Add gitlab/sentry side support for django webhook handler

spack · Dec 4, 2023 · 282698f · 282698f
1 parent e5bd93b
commit 282698f
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 1 deletion.
diff --git a/terraform/modules/spack/gitlab_webhooks.tf b/terraform/modules/spack/gitlab_webhooks.tf
@@ -1,6 +1,7 @@
 locals {
   job_webhooks = ["http://gitlab-error-processor.custom.svc.cluster.local",
-  "http://build-timing-processor.custom.svc.cluster.local"]
+    "http://build-timing-processor.custom.svc.cluster.local",
+  "http://webhook-handler.custom.svc.cluster.local"]
 }
 
 
@@ -16,3 +17,53 @@ resource "gitlab_project_hook" "job_webhook" {
 
 // TODO: Once https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/issues/1350 is resolved the
 // gitlab_application_settings resource should be used to whitelist the domains in job_webhooks.
+
+
+data "gitlab_user" "spackbot" {
+  username = "spackbot"
+}
+
+resource "gitlab_personal_access_token" "webhook_handler" {
+  user_id = data.gitlab_user.spackbot.id
+  name    = "Webhook handler token"
+  # TODO: How to deal with this expiring
+  expires_at = "2024-12-03"
+
+  scopes = ["read_api", "read_repository"]
+}
+
+resource "random_password" "webhook_handler" {
+  length  = 64
+  special = false
+}
+
+resource "kubectl_manifest" "webhook_secrets" {
+  yaml_body = <<-YAML
+     apiVersion: v1
+     kind: Secret
+     metadata:
+       name: webhook-secrets
+       namespace: custom
+     data:
+       gitlab-endpoint: ${base64encode("${var.gitlab_url}")}
+       gitlab-token: ${base64encode("${gitlab_personal_access_token.webhook_handler.token}")}
+       sentry-dsn: ${base64encode("${data.sentry_key.webhook_handler.dsn_public}")}
+       secret-key: ${base64encode("${random_password.webhook_handler.result}")}
+   YAML
+}
+
+
+resource "sentry_project" "webhook_handler" {
+  organization = data.sentry_organization.default.id
+
+  teams = [sentry_team.spack.id]
+  name  = "Spack Webhook Handler"
+  slug  = "spack-webhook-handler"
+
+  platform = "python"
+}
+
+data "sentry_key" "webhook_handler" {
+  organization = data.sentry_organization.default.id
+  project      = sentry_project.webhook_handler.id
+}
diff --git a/terraform/modules/spack/variables.tf b/terraform/modules/spack/variables.tf
@@ -3,6 +3,11 @@ variable "deployment_name" {
   type        = string
 }
 
+variable "gitlab_url" {
+  description = "URL of the GitLab server."
+  type        = string
+}
+
 variable "vpc_cidr" {
   description = "CIDR for the VPC."
   type        = string

diff --git a/terraform/production/main.tf b/terraform/production/main.tf
@@ -122,6 +122,8 @@ module "production_cluster" {
 
   deployment_name = "prod"
 
+  gitlab_url = local.gitlab_url
+
   kubernetes_version = "1.27"
 
   availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d"]

diff --git a/terraform/staging/main.tf b/terraform/staging/main.tf
@@ -122,6 +122,8 @@ module "staging_cluster" {
 
   deployment_name = "staging"
 
+  gitlab_url = local.gitlab_url
+
   kubernetes_version = "1.27"
 
   availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c", "us-west-2d"]