README ¶
github-bots
This module has scaffolding for event-driven GitHub bots. This integrates with github-events
to receive events, and provides SDK methods to interact with GitHub resources. The Terraform module creates a service account for the bot, and deploys the bot as a regional service.
Out-of-the-box bots include:
dnm
: A bot that adds or removes ablocking/dnm
label on pull requests if the title contains the text "do not merge".blocker
: A bot that passes or fails a GitHub Check Run based on the presence of ablocking/*
label on a pull request.- this check can be used to block merges in GitHub.
// ... networking and cloudevent-broker modules...
module "github-events" {
source = "./modules/github-events"
project_id = var.project_id
name = "github-events"
regions = module.networking.regional-networks
ingress = module.cloudevent-broker.ingress
// Which user is allowed to populate webhook secret values.
secret_version_adder = "user:you@company.biz"
}
module "bots" {
source = "./modules/github-bots"
for_each = {
"dnm" = "dev.chainguard.github.pull_request",
"blocker" = "dev.chainguard.github.pull_request",
}
project_id = var.project_id
regions = module.networking.regional-networks
broker = module.cloudevent-broker.broker
name = each.key
github-event = each.value
containers = {
"bot" = {
source = {
importpath = "./${each.key}"
}
env = [
{
name = "FOO"
value = "BAR"
}
]
}
}
}
module "my-custom-bot" {
source = "./modules/github-bots"
project_id = var.project_id
regions = module.networking.regional-networks
broker = module.cloudevent-broker.broker
name = "my-custom-bot"
github-event = "dev.chainguard.github.pull_request"
containers = {
"bot" = {
source = {
working_dir = path.module
importpath = "chainguard.dev/bots/my-custom-bot"
}
ports = [{ container_port = 8080 }]
env = [{
name = "LOG_LEVEL"
value = "info"
}]
}
}
Requirements
No requirements.
Providers
Name | Version |
---|---|
n/a |
Modules
Name | Source | Version |
---|---|---|
cloudevent-trigger | ../cloudevent-trigger | n/a |
dashboard | ../dashboard/cloudevent-receiver | n/a |
service | ../regional-go-service | n/a |
Resources
Name | Type |
---|---|
google_service_account.sa | resource |
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
broker | A map from each of the input region names to the name of the Broker topic in that region. | map(string) |
n/a | yes |
containers | The containers to run in the service. Each container will be run in each region. | map(object({ |
n/a | yes |
deletion_protection | Whether to enable delete protection for the service. | bool |
true |
no |
enable_profiler | Enable cloud profiler. | bool |
false |
no |
extra_filter | Optional additional filters to include. | map(string) |
{} |
no |
extra_filter_has_attributes | Optional additional attributes to check for presence. | list(string) |
[] |
no |
extra_filter_not_has_attributes | Optional additional prefixes to check for presence. | list(string) |
[] |
no |
extra_filter_prefix | Optional additional prefixes for filtering events. | map(string) |
{} |
no |
github-event | The GitHub event type to subscribe to. | string |
n/a | yes |
labels | Labels to apply to the service. | map(string) |
{} |
no |
name | The name of the bot. | string |
n/a | yes |
notification_channels | List of notification channels to alert. | list(string) |
n/a | yes |
project_id | Project ID to create resources in. | string |
n/a | yes |
raw_filter | Raw PubSub filter to apply, ignores other variables. https://cloud.google.com/pubsub/docs/subscription-message-filter#filtering_syntax | string |
"" |
no |
regions | A map from region names to a network and subnetwork. | map(object({ |
n/a | yes |
service_account_email | The email of the service account being authorized to invoke the private Cloud Run service. If empty, a service account will be created and used. | string |
"" |
no |
Outputs
Name | Description |
---|---|
json | n/a |
serviceaccount-email | The email of the service account for the bot. |
serviceaccount-id | The ID of the service account for the bot. |
Click to show internal directories.
Click to hide internal directories.