Skip to content

feat: add gh-org-webhook tfm #978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
frmadem wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: add gh-org-webhook tfm #978

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4e5de7c
feat: add gh-org-webhook tfm
Mar 12, 2026
be7efc7
Merge branch 'main' into feat/977-poc-gh-org-webhook
alambike Mar 17, 2026
f0cb9fd
Merge branch 'main' into feat/977-poc-gh-org-webhook
frmadem Mar 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions modules/gh-org-webhook/.terraform-docs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
formatter: "markdown" # this is required

version: ""

header-from: docs/header.md
footer-from: docs/footer.md

recursive:
enabled: false
path: modules
include-main: true

sections:
hide: []
show: []

content: ""

output:
file: "README.md"
mode: inject
template: |-
<!-- BEGIN_TF_DOCS -->
{{ .Content }}
<!-- END_TF_DOCS -->

output-values:
enabled: false
from: ""

sort:
enabled: true
by: name

settings:
anchor: true
color: true
default: true
description: false
escape: true
hide-empty: false
html: true
indent: 2
lockfile: true
read-comments: true
required: true
sensitive: true
type: true
143 changes: 143 additions & 0 deletions modules/gh-org-webhook/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
<!-- BEGIN_TF_DOCS -->
# **GitHub Organization Webhook Terraform Module**

## Overview

This module creates and manages a GitHub **organization-level webhook** using a single strongly-typed `config` object.

It is designed for Prefapp’s Internal Developer Platform and automated webhook provisioning pipelines. The module accepts input directly from external programs via JSON.

## Key Features

- **Single config object**: All webhook settings in one `config` variable
- **Full event support**: Subscribe to any GitHub organization webhook event
- **Secure by default**: Supports secret, content type, and SSL validation
- **JSON-native**: Perfect for programmatic generation
- **Strong validation**: Ensures only valid events and required fields

## Supported Events

The module supports **all standard GitHub organization webhook events**.

Common events include:

- `push`
- `pull_request`
- `issues`
- `workflow_run`
- `workflow_dispatch`
- `release`
- `create`
- `delete`
- `fork`
- `member`
- `public`
- `repository`
- `status`
- `watch`
- `commit_comment`
- `gollum`
- `team_add`
- `team`
- `organization`
- `project`
- `project_card`
- `project_column`
- `milestone`
- `deployment`
- `deployment_status`
- `discussion`
- `discussion_comment`

For the **complete and up-to-date list** of all available webhook events and their payloads, see the official GitHub documentation:

→ **[Webhook events and payloads](https://docs.github.com/en/webhooks/webhook-events-and-payloads)**

## Basic Usage

### Using `terraform.tfvars.json` (recommended)

```hcl
module "org_webhook" {
source = "git::https://github.com/prefapp/tfm.git//modules/gh-org-webhook"

config = var.config
Comment on lines +60 to +64
Copy link

Copilot AI Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The README’s first usage example opens a ```hcl fence but doesn’t close it after the module block, so the subsequent heading gets rendered as code. Close the code fence after the first example (and re-run terraform-docs if this file is generated).

Copilot uses AI. Check for mistakes.
}

### Inline example

```hcl
module "org\_webhook" {
source = "git::https://github.com/prefapp/tfm.git//modules/gh-org-webhook"

config = {
Comment on lines +69 to +73
Copy link

Copilot AI Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this HCL code block the module name is rendered as org\_webhook (escaped underscore), which makes it invalid HCL for copy/paste. Code fences should contain unescaped HCL identifiers.

Copilot uses AI. Check for mistakes.
webhook = {
active = true
events = ["push", "pull\_request", "issues", "workflow\_run"]
Comment on lines +70 to +76
Copy link

Copilot AI Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The events list in this HCL example escapes underscores (e.g., pull\_request, workflow\_run), which makes the example invalid for copy/paste. Remove the escaping inside code fences.

Suggested change
module "org\_webhook" {
source = "git::https://github.com/prefapp/tfm.git//modules/gh-org-webhook"
config = {
webhook = {
active = true
events = ["push", "pull\_request", "issues", "workflow\_run"]
module "org_webhook" {
source = "git::https://github.com/prefapp/tfm.git//modules/gh-org-webhook"
config = {
webhook = {
active = true
events = ["push", "pull_request", "issues", "workflow_run"]

Copilot uses AI. Check for mistakes.
configuration = {
url = "https://example.com/webhook"
contentType = "json"
secret = "secret-xxx"
insecureSsl = false
}
}
}
}
```
```
Copy link

Copilot AI Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There’s an extra stray triple-backtick line after the inline example closes, which breaks markdown formatting. Remove the extra ``` so fences are balanced.

