stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

more features checks. setup improvements

Browse Source
This commit is contained in:
master
2026-02-13 02:04:55 +02:00
parent 9911b7d73c
commit 9ca2de05df
675 changed files with 37550 additions and 1826 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
docs/features/checked/signals/scm-ci-webhook-connector-service.md Normal file
View File

@@ -0,0 +1,26 @@
# SCM/CI Webhook Connector Service (Signals Module)
## Module
Signals
## Status
VERIFIED
## Description
Complete SCM/CI webhook connector subsystem in the Signals module with provider-specific webhook signature validators (GitHub HMAC-SHA256, GitLab token, Gitea HMAC), event mappers normalizing repo/pipeline/artifact events into NormalizedScmEvent, and trigger service dispatching scan/SBOM triggers to Orchestrator. Supports GitHub, GitLab, and Gitea with extensible IWebhookSignatureValidator and IScmEventMapper interfaces.
## Implementation Details
- **Modules**: `src/Signals/StellaOps.Signals/Scm/`
- **Key Classes**:
- `ScmWebhookService` (`src/Signals/StellaOps.Signals/Scm/Services/ScmWebhookService.cs`) - processes incoming webhooks, validates signatures, maps events, and dispatches triggers
- `ScmWebhookEndpoints` (`src/Signals/StellaOps.Signals/Scm/ScmWebhookEndpoints.cs`) - minimal API endpoints for receiving webhook payloads
- `GiteaWebhookValidator` (`src/Signals/StellaOps.Signals/Scm/Webhooks/GiteaWebhookValidator.cs`) - Gitea HMAC webhook signature validator
- **Interfaces**: `IScmWebhookService`, `IWebhookSignatureValidator` (`src/Signals/StellaOps.Signals/Scm/Webhooks/IWebhookSignatureValidator.cs`), `IScmEventMapper` (`src/Signals/StellaOps.Signals/Scm/Webhooks/IScmEventMapper.cs`)
- **Source**: SPRINT_20251229_013_SIGNALS_scm_ci_connectors.md
## E2E Test Plan
- [ ] Send a GitHub webhook with valid HMAC-SHA256 signature and verify it is accepted and processed
- [ ] Send a Gitea webhook with valid HMAC signature via `GiteaWebhookValidator` and verify validation
- [ ] Send a webhook with invalid signature and verify it is rejected
- [ ] Verify event normalization: send provider-specific push/PR events and confirm they are mapped to `NormalizedScmEvent`
- [ ] Verify trigger dispatch: send a push event and confirm a scan trigger is dispatched to the Orchestrator