Update GitHub CI/CD import page to use PAT only

Oauth2 tokens are causing issues with mirroring
repos, because it effectively limits the number
of repos you can mirror. Personal Access
Tokens do not have this problem.

This change removes the OAuth2 option from
the import page for CI/CD only, and only
provides the personal access token form.

app/helpers/import_helper.rb

@@ -45,17 +45,14 @@ module ImportHelper
   end
 
   def import_github_authorize_message
-    _('To import GitHub repositories, you first need to authorize GitLab to access the list of your GitHub repositories:')
+    _('To connect GitHub repositories, you first need to authorize GitLab to access the list of your GitHub repositories.')
   end
 
   def import_github_personal_access_token_message
-    personal_access_token_link = link_to _('Personal Access Token'), 'https://github.com/settings/tokens'
+    link_url = 'https://github.com/settings/tokens'
+    link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: link_url }
 
-    if github_import_configured?
-      _('Alternatively, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to import.').html_safe % { personal_access_token_link: personal_access_token_link }
-    else
-      _('To import GitHub repositories, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to import.').html_safe % { personal_access_token_link: personal_access_token_link }
-    end
+    _('Create and provide your GitHub %{link_start}Personal Access Token%{link_end}. You will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to import.').html_safe % { link_start: link_start, link_end: '</a>'.html_safe }
   end
 
   def import_configure_github_admin_message

app/views/import/github/new.html.haml

-- title = has_ci_cd_only_params? ? _('Connect repositories from GitHub') : _('GitHub import')
+- title = _('Authenticate with GitHub')
 - page_title title
 - breadcrumb_title title
 - header_title _("Projects"), root_path
 
-%h3.page-title
-  = icon 'github', text: _('Import repositories from GitHub')
+%h2.page-title
+  = title
 
-- if github_import_configured?
-  %p
-    = import_github_authorize_message
+%p
+  = import_github_authorize_message
 
-  = link_to _('List your GitHub repositories'), status_import_github_path(ci_cd_only: params[:ci_cd_only]), class: 'btn btn-success'
+- if github_import_configured? && !has_ci_cd_only_params?
+  = link_to icon('github', text: title), status_import_github_path, class: 'btn btn-success'
 
   %hr
 
-%p
-  = import_github_personal_access_token_message
+- unless github_import_configured? || has_ci_cd_only_params?
+  .bs-callout.bs-callout-info
+    = import_configure_github_admin_message
 
-= form_tag personal_access_token_import_github_path, method: :post, class: 'form-inline' do
+= form_tag personal_access_token_import_github_path, method: :post do
   .form-group
-    = text_field_tag :personal_access_token, '', class: 'form-control append-right-8', placeholder: _('Personal Access Token'), size: 40
-    = submit_tag _('List your GitHub repositories'), class: 'btn btn-success'
+    %label.label-bold= _('Personal Access Token')
+    = text_field_tag :personal_access_token, '', class: 'form-control', placeholder: _('e.g. %{token}') % { token: '8d3f016698e...' }
+    %span.form-text.text-muted
+      = import_github_personal_access_token_message
 
   = render_if_exists 'import/github/ci_cd_only'
 
-- unless github_import_configured?
-  %hr
-  %p
-    = import_configure_github_admin_message
+  .form-actions.d-flex.justify-content-end
+    = link_to _('Cancel'), new_project_path, class: 'btn'
+    = submit_tag _('Authenticate'), class: 'btn btn-success ml-2'

changelogs/unreleased/59053-no-oauth-for-cicd-github-fe.yml

+---
+title: Remove oauth form from GitHub CI/CD only import authentication
+merge_request: 31488
+author:
+type: changed

ee/spec/features/projects/new_project_spec.rb

@@ -111,12 +111,12 @@ describe 'New project' do
           find('.js-import-github').click
         end
 
-        expect(page).to have_text('Connect repositories from GitHub')
+        expect(page).to have_text('Authenticate with GitHub')
 
         allow_any_instance_of(Gitlab::LegacyGithubImport::Client).to receive(:repos).and_return([repo])
 
         fill_in 'personal_access_token', with: 'fake-token'
-        click_button 'List your GitHub repositories'
+        click_button 'Authenticate'
         wait_for_requests
 
         # Mock the POST `/import/github`
@@ -140,12 +140,6 @@ describe 'New project' do
         expect(created_project.project_feature).not_to be_issues_enabled
       end
 
