Merge pull request #34 from chrispblink/feature/implement-repo-webhooks

implement repository webhooks

Author: soerenmartius

README.md

@@ -46,10 +46,10 @@ features like Branch Protection or Collaborator Management.
   Collaborators,
   Teams,
   Deploy Keys,
-  Projects
+  Projects,
+  Repository Webhooks
 
 - *Features not yet implemented*:
-  Repository Webhooks,
   Project Columns support,
   Actions,
   Repository File
@@ -301,6 +301,14 @@ Default is `true`.
 This resource allows you to create and manage projects for GitHub repository.
 Default is `[]`.
 
+##### Webhooks Configuration
+- **[`webhooks`](#webhook-object-attributes)**: *(Optional `list(webhook)`)*
+This resource allows you to create and manage webhooks for repositories in your organization.
+When applied, a webhook will be created which specifies a URL to receive events and which events
+to receieve.  Additional constraints, such as SSL verification, pre-shared secret and content type
+can also be configured
+Default is `[]`.
+
 #### [`defaults`](#repository-configuration) Object Attributes
 This is a special argument to set various defaults to be reused for multiple repositories.
 The following top-level arguments can be set as defaults:
@@ -454,6 +462,26 @@ Specifies an ID which is used to prevent resource recreation when the order in
 the list of projects changes.
 Default is `name`.
 
+#### [`webhook`](#webhooks-configuration) Object Attributes
+- **`events`**: ***(Required `list(string)`)***
+A list of events which should trigger the webhook. [See a list of available events.](https://developer.github.com/v3/activity/events/types/)
+
+- **`url`**: ***(Required `string`)***
+The URL to which the payloads will be delivered.
+
+- **`active`**: *(Optional `bool`)*
+Indicate if the webhook should receive events. Defaults to `true`.
+
+- **`content_type`**: *(Optional `string`)*
+The media type used to serialize the payloads. Supported values include `json` and `form`. The default is `form`.
+
+- **`secret`**: *(Optional `string`)*
+If provided, the `secret` will be used as the `key` to generate the HMAC hex digest value in the `[X-Hub-Signature](https://developer.github.com/webhooks/#delivery-headers)` header.
+
+- **`insecure_ssl`**: *(Optional `bool`)*
+Determines whether the SSL certificate of the host for `url` will be verified when delivering payloads. Supported values include `0` (verification is performed) and `1` (verification is not performed). The default is `0`. **We strongly recommend not setting this to `1` as you are subject to man-in-the-middle and other attacks.**
+
+
 ## Module Attributes Reference
 The following attributes are exported by the module:
 

examples/public-repository-with-webhook/main.tf

@@ -0,0 +1,32 @@
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# CREATE A REPOSITORY WITH WEBHOOK
+# This example will create a repository with a webhook and some basic settings.
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# ---------------------------------------------------------------------------------------------------------------------
+# SET TERRAFORM AND PROVIDER REQUIREMENTS FOR RUNNING THIS MODULE
+# ---------------------------------------------------------------------------------------------------------------------
+
+provider "github" {
+  version = "~> 2.6"
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# TEST
+# We are creating a repository with a single webhook while specifying only the minimum required variables
+# ---------------------------------------------------------------------------------------------------------------------
+
+module "repository" {
+  source = "../.."
+
+  name = var.name
+
+  webhooks = [{
+    active       = var.webhook_active
+    events       = var.webhook_events
+    url          = var.webhook_url
+    content_type = var.webhook_content_type
+    insecure_ssl = var.webhook_insecure_ssl
+    secret       = var.webhook_secret
+  }]
+}

examples/public-repository-with-webhook/outputs.tf

@@ -0,0 +1,39 @@
+output "repository" {
+  description = "All outputs of the created repository."
+  value       = module.repository
+}
+
+output "repository_name" {
+  description = "The full name of the created repository"
+  value       = module.repository.full_name
+}
+
+output "webhook_url" {
+  description = "Events are being sent to this URL"
+  value       = module.repository.webhooks[0].configuration[0].url
+}
+
+output "webhook_content_type" {
+  description = "The content-type of the webhook"
+  value       = module.repository.webhooks[0].configuration[0].content_type
+}
+
+output "webhook_insecure_ssl" {
+  description = "TLS encryption configuration on the webhook"
+  value       = module.repository.webhooks[0].configuration[0].insecure_ssl
+}
+
+output "webhook_secret" {
+  description = "The shared secret for the webhook"
+  value       = module.repository.webhooks[0].configuration[0].secret
+}
+
+output "webhook_active" {
+  description = "Indicates if the webhook should receive events"
+  value       = module.repository.webhooks[0].active
+}
+
+output "webhook_events" {
+  description = "The events which will trigger this webhook"
+  value       = module.repository.webhooks[0].events
+}

