Add the ability to set a project's external_webhook_token using the API

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Work on this issue
• Close this issue

Proposal

Using GitLab CI/CD with a GitHub repository via the UI creates a web hook on GitHub to notify GitLab of new commits. However, if a user wants to approach this programmatically using the Connect manually directions, it doesn't offer the same option and forces the use of a personal access token. This token is required to be used in plaintext within the webhook URL, which is not desired.

Customers would like the ability to generate a project's external_webhook_token via the API so it can be used as the GitHub webhook's secret value to mirror what is done via the UI. A potential option can be to create a POST /projects/:id/external_webhook_token endpoint that generates, sets the value, and returns it within the response.

Acceptance Criteria

1. If the project already has an external_webhook_token. Then a POST will overwrite the existing token and return a new token
   1. Token creation needs to follow Devise.friendly_token with a gitlab prefix and max expiration time of 1.year
2. POST requests should only be allowed if the user has owner permission of the project
3. POST is the only request supported, and only in the same response will we have the token.
   1. There will be no other way to get this token
4. These tokens are encrypted at rest via: ActiveRecord::Encryption