github-bots/

README ¶

`github-bots`

This module has scaffolding for event-driven GitHub bots. This integrates with github-events to receive events, and provides SDK methods to interact with GitHub resources. The Terraform module creates a service account for the bot, and deploys the bot as a regional service.

Out-of-the-box bots include:

dnm: A bot that adds or removes a blocking/dnm label on pull requests if the title contains the text "do not merge".
blocker: A bot that passes or fails a GitHub Check Run based on the presence of a blocking/* label on a pull request.
- this check can be used to block merges in GitHub.

// ... networking and cloudevent-broker modules...

module "github-events" {
  source = "./modules/github-events"

  project_id = var.project_id
  name       = "github-events"
  regions    = module.networking.regional-networks
  ingress    = module.cloudevent-broker.ingress

  // Which user is allowed to populate webhook secret values.
  secret_version_adder = "user:you@company.biz"
}

module "bots" {
  source = "./modules/github-bots"
  for_each = {
    "dnm"     = "dev.chainguard.github.pull_request",
    "blocker" = "dev.chainguard.github.pull_request",
  }

  project_id = var.project_id
  regions    = module.networking.regional-networks
  broker     = module.cloudevent-broker.broker

  name         = each.key
  github-event = each.value
  containers = {
    "bot" = {
      source = {
        importpath  = "./${each.key}"
      }
      env = [
        {
          name  = "FOO"
          value = "BAR"
        }
      ]
    }
  }
}


module "my-custom-bot" {
  source = "./modules/github-bots"

  project_id = var.project_id
  regions    = module.networking.regional-networks
  broker     = module.cloudevent-broker.broker

  name         = "my-custom-bot"
  github-event = "dev.chainguard.github.pull_request"
  containers = {
    "bot" = {
      source = {
        working_dir = path.module
        importpath  = "chainguard.dev/bots/my-custom-bot"
      }
      ports = [{ container_port = 8080 }]
      env = [{
        name  = "LOG_LEVEL"
        value = "info"
      }]
    }

}

Requirements

No requirements.

Providers

Name	Version
google	n/a

Modules

Name	Source	Version
cloudevent-trigger	../cloudevent-trigger	n/a
dashboard	../dashboard/cloudevent-receiver	n/a
service	../regional-go-service	n/a

Resources

Name	Type
google_service_account.sa	resource

Inputs

Name	Description	Type	Default	Required
broker	A map from each of the input region names to the name of the Broker topic in that region.	`map(string)`	n/a	yes
containers	The containers to run in the service. Each container will be run in each region.	map(object({ source = object({ base_image = optional(string, "cgr.dev/chainguard/static:latest-glibc@sha256:2fdfacc8d61164aa9e20909dceec7cc28b9feb66580e8e1a65b9f2443c53b61b") working_dir = string importpath = string }) args = optional(list(string), []) ports = optional(list(object({ name = optional(string, "http1") container_port = optional(number, 8080) })), []) resources = optional( object( { limits = optional(object( { cpu = string memory = string } ), null) cpu_idle = optional(bool, true) startup_cpu_boost = optional(bool, true) } ), { cpu_idle = true } ) env = optional(list(object({ name = string value = optional(string) value_source = optional(object({ secret_key_ref = object({ secret = string version = string }) }), null) })), []) regional-env = optional(list(object({ name = string value = map(string) })), []) volume_mounts = optional(list(object({ name = string mount_path = string })), []) }))	n/a	yes
deletion_protection	Whether to enable delete protection for the service.	`bool`	`true`	no
enable_profiler	Enable cloud profiler.	`bool`	`false`	no
extra_filter	Optional additional filters to include.	`map(string)`	`{}`	no
extra_filter_has_attributes	Optional additional attributes to check for presence.	`list(string)`	`[]`	no
extra_filter_not_has_attributes	Optional additional prefixes to check for presence.	`list(string)`	`[]`	no
extra_filter_prefix	Optional additional prefixes for filtering events.	`map(string)`	`{}`	no
github-event	The GitHub event type to subscribe to.	`string`	n/a	yes
labels	Labels to apply to the service.	`map(string)`	`{}`	no
launch_stage	The launch stage of the Cloud Run service (e.g. BETA to leverage features like disk volumes).	`string`	`"GA"`	no
name	The name of the bot.	`string`	n/a	yes
notification_channels	List of notification channels to alert.	`list(string)`	n/a	yes
product	Product label to apply to the service.	`string`	`"unknown"`	no
project_id	Project ID to create resources in.	`string`	n/a	yes
raw_filter	Raw PubSub filter to apply, ignores other variables. https://cloud.google.com/pubsub/docs/subscription-message-filter#filtering_syntax	`string`	`""`	no
regions	A map from region names to a network and subnetwork.	map(object({ network = string subnet = string }))	n/a	yes
service_account_email	The email of the service account being authorized to invoke the private Cloud Run service. If empty, a service account will be created and used.	`string`	`""`	no
team	Team label to apply to resources (replaces deprecated 'squad').	`string`	n/a	yes

Outputs

Name	Description
json	n/a
serviceaccount-email	The email of the service account for the bot.
serviceaccount-id	The ID of the service account for the bot.

Directories ¶

Path	Synopsis
sdk Package sdk provides a framework for building GitHub bots that receive and handle GitHub webhook events delivered as CloudEvents.	Package sdk provides a framework for building GitHub bots that receive and handle GitHub webhook events delivered as CloudEvents.
check Package check provides utilities for creating and updating GitHub Check Runs.	Package check provides utilities for creating and updating GitHub Check Runs.
octosts Package octosts provides utilities for working with OctoSTS bot users.	Package octosts provides utilities for working with OctoSTS bot users.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL