Added webhook trigger for secret reminder

[akhilmhdh]

Description 📣

PR to trigger webhook event for secret reminder expiry

Type ✨

• Bug fix
• New feature
• Improvement
• Breaking change
• Documentation

Tests 🛠️

# Here's some code block to paste some code snippets

---

• I have read the contributing guide, agreed and acknowledged the code of conduct. 📝

Summary by CodeRabbit

• Refactor

  • Optimized secret approval processing by consolidating data retrieval and reducing redundant backend operations.
  • Enhanced secret event queuing through a restructured payload format that clarifies event types and improves data handling.
  • Updated webhook notification logic for more consistent event processing.

• New Features

  • Introduced refined webhook event classifications, including detailed payloads for secret modifications and reminders.

• Documentation

  • Expanded the webhook documentation with a new JSON payload format for secret reminder events.

[coderabbitai]

Walkthrough

The pull request consolidates and streamlines the handling of projects, secret events, and webhook payloads across multiple services. In the secret approval request service, the project details are now obtained together with the bot key, eliminating an extra database call. The queue service and secret queue now import and use a new webhook payload type (TWebhookPayloads) instead of an inline type definition, restructuring the payloads for different secret events. In the webhook functions and service, the parameters have been adjusted to accept structured payload objects, and new logic has been added to handle distinct webhook event types using an imported WebhookEvents enum. Additionally, corresponding updates have been made in the webhook types and documentation to reflect the new payload formats and event definitions.

Possibly related PRs

• feat(api/secrets): view secret value permission #3128: Introduces a new readValue permission for secret management, which overlaps with modifications in the secret approval request logic regarding project permissions.

Suggested reviewers

• DanielHougaard
• scott-ray-wilson

Warning

There were issues while running some tools. Please review the errors and either fix the tool’s configuration or disable the tool if it’s a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

backend/src/queue/queue-service.ts

Oops! Something went wrong! :(

ESLint: 8.57.1

ESLint couldn't find the plugin "@typescript-eslint/eslint-plugin".

(The package "@typescript-eslint/eslint-plugin" was not found when loaded as a Node module from the directory "/backend".)

It's likely that the plugin isn't installed correctly. Try reinstalling by running the following:

npm install @typescript-eslint/eslint-plugin@latest --save-dev

The plugin "@typescript-eslint/eslint-plugin" was referenced from the config file in "backend/.eslintrc.js".

If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team.

backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts

Oops! Something went wrong! :(

ESLint: 8.57.1

ESLint couldn't find the plugin "@typescript-eslint/eslint-plugin".

(The package "@typescript-eslint/eslint-plugin" was not found when loaded as a Node module from the directory "/backend".)

It's likely that the plugin isn't installed correctly. Try reinstalling by running the following:

npm install @typescript-eslint/eslint-plugin@latest --save-dev

The plugin "@typescript-eslint/eslint-plugin" was referenced from the config file in "backend/.eslintrc.js".

If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team.

backend/src/services/secret/secret-queue.ts

Oops! Something went wrong! :(

ESLint: 8.57.1

ESLint couldn't find the plugin "@typescript-eslint/eslint-plugin".

(The package "@typescript-eslint/eslint-plugin" was not found when loaded as a Node module from the directory "/backend".)

It's likely that the plugin isn't installed correctly. Try reinstalling by running the following:

npm install @typescript-eslint/eslint-plugin@latest --save-dev

The plugin "@typescript-eslint/eslint-plugin" was referenced from the config file in "backend/.eslintrc.js".

If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team.

• 3 others

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (6)

docs/documentation/platform/webhooks.mdx (1)

39-53: Good addition of documentation for the new webhook event

The documentation for the "secrets.reminder-expired" webhook event payload is clear and well-structured. This will help users understand what data to expect when a secret reminder expires.

One minor observation: there's a slight inconsistency in the event naming convention between "secret.modified" (singular) and "secrets.reminder-expired" (plural). Consider standardizing the naming pattern for consistency.

backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts (1)

506-506: Performance optimization: Retrieving project details with bot key

This change eliminates an additional database query by retrieving the project information together with the botKey and shouldUseSecretV2Bridge in a single call. The project details are later used in email substitutions (line ~878), making this a well-executed optimization.

