license added. refs: #92124

Author: Drone CI

.gitignore

@@ -0,0 +1,6 @@
+*.log
+*.pyc
+**/__pycache__/
+.env
+.secrets
+payload.json

.yamllint

@@ -0,0 +1,11 @@
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  line-length: disable
+  truthy: disable

LICENSE.md

@@ -0,0 +1,82 @@
+# webhook
+
+[![Build Status](https://drone.osshelp.ru/api/badges/ansible/webhook/status.svg)](https://drone.osshelp.ru/ansible/webhook)
+
+Ansible role for [webhook](https://github.com/adnanh/webhook) installation and configuration.
+
+## Usage (example)
+
+```yaml
+    - hosts: all
+      roles:
+        - { role: webhook,
+              webhook: {
+              hotreload: true,
+              listen: '0.0.0.0',
+              port: 8080,
+              prefix: 'webhook',
+              verbose: false,
+              hooks: [ 'deployment' ],
+              headers: [ 'X-Custom-Header=some-value' ]
+            }
+        }
+```
+
+## Available parameters
+
+### Main
+
+Short description here.
+
+| Param | Description |
+| -------- | -------- |
+| user | User to create for webhook-server. |
+| extra_groups | Extra groups to add created user to. |
+| download_url | Url to get binary from. |
+| checksum_url | Url to get checksums from. |
+| download_dir | Absolute path to temporal dir for binary placement before moving to more suitable dir. |
+| binary_dir | Absolute path to directory where binary will be placed. |
+| scripts_dir | Absolute path to directory where scripts will be placed. |
+| conf_dir | Absolute path to directory with webhook-server configuration files. |
+| logs_dir | Absolute path to directory that will be used for webhook-server logs storage. |
+| templates_dir | Absolute path to directory that will be used for initial-setup script and templates placement. |
+| webhook_hooks_source_dir | Relative path to hooks (j2-templates of jsons) in current repository |
+| webhook_scripts_source_dir | Relative path to scripts templates in current repository |
+| default_setup | Whether to install [deploy-functions](https://gitea.osshelp.ru/ansible/deploy-functions) and additional stuff for initial setup via deployment. |
+| default_sudoers |  Whether to generate sudoers.d config |
+| webhook_sudo_scripts | List of script names in scripts_dir for enabling sudo access to |
+
+### Webhook-server params
+
+You can control all of the params via overriding webhook array (see defaults/main.yml)
+
+## FAQ
+
+### ERROR: Found unknown escape character
+
+If there is an error like this in logs:
+
+> [webhook] couldn't load hooks from file! error converting YAML to JSON: yaml: line 63: found unknown escape character
+
+Then you should use double character ‘\’ in your regexps. For example:
+
+```yaml
+    "regex": "^\\w+(\\d+)?(-\\w+)?-(prod)$",
+```
+
+## Useful links
+
+- [Official documentation](https://github.com/adnanh/webhook/tree/master/docs)
+- [Our article](https://oss.help/kb3989)
+
+## TODO
+
+- add logrotate config for files in logs_dir
+
+## License
+
+GPL3
+
+## Author
+
+OSSHelp Team, see <https://oss.help>

README.md

@@ -0,0 +1,29 @@
+---
+user: webhook
+extra_groups: []
+download_url: "https://oss.help/builds/pub/webhook/2.6.10/webhook"
+checksum_url: "https://oss.help/builds/pub/webhook/2.6.10/SHA256SUMS"
+download_dir: /tmp
+scripts_dir: /usr/local/bin
+binary_dir: /usr/local/sbin
+conf_dir: /etc/webhook
+logs_dir: /var/log/webhook
+templates_dir: /usr/local/osshelp/webhook
+webhook_hooks_source_dir: hooks
+webhook_scripts_source_dir: scripts
+
+default_setup: false
+default_sudoers: true
+
+webhook:
+  hotreload: true
+  listen: '0.0.0.0'
+  port: '9000'
+  prefix: 'webhook'
+  verbose: true
+  hooks: []
+  headers: []
+
+templates: []
+
+webhook_sudo_scripts: [ lxhelper ]

defaults/main.yml

@@ -0,0 +1,9 @@
+---
+- name: reload webhook unit
+  systemd:
+    daemon_reload: yes
+
+- name: restart webhook service
+  service:
+    name: webhook
+    state: restarted

handlers/main.yml

@@ -0,0 +1,14 @@
+---
+galaxy_info:
+  author: OSSHelp team
+  description: install webhook
+  company: OSSHelp
+  license: GPLv3
+  min_ansible_version: 1.2
+  platforms:
+    - name: Ubuntu
+      versions:
+        - xenial
+          bionic
+  galaxy_tags:
+    - webhook

meta/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: deploy-functions
+  src: https://oss.help/ansible/pub/roles/d/deploy-functions-stable.tar.gz
+
+- name: lxc-reboot
+  src: https://oss.help/ansible/pub/roles/l/1/lxc-reboot-stable.tar.gz

