Merge pull request #10 from SecrinLabs/feature/github-app-for-secrin

Implement GitHub App integration with webhook handling and signature verification

Author: jenilsavani9

.env.example

@@ -105,6 +105,12 @@ TRACING_ENDPOINT=
 API_KEY=
 ALLOWED_HOSTS=["*"]
 
+# =============================================================================
+# App Store Configuration
+# =============================================================================
+
+GITHUB_WEBHOOK_SECRET=
+
 # =============================================================================
 # Feature Flags (Environment-level overrides)
 # Use these to override default feature flag behavior

apps/api/main.py

@@ -1,5 +1,6 @@
 from fastapi import FastAPI, Request
 from fastapi.responses import JSONResponse
+from fastapi.middleware.cors import CORSMiddleware
 from packages.config.settings import Settings
 from apps.api.utils import APIResponse, APIException
 from apps.api.routes import api_router
@@ -12,6 +13,15 @@
     version="0.1.0"
 )
 
+# Configure CORS
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=settings.API_CORS_ORIGINS,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
 
 # Global exception handler
 @app.exception_handler(APIException)

apps/api/routes/__init__.py

@@ -1,7 +1,7 @@
 from fastapi import APIRouter
 from apps.api.routes.v1 import v1_router
 
-api_router = APIRouter()
+api_router = APIRouter(prefix="/api")
 
 # Include versioned routes
 api_router.include_router(v1_router)

apps/api/routes/v1/__init__.py

@@ -1,9 +1,10 @@
 from fastapi import APIRouter
-from apps.api.routes.v1 import ask, health, connect
+from apps.api.routes.v1 import ask, health, connect, integrations
 
 v1_router = APIRouter(prefix="/v1")
 
 # Include all v1 route modules
 v1_router.include_router(health.router)
 v1_router.include_router(connect.router)
-v1_router.include_router(ask.router)
+v1_router.include_router(ask.router)
+v1_router.include_router(integrations.router)

apps/api/routes/v1/connect.py

@@ -1,4 +1,4 @@
-from fastapi import APIRouter
+from fastapi import APIRouter, BackgroundTasks
 from apps.api.utils import APIResponse
 from apps.api.routes.v1.schemas.connect import (
     GitHubRepoConnect
@@ -10,7 +10,7 @@
 
 
 @router.post("/github")
-async def connect_github_repo(repo_data: GitHubRepoConnect):
+async def connect_github_repo(repo_data: GitHubRepoConnect, background_tasks: BackgroundTasks):
     repo_path = repo_data.repo_url.replace("https://github.com/", "").replace("http://github.com/", "").strip("/")
     parts = repo_path.split("/")
 
@@ -21,9 +21,7 @@ async def connect_github_repo(repo_data: GitHubRepoConnect):
         owner = "unknown"
         repo = "unknown"
 
-    summary = process_repository(
-        repo_data.repo_url,
-    )
+    background_tasks.add_task(process_repository, repo_data.repo_url)
 