examples/public-repository-with-webhook/variables.tf

@@ -0,0 +1,144 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# ENVIRONMENT VARIABLES
+# Define these secrets as environment variables.
+# ---------------------------------------------------------------------------------------------------------------------
+
+# GITHUB_ORGANIZATION
+# GITHUB_TOKEN
+
+# ---------------------------------------------------------------------------------------------------------------------
+# REQUIRED VARIABLES
+# These variables must be set when using this module.
+# ---------------------------------------------------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------------------------------------------------
+# OPTIONAL VARIABLES
+# These variables have defaults, but may be overridden.
+# ---------------------------------------------------------------------------------------------------------------------
+
+variable "name" {
+  description = "The name of the created repository."
+  type        = string
+  default     = "test-public-repository-with-collaborators"
+}
+
+variable "description" {
+  description = "The description of the created repository."
+  type        = string
+  default     = "A public repository created with terraform to test the terraform-github-repository module."
+}
+
+variable "url" {
+  description = "The url of the created repository."
+  type        = string
+  default     = "https://github.com/mineiros-io"
+}
+
+
+variable "has_issues" {
+  description = "Set to true to enable the GitHub Issues features on the repository."
+  type        = bool
+  default     = false
+}
+
+variable "has_projects" {
+  description = "Set to true to enable the GitHub Projects features on the repository."
+  type        = bool
+  default     = false
+}
+
+variable "has_wiki" {
+  description = "Set to true to enable the GitHub Wiki features on the repository."
+  type        = bool
+  default     = false
+}
+
+variable "allow_merge_commit" {
+  description = "Set to false to disable merge commits on the repository."
+  type        = bool
+  default     = true
+}
+
+variable "allow_squash_merge" {
+  description = "Set to true to enable squash merges on the repository."
+  type        = bool
+  default     = false
+}
+
+variable "allow_rebase_merge" {
+  description = "Set to true to enable rebase merges on the repository."
+  type        = bool
+  default     = false
+}
+
+variable "has_downloads" {
+  description = "Set to true to enable the (deprecated) downloads features on the repository."
+  type        = bool
+  default     = false
+}
+
+variable "auto_init" {
+  description = "Wether or not to produce an initial commit in the repository."
+  type        = bool
+  default     = true
+}
+
+variable "gitignore_template" {
+  description = "Use the name of the template without the extension. For example, Haskell. Available templates: https://github.com/github/gitignore"
+  type        = string
+  default     = "Terraform"
+}
+
+variable "license_template" {
+  description = "Use the name of the template without the extension. For example, 'mit' or 'mpl-2.0'. Available licences: https://github.com/github/choosealicense.com/tree/gh-pages/_licenses"
+  type        = string
+  default     = "mit"
+}
+
+variable "topics" {
+  description = "The list of topics of the repository."
+  type        = list(string)
+  default     = ["terraform", "integration-test"]
+}
+
+variable "admin_collaborators" {
+  description = "A list of GitHub usernames that should be added as admin collaborators to the created repository."
+  type        = list(string)
+  default     = ["terraform-test-user-1"]
+}
+
+variable "webhook_url" {
+  description = "Send events to this URL"
+  type        = string
+  default     = "https://example.com/events"
+}
+
+variable "webhook_content_type" {
+  description = "Use this content-type in the webhook"
+  type        = string
+  default     = "application/json"
+}
+
+variable "webhook_insecure_ssl" {
+  description = "Configure TLS encryption on the webhook"
+  type        = bool
+  default     = true
+}
+
+variable "webhook_secret" {
+  description = "The shared secret for the webhook"
+  type        = string
+  default     = "correct horse battery staple"
+}
+
+variable "webhook_active" {
+  description = "Indicate if the webhook should receive events"
+  type        = bool
+  default     = true
+}
+
+variable "webhook_events" {
+  description = "The events which will trigger this webhook"
+  type        = list(string)
+  default     = ["issues"]
+}

main.tf

@@ -407,3 +407,24 @@ resource "github_repository_project" "repository_project" {
   name       = each.value.name
   body       = each.value.body
 }
+
+# ---------------------------------------------------------------------------------------------------------------------
+# Webhooks
+# ---------------------------------------------------------------------------------------------------------------------
+
+resource "github_repository_webhook" "repository_webhook" {
+  count = length(var.webhooks)
+
+  repository = github_repository.repository.name
+  # the optional `name` attribute causes an error so it has been removed
+  # > Error: "name": [REMOVED] The `name` attribute is no longer necessary.
+  active = try(var.webhooks[count.index].active, true)
+  events = var.webhooks[count.index].events
+
+  configuration {
+    url          = var.webhooks[count.index].url
+    content_type = try(var.webhooks[count.index].content_type, "json")
+    insecure_ssl = try(var.webhooks[count.index].insecure_ssl, false)
+    secret       = try(var.webhooks[count.index].secret, null)
+  }
+}

outputs.tf

@@ -54,3 +54,8 @@ output "deploy_keys" {
   value       = local.deploy_keys_output
   description = "A map of deploy keys keyed by input id."
 }
+
+output "webhooks" {
+  value       = github_repository_webhook.repository_webhook
+  description = "All attributes and arguments as returned by the github_repository_webhook resource."
+}