Add HMAC header to dispatch service
What does this MR do and why?
- In a merge request who's project contains external approval rules, sends a standard webhook payload to the endpoints on every change of the MR.
- If
shared_secret
is provided HMAC has to be sent withX-GitLab-Signature
header
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Create a new external approval rule on that project using the REST API. You should set the
external_url
field to a service that you can see. You might want to use RequestBin to do this. Configure one external status check withshared_secret
. - Open a merge request on the project. Check that the payload has been sent to RequestBin.
- Edit a merge request. Check again for another payload
- Push new code to
HEAD
of the source branch of the merge request. Check again.
The payload should include the same data as a merge request webhook, with the addition of a external_approval_rule
key.
Related to #433035 (closed)
Edited by Artur Fedorov