GitLab/Webhooks
GitLab Webhooks | |
---|---|
Website | https://gitlab-webhooks.toolforge.org/ |
Description | A webhook handler for performing actions on other systems in response to GitLab events. |
Keywords | gitlab, python, admin |
Author(s) | Ahmon Dancy, Brennen Bearnes |
Maintainer(s) | (View all) |
Source code | gitlab |
License | GNU General Public License 3.0 or later |
Issues | phab:project/profile/5556/ |
Admin log | Tools.gitlab-webhooks/SAL |
gitlab-webhooks listens for GitLab system-level webhook events and performs actions such as posting comments on Phabricator tickets or adding mentions on GitLab merge requests.
How it works
At https://gitlab.wikimedia.org/admin/hooks we have configured a system hook which sends all 4 types of events (repository update, push, tag, merge request) to https://gitlab-webhooks.toolforge.org/hooks. A secret token sent by GitLab in a X-Gitlab-Token
header is validated to ensure that events are not spoofed.
Phabricator
gitlab-webhooks examines the events looking for Phabricator bug ids. For each bug id found, a comment is added to the corresponding ticket describing the event. Currently only merge request events are processed.
Bug ids are accepted in the following format: Bug: T12345
There can be multiple Bug:
entries per commit message, one per line.
The Bug: T...
format is used as it is the historical format used in our Gerrit tooling and commit message standards.
Gitlab Mentions
When gitlab-webhooks receives a merge request event, it adds a mention for anyone with a matching Gitlab-mention template entry in mw:Git/Reviewers. Users who are already participants on the merge request are not re-mentioned.
Administration
gitlab-webhooks.toolforge.org is hosted on Toolforge. To administer it you must be listed as a maintainer of the tool. Ask an existing administrator to give you access. When you have access you can do:
$ ssh login.toolforge.org
user@tools-sgebastion-10:~$ become gitlab-webhooks
The https://gitlab.wikimedia.org/repos/releng/gitlab-webhooks repo is cloned at www/python/src. The config.yaml file in this directory contains the runtime configuration (including the Phabricator URL, the Phab username and token to use when making comments). config.yaml contains secrets, so make sure it always has mode 0600.
If you make code or configuration changes (e.g., by pulling down new code by running git pull) you must restart the webservice for the changes to take effect. You can do this by running ~/restart. If requirements.txt changed, manually run the commented-out webservice-python-bootstrap command found in the ~/restart script.
Maintainer
gitlab-webhooks is maintained by the mw:Wikimedia Release Engineering Team.