-      it 'new GitHub CI/CD project page has link to status page with ?ci_cd_only=true param' do
-        visit new_import_github_path(ci_cd_only: true)
-
-        expect(page).to have_link('List your GitHub repositories', href: status_import_github_path(ci_cd_only: true))
-      end
-
       it 'stays on GitHub import page after access token failure' do
         visit new_project_path
         find('#ci-cd-project-tab').click
@@ -157,7 +151,7 @@ describe 'New project' do
         allow_any_instance_of(Gitlab::LegacyGithubImport::Client).to receive(:repos).and_raise(Octokit::Unauthorized)
 
         fill_in 'personal_access_token', with: 'unauthorized-fake-token'
-        click_button 'List your GitHub repositories'
+        click_button 'Authenticate'
 
         expect(page).to have_text('Access denied to your GitHub account.')
         expect(page).to have_current_path(new_import_github_path(ci_cd_only: true))

locale/gitlab.pot

@@ -1270,9 +1270,6 @@ msgstr ""
 msgid "Alternatively, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to connect."
 msgstr ""
 
-msgid "Alternatively, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to import."
-msgstr ""
-
 msgid "Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication"
 msgstr ""
 
@@ -1906,6 +1903,12 @@ msgstr ""
 msgid "August"
 msgstr ""
 
+msgid "Authenticate"
+msgstr ""
+
+msgid "Authenticate with GitHub"
+msgstr ""
+
 msgid "Authentication Log"
 msgstr ""
 
@@ -4214,6 +4217,9 @@ msgstr ""
 msgid "Create an issue. Issues are created for each alert triggered."
 msgstr ""
 
+msgid "Create and provide your GitHub %{link_start}Personal Access Token%{link_end}. You will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to import."
+msgstr ""
+
 msgid "Create board"
 msgstr ""
 
@@ -8925,9 +8931,6 @@ msgstr ""
 msgid "List your Bitbucket Server repositories"
 msgstr ""
 
-msgid "List your GitHub repositories"
-msgstr ""
-
 msgid "Live preview"
 msgstr ""
 
@@ -15674,6 +15677,9 @@ msgstr ""
 msgid "To connect GitHub repositories, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to connect."
 msgstr ""
 
+msgid "To connect GitHub repositories, you first need to authorize GitLab to access the list of your GitHub repositories."
+msgstr ""
+
 msgid "To connect GitHub repositories, you first need to authorize GitLab to access the list of your GitHub repositories:"
 msgstr ""
 
@@ -15701,12 +15707,6 @@ msgstr ""
 msgid "To help improve GitLab, we would like to periodically collect usage information. This can be changed at any time in %{settings_link_start}Settings%{link_end}. %{info_link_start}More Information%{link_end}"
 msgstr ""
 
-msgid "To import GitHub repositories, you can use a %{personal_access_token_link}. When you create your Personal Access Token, you will need to select the <code>repo</code> scope, so we can display a list of your public and private repositories which are available to import."
-msgstr ""
-
-msgid "To import GitHub repositories, you first need to authorize GitLab to access the list of your GitHub repositories:"
-msgstr ""
-
 msgid "To import an SVN repository, check out %{svn_link}."
 msgstr ""
 
@@ -18058,6 +18058,9 @@ msgid_plural "drafts"
 msgstr[0] ""
 msgstr[1] ""
 
+msgid "e.g. %{token}"
+msgstr ""
+
 msgid "element is not a hierarchy"
 msgstr ""
 

qa/qa/page/project/import/github.rb

@@ -9,7 +9,7 @@ module QA
 
           view 'app/views/import/github/new.html.haml' do
             element :personal_access_token_field, 'text_field_tag :personal_access_token' # rubocop:disable QA/ElementWithPattern
-            element :list_repos_button, "submit_tag _('List your GitHub repositories')" # rubocop:disable QA/ElementWithPattern
+            element :authenticate_button, "submit_tag _('Authenticate')" # rubocop:disable QA/ElementWithPattern
           end
 
           view 'app/assets/javascripts/import_projects/components/provider_repo_table_row.vue' do

spec/features/projects/new_project_spec.rb

@@ -280,7 +280,7 @@ describe 'New project' do
         end
 
         it 'shows import instructions' do
-          expect(page).to have_content('Import repositories from GitHub')
+          expect(page).to have_content('Authenticate with GitHub')
           expect(current_path).to eq new_import_github_path
         end
       end