gitserver: make vcs syncer implementation request a fresh clone URL in between each remote git operation

[ggilmore]

Fixes: https://github.com/sourcegraph/sourcegraph/issues/60682

The key insight into fixing https://github.com/sourcegraph/sourcegraph/issues/60682 is to make our vcssyncer implementation (that performs the fetch and clone operations) stop using a "static" remote URL for all of it's operations.

Before, when we used a Github App installation, Sourcegraph will receive an authentication token that's valid for one hour. We embed this token in the remote URL that we use to configure git for the fetch and git remote show head (to figure out what the default branch is pointing to) operations. When a huge repository like https://github.com/sgtest/megarepo gets cloned - it's likely that it will take > 1 hour to clone. This means that the auth information embedded the remote URL will expire in between the fetch and remote head operations - which would fail the overall "clone" operation.

The solution to this is to introduce a new abstraction:

// RemoteURLSource is a source of a remote URL for a repository.
//
// The remote URL may change over time, so it's important to use this interface
// to get the remote URL every time instead of caching it at the call site.
type RemoteURLSource interface {
	// RemoteURL returns the latest remote URL for a repository.
	RemoteURL(ctx context.Context) (*vcs.URL, error)
}

The RemoteURLSource encapsulates all the logic to figure out what remote URL to use for a given repository (including authentication information, token refreshing, etc.). Instead of passing around a static remote URL, the RemoteURLSource is stored as a struct member on each of the syncers. Whenever the syncer performs a git operation (like fetch) - it consults the source for the latest remoteURL to use - and only uses that url for the current operation. This means that individual git operations now have the chance to "refresh" the token in the remote URL (if necessary) which solves the original problem.

---

Test plan:

• Create a github app installation using https://sourcegraph.com/docs/admin/external_service/github#using-a-github-app
• Add a humongous repository such as https://github.com/sgtest/megarepo to the instance that will take over an hour to clone
• See that the clone actually completes successfully

[ggilmore]

This will be removed soon, this is just a local hack I created to try to revoke tokens without waiting an hour.

[pjlast]

Whenever I see this []byte -> string -> []byte conversion pattern I wonder if we wouldn't be better off just having []byte implementations of these functions

[ggilmore]

For future readers, this number increased by 3 due to the 3 extra tryWrite calls I added in gitVCSSyncer.Clone (the additional logs before / after SetHEAD + an additional log once the fetch finished): https://github.com/sourcegraph/sourcegraph/pull/61179/files#diff-22d28b810252fd7a9c6e94ce2c5bbbb1a61f079b6a6d8407661f1ae28f282250R111

[sourcegraph-release-bot]

The backport to 5.3 failed at https://github.com/sourcegraph/sourcegraph/actions/runs/8350113978:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-5.3 5.3
# Navigate to the new working tree
cd .worktrees/backport-5.3
# Create a new branch
git switch --create backport-61179-to-5.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 cbbb9c3d42a4fa5adad899a0a589d76348dc1df6
# Push it to GitHub
git push --set-upstream origin backport-61179-to-5.3
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-5.3

If you encouter conflict, first resolve the conflict and stage all files, then run the commands below:

git cherry-pick --continue
# Push it to GitHub
git push --set-upstream origin backport-61179-to-5.3
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-5.3

• Follow above instructions to backport the commit.
• Create a pull request where the base branch is 5.3 and the compare/head branch is backport-61179-to-5.3., click here to create the pull request.
• Make sure to tag @sourcegraph/release in the pull request description.
• Once the backport pull request is created, kindly remove the release-blocker from this pull request.

[eseliger]

since we use err not exitErr further down, is exitErr a reference or a copy of err?