diff --git a/.env.example b/.env.example index 7bafedc37..f54e52754 100644 --- a/.env.example +++ b/.env.example @@ -5,6 +5,8 @@ AWS_S3_ACTIVE_STORAGE_BUCKET=changeme AWS_S3_REGION=changeme AWS_SECRET_ACCESS_KEY=changeme +GITHUB_WEBHOOK_SECRET=test_token + POSTGRES_HOST=changeme POSTGRES_USER=changeme POSTGRES_PASSWORD=changeme @@ -12,6 +14,8 @@ POSTGRES_PASSWORD=changeme HYDRA_ADMIN_URL=http://host.docker.internal:9002 HYDRA_SECRET= +SMEE_TUNNEL=https://smee.io/MLq0n9kvAes2vydX + # Add the below to bypass token authentication with hyrdra # BYPASS_AUTH=true # AUTH_USER_ID=<> diff --git a/Gemfile b/Gemfile index ffde65df4..27ac6b5a4 100644 --- a/Gemfile +++ b/Gemfile @@ -9,6 +9,7 @@ gem 'aws-sdk-s3', require: false gem 'bootsnap', require: false gem 'cancancan', '~> 3.3' gem 'faraday' +gem 'github_webhook', '~> 1.4' gem 'importmap-rails' gem 'jbuilder' gem 'kaminari' diff --git a/Gemfile.lock b/Gemfile.lock index 76d552a31..8988f4aa8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -113,6 +113,10 @@ GEM faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-net_http (3.0.2) + github_webhook (1.4.2) + activesupport (>= 4) + rack (>= 1.3) + railties (>= 4) globalid (1.0.0) activesupport (>= 5.0) hashdiff (1.0.1) @@ -292,6 +296,7 @@ DEPENDENCIES factory_bot_rails faker faraday + github_webhook (~> 1.4) importmap-rails jbuilder kaminari diff --git a/README.md b/README.md index b978f5c30..d2f17aa15 100644 --- a/README.md +++ b/README.md @@ -39,3 +39,8 @@ Add a comma separated list to the relevant enviroment settings. E.g for developm ``` ALLOWED_ORIGINS=localhost:3002,localhost:3000 +``` + +# Webhooks + +This API receives push event data from the [Raspberry Pi Learning](https://github.com/raspberrypilearning) organisation via webhooks. These webhooks are mediated locally through `smee`, which runs in a Docker container. The webhook data is processed using the `github_webhooks` gem in the `github_webhooks_controller`. diff --git a/app/controllers/github_webhooks_controller.rb b/app/controllers/github_webhooks_controller.rb new file mode 100644 index 000000000..5d5422623 --- /dev/null +++ b/app/controllers/github_webhooks_controller.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +class GithubWebhooksController < ActionController::API + include GithubWebhook::Processor + + def github_push(_payload) + # TODO: handle push webhook + head :ok + end + + private + + def webhook_secret(_payload) + ENV.fetch('GITHUB_WEBHOOK_SECRET') + end +end diff --git a/app/models/ability.rb b/app/models/ability.rb index fdac1845a..6f587dba7 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -5,6 +5,7 @@ class Ability def initialize(user) can :show, Project, user_id: nil + can :upload, Project, user_id: nil return if user.blank? diff --git a/config/environments/development.rb b/config/environments/development.rb index 874d92fad..d0e74e562 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -66,4 +66,7 @@ # Uncomment if you wish to allow Action Cable access from any origin. # config.action_cable.disable_request_forgery_protection = true + + # Allow smee requests + config.hosts << 'smee.io' end diff --git a/config/routes.rb b/config/routes.rb index 6dad38ebe..c53576b12 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -12,4 +12,6 @@ resource :images, only: %i[create], controller: 'projects/images' end end + + resource :github_webhooks, only: :create, defaults: { formats: :json } end diff --git a/docker-compose.yml b/docker-compose.yml index 145d883b2..66a9925e6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -35,3 +35,6 @@ services: - POSTGRES_DB - POSTGRES_PASSWORD - POSTGRES_USER + smee: + image: deltaprojects/smee-client + command: -u $SMEE_TUNNEL -t http://api:3009/github_webhooks