Skip to content

Latest commit

 

History

History
129 lines (98 loc) · 10 KB

README.md

File metadata and controls

129 lines (98 loc) · 10 KB
Raw

Module - GitHub App web hook

This module creates an API gateway endpoint and lambda function to handle GitHub App webhook events.

Usages

Usage examples are available in the root module. By default the root module will assume local zip files containing the lambda distribution are available. See the download lambda module for more information.

Lambda Function

The Lambda function is written in TypeScript and requires Node 12.x and yarn. Sources are located in [./lambdas/webhook].

Install

cd lambdas/webhook
yarn install

Test

Test are implemented with Jest, calls to AWS and GitHub are mocked.

yarn run test

Package

To compile all TypeScript/JavaScript sources in a single file ncc is used.

yarn run dist

Requirements

Name Version
terraform >= 0.14.1
aws ~> 4.0

Providers

Name Version
aws ~> 4.0

Modules

No modules.

Resources

Name Type
aws_apigatewayv2_api.webhook resource
aws_apigatewayv2_integration.webhook resource
aws_apigatewayv2_route.webhook resource
aws_apigatewayv2_stage.webhook resource
aws_cloudwatch_log_group.webhook resource
aws_iam_role.webhook_lambda resource
aws_iam_role_policy.webhook_logging resource
aws_iam_role_policy.webhook_sqs resource
aws_iam_role_policy.webhook_ssm resource
aws_lambda_function.webhook resource
aws_lambda_permission.webhook resource
aws_iam_policy_document.lambda_assume_role_policy data source

Inputs

Name Description Type Default Required
aws_region AWS region. string n/a yes
disable_check_wokflow_job_labels Disable the check of workflow labels. bool false no
enable_workflow_job_labels_check If set to true all labels in the workflow job even are matched against the custom labels and GitHub labels (os, architecture and self-hosted). When the labels are not matching the event is dropped at the webhook. bool false no
environment A name that identifies the environment, used as prefix and for tagging. string null no
github_app_webhook_secret_arn n/a string n/a yes
kms_key_arn Optional CMK Key ARN to be used for Parameter Store. string null no
lambda_architecture AWS Lambda architecture. Lambda functions using Graviton processors ('arm64') tend to have better price/performance than 'x86_64' functions. string "x86_64" no
lambda_runtime AWS Lambda runtime. string "nodejs16.x" no
lambda_s3_bucket S3 bucket from which to specify lambda functions. This is an alternative to providing local files directly. any null no
lambda_timeout Time out of the lambda in seconds. number 10 no
lambda_zip File location of the lambda zip file. string null no
log_level Logging level for lambda logging. Valid values are 'silly', 'trace', 'debug', 'info', 'warn', 'error', 'fatal'. string "info" no
log_type Logging format for lambda logging. Valid values are 'json', 'pretty', 'hidden'. string "pretty" no
logging_kms_key_id Specifies the kms key id to encrypt the logs with string null no
logging_retention_in_days Specifies the number of days you want to retain log events for the lambda log group. Possible values are: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. number 7 no
prefix The prefix used for naming resources string "github-actions" no
repository_white_list List of repositories allowed to use the github app list(string) [] no
role_path The path that will be added to the role; if not set, the environment name will be used. string null no
role_permissions_boundary Permissions boundary that will be added to the created role for the lambda. string null no
runner_labels Extra (custom) labels for the runners (GitHub). Separate each label by a comma. Labels checks on the webhook can be enforced by setting enable_workflow_job_labels_check. GitHub read-only labels should not be provided. string "" no
sqs_build_queue SQS queue to publish accepted build events. 
object({
    id  = string
    arn = string
  })
 n/a yes
sqs_build_queue_fifo Enable a FIFO queue to remain the order of events received by the webhook. Suggest to set to true for repo level runners. bool false no
tags Map of tags that will be added to created resources. By default resources will be tagged with name and environment. map(string) {} no
webhook_lambda_apigateway_access_log_settings Access log settings for webhook API gateway. 
object({
    destination_arn = string
    format          = string
  })
 null no
webhook_lambda_s3_key S3 key for webhook lambda function. Required if using S3 bucket to specify lambdas. any null no
webhook_lambda_s3_object_version S3 object version for webhook lambda function. Useful if S3 versioning is enabled on source bucket. any null no
workflow_job_labels_check_all If set to true all labels in the workflow job must match the GitHub labels (os, architecture and self-hosted). When false if any label matches it will trigger the webhook. enable_workflow_job_labels_check must be true for this to take effect. bool true no

Outputs

Name Description
endpoint_relative_path n/a
gateway n/a
lambda n/a
role n/a

Philips Forest

This module is part of the Philips Forest.

                                                     ___                   _
                                                    / __\__  _ __ ___  ___| |_
                                                   / _\/ _ \| '__/ _ \/ __| __|
                                                  / / | (_) | | |  __/\__ \ |_
                                                  \/   \___/|_|  \___||___/\__|

                                                                 Infrastructure

Talk to the forestkeepers in the forest-channel on Slack.

Slack