From a9e6538ef8ac01fa81885487f69eb15e2579ce4c Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Mon, 11 Apr 2022 16:48:50 +0200 Subject: [PATCH] Upgrade Hookshot (1.3.0 -> 1.4.0) https://github.com/matrix-org/matrix-hookshot/releases/tag/1.4.0 --- docs/configuring-playbook-bridge-hookshot.md | 10 ++--- group_vars/matrix_servers | 2 +- .../matrix-bridge-hookshot/defaults/main.yml | 40 ++++++++++++++++++- roles/matrix-bridge-hookshot/tasks/init.yml | 14 +++++++ .../templates/config.yml.j2 | 26 +++++++++++- 5 files changed, 83 insertions(+), 9 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 5639f159a..38e13a8a9 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -22,18 +22,18 @@ Other configuration options are available via the `matrix_hookshot_configuration ### URLs for bridges setup -All of the following endpoints are reachable on your `matrix.` subdomain (if the feature is enabled). +Unless indicated otherwise, the following endpoints are reachable on your `matrix.` subdomain (if the feature is enabled). -| Listener | default path | variable | used as | +| listener | default path | variable | used as | |---|---|---|---| -| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | GitHub "Webhook URL" | +| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", etc. | | github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" | | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth | | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | | provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | | appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server | -| metrics | `/hookshot/metrics/` | `matrix_hookshot_metrics_endpoint` | Prometheus | -| widgets | | | not supported | +| widgets | `/hookshot/widgetapi/` | `/matrix_hookshot_widgets_endpoint` | Widgets | +| metrics | `/hookshot/metrics/` (on `stats.` subdomain) | `matrix_hookshot_metrics_endpoint` | Prometheus | See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a4e630284..85b8a7013 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -678,7 +678,7 @@ matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_s matrix_hookshot_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" matrix_hookshot_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" -matrix_hookshot_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_urlprefix_port if matrix_hookshot_urlprefix_port_enabled else '' }}{{ matrix_hookshot_generic_endpoint }}" +matrix_hookshot_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_urlprefix_port if matrix_hookshot_urlprefix_port_enabled else '' }}" ###################################################################### # diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 9a0f5456a..a55b995d1 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.3.0 +matrix_hookshot_version: 1.4.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" @@ -65,10 +65,11 @@ matrix_hookshot_github_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hook # These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_command_prefix: '!gh' -matrix_hookshot_github_show_issue_room_link: false +matrix_hookshot_github_showIssueRoomLink: false matrix_hookshot_github_pr_diff: "{enabled: false, maxLines: 5}" matrix_hookshot_github_including_labels: '' matrix_hookshot_github_excluding_labels: '' +matrix_hookshot_github_hotlink_prefix: "#" matrix_hookshot_gitlab_enabled: true @@ -128,6 +129,41 @@ matrix_hookshot_provisioning_enabled: false matrix_hookshot_provisioning_internal: "/v1" matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}" + +matrix_hookshot_widgets_enabled: true +matrix_hookshot_widgets_port: 9003 +matrix_hookshot_widgets_addToAdminRooms: false # default off as it is a beta feature +matrix_hookshot_widgets_roomSetupWidget_enabled: true +matrix_hookshot_widgets_roomSetupWidget_addOnInvite: false +# `disallowedIpRanges` describes which IP ranges should be disallowed when resolving homeserver IP addresses (for security reasons). Unless you know what you are doing, it is recommended to not include this key. The following IPs are blocked by default, unless you supply another list. +# matrix_hookshot_widgets_disallowedIpRanges: +# - 127.0.0.0/8 +# - 10.0.0.0/8 +# - 172.16.0.0/12 +# - 192.168.0.0/16 +# - 100.64.0.0/10 +# - 192.0.0.0/24 +# - 169.254.0.0/16 +# - 192.88.99.0/24 +# - 198.18.0.0/15 +# - 192.0.2.0/24 +# - 198.51.100.0/24 +# - 203.0.113.0/24 +# - 224.0.0.0/4 +# - ::1/128 +# - fe80::/10 +# - fc00::/7 +# - 2001:db8::/32 +# - ff00::/8 +# - fec0::/10 +matrix_hookshot_widgets_disallowedIpRanges: '' +matrix_hookshot_widgets_internal: "/widgetapi" +# Default value of matrix_hookshot_widgets_endpoint: "/hookshot/widgetapi" +matrix_hookshot_widgets_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_widgets_internal }}" +matrix_hookshot_widgets_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_widgets_endpoint }}/v1/static" +matrix_hookshot_widgets_branding_widgetTitle: "Hookshot Configuration" + + # You can configure access to the bridge as documented here https://matrix-org.github.io/matrix-hookshot/setup.html#permissions # When empty, the default permissions are applied. # Example: diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 55dde6ef2..384f6d3be 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -63,6 +63,20 @@ proxy_set_header Host $host; } {% endif %} + {% if matrix_hookshot_widgets_enabled %} + location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}"; + proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; + {% endif %} + proxy_set_header Host $host; + } + {% endif %} location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ { {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index bb05f42ce..c17715097 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -33,10 +33,12 @@ github: # ignoreHooks: {{ matrix_hookshot_github_ignore_hooks }} commandPrefix: "{{ matrix_hookshot_github_command_prefix }}" - showIssueRoomLink: {{ matrix_hookshot_github_show_issue_room_link }} + showIssueRoomLink: {{ matrix_hookshot_github_showIssueRoomLink }} prDiff: {{ matrix_hookshot_github_pr_diff }} includingLabels:{{ matrix_hookshot_github_including_labels }} excludingLabels: {{ matrix_hookshot_github_excluding_labels }} + hotlinkIssues: + prefix: "{{ matrix_hookshot_github_hotlink_prefix }}" {% endif %} {% if matrix_hookshot_gitlab_enabled %} gitlab: @@ -100,6 +102,22 @@ logging: # (Optional) Logging settings. You can have a severity debug,info,warn,error # level: info +{% if matrix_hookshot_widgets_enabled %} +widgets: + # (Optional) EXPERIMENTAL support for complimentary widgets + # + addToAdminRooms: {{ matrix_hookshot_widgets_addToAdminRooms }} +{% if matrix_hookshot_widgets_roomSetupWidget_enabled %} + roomSetupWidget: + addOnInvite: {{ matrix_hookshot_widgets_roomSetupWidget_addOnInvite }} +{% endif %} +{% if not matrix_hookshot_widgets_disallowedIpRanges is in [None, ''] %} + disallowedIpRanges: {{ matrix_hookshot_widgets_disallowedIpRanges }} +{% endif %} + publicUrl: {{ matrix_hookshot_widgets_publicUrl }} + branding: + widgetTitle: {{ matrix_hookshot_widgets_branding_widgetTitle }} +{% endif %} {% if matrix_hookshot_permissions %} permissions: {{ matrix_hookshot_permissions }} {% endif %} @@ -125,3 +143,9 @@ listeners: resources: - provisioning {% endif %} +{% if matrix_hookshot_widgets_enabled %} + - port: {{ matrix_hookshot_widgets_port }} + bindAddress: 0.0.0.0 + resources: + - widgets +{% endif %}