feat(frontend,backend): add custom workflow sources to session creation

[quay-devel]

Summary

Implements #1549 — Custom Workflow Sources for session creation.

Teams that invest heavily in custom workflows currently have to manually fill out git repo URL, branch, and path every time they want to start a session with a custom workflow. This PR allows users to configure "workflow sources" (git repos containing workflow definitions) at the workspace level, so those workflows appear in the session creation dropdown alongside built-in OOTB workflows.

What Changed

Backend (Go)

• CRD extension (projectsettings-crd.yaml): Added workflowSources array to the ProjectSettings spec with name, gitUrl, branch, and path fields
• New API endpoints (project_workflow_sources.go): GET/PUT /api/projects/:projectName/workflow-sources for managing workflow sources, following the existing project_mcp.go pattern
• Extended ListOOTBWorkflows (sessions.go): Aggregates workflows from both the OOTB repo and project-level custom sources, with per-source 5-min caching, graceful failure handling, and namespace-scoped cache keys
• Input validation: Max 20 sources per project, required name/gitUrl, git URL format validation
• Route registration (routes.go): New routes inside projectGroup for auth middleware coverage

Frontend (Next.js/React)

• Types (workflow.ts): WorkflowSource, WorkflowSourcesConfig types; added optional source field to OOTBWorkflow
• API layer (workflows.ts): getWorkflowSources() and updateWorkflowSources() client functions
• Port/adapter wiring for the new API methods
• React Query hooks (use-workflows.ts): useWorkflowSources and useUpdateWorkflowSources with cache invalidation
• Workspace settings UI (settings-section.tsx): New "Workflow Sources" card with add/edit/remove source entries (name, git URL, branch, path)
• Session creation dialog (create-session-dialog.tsx): Workflows grouped by source using SelectLabel and SelectSeparator — built-in workflows separated from custom source groups

Testing Performed

• Go backend builds with go build ./... and go vet ./... — no errors
• Frontend builds with npm run build — 0 errors, 0 warnings
• Code reviewed against CLAUDE.md conventions:
  • All handlers use GetK8sClientsForRequest() for user-scoped auth
  • No any types in TypeScript
  • No panic() in Go code
  • No tokens in log messages
  • Namespace-scoped cache keys to prevent cross-tenant leakage

Screenshots

N/A — UI changes follow existing Shadcn design patterns (Card, Input, Button, Select with groups). The workflow selector now shows grouped items with section labels.

Breaking Changes

None. The CRD extension is additive (new optional field). Existing sessions and workflows are unaffected. Workflow sources default to empty (no change in behavior without configuration).

Relates to #1549

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: bd81edee-a87d-4fe7-90a8-76927e8bb5b5

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

✨ Simplify code

• Create PR with simplified code

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[netlify]

❌ Deploy Preview for cheerful-kitten-f556a0 failed.

Name	Link
🔨 Latest commit	361c351
🔍 Latest deploy log	https://app.netlify.com/projects/cheerful-kitten-f556a0/deploys/6a021e18a4e50700084f9996