requirements.yml

@@ -0,0 +1,141 @@
+---
+# tasks file for webhook
+
+- name: create group
+  group:
+    name: "{{ user }}"
+    system: yes
+    state: present
+
+- name: create user
+  user:
+    name: "{{ user }}"
+    group: "{{ user }}"
+    groups: "{{ extra_groups }}"
+    shell: "/bin/bash"
+    system: yes
+    comment: "Webhook user"
+    state: present
+
+- name: create binary dir if necesary
+  file:
+    path: "{{ binary_dir }}"
+    state: directory
+
+- name: create logs dir if necesary
+  file:
+    path: "{{ logs_dir }}"
+    state: directory
+    owner: "root"
+    group: "{{ user }}"
+    mode: 0770
+
+- name: download binary
+  get_url:
+    url: "{{ download_url }}"
+    checksum: "sha256:{{ checksum_url }}"
+    dest: "{{ binary_dir }}/webhook"
+    owner: "root"
+    group: "root"
+    mode: 0755
+  when: not ansible_check_mode
+  notify: restart webhook service
+
+- name: create conf dir if necessary
+  file:
+    path: "{{ conf_dir }}"
+    state: directory
+    owner: "root"
+    group: "{{ user }}"
+    mode: 0750
+
+- name: copy demo webhook
+  template:
+    src: webhook-demo.j2
+    dest: "{{ conf_dir }}/demo.json"
+    owner: root
+    group: "{{ user }}"
+    mode: 0640
+  when: not webhook.hooks
+  notify: restart webhook service
+
+- name: 'copy webhook'
+  template:
+    src: '{{ webhook_hooks_source_dir }}/{{ item }}.j2'
+    dest: "{{ conf_dir }}/{{ item | basename }}.json"
+    owner: root
+    group: "{{ user }}"
+    mode: 0640
+  when: webhook.hooks is defined and webhook.hooks | length > 0
+  with_items: "{{ webhook.hooks }}"
+  notify: restart webhook service
+
+- name: 'copy scripts'
+  template:
+    src: '{{ webhook_scripts_source_dir }}/webhook-{{ item }}.j2'
+    dest: "{{ scripts_dir }}/webhook-{{ item | basename }}"
+    owner: root
+    group: "{{ user }}"
+    mode: 0750
+  when: webhook.scripts is defined and webhook.scripts | length > 0
+  with_items: "{{ webhook.scripts }}"
+  notify: restart webhook service
+
+- name: include deploy-functions
+  include_role:
+    name: deploy-functions
+  when: default_setup and deploy_functions_installed is not defined
+
+- name: create tpl directory
+  file:
+    path: "{{ templates_dir }}"
+    state: directory
+    owner: "root"
+    group: "{{ user }}"
+    mode: 0750
+  when: default_setup
+
+- name: place initial-setup script
+  template:
+    src: initial-setup.j2
+    dest: "{{ templates_dir }}/initial-setup"
+    owner: "root"
+    group: "{{ user }}"
+    mode: 0750
+  when: default_setup
+
+- name: 'copy templates'
+  copy:
+    src: 'templates/{{ item }}'
+    dest: "{{ templates_dir }}/{{ item | basename }}"
+    owner: root
+    group: "{{ user }}"
+    mode: 0750
+  when: default_setup and templates
+  with_items: "{{ templates }}"
+
+- name: copy systemd unit file
+  template:
+    src: webhook-systemd-unit.j2
+    dest: "/etc/systemd/system/webhook.service"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - reload webhook unit
+    - restart webhook service
+
+- name: enable service
+  service:
+    name: webhook
+    state: started
+    enabled: yes
+
+- name: install sudoers config
+  template:
+    src: sudoers.j2
+    dest: "/etc/sudoers.d/{{ user }}"
+    owner: root
+    group: root
+    mode: 0440
+  when: default_sudoers

tasks/main.yml

@@ -0,0 +1,84 @@
+[
+  {
+    "id": "lxhelper-deployment",
+    "response-message": "Starting LXHelper deployment ...",
+    "execute-command": "{{ scripts_dir | default('/usr/local/bin', true) }}/webhook-lxhelper-deployment",
+    "command-working-directory": "/tmp",
+    "pass-arguments-to-command": [
+      {
+        "source": "payload",
+        "name": "params.manifest"
+      },
+      {
+        "source": "payload",
+        "name": "params.transport"
+      },
+      {
+        "source": "payload",
+        "name": "params.target"
+      },
+      {
+        "source": "payload",
+        "name": "params.profile"
+      }
+    ],
+    "include-command-output-in-response": true,
+    "include-command-output-in-response-on-error": true,
+    "response-message": "Redeploy started!",
+    "trigger-rule-mismatch-http-response-code": 400,
+    "trigger-rule": {
+      "and": [
+        {
+          "match": {
+            "type": "value",
+            "value": "{{ lxhelper_deployment['token'] | default('VeryUniqueStingHere',true) }}",
+            "parameter": {
+              "source": "payload",
+              "name": "params.token"
+            }
+          }
+        },
+        {
+          "match": {
+            "type": "regex",
+            "regex": "^(http(s?):\\/\\/|\\/)[\\w+\\.\\-\\/\\@\\:]+\\w+\\.yml$",
+            "parameter": {
+              "source": "payload",
+              "name": "params.manifest"
+            }
+          }
+        },
+        {
+          "match": {
+            "type": "regex",
+            "regex": "^(http|s3)$",
+            "parameter": {
+              "source": "payload",
+              "name": "params.transport"
+            }
+          }
+        },
+        {
+          "match": {
+            "type": "regex",
+            "regex": "{{ lxhelper_deployment['target_regex'] | default('^demo$',true) }}",
+            "parameter": {
+              "source": "payload",
+              "name": "params.target"
+            }
+          }
+        },
+        {
+          "match": {
+            "type": "regex",
+            "regex": "^([\\w\\d-]+|)$",
+            "parameter": {
+              "source": "payload",
+              "name": "params.profile"
+            }
+          }
+        }
+      ]
+    }
+  }
+]