Skip to content

feat: add GitLab webhook verification support#19

Merged
nickmarden merged 3 commits intomainfrom
gitlab-integration
Feb 6, 2026
Merged

feat: add GitLab webhook verification support#19
nickmarden merged 3 commits intomainfrom
gitlab-integration

Conversation

@bornakapusta
Copy link
Contributor

@bornakapusta bornakapusta commented Jan 27, 2026

Summary

  • Add gitlab verifier type for GitLab webhook authentication via X-Gitlab-Token header
  • Add predefined GitLab.com IP allowlist for webhook source IPs (34.74.90.64/28, 34.74.226.0/24)
  • Add test routes for all verifier types in minikube config

Test plan

  • Unit tests pass (internal/verifier/gitlab_test.go)
  • Manual test with minikube using /direct/gitlab and /relay/gitlab routes

🤖 Generated with Claude Code

@nickmarden
Copy link
Contributor

nickmarden commented Feb 4, 2026

@bornakapusta can you resolve this merge conflict? I'd love to be able to merge this.

@bornakapusta
feat: add gitlab verifier type for webhook authentication
4583a50 
Adds X-Gitlab-Token header verification and predefined IP allowlist for GitLab.com webhook source IPs.
@bornakapusta
feat: add test routes for webhook verifiers in minikube config
4dfead8
@github-actions
Copy link

github-actions bot commented Feb 6, 2026
edited
Loading

Docker Images Built

Images are available for testing:

# gatekeeperd
docker pull ghcr.io/tight-line/gatekeeperd:pr-19-f46d1cc

# gatekeeper-relay
docker pull ghcr.io/tight-line/gatekeeper-relay:pr-19-f46d1cc

docker-compose.yml

GATEKEEPERD_IMAGE=ghcr.io/tight-line/gatekeeperd:pr-19-f46d1cc \
RELAY_IMAGE=ghcr.io/tight-line/gatekeeper-relay:pr-19-f46d1cc \
docker-compose --profile relay up

Helm (values override)

image:
  repository: ghcr.io/tight-line/gatekeeperd  # or gatekeeper-relay
  tag: "pr-19-f46d1cc"

Images expire ~15 days after PR closes.

@nickmarden
Copy link
Contributor

nickmarden commented Feb 6, 2026

@bornakapusta can you fix up the coverage? Ideally we shoot for 100% coverage on new (testable) code.

The repo has some instructions about how to mark code as untestable, but really that should be a feature of last resort. Most code is testable. We currently only use that feature for Redis testing because our Redis testing library lacks some features of a real Redis server.

@bornakapusta
test: add coverage for gitlab verifier
f46d1cc 
Add test coverage for gitlab verifier validation and handler building
to meet SonarQube 80% coverage requirement on new code.
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 6, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@codecov
Copy link

codecov bot commented Feb 6, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@bornakapusta bornakapusta marked this pull request as ready for review February 6, 2026 13:20
@nickmarden nickmarden merged commit 1f44f21 into main Feb 6, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bornakapusta @nickmarden