auth-callback.html | Adds auth callback HTML shell |
| hermes-plugin/set_keywords_helper.js | Adds helper to set Word document keywords |
| hermes-plugin/package.json | Adds add-in npm package/build tooling |
| hermes-plugin/manifest.xml | Adds Word add-in manifest for taskpane |
| hermes-plugin/manifest.json | Adds Teams manifest (template-based) |
| hermes-plugin/babel.config.json | Adds Babel preset config |
| hermes-plugin/addin.go | Adds embedded static file serving for add-in dist output |
| hermes-plugin/.hintrc | Adds webhint config |
| hermes-plugin/.gitignore | Ignores node_modules/dist |
| hermes-plugin/.eslintrc.json | Adds Office add-ins ESLint config |
| go.mod | Updates Go version and dependency versions |
| configs/config.hcl | Adds commented SharePoint + OIDC ALB + SMTP/TLS config templates |
| Makefile | Builds plugin in build / build/linux and adds plugin/build target |
| Dockerfile | Adds container image packaging for hermes binary/configs |
| .github/workflows/docker-build-push.yml | Adds GHCR docker build/push workflow |
| .github/workflows/ci.yml | Updates CI to Go 1.24 + plugin build step + workflow_dispatch |
| .github/CODEOWNERS | Adds additional code owners |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces significant enhancements to the build and deployment pipeline, adds initial support for a Microsoft Office (Word) add-in, and updates dependencies for improved compatibility and security. Key changes include a new Docker build and push workflow, the addition of a
hermes-plugindirectory for Office add-in development, updates to CI and Makefile processes, and expanded configuration options for SharePoint and OIDC. Dependency versions have also been updated across the board.Build and Deployment Pipeline Improvements
.github/workflows/docker-build-push.yml) to automate Docker image building and pushing to GitHub Container Registry, including steps for Node, Go, and Docker setup..github/workflows/ci.yml) to support manual dispatch, update Go version to 1.24, add plugin build steps, and restructure build/test steps for better reliability and plugin support. [1] [2]Makefilewith new targets for plugin build, Linux binary build, and improved build orchestration. [1] [2]Microsoft Office Add-in Integration
hermes-plugindirectory with configuration files, ESLint setup, Babel config, gitignore, and a manifest for a Microsoft Teams/Office add-in, laying the groundwork for Office integration. [1] [2] [3] [4] [5]hermes-plugin/addin.goto serve the add-in's static files via an embedded filesystem and provide an HTTP handler for the add-in.Configuration and Ownership Updates
configs/config.hclwith commented templates for SharePoint, OIDC ALB, SMTP, and TLS configuration, supporting alternative deployments and integrations..github/CODEOWNERSto add@hashicorp/team-scale-performance-engas code owners alongside the labs team.Dependency Updates
go.modand updated a wide range of dependencies to their latest versions for improved security, compatibility, and performance. [1] [2] [3] [4] [5]Containerization
Dockerfilebased on Alpine Linux, copying the application binary and configs, and setting up the entrypoint for running the Hermes server in a container.