Suggested change
```

Copilot uses AI. Check for mistakes.

## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_github"></a> [github](#requirement\_github) | ~> 6.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_github"></a> [github](#provider\_github) | ~> 6.0 |

## Modules

No modules.

## Resources

| Name | Type |
|------|------|
| [github_organization_webhook.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_webhook) | resource |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_config"></a> [config](#input\_config) | GitHub organization webhook configuration | <pre>object({<br/> webhook = object({<br/> active = optional(bool, true)<br/> events = list(string)<br/><br/> configuration = object({<br/> url = string<br/> contentType = optional(string, "json")<br/> secret = optional(string)<br/> insecureSsl = optional(bool, false)<br/> })<br/> })<br/> })</pre> | n/a | yes |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_active"></a> [active](#output\_active) | Whether the webhook is active |
| <a name="output_events"></a> [events](#output\_events) | Events the webhook is subscribed to |
| <a name="output_webhook_id"></a> [webhook\_id](#output\_webhook\_id) | ID of the created organization webhook |
| <a name="output_webhook_url"></a> [webhook\_url](#output\_webhook\_url) | URL of the webhook |

### `docs/footer.md`
```markdown
## Examples

For detailed examples, refer to the [module examples](https://github.com/prefapp/tfm/tree/main/modules/gh-org-webhook/_examples):

- [basic](https://github.com/prefapp/tfm/tree/main/modules/gh-org-webhook/_examples/basic) - Organization webhook with push/pull_request/issues

## Resources

- **github_organization_webhook**: [Official Documentation](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_webhook)
- **GitHub Terraform Provider**: [Official Documentation](https://registry.terraform.io/providers/integrations/github/latest/docs)

## Support

For issues, questions, or contributions related to this module, please visit the [repository's issue tracker](https://github.com/prefapp/tfm/issues).
```
<!-- END_TF_DOCS -->
18 changes: 18 additions & 0 deletions modules/gh-org-webhook/_examples/basic/config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"config": {
"webhook": {
"active": true,
"events": [
"push",
"pull_request",
"issues"
],
"configuration": {
"url": "https://example.com/webhook",
"contentType": "json",
"secret": "secret-xxx",
"insecureSsl": false
}
}
}
}
18 changes: 18 additions & 0 deletions modules/gh-org-webhook/_examples/basic/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
terraform {
required_providers {
github = {
source = "integrations/github"
version = "~> 6.0"
Comment on lines +1 to +5
Copy link

Copilot AI Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This example terraform block is missing required_version, while other module examples in this repo typically pin a minimum Terraform version. Adding it improves consistency and avoids running the example with incompatible Terraform versions.

Copilot uses AI. Check for mistakes.
}
}
}

module "org_webhook" {
source = "../../"

config = jsondecode(file("${path.module}/config.json")).config
}

output "webhook_id" {
value = module.org_webhook.webhook_id
}
16 changes: 16 additions & 0 deletions modules/gh-org-webhook/docs/footer.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
### `docs/footer.md`
```markdown
Comment on lines +1 to +2
Copy link

Copilot AI Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

docs/footer.md appears to include a self-referential heading and wraps the intended footer content in a fenced ```markdown block. Because terraform-docs injects this file verbatim, the README ends up showing the footer as a code snippet instead of rendering it. Remove the wrapper heading and code fence so the footer content is plain markdown.

Suggested change
### `docs/footer.md`
```markdown

Copilot uses AI. Check for mistakes.
## Examples

For detailed examples, refer to the [module examples](https://github.com/prefapp/tfm/tree/main/modules/gh-org-webhook/_examples):

- [basic](https://github.com/prefapp/tfm/tree/main/modules/gh-org-webhook/_examples/basic) - Organization webhook with push/pull_request/issues

## Resources

- **github_organization_webhook**: [Official Documentation](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_webhook)
- **GitHub Terraform Provider**: [Official Documentation](https://registry.terraform.io/providers/integrations/github/latest/docs)

## Support

For issues, questions, or contributions related to this module, please visit the [repository's issue tracker](https://github.com/prefapp/tfm/issues).
85 changes: 85 additions & 0 deletions modules/gh-org-webhook/docs/header.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
# **GitHub Organization Webhook Terraform Module**

## Overview

This module creates and manages a GitHub **organization-level webhook** using a single strongly-typed `config` object.

It is designed for Prefapp’s Internal Developer Platform and automated webhook provisioning pipelines. The module accepts input directly from external programs via JSON.

## Key Features

- **Single config object**: All webhook settings in one `config` variable
- **Full event support**: Subscribe to any GitHub organization webhook event
- **Secure by default**: Supports secret, content type, and SSL validation
- **JSON-native**: Perfect for programmatic generation
- **Strong validation**: Ensures only valid events and required fields

## Supported Events

The module supports **all standard GitHub organization webhook events**.
Comment on lines +12 to +19
Copy link

Copilot AI Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The header advertises "Full event support" / "all standard" org webhook events, but the module’s webhook.events validation currently restricts to a small subset. Please either narrow the claim in the docs or broaden validation to match what’s advertised.

Suggested change
- **Full event support**: Subscribe to any GitHub organization webhook event
- **Secure by default**: Supports secret, content type, and SSL validation
- **JSON-native**: Perfect for programmatic generation
- **Strong validation**: Ensures only valid events and required fields
## Supported Events
The module supports **all standard GitHub organization webhook events**.
- **Comprehensive event coverage**: Subscribe to a wide range of common GitHub organization webhook events
- **Secure by default**: Supports secret, content type, and SSL validation
- **JSON-native**: Perfect for programmatic generation
- **Strong validation**: Ensures only valid events and required fields
## Supported Events
This module currently supports the following GitHub organization webhook events:

Copilot uses AI. Check for mistakes.

Common events include:

- `push`
- `pull_request`
- `issues`
- `workflow_run`
- `workflow_dispatch`
- `release`
- `create`
- `delete`
- `fork`
- `member`
- `public`
- `repository`
- `status`
- `watch`
- `commit_comment`
- `gollum`
- `team_add`
- `team`
- `organization`
- `project`
- `project_card`
- `project_column`
- `milestone`
- `deployment`
- `deployment_status`
- `discussion`
- `discussion_comment`

For the **complete and up-to-date list** of all available webhook events and their payloads, see the official GitHub documentation:

→ **[Webhook events and payloads](https://docs.github.com/en/webhooks/webhook-events-and-payloads)**

## Basic Usage

### Using `terraform.tfvars.json` (recommended)

```hcl
module "org_webhook" {
source = "git::https://github.com/prefapp/tfm.git//modules/gh-org-webhook"

config = var.config
Comment on lines +59 to +63
Copy link

Copilot AI Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This markdown opens a hcl code fence for the first example but never closes it before the next heading, which breaks rendering. Add the missing closing after the first module example.

Copilot uses AI. Check for mistakes.
}

### Inline example

```hcl
module "org_webhook" {
source = "git::https://github.com/prefapp/tfm.git//modules/gh-org-webhook"

config = {
webhook = {
active = true
events = ["push", "pull_request", "issues", "workflow_run"]
configuration = {
url = "https://example.com/webhook"
contentType = "json"
secret = "secret-xxx"
insecureSsl = false
}
}
}
}
```
11 changes: 11 additions & 0 deletions modules/gh-org-webhook/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
resource "github_organization_webhook" "this" {
active = var.config.webhook.active
events = var.config.webhook.events

configuration {
url = var.config.webhook.configuration.url
content_type = var.config.webhook.configuration.contentType
secret = var.config.webhook.configuration.secret
insecure_ssl = var.config.webhook.configuration.insecureSsl
}
}
19 changes: 19 additions & 0 deletions modules/gh-org-webhook/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
output "webhook_id" {
description = "ID of the created organization webhook"
value = github_organization_webhook.this.id
}

output "webhook_url" {
description = "URL of the webhook"
value = github_organization_webhook.this.configuration[0].url
}

output "active" {
description = "Whether the webhook is active"
value = github_organization_webhook.this.active
}

output "events" {
description = "Events the webhook is subscribed to"
value = github_organization_webhook.this.events
}
28 changes: 28 additions & 0 deletions modules/gh-org-webhook/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
variable "config" {
description = "GitHub organization webhook configuration"
type = object({
webhook = object({
active = optional(bool, true)
events = list(string)

configuration = object({
url = string
contentType = optional(string, "json")
secret = optional(string)
insecureSsl = optional(bool, false)
})
})
})

validation {
condition = length(var.config.webhook.events) > 0
error_message = "At least one event must be defined in webhook.events."
}

validation {
condition = alltrue([
for e in var.config.webhook.events : contains(["push", "pull_request", "issues", "commit_comment", "create", "delete", "fork", "gollum", "member", "public", "release", "status", "watch", "workflow_dispatch"], e)
])
error_message = "Invalid event type in webhook.events."
Comment on lines +24 to +26
Copy link

Copilot AI Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The webhook.events validation hard-codes a small allow-list, but the module docs/examples claim broader event support (e.g., workflow_run, repository, etc.). As written, valid organization webhook events will be rejected by input validation. Either expand the allow-list to match the supported GitHub org webhook events (and the docs), or relax validation to avoid blocking legitimate events.

Suggested change
for e in var.config.webhook.events : contains(["push", "pull_request", "issues", "commit_comment", "create", "delete", "fork", "gollum", "member", "public", "release", "status", "watch", "workflow_dispatch"], e)
])
error_message = "Invalid event type in webhook.events."
for e in var.config.webhook.events : length(trim(e)) > 0
])
error_message = "Each webhook event must be a non-empty string."

Copilot uses AI. Check for mistakes.
}
}
Loading