An exploration of leveraging AWS Lamba to produce "serverless" python handling for github webhooks. In addition, the originating repo controls which checks are run through its own .hooks.yml file (think .travis.yml like system, but with support for any kind of webhook, not just pull requests). Finally, we also provide an endpoint for extracing the status check log files ("details" links in Github UI).
You should be able to deploy this without editing any application code to get a basic check going.
- Terraform -- to push code and configuration to AWS
- Python 2.7 -- to build the application
- AWS Access Key
- AWS Secret Key
- Github Token
- Github Webhook Secret
Copy variables.tf.example.txt to variables.tf and fill in the AWS credentials.
Create src/ghtoken.txt and place the Github token in that file.
Create src/ghsecret.txt and put a random, keyboard-smash ascii string in there. You'll use this when setting up the webhook later on.
This will fetch all the requirements and place them in vendor where main.py will seek them out.
$ pip install -r src/vendor/requirements.txt -t src/vendor If you'd like, you can also locally test the code by running todo: fix with local event examplespython src/main.py.
Now that the application is "built" and all the secrets are in place, you can deploy the whole thing with:
$ terraform apply This will package your app (src/) into a zip file, upload it as your lamda function and setup all the function, api gateway, and logging AWS configurations to run the code "serverless"ly. At the end of the run, you'll get output that looks like this:
prod_url = https://xxxxxxx.execute-api.xxxxxx.amazonaws.com/prod/hook
Keep that for the next step.
- Go to the repo you want to try this on and into the "Settings" area.
- Open "Webhooks"
- Click "Add Webhook"
- Set the "Payload URL" to the
prod_urlfrom above - Change "Content-type" to "application/json"
- Put the secret from
src/ghsecret.txtinto the "Secret" field - Switch the hook to "Let me select individual events" and only check the box for "Pull Requests"
- Finally, save by pressing "Add webhook"
Once the webhook is in place, you'll need one more thing. This demo will trigger checks based on a file called .hooks.yml in your repositories default branch. None of these hooks are currently doing anything other than issuing a rubber stamp status check on pull requests. You can see an example .hooks.yml in this repo.
I used these are references and starting points for this project
Articles:
- Using Terraform to setup AWS API-Gateway and Lambda -- Credit where due, most of the terraform states came from this fellow.
- Terraforming Amazon AWS Lambda function and related API Gateway -- Helped with a missing cloudwatch log setup
API Docs: