diff --git a/docs/docs/installation/gitlab.md b/docs/docs/installation/gitlab.md index e1ad4022..5a1f23d4 100644 --- a/docs/docs/installation/gitlab.md +++ b/docs/docs/installation/gitlab.md @@ -42,7 +42,7 @@ Note that if your base branches are not protected, don't set the variables as `p ## Run a GitLab webhook server -1. From the GitLab workspace or group, create an access token with "Reporter" role and "api" scope. +1. From the GitLab workspace or group, create an access token with "Reporter" role ("Developer" if using Pro version of the agent) and "api" scope. 2. Generate a random secret for your app, and save it for later. For example, you can use: @@ -62,7 +62,7 @@ git clone https://github.com/Codium-ai/pr-agent.git 2. In the secrets file/variables: - Set your AI model key in the respective section - - In the [gitlab] section, set `personal_access_token` (with token from step 1) and `webhook_secret` (with secret from step 2) + - In the [gitlab] section, set `personal_access_token` (with token from step 1) and `shared_secret` (with secret from step 2) 5. Build a Docker image for the app and optionally push it to a Docker repository. We'll use Dockerhub as an example: diff --git a/pr_agent/servers/gitlab_webhook.py b/pr_agent/servers/gitlab_webhook.py index 3842245c..e3e80dfa 100644 --- a/pr_agent/servers/gitlab_webhook.py +++ b/pr_agent/servers/gitlab_webhook.py @@ -159,8 +159,8 @@ async def gitlab_webhook(background_tasks: BackgroundTasks, request: Request): except Exception as e: get_logger().error(f"Failed to validate secret {request_token}: {e}") return JSONResponse(status_code=status.HTTP_401_UNAUTHORIZED, content=jsonable_encoder({"message": "unauthorized"})) - elif get_settings().get("GITLAB.SHARED_SECRET") or get_settings().get("GITLAB.WEBHOOK_SECRET"): - secret = get_settings().get("GITLAB.SHARED_SECRET") or get_settings().get("GITLAB.WEBHOOK_SECRET") + elif get_settings().get("GITLAB.SHARED_SECRET"): + secret = get_settings().get("GITLAB.SHARED_SECRET") if not request.headers.get("X-Gitlab-Token") == secret: get_logger().error("Failed to validate secret") return JSONResponse(status_code=status.HTTP_401_UNAUTHORIZED, content=jsonable_encoder({"message": "unauthorized"})) diff --git a/pr_agent/settings/.secrets_template.toml b/pr_agent/settings/.secrets_template.toml index 38af4eee..ebc6ac1b 100644 --- a/pr_agent/settings/.secrets_template.toml +++ b/pr_agent/settings/.secrets_template.toml @@ -60,8 +60,7 @@ webhook_secret = "" # Optional, may be commented out. [gitlab] # Gitlab personal access token personal_access_token = "" -webhook_secret = "" -shared_secret = "" # same as webhook_secret, kept for backwards compatibility +shared_secret = "" # webhook secret [bitbucket] # For Bitbucket personal/repository bearer token