github-bots/

directory
v0.6.95 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 5, 2024 License: Apache-2.0

README

github-bots

This module has scaffolding for event-driven GitHub bots. This integrates with github-events to receive events, and provides SDK methods to interact with GitHub resources. The Terraform module creates a service account for the bot, and deploys the bot as a regional service.

Out-of-the-box bots include:

  • dnm: A bot that adds or removes a blocking/dnm label on pull requests if the title contains the text "do not merge".
  • blocker: A bot that passes or fails a GitHub Check Run based on the presence of a blocking/* label on a pull request.
    • this check can be used to block merges in GitHub.
// ... networking and cloudevent-broker modules...

module "github-events" {
  source = "./modules/github-events"

  project_id = var.project_id
  name       = "github-events"
  regions    = module.networking.regional-networks
  ingress    = module.cloudevent-broker.ingress

  // Which user is allowed to populate webhook secret values.
  secret_version_adder = "user:you@company.biz"
}

module "bots" {
  source = "./modules/github-bots"
  for_each = {
    "dnm"     = "dev.chainguard.github.pull_request",
    "blocker" = "dev.chainguard.github.pull_request",
  }

  project_id = var.project_id
  regions    = module.networking.regional-networks
  broker     = module.cloudevent-broker.broker

  name         = each.key
  github-event = each.value
  containers = {
    "bot" = {
      source = {
        importpath  = "./${each.key}"
      }
      env = [
        {
          name  = "FOO"
          value = "BAR"
        }
      ]
    }
  }
}


module "my-custom-bot" {
  source = "./modules/github-bots"

  project_id = var.project_id
  regions    = module.networking.regional-networks
  broker     = module.cloudevent-broker.broker

  name         = "my-custom-bot"
  github-event = "dev.chainguard.github.pull_request"
  containers = {
    "bot" = {
      source = {
        working_dir = path.module
        importpath  = "chainguard.dev/bots/my-custom-bot"
      }
      ports = [{ container_port = 8080 }]
      env = [{
        name  = "LOG_LEVEL"
        value = "info"
      }]
    }

}

Requirements

No requirements.

Providers

Name Version
google n/a

Modules

Name Source Version
cloudevent-trigger ../cloudevent-trigger n/a
dashboard ../dashboard/cloudevent-receiver n/a
service ../regional-go-service n/a

Resources

Name Type
google_service_account.sa resource

Inputs

Name Description Type Default Required
broker A map from each of the input region names to the name of the Broker topic in that region. map(string) n/a yes
containers The containers to run in the service. Each container will be run in each region.
map(object({
source = object({
base_image = optional(string, "cgr.dev/chainguard/static:latest-glibc")
working_dir = string
importpath = string
})
args = optional(list(string), [])
ports = optional(list(object({
name = optional(string, "http1")
container_port = optional(number, 8080)
})), [])
resources = optional(
object(
{
limits = optional(object(
{
cpu = string
memory = string
}
), null)
cpu_idle = optional(bool, true)
startup_cpu_boost = optional(bool, true)
}
),
{
cpu_idle = true
}
)
env = optional(list(object({
name = string
value = optional(string)
value_source = optional(object({
secret_key_ref = object({
secret = string
version = string
})
}), null)
})), [])
regional-env = optional(list(object({
name = string
value = map(string)
})), [])
volume_mounts = optional(list(object({
name = string
mount_path = string
})), [])
}))
n/a yes
deletion_protection Whether to enable delete protection for the service. bool true no
enable_profiler Enable cloud profiler. bool false no
extra_filter Optional additional filters to include. map(string) {} no
extra_filter_has_attributes Optional additional attributes to check for presence. list(string) [] no
extra_filter_not_has_attributes Optional additional prefixes to check for presence. list(string) [] no
extra_filter_prefix Optional additional prefixes for filtering events. map(string) {} no
github-event The GitHub event type to subscribe to. string n/a yes
labels Labels to apply to the service. map(string) {} no
name The name of the bot. string n/a yes
notification_channels List of notification channels to alert. list(string) n/a yes
project_id Project ID to create resources in. string n/a yes
raw_filter Raw PubSub filter to apply, ignores other variables. https://cloud.google.com/pubsub/docs/subscription-message-filter#filtering_syntax string "" no
regions A map from region names to a network and subnetwork.
map(object({
network = string
subnet = string
}))
n/a yes
service_account_email The email of the service account being authorized to invoke the private Cloud Run service. If empty, a service account will be created and used. string "" no

Outputs

Name Description
json n/a
serviceaccount-email The email of the service account for the bot.
serviceaccount-id The ID of the service account for the bot.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL