feature(values): Extract webook URL Outside the SCM definitions (#107)

* feature(values): Extract webook URL Outside the SCM definitions

* Update charts/studio/values.yaml

Co-authored-by: Jesper Svendsen <99078145+jesper7@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Jesper Svendsen <99078145+jesper7@users.noreply.github.com>

* Bump chart.yaml

* fix(webhook): Use default setting everywhere

* chore(helm-docs): Generate latest version

* chore(helm-docs): Add CI job which checks if the helm-docs needs to be created

* fix(merge queue): add merge_group trigger

* fix(secretKey): Change random in SECRET_KEY

---------

Co-authored-by: Marcin Jasion <mjasion@users.noreply.github.com>
Co-authored-by: Jesper Svendsen <99078145+jesper7@users.noreply.github.com>

.github/workflows/test.yaml

@@ -2,6 +2,7 @@ name: Lint and Test Charts
 
 on:
   pull_request:
+  merge_group:
   push:
     branches:
       - main
@@ -23,7 +24,7 @@ jobs:
       - name: Set up Helm
         uses: azure/setup-helm@v3
         with:
-          version: v3.12.0
+          version: v3.12.2
 
       - uses: actions/setup-python@v4
         with:
@@ -58,3 +59,22 @@ jobs:
         run: |
           ct lint-and-install --target-branch ${{ github.event.repository.default_branch }} --upgrade --debug \
           --helm-extra-set-args '--set ci=true --set global.blobvault.persistentVolume.storageClassName="standard" --set imagePullSecrets[0].name=iterativeai --set dockerUsername=${{ secrets.ITERATIVE_DOCKER_REGISTRY_USER }} --set dockerPassword=${{ secrets.ITERATIVE_DOCKER_REGISTRY_PASSWORD }} --set dockerServer=docker.iterative.ai'
+
+  helm-docs:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.12.2
+
+      - name: Run helm-docs
+        working-directory: charts/studio/
+        run: |
+          docker run --pull always --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest
+          git diff --exit-code

README.md

@@ -125,7 +125,6 @@ global:
       appName: "iterative-studio-selfhosted"
       clientId: "<gh-client-id>"
       clientSecret: "<gh-app-secret>"
-      webhookUrl: "https://my-studio.private.com/webhook/github"
       privateKey: |-
         -----BEGIN RSA PRIVATE KEY-----
         ...

charts/studio/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.7
+version: 0.2.8
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/studio/templates/configmap-studio.yaml

@@ -1,3 +1,4 @@
+{{$webhookHost := .Values.global.scmProviders.webhookHost | default .Values.global.host }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -21,8 +22,8 @@ data:
   {{- if .Values.global.scmProviders.bitbucket.apiUrl }}
   BITBUCKET_API_URL: {{ .Values.global.scmProviders.bitbucket.apiUrl | quote}}
   {{- end }}
-  {{- if .Values.global.scmProviders.bitbucket.webhookUrl }}
-  BITBUCKET_WEBHOOK_URL: {{ .Values.global.scmProviders.bitbucket.webhookUrl | quote}}
+  {{- if and .Values.global.scmProviders.bitbucket.enabled $webhookHost }}
+  BITBUCKET_WEBHOOK_URL: "http{{ if $.Values.global.ingress.tlsEnabled }}s{{ end }}://{{ $webhookHost }}/webhook/bitbucket/"
   {{- end }}
 
   ENABLE_BLOBVAULT: "True"
@@ -67,8 +68,8 @@ data:
   {{- if .Values.global.scmProviders.github.url }}
   GITHUB_URL: {{ .Values.global.scmProviders.github.url | quote }}
   {{- end }}
-  {{- if .Values.global.scmProviders.github.webhookUrl }}
-  GITHUB_WEBHOOK_URL: {{ .Values.global.scmProviders.github.webhookUrl | quote }}
+  {{- if and .Values.global.scmProviders.github.enabled $webhookHost }}
+  GITHUB_WEBHOOK_URL: "http{{ if $.Values.global.ingress.tlsEnabled }}s{{ end }}://{{ $webhookHost }}/webhook/github/"
   {{- end }}
   {{- if .Values.global.scmProviders.github.clientId }}
   GITHUB_APP_CLIENT_ID: {{ .Values.global.scmProviders.github.clientId | quote }}
@@ -83,8 +84,8 @@ data:
   {{- if .Values.global.scmProviders.gitlab.url }}
   GITLAB_URL: {{ .Values.global.scmProviders.gitlab.url | quote}}
   {{- end }}
-  {{- if .Values.global.scmProviders.gitlab.webhookUrl }}
-  GITLAB_WEBHOOK_URL: {{ .Values.global.scmProviders.gitlab.webhookUrl | quote }}
+  {{- if and .Values.global.scmProviders.gitlab.enabled $webhookHost }}
+  GITLAB_WEBHOOK_URL: "http{{ if $.Values.global.ingress.tlsEnabled }}s{{ end }}://{{ $webhookHost }}/webhook/gitlab/"
   {{- end }}
 
