SCM/CI Webhook Connector Service (Signals Module)

Module

Signals

Status

IMPLEMENTED

Description

Complete SCM/CI webhook connector subsystem in the Signals module with provider-specific webhook signature validators (GitHub HMAC-SHA256, GitLab token, Gitea HMAC), event mappers normalizing repo/pipeline/artifact events into NormalizedScmEvent, and trigger service dispatching scan/SBOM triggers to Orchestrator. Supports GitHub, GitLab, and Gitea with extensible IWebhookSignatureValidator and IScmEventMapper interfaces.

Implementation Details

Modules: src/Signals/StellaOps.Signals/Scm/
Key Classes:
- ScmWebhookService (src/Signals/StellaOps.Signals/Scm/Services/ScmWebhookService.cs) - processes incoming webhooks, validates signatures, maps events, and dispatches triggers
- ScmWebhookEndpoints (src/Signals/StellaOps.Signals/Scm/ScmWebhookEndpoints.cs) - minimal API endpoints for receiving webhook payloads
- GiteaWebhookValidator (src/Signals/StellaOps.Signals/Scm/Webhooks/GiteaWebhookValidator.cs) - Gitea HMAC webhook signature validator
Interfaces: IScmWebhookService, IWebhookSignatureValidator (src/Signals/StellaOps.Signals/Scm/Webhooks/IWebhookSignatureValidator.cs), IScmEventMapper (src/Signals/StellaOps.Signals/Scm/Webhooks/IScmEventMapper.cs)
Source: SPRINT_20251229_013_SIGNALS_scm_ci_connectors.md

E2E Test Plan

Send a GitHub webhook with valid HMAC-SHA256 signature and verify it is accepted and processed
Send a Gitea webhook with valid HMAC signature via GiteaWebhookValidator and verify validation
Send a webhook with invalid signature and verify it is rejected
Verify event normalization: send provider-specific push/PR events and confirm they are mapped to NormalizedScmEvent
Verify trigger dispatch: send a push event and confirm a scan trigger is dispatched to the Orchestrator

1.9 KiB Raw Blame History