github-events: Add tf vars for webhook id env vars (#691)

See #689 for impl
chainguard-dev · Jan 22, 2025 · 393f899 · 393f899
1 parent 82a0f9f
commit 393f899
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 0 deletions.
diff --git a/modules/github-events/README.md b/modules/github-events/README.md
@@ -166,10 +166,12 @@ No requirements.
 | <a name="input_notification_channels"></a> [notification\_channels](#input\_notification\_channels) | List of notification channels to alert. | `list(string)` | n/a | yes |
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | n/a | `string` | n/a | yes |
 | <a name="input_regions"></a> [regions](#input\_regions) | A map from region names to a network and subnetwork. The bucket must be in one of these regions. | <pre>map(object({<br/>    network = string<br/>    subnet  = string<br/>  }))</pre> | n/a | yes |
+| <a name="input_requested_only_webhook_id"></a> [requested\_only\_webhook\_id](#input\_requested\_only\_webhook\_id) | If set, the csv IDs of the webhooks that should only receive check requested events. | `string` | `""` | no |
 | <a name="input_require_squad"></a> [require\_squad](#input\_require\_squad) | Whether to require squad variable to be specified | `bool` | `false` | no |
 | <a name="input_secret_version_adder"></a> [secret\_version\_adder](#input\_secret\_version\_adder) | The user allowed to populate new webhook secret versions. | `string` | n/a | yes |
 | <a name="input_service-ingress"></a> [service-ingress](#input\_service-ingress) | Which type of ingress traffic to accept for the service (see regional-go-service). Valid values are:<br/><br/>- INGRESS\_TRAFFIC\_ALL accepts all traffic, enabling the public .run.app URL for the service<br/>- INGRESS\_TRAFFIC\_INTERNAL\_LOAD\_BALANCER accepts traffic only from a load balancer | `string` | `"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER"` | no |
 | <a name="input_squad"></a> [squad](#input\_squad) | squad label to apply to the service. | `string` | `""` | no |
+| <a name="input_webhook_id"></a> [webhook\_id](#input\_webhook\_id) | If set, the csv IDs of the webhooks that the trampoline should listen to. | `string` | `""` | no |
 
 ## Outputs
 

diff --git a/modules/github-events/main.tf b/modules/github-events/main.tf
@@ -59,6 +59,14 @@ module "this" {
             name  = "GITHUB_ORGANIZATIONS_FILTER"
             value = var.github_organizations
           },
+          {
+            name  = "REQUESTED_ONLY_WEBHOOK_ID"
+            value = var.requested_only_webhook_id
+          },
+          {
+            name  = "WEBHOOK_ID"
+            value = var.webhook_id
+          }
         ],
         [for name, secret in var.additional_webhook_secrets : {
           name = "WEBHOOK_SECRET_${upper(name)}"

diff --git a/modules/github-events/variables.tf b/modules/github-events/variables.tf
@@ -99,3 +99,15 @@ variable "github_organizations" {
   type        = string
   default     = ""
 }
+
+variable "requested_only_webhook_id" {
+  description = "If set, the csv IDs of the webhooks that should only receive check requested events."
+  type        = string
+  default     = ""
+}
+
+variable "webhook_id" {
+  description = "If set, the csv IDs of the webhooks that the trampoline should listen to."
+  type        = string
+  default     = ""
+}