revert gitlab webhook_secret; docs adjustments

2025-07-02 11:50:37 +08:00 · 2024-10-29 16:02:06 +00:00
parent 64ac45d03b
commit cbf60ca636
3 changed files with 5 additions and 6 deletions
--- a/docs/docs/installation/gitlab.md
+++ b/docs/docs/installation/gitlab.md
@ -42,7 +42,7 @@ Note that if your base branches are not protected, don't set the variables as `p

 ## Run a GitLab webhook server

-1. From the GitLab workspace or group, create an access token with "Reporter" role and "api" scope.
+1. From the GitLab workspace or group, create an access token with "Reporter" role ("Developer" if using Pro version of the agent) and "api" scope.

 2. Generate a random secret for your app, and save it for later. For example, you can use:

@ -62,7 +62,7 @@ git clone https://github.com/Codium-ai/pr-agent.git

  2. In the secrets file/variables:
    - Set your AI model key in the respective section
-    - In the [gitlab] section, set `personal_access_token` (with token from step 1) and `webhook_secret` (with secret from step 2)
+    - In the [gitlab] section, set `personal_access_token` (with token from step 1) and `shared_secret` (with secret from step 2)


 5. Build a Docker image for the app and optionally push it to a Docker repository. We'll use Dockerhub as an example:
--- a/pr_agent/servers/gitlab_webhook.py
+++ b/pr_agent/servers/gitlab_webhook.py
@ -159,8 +159,8 @@ async def gitlab_webhook(background_tasks: BackgroundTasks, request: Request):
            except Exception as e:
                get_logger().error(f"Failed to validate secret {request_token}: {e}")
                return JSONResponse(status_code=status.HTTP_401_UNAUTHORIZED, content=jsonable_encoder({"message": "unauthorized"}))
-        elif get_settings().get("GITLAB.SHARED_SECRET") or get_settings().get("GITLAB.WEBHOOK_SECRET"):
-            secret = get_settings().get("GITLAB.SHARED_SECRET") or get_settings().get("GITLAB.WEBHOOK_SECRET")
+        elif get_settings().get("GITLAB.SHARED_SECRET"):
+            secret = get_settings().get("GITLAB.SHARED_SECRET")
            if not request.headers.get("X-Gitlab-Token") == secret:
                get_logger().error("Failed to validate secret")
                return JSONResponse(status_code=status.HTTP_401_UNAUTHORIZED, content=jsonable_encoder({"message": "unauthorized"}))
--- a/pr_agent/settings/.secrets_template.toml
+++ b/pr_agent/settings/.secrets_template.toml
@ -60,8 +60,7 @@ webhook_secret = "<WEBHOOK SECRET>"  # Optional, may be commented out.
 [gitlab]
 # Gitlab personal access token
 personal_access_token = ""
-webhook_secret = ""
-shared_secret = ""  # same as webhook_secret, kept for backwards compatibility
+shared_secret = ""  # webhook secret

 [bitbucket]
 # For Bitbucket personal/repository bearer token