Previously, a separate call to projectDAL.findById(projectId) would have been needed to get this information.

backend/src/queue/queue-service.ts (1)

24-24: Improved type safety with centralized webhook payload type

Replacing the inline payload type definition with the imported TWebhookPayloads type is a good refactoring that improves maintainability and consistency. This ensures that all parts of the codebase are using the same payload structure for webhook events.

The change is part of a broader refactoring to support multiple webhook event types, including the new secret reminder expiration event.

Also applies to: 111-111

backend/src/services/webhook/webhook-types.ts (1)

40-49: Consider clarifying the “type” property naming to avoid confusion.
Having both the top-level type: WebhookEvents.SecretModified and an internal type?: string | null; in the payload can introduce ambiguity. Renaming one of these properties can improve clarity.

Also applies to: 51-63

backend/src/services/secret/secret-queue.ts (1)

627-634: Webhook payload for “SecretModified” is concise and clear.
The queued object includes environment, projectId, and secretPath. Double-check if additional information (e.g., projectName) is needed. If it is, consider adding it here to save a database lookup downstream.

backend/src/services/webhook/webhook-fns.ts (1)

61-100: Refine the switch statement for maintainability.
There’s a case WebhookType.GENERAL: immediately followed by default: which can be combined. Consider removing the redundant case to simplify.

Apply this diff to remove the useless case:

-      case WebhookType.GENERAL:
       default:
         return {
           event: event.type,
           ...
         };

🧰 Tools

🪛 Biome (1.9.4)

[error] 88-88: Useless case clause.

because the default clause is present:

Unsafe fix: Remove the useless case.

(lint/complexity/noUselessSwitchCase)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 706feaf and a55b261.

📒 Files selected for processing (7)

• backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts (1 hunks)
• backend/src/queue/queue-service.ts (2 hunks)
• backend/src/services/secret/secret-queue.ts (5 hunks)
• backend/src/services/webhook/webhook-fns.ts (7 hunks)
• backend/src/services/webhook/webhook-service.ts (2 hunks)
• backend/src/services/webhook/webhook-types.ts (1 hunks)
• docs/documentation/platform/webhooks.mdx (1 hunks)

🧰 Additional context used

🪛 Biome (1.9.4)

backend/src/services/webhook/webhook-fns.ts

[error] 88-88: Useless case clause.

because the default clause is present:

Unsafe fix: Remove the useless case.

(lint/complexity/noUselessSwitchCase)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Run integration test
• GitHub Check: Check TS and Lint

🔇 Additional comments (7)

backend/src/services/webhook/webhook-types.ts (1)

33-66: Structuring event types and payloads looks good!
These new definitions cleanly separate “modified” and “reminder expired” event payloads and enhance maintainability by using a union type for strict type checks.

backend/src/services/secret/secret-queue.ts (3)

64-64: No issues with the new import.
Importing WebhookEvents here is consistent with the rest of the changes.

---

1066-1108: Verify required fields in the “SecretReminderExpired” payload.
Ensure secretName is always present and not null at runtime before queuing, as notifications or webhook handling may fail otherwise.

---

1516-1527: Check that job.data matches the TWebhookPayloads shape.
Currently, event: job.data is passed directly. If job.data might contain additional fields or differ in shape, consider a type guard or validation step to avoid runtime errors.

backend/src/services/webhook/webhook-fns.ts (3)

57-155: Overall logic for generating webhook payloads is well-structured.
Switching based on event.type and further customizing Slack vs. general payloads ensures clarity.

🧰 Tools

🪛 Biome (1.9.4)

[error] 88-88: Useless case clause.

because the default clause is present:

Unsafe fix: Remove the useless case.

(lint/complexity/noUselessSwitchCase)

---

[error] 141-141: Useless case clause.

because the default clause is present:

Unsafe fix: Remove the useless case.

(lint/complexity/noUselessSwitchCase)

---

187-192: Fallback to database for project name is a good safeguard.
This ensures webhooks are populated with a valid project name without failing if not present in the payload.

---

194-201: Preserve event type consistency when reassigning to hook.type.
Overriding the type field in the payload with hook.type is acceptable, but verify that hook.type is a valid subset of WebhookEvents to avoid unexpected merges.