GitLab/Webhooks
gitlab-webhooks listens for GitLab system-level webhook events and performs actions such as posting comments on Phabricator tickets or adding mentions on GitLab merge requests.
 GitLab Webhooks
| |
|---|---|
| Website | https://gitlab-webhooks.toolforge.org/ |
| Description | A webhook handler for performing actions on other systems in response to GitLab events. |
| Keywords | gitlab, python, admin |
| Author(s) | Ahmon Dancy, Brennen Bearnes, Bryan Davis |
| Maintainer(s) | (View all) |
| Source code | gitlab |
| License | GNU General Public License 3.0 or later |
| Issues | phab:project/profile/5556/ |
| Admin log | Tools.gitlab-webhooks/SAL |
How it works
At https://gitlab.wikimedia.org/admin/hooks we have configured a system hook which sends all 4 types of events (repository update, push, tag, merge request) to https://gitlab-webhooks.toolforge.org/hooks. A secret token sent by GitLab in a X-Gitlab-Token header is validated to ensure that events are not spoofed.
Phabricator
gitlab-webhooks examines the events looking for Phabricator bug ids. For each bug id found, a comment is added to the corresponding ticket describing the event. Currently only merge request events are processed.
Bug ids are accepted in the following format: Bug: T12345
There can be multiple Bug: entries per commit message, one per line.
The Bug: T... format is used as it is the historical format used in our Gerrit tooling and commit message standards.
Gitlab Mentions
When gitlab-webhooks receives a merge request event, it adds a mention for anyone with a matching Gitlab-mention template entry in mw:Git/Reviewers. Users who are already participants on the merge request are not re-mentioned.
Administration
gitlab-webhooks.toolforge.org is hosted on Toolforge. To administer it you must be listed as a maintainer of the tool. Ask an existing administrator to give you access. When you have access you can do:
$ ssh login.toolforge.org
user@tools-bastion-12:~$ become gitlab-webhooks
The https://gitlab.wikimedia.org/repos/releng/gitlab-webhooks repo runs from a build service managed container. Build a newer container with:
$ toolforge build start https://gitlab.wikimedia.org/repos/releng/gitlab-webhooks
Once a new image has been built, run it with:
$ toolforge webservice restart
The app is configured using environment variables.
$ toolforge envvars list
name value
DEBUG true
GITLAB_TOKEN «REDACTED»
LOG_EVENTS_TO /data/project/gitlab-webhooks/logs/events.log
PHABRICATOR_TOKEN «REDACTED»
SINKS_ENABLED phabricator,gitlab-mentions,sse
SOURCE_TOKEN «REDACTED»
TOOL_REPLICA_PASSWORD «REDACTED»
TOOL_REPLICA_USER s54528
TOOL_TOOLSDB_PASSWORD «REDACTED»
TOOL_TOOLSDB_USER s54528
Maintainer
gitlab-webhooks is maintained by the mw:Wikimedia Release Engineering Team.