cki_tools.receiver

AWS Lambda webhook receiver for GitLab, Sentry and Jira

The receiver consists of AWS Lambda functions that can process webhook events received from GitLab, Sentry.io and Jira and publish them to an SQS queue.

Environment variable Secret Required Description
RECEIVER_SQS_QUEUE_URL no yes SQS queue URL for published messages
RECEIVER_WEBSECRETS yes yes JSON list of GitLab webhook secrets
RECEIVER_SENTRY_IO_CLIENT_SECRETS yes yes JSON list of Sentry.io webhook client secrets
CKI_DEPLOYMENT_ENVIRONMENT no no Define the deployment environment (production/staging)
CKI_LOGGING_LEVEL no no logging level for CKI modules, defaults to WARN
SENTRY_SDN yes no Sentry SDN

AWS Lambda functions

The receiver provides three Lambda functions:

  • gitlab_lambda: Processes GitLab webhook events
  • sentry_lambda: Processes Sentry.io webhook events
  • jira_lambda: Processes JIRA webhook events

Each function validates the webhook signature/token and publishes valid events to the configured SQS queue.

GitLab integration

Go to https://gitlab.com/your-project/hooks, and add a new webhook for your Lambda function endpoint, a secret from the RECEIVER_WEBSECRETS environment variable and all required trigger types.

Messages posted to the SQS queue will use a routing key of hostname.project.event, e.g. gitlab.com.cki-project.kernel-ark.merge_request.

Sentry.io integration

Go to Settings -> Organization -> Developer Settings, create a new internal integration with a webhook URL pointing to your Sentry Lambda function endpoint, and enable Alert Rule Action there. Save the client secret in the RECEIVER_SENTRY_IO_CLIENT_SECRETS environment variable.

For each project where events should be forwarded to the message bus, go to the Alerts page and Create an alert rule with Issue Alert, when an event is seen and send a notification via an integration via the integration defined above.

Messages posted to the SQS queue will use a routing key of sentry.io.project.resource.action, e.g. sentry.io.webhook-receiver.event_alert.triggered.

JIRA integration

Configure your JIRA webhook to point to your JIRA Lambda function endpoint with a token parameter from the RECEIVER_WEBSECRETS environment variable.

Messages posted to the SQS queue will use a routing key of hostname.project.event, e.g. issues.redhat.com.RHEL.jira_issue_created.

Message format

All messages are published to SQS with:

  • MessageBody: JSON payload from the webhook
  • MessageAttributes: Metadata including:
    • message-topic: Routing key for the event
    • message-type: Source type (gitlab, sentry, or jira)
    • message-date: ISO 8601 formatted timestamp
    • Additional service-specific attributes