Gitlab docs improved; gitlab webhook secret config standadization

docs/docs/installation/gitlab.md

@@ -42,21 +42,36 @@ Note that if your base branches are not protected, don't set the variables as `p
 
 ## Run a GitLab webhook server
 
-1. From the GitLab workspace or group, create an access token. Enable the "api" scope only.
+1. From the GitLab workspace or group, create an access token with "Reporter" role and "api" scope.
 
 2. Generate a random secret for your app, and save it for later. For example, you can use:
 
 ```
 WEBHOOK_SECRET=$(python -c "import secrets; print(secrets.token_hex(10))")
 ```
-3. Follow the instructions to build the Docker image, setup a secrets file and deploy on your own server from [here](https://qodo-merge-docs.qodo.ai/installation/github/#run-as-a-github-app) steps 4-7.
 
-4. In the secrets file, fill in the following:
+3. Clone this repository:
-    - Your OpenAI key.
-    - In the [gitlab] section, fill in personal_access_token and shared_secret. The access token can be a personal access token, or a group or project access token.
-    - Set deployment_type to 'gitlab' in [configuration.toml](https://github.com/Codium-ai/pr-agent/blob/main/pr_agent/settings/configuration.toml)
 
-5. Create a webhook in GitLab. Set the URL to ```http[s]://<PR_AGENT_HOSTNAME>/webhook```. Set the secret token to the generated secret from step 2.
+```
-In the "Trigger" section, check the ‘comments’ and ‘merge request events’ boxes.
+git clone https://github.com/Codium-ai/pr-agent.git
+```
 
-6. Test your installation by opening a merge request or commenting or a merge request using one of CodiumAI's commands.
+4. Prepare variables and secrets. Skip this setp if you plan on settings these as environment variables when running the agent:
+  1. In the configuration file/variables:
+    - Set `deployment_type` to "gitlab"
+
+  2. In the secrets file/variables:
+    - Set your AI model key in the respective section
+    - In the [gitlab] section, set `personal_access_token` (with token from step 1) and `webhook_secret` (with secret from step 2)
+
+
+5. Build a Docker image for the app and optionally push it to a Docker repository. We'll use Dockerhub as an example:
+```
+docker build . -t gitlab_pr_agent --target gitlab_webhook -f docker/Dockerfile
+docker push codiumai/pr-agent:gitlab_webhook  # Push to your Docker repository
+```
+
+6. Create a webhook in GitLab. Set the URL to ```http[s]://<PR_AGENT_HOSTNAME>/webhook```, the secret token to the generated secret from step 2, andenable the triggers `push`, `comments` and `merge request events`.
+
+7. Test your installation by opening a merge request or commenting or a merge request using one of CodiumAI's commands.
+boxes

pr_agent/servers/gitlab_webhook.py

@@ -159,8 +159,8 @@ async def gitlab_webhook(background_tasks: BackgroundTasks, request: Request):
             except Exception as e:
                 get_logger().error(f"Failed to validate secret {request_token}: {e}")
                 return JSONResponse(status_code=status.HTTP_401_UNAUTHORIZED, content=jsonable_encoder({"message": "unauthorized"}))
-        elif get_settings().get("GITLAB.SHARED_SECRET"):
+        elif get_settings().get("GITLAB.SHARED_SECRET") or get_settings().get("GITLAB.WEBHOOK_SECRET"):
-            secret = get_settings().get("GITLAB.SHARED_SECRET")
+            secret = get_settings().get("GITLAB.SHARED_SECRET") or get_settings().get("GITLAB.WEBHOOK_SECRET")
             if not request.headers.get("X-Gitlab-Token") == secret:
                 get_logger().error("Failed to validate secret")
                 return JSONResponse(status_code=status.HTTP_401_UNAUTHORIZED, content=jsonable_encoder({"message": "unauthorized"}))

pr_agent/settings/.secrets_template.toml

@@ -60,6 +60,8 @@ webhook_secret = "<WEBHOOK SECRET>"  # Optional, may be commented out.
 [gitlab]
 # Gitlab personal access token
 personal_access_token = ""
+webhook_secret = ""
+shared_secret = ""  # same as shared_secret, kept for backwards compatibility
 
 [bitbucket]
 # For Bitbucket personal/repository bearer token