[DOP-4171]: Add webhook for github push

mongodb · Jan 26, 2024 · f06af32 · f06af32
1 parent c98491d
commit f06af32
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 7 deletions.
diff --git a/api/controllers/v2/cache.ts b/api/controllers/v2/cache.ts
@@ -3,6 +3,7 @@ import { APIGatewayEvent, APIGatewayProxyResult } from 'aws-lambda';
 import { RepoInfo } from '../../../src/cache-updater/index';
 import { ECSClient, RunTaskCommand } from '@aws-sdk/client-ecs';
 import { validateJsonWebhook } from '../../handlers/github';
+import { PushEvent } from '@octokit/webhooks-types';
 
 /**
  * validates request
@@ -108,14 +109,45 @@ export async function rebuildCacheHandler(event: APIGatewayEvent): Promise<APIGa
 }
 
 export async function rebuildCacheGithubWebhookHandler(event: APIGatewayEvent) {
-  // TODO: Add GITHUB_SECRET
-  if (!validateJsonWebhook(event, '')) {
+  if (!event.body) {
+    const errorMessage = 'Error! No body found in event payload.';
+    console.error(errorMessage);
+    return {
+      statusCode: 400,
+      body: errorMessage,
+    };
+  }
+
+  let body: PushEvent;
+  try {
+    body = JSON.parse(event.body) as PushEvent;
+  } catch (e) {
+    console.log('[TriggerBuild]: ERROR! Could not parse event.body', e);
+    return {
+      statusCode: 502,
+      headers: { 'Content-Type': 'text/plain' },
+      body: ' ERROR! Could not parse event.body',
+    };
+  }
+
+  const cacheUpdateBody = JSON.stringify([{ repoOwner: body.repository.owner.login, repoName: body.repository.name }]);
+  const { GITHUB_SECRET } = process.env;
+
+  if (!GITHUB_SECRET) {
+    console.error('GITHUB_SECRET is not defined');
+    return {
+      statusCode: 500,
+      body: 'internal server error',
+    };
+  }
+
+  if (!validateJsonWebhook(event, GITHUB_SECRET)) {
     const errMsg = "X-Hub-Signature incorrect. Github webhook token doesn't match";
     return {
       statusCode: 401,
       headers: { 'Content-Type': 'text/plain' },
       body: errMsg,
     };
   }
-  return rebuildCacheHandler(event);
+  return rebuildCacheHandler({ ...event, body: cacheUpdateBody });
 }
diff --git a/cdk-infra/bin/cdk-infra.ts b/cdk-infra/bin/cdk-infra.ts
@@ -46,7 +46,7 @@ async function main() {
     env,
   });
 
-  new CacheUpdaterStack(app, `${stackName}-cache`, { vpc, env });
+  new CacheUpdaterStack(app, `${stackName}-cache`, { vpc, env, githubSecret: workerSecureStrings.GITHUB_SECRET });
 }
 
 main();
diff --git a/cdk-infra/lib/constructs/cache-updater/cache-updater-api-construct.ts b/cdk-infra/lib/constructs/cache-updater/cache-updater-api-construct.ts
@@ -19,6 +19,7 @@ interface CacheUpdaterApiConstructProps {
   taskDefinition: TaskDefinition;
   containerName: string;
   vpc: Vpc;
+  githubSecret: string;
 }
 
 const HANDLERS_PATH = path.join(__dirname, '/../../../../api/controllers/v2');
@@ -27,7 +28,7 @@ export class CacheUpdaterApiConstruct extends Construct {
   constructor(
     scope: Construct,
     id: string,
-    { clusterName, taskDefinition, containerName, vpc }: CacheUpdaterApiConstructProps
+    { clusterName, taskDefinition, containerName, vpc, githubSecret }: CacheUpdaterApiConstructProps
   ) {
     super(scope, id);
 
@@ -45,7 +46,7 @@ export class CacheUpdaterApiConstruct extends Construct {
       },
     });
 
-    const cacheGithubWebhookLambda = new NodejsFunction(this, 'cacheUpdaterWebhookLambda', {
+    const cacheGithubWebhookLambda = new NodejsFunction(this, 'cacheUpdaterGithubWebhookLambda', {
       entry: `${HANDLERS_PATH}/cache.ts`,
       handler: 'rebuildCacheGithubWebhookHandler',
       runtime: Runtime.NODEJS_18_X,
@@ -56,6 +57,7 @@ export class CacheUpdaterApiConstruct extends Construct {
         TASK_DEFINITION: taskDefinition.taskDefinitionArn,
         CONTAINER_NAME: containerName,
         SUBNETS: JSON.stringify(vpc.privateSubnets.map((subnet) => subnet.subnetId)),
+        GITHUB_SECRET: githubSecret,
       },
     });
 

diff --git a/cdk-infra/lib/stacks/cache-updater-stack.ts b/cdk-infra/lib/stacks/cache-updater-stack.ts
@@ -6,9 +6,10 @@ import { CacheUpdaterApiConstruct } from '../constructs/cache-updater/cache-upda
 
 interface CacheUpdaterStackProps extends StackProps {
   vpc: Vpc;
+  githubSecret: string;
 }
 export class CacheUpdaterStack extends Stack {
-  constructor(scope: Construct, id: string, { vpc, ...props }: CacheUpdaterStackProps) {
+  constructor(scope: Construct, id: string, { vpc, githubSecret, ...props }: CacheUpdaterStackProps) {
     super(scope, id, props);
 
     const { clusterName, taskDefinition, containerName } = new CacheUpdaterWorkerConstruct(
@@ -22,6 +23,7 @@ export class CacheUpdaterStack extends Stack {
       taskDefinition,
       containerName,
       vpc,
+      githubSecret,
     });
   }
 }