|
| 1 | +# Breeze - GenerateGithubWebook |
| 2 | + |
| 3 | +The `breeze` package subcommand `generate-github-webook` provides the code to build a Serverless GitHub Webhook in Swift based on AWS Lambda and APIGateway. |
| 4 | + |
| 5 | +## Abstract |
| 6 | + |
| 7 | +> Webhooks can let your integrations take an action in response to events that occur on GitHub. |
| 8 | +
|
| 9 | +See official documentation about [GitHub Webhooks](https://docs.github.com/en/webhooks). |
| 10 | + |
| 11 | + |
| 12 | + |
| 13 | +The generated template exposes a webhook to GitHub through the API Gateway, the lambda implements the logic to validate, decode and perform an action based on the received GitHub event. |
| 14 | +The lambda supports the `sha256` signature verification as described on the official documentation [validating-webhook-deliveries](https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries) |
| 15 | + |
| 16 | +## The command line tool |
| 17 | + |
| 18 | +```bash |
| 19 | +swift run breeze generate-github-webhook --help |
| 20 | +``` |
| 21 | + |
| 22 | +output: |
| 23 | + |
| 24 | +```bash |
| 25 | +USAGE: breeze generate-github-webhook --config-file <config-file> --target-path <target-path> [--force-overwrite] [-y] |
| 26 | + |
| 27 | +OPTIONS: |
| 28 | + -c, --config-file <config-file> |
| 29 | + YML configurarion file |
| 30 | + -t, --target-path <target-path> |
| 31 | + Target path |
| 32 | + -f, --force-overwrite Force target path overwrite |
| 33 | + -y |
| 34 | + -h, --help Show help information. |
| 35 | +``` |
| 36 | + |
| 37 | +## Configuration file |
| 38 | + |
| 39 | +Define a configuration file with the following format: |
| 40 | +```yml |
| 41 | +service: swift-breeze-github-webhook |
| 42 | +awsRegion: us-east-1 |
| 43 | +swiftVersion: 5.7.3 |
| 44 | +swiftConfiguration: release |
| 45 | +packageName: BreezeGitHubWebHook |
| 46 | +buildPath: build |
| 47 | +cors: false |
| 48 | +breezeGithubWebhook: |
| 49 | + targetName: GitHubWebHook |
| 50 | + httpPath: /github-webhook |
| 51 | + secret: ${ssm:/dev/swift-webhook/webhook_secret} |
| 52 | +``` |
| 53 | +
|
| 54 | +Configuration parameters: |
| 55 | +- `awsRegion`: AWS Region |
| 56 | +- `swiftVersion`: Swift version |
| 57 | +- `swiftConfiguration`: Swift configuration (debug or release) |
| 58 | +- `packageName`: Swift Package name |
| 59 | +- `buildPath`: Swift Package build path where the Lambda executable will be generated |
| 60 | +- `cors`: Enable CORS (default: false) |
| 61 | +- `breezeGithubWebhook`: Breeze GitHub Webhook configuration |
| 62 | + - `targetName`: The name of the target that will be generated by the Swift Package Manager |
| 63 | + - `httpPath`: The path of the API |
| 64 | + - `secret`: The `sha256` secret generated on GitHub. |
| 65 | + |
| 66 | +### Using System Manager to store GitHub Secret |
| 67 | +The `sha256` secret can be securely stored on AWS using `System Manager` -> `Parameter Store`. The secret must be stored before deploying the project. In the example the `${ssm:/dev/swift-webhook/webhook_secret}` instructs Serverless framework to look for the value on the path `/dev/swift-webhook/webhook_secret`. |
| 68 | + |
| 69 | +## Lambda customisation |
| 70 | + |
| 71 | +Open the generated code, decode the GitHub payload and implement your custom business logic. |
| 72 | + |
| 73 | +```swift |
| 74 | +func handle(context: AWSLambdaRuntimeCore.LambdaContext, event: AWSLambdaEvents.APIGatewayV2Request) async -> AWSLambdaEvents.APIGatewayV2Response { |
| 75 | + do { |
| 76 | + context.logger.info("event: \(event)") |
| 77 | + let payload = try validateGitHubSignature(context: context, event: event) |
| 78 | + |
| 79 | + // TODO: Decode the Github payload |
| 80 | + |
| 81 | + // TODO: Implement the business logic |
| 82 | + |
| 83 | + return APIGatewayV2Response(with: "{}", statusCode: .ok) |
| 84 | + } catch { |
| 85 | + return APIGatewayV2Response(with: error, statusCode: .badRequest) |
| 86 | + } |
| 87 | + } |
| 88 | +``` |
0 commit comments