Skip to content

rfc #39

Open
Open
rfc#39

Description

@can-gaa-hou
can-gaa-hou
opened on Apr 7, 2026

L1

%%{init: {"theme": "base"}}%%
sequenceDiagram
    participant U as UpStream Repo
    participant G as GitHub App
    participant W as webhook_handler
    participant R as Redis
    participant D as DownStream Repo

    U->>G: PR/Push event trigger
    W<<->>G: Verify Signature
    W->>G: Require Allowlist
    W->>R: Cache Allowlist
    W->>G: Require DownStream Repos installation ID
    G->>W: Return installation ID
    W->>D: Passthrough payload to DownStream Repos
Loading

L2

%%{init: {"theme": "base", "themeCSS": ".messageLine0:nth-of-type(8){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(9){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(10){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(11){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(12){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(13){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(14){stroke:#16a34a;stroke-width:2px} .messageText:nth-of-type(8){fill:#16a34a} .messageText:nth-of-type(9){fill:#16a34a} .messageText:nth-of-type(10){fill:#16a34a} .messageText:nth-of-type(11){fill:#16a34a} .messageText:nth-of-type(12){fill:#16a34a} .messageText:nth-of-type(13){fill:#16a34a} .messageText:nth-of-type(14){fill:#16a34a}"}}%%
sequenceDiagram
    participant U as UpStream Repo
    participant G as GitHub App
    participant W as webhook_handler
    participant R as Redis
    participant D as DownStream Repo
    box rgba(187,247,208,0.5)
    participant RH as result_handler
    participant H as HUD
    end

    U->>G: PR/Push event trigger
    W<<->>G: Verify Signature
    W->>G: Require Allowlist
    W->>R: Cache Allowlist
    W->>G: Require DownStream Repos installation ID
    G->>W: Return installation ID
    W->>D: Passthrough payload to DownStream Repos
    D->>RH: In progress action call
    RH<<->>D: Verify payload with OIDC
    RH->>R: Check allowlist in redis
    R->>G: Fetch allowlist from GitHub if not in redis
    RH->>H: Show in progress action on HUD
    D->>RH: Completed action call
    RH->>H: Show completed action on HUD
Loading

L3 & L4

%%{init: {"theme": "base", "themeCSS": ".messageLine0:nth-of-type(5){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(6){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(7){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(15){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(17){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(18){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(19){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(20){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(21){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(22){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(25){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(26){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(27){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(28){stroke:#16a34a;stroke-width:2px} .messageLine0:nth-of-type(29){stroke:#16a34a;stroke-width:2px} .messageText:nth-of-type(5){fill:#16a34a} .messageText:nth-of-type(6){fill:#16a34a} .messageText:nth-of-type(7){fill:#16a34a} .messageText:nth-of-type(15){fill:#16a34a} .messageText:nth-of-type(17){fill:#16a34a} .messageText:nth-of-type(18){fill:#16a34a} .messageText:nth-of-type(19){fill:#16a34a} .messageText:nth-of-type(20){fill:#16a34a} .messageText:nth-of-type(21){fill:#16a34a} .messageText:nth-of-type(22){fill:#16a34a} .messageText:nth-of-type(25){fill:#16a34a} .messageText:nth-of-type(26){fill:#16a34a} .messageText:nth-of-type(27){fill:#16a34a} .messageText:nth-of-type(28){fill:#16a34a} .messageText:nth-of-type(29){fill:#16a34a}"}}%%
sequenceDiagram
    participant U as UpStream Repo
    participant G as GitHub App
    participant W as webhook_handler
    participant R as Redis
    participant D as DownStream Repo
    box rgba(187,247,208,0.5)
    participant RH as result_handler
    participant H as HUD
    end

    U->>G: PR/Push event trigger
    W<<->>G: Verify Signature
    W->>G: Require Allowlist
    W->>R: Cache Allowlist
    opt Scenario 1
        U->>G: PR label add / L4
        G->>W:
        W->>R: Cache PR info for check run
    end
    W->>G: Require DownStream Repos installation ID
    G->>W: Return installation ID
    W->>D: Passthrough payload to DownStream Repos
    D->>RH: In progress action call
    D<<->>RH: Verify payload with OIDC
    RH->>R: Check allowlist in redis
    R->>G: Fetch allowlist from GitHub if not in redis
    RH->>R: Cache action info
    RH->>H: Show in progress action on HUD
    opt Scenario 2
        U->>G: PR label add
        G->>W:
        W->>R: Find action info
        W->>U: Create PR in_progress check run
    end
    opt Scenario 1
        RH->>R: Find PR info record
        RH->U: Create PR in_progress check run
    end
    D->>RH: Completed action call
    RH->>H: Show completed action on HUD
    opt Scenario 1 & 2
        RH->>U: Update PR completed check run
    end
    opt Scenario 3
        U->>G: PR label add
        G->>W:
        W->>R: Find action info
        W->>U: Create PR completed check run
    end
Loading

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions