Skip to content

Latest commit

Β 

History

History
53 lines (40 loc) Β· 2.51 KB

File metadata and controls

53 lines (40 loc) Β· 2.51 KB

github

GitHub webhook β†’ Lark notification integration. Receives GitHub webhooks on the console port and delivers Lark cards to console-configured routing destinations (group chats / DMs), plus DMs to PR reviewers.

This file is AGENTS.md; CLAUDE.md is a symlink to it β€” edit AGENTS.md.

Layout (flat β€” no DB, no scheduler)

  • app.rs β€” App/Instance; build() requires webhook_secret and threads the StateStore into AppState; routes() mounts the routing admin router; run() publishes live AppState into the lark_kit::StateSlot.
  • config.rs β€” GitHubConfig (secrets only) + AppState (github, bot, store).
  • routes.rs β€” ingress_router(slot): POST /webhook (mounted at /webhooks/github/).
  • source/{handler.rs, utils.rs} β€” webhook_handler (verify HMAC β†’ octocrab parse β†’ dispatch β†’ deliver via routing) + the X-Hub-Signature-256 verifier.
  • cards.rs β€” event β†’ LarkCard builders. actions.rs β€” ping, test-notify.

Notification routing (console-configured, shared)

Routing lives in the shared lark_kit::routing module (reused by gitlab). The handler loads the config fresh from the per-App StateStore (namespace = "github") on every webhook, so console edits apply with no restart. The config β€” rules ({repo/org β†’ chat/DM}), default destinations, reviewer user_map, and alert_labels β€” is edited from the console's GitHub tab (GET/PUT /api/apps/github/routing). Delivery is bot-only (group chat by chat_id, DM by user open_id or email), so a lark_app must be bound for notifications to send.

Flow

POST /webhooks/github/webhook (HMAC X-Hub-Signature-256) β†’ octocrab WebhookEvent β†’ build a LarkCard β†’ deliver to cfg.destinations_for(repo, event) (subject = repo full_name):

  • pull_request β€” opened / review-requested (+ reviewer DM via user_map) / merged.
  • issues β€” alert card when a label in alert_labels is applied.
  • workflow_run β€” failed CI. secret_scanning / dependabot β€” security alerts (critical/high). Card links come from the payload.

Config / env

config.toml carries only secrets/bindings; routing is in the console (StateStore). [github]: enabled, lark_app (binds a [lark-apps] for the bot), webhook_secret (required; HMAC for X-Hub-Signature-256). Env overrides: GITHUB_WEBHOOK_SECRET, plus LARK_* for the bot when not using lark_app.

Commands

cargo build -p github
cargo test -p github
cargo clippy -p github --all-targets -- -D warnings