   {{- if .Values.global.maxViews }}

charts/studio/templates/ingress-studio-webhook.yaml

@@ -31,7 +31,7 @@ spec:
   {{- if and .Values.global.ingress.tlsEnabled .Values.global.ingress.hostnameEnabled }}
   tls:
     - hosts:
-        - {{ .Values.global.host }}
+        - {{.Values.global.scmProviders.webhookHost | default .Values.global.host}}
       secretName: {{ .Values.global.ingress.tlsSecretName }}
   {{- end }}
   rules:
@@ -56,6 +56,6 @@ spec:
               servicePort: {{ .Values.studioBackend.service.port }}
               {{- end }}
       {{- if .Values.global.ingress.hostnameEnabled }}
-      host: {{ .Values.global.host }}
+      host: {{ .Values.global.scmProviders.webhookHost | default .Values.global.host }}
       {{- end }}
 {{- end }}

charts/studio/templates/secret-studio.yaml

@@ -48,7 +48,7 @@ stringData:
   {{- else }}
   {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "studio") | default dict }}
   {{- $secretData := (get $secretObj "data") | default dict }}
-  {{- $secretKey := (get $secretData "SECRET_KEY" | b64dec) | default (randAscii 40) }}
+  {{- $secretKey := (get $secretData "SECRET_KEY" | b64dec) | default (randAlphaNum 40) }}
   SECRET_KEY: {{ $secretKey | quote }}
   {{- end }}
 

charts/studio/values.yaml

@@ -18,8 +18,8 @@ global:
   # We recommend you set this externally. If left empty, a random key will be generated.
   secretKey: ""
 
+  # -- (DEPRECATED) Studio: Custom CA certificate in PEM format
   # Deprecated in favor of `customCaCerts`
-  # -- Studio: Custom CA certificate in PEM format
   # customCaCert: |-
   #   -----BEGIN CERTIFICATE-----
   #   ....
@@ -103,6 +103,12 @@ global:
     password: "postgres"
 
   scmProviders:
+
+    # -- Custom hostname for incoming webhook (if Studio runs on a private network and you use SaaS versions of GitHub, GitLab, or Bitbucket)
+    # @default -- `$global.host` value.
+    webhookHost: ""
+
+    # -- GitHub App integration with Studio.
     github:
       # -- GitHub enabled
       enabled: false
@@ -114,7 +120,6 @@ global:
       # Set this if you're using the selfhosted version
       apiUrl: ""
 
-
       # -- GitHub OAuth App Name
       appName: ""
       # -- GitHub OAuth App ID
@@ -126,9 +131,10 @@ global:
       # -- GitHub OAuth App Private Key
       privateKey: ""
 
-      # -- GitHub Webhook URL, e.g. https://<global.host>/webhook/github/
+      # -- (DEPRECATED) GitHub Webhook URL
       webhookUrl: ""
 
+    # -- GitLab App integration with Studio.
     gitlab:
       # -- GitLab enabled
       enabled: false
@@ -142,11 +148,13 @@ global:
       # -- GitLab OAuth App Secret Key
       secretKey: ""
 
-      # -- GitLab Webhook URL
+      # -- (DEPRECATED) GitLab Webhook URL
       webhookUrl: ""
+
       # -- GitLab Webhook Secret
       webhookSecret: ""
 
+    # -- BitBucket App integration with Studio.
     bitbucket:
       # -- Bitbucket enabled
       enabled: false
@@ -163,9 +171,8 @@ global:
       # -- Bitbucket OAuth App Secret Key
       secretKey: ""
 
-      # -- Bitbucket Webhook URL
+      # -- (DEPRECATED) BitBucket Webhook URL
       webhookUrl: ""
-
 nginx:
   service:
     type: ClusterIP