     return APIResponse.success(
         data={

apps/api/routes/v1/integrations.py

@@ -0,0 +1,49 @@
+from fastapi import APIRouter, Request, Header, BackgroundTasks
+from packages.config.settings import Settings
+from packages.app_store.github.utils import verify_github_signature, SignatureVerificationError
+from packages.app_store.github.webhook import handle_github_event, run_ingestion
+from apps.api.utils.response import APIResponse
+from apps.api.utils.exceptions import BadRequestException, UnauthorizedException
+import logging
+
+router = APIRouter(prefix="/integrations", tags=["Integrations"])
+settings = Settings()
+logger = logging.getLogger(__name__)
+
+@router.post("/github/webhook")
+async def github_webhook(
+    request: Request,
+    background_tasks: BackgroundTasks,
+    x_github_event: str = Header(None)
+):
+    """
+    Handle GitHub Webhooks.
+    """
+    if not x_github_event:
+        raise BadRequestException(message="Missing X-GitHub-Event header")
+
+    # Always verify signature in production
+    try:
+        await verify_github_signature(request, settings.GITHUB_WEBHOOK_SECRET)
+    except SignatureVerificationError as e:
+        logger.warning(f"GitHub signature verification failed: {str(e)}")
+        raise UnauthorizedException(message=str(e))
+    
+    payload = await request.json()
+    
+    result = handle_github_event(x_github_event, payload)
+    
+    if result.get("status") == "triggered" and result.get("task") == "ingest":
+        repo_url = result.get("repo_url")
+        branch = result.get("branch")
+        if repo_url:
+            background_tasks.add_task(run_ingestion, repo_url, branch)
+            return APIResponse.success(
+                message=f"Ingestion triggered for {repo_url} on {branch}",
+                data={"status": "accepted", "repo_url": repo_url, "branch": branch}
+            )
+            
+    return APIResponse.success(
+        message="Webhook processed",
+        data=result
+    )

apps/web/.env.example

@@ -0,0 +1,5 @@
+# Neo4j environment variables for graph visualization
+NEXT_PUBLIC_NEO4J_URI=neo4j://127.0.0.1:7687
+NEXT_PUBLIC_NEO4J_USER=neo4j
+NEXT_PUBLIC_NEO4J_PASS=10514912
+NEXT_PUBLIC_NEO4J_DB=demo

apps/web/.gitignore

@@ -31,7 +31,7 @@ yarn-error.log*
 .pnpm-debug.log*
 
 # env files (can opt-in for committing if needed)
-.env*
+.env
 
 # vercel
 .vercel

apps/web/app/integrations/page.tsx

@@ -0,0 +1,65 @@
+"use client";
+
+import {
+  Card,
+  CardContent,
+  CardDescription,
+  CardFooter,
+  CardHeader,
+  CardTitle,
+} from "@/components/ui/card";
+import { Button } from "@/components/ui/button";
+import { GitHubConnectCard } from "@/components/integrations/github/github-connect-card";
+
+export default function IntegrationsPage() {
+  return (
+    <div className="container mx-auto py-10 px-4">
+      <div className="mb-8">
+        <h1 className="text-3xl font-bold tracking-tight">App Integrations</h1>
+        <p className="text-muted-foreground mt-2">
+          Connect your favorite tools to Secrin to enhance your knowledge graph.
+        </p>
+      </div>
+
+      <div className="grid gap-6 md:grid-cols-2 lg:grid-cols-3">
+        {/* GitHub Integration */}
+        <GitHubConnectCard />
+
+        {/* Placeholder for future integrations */}
+        <Card className="flex flex-col opacity-60">
+          <CardHeader>
+            <CardTitle>Jira</CardTitle>
+            <CardDescription>Coming Soon</CardDescription>
+          </CardHeader>
+          <CardContent>
+            <p className="text-sm text-muted-foreground">
+              Connect Jira to link issues with code changes.
+            </p>
+          </CardContent>
+          <CardFooter>
+            <Button disabled variant="outline" className="w-full">
+              Coming Soon
+            </Button>
+          </CardFooter>
+        </Card>
+
+        <Card className="flex flex-col opacity-60">
+          <CardHeader>
+            <CardTitle>Slack</CardTitle>
+            <CardDescription>Coming Soon</CardDescription>
+          </CardHeader>
+          <CardContent>
+            <p className="text-sm text-muted-foreground">
+              Get notifications and query the knowledge graph from Slack.
+            </p>
+          </CardContent>
+          <CardFooter>
+            <Button disabled variant="outline" className="w-full">
+              Coming Soon
+            </Button>
+          </CardFooter>
+        </Card>
+      </div>
+    </div>
+  );
+}

apps/web/app/page.tsx

@@ -1,9 +1,3 @@
-import Neo4jGraph from "@/components/Neo4jGraph";
-
 export default function Home() {
-  return (
-    <div>
-      <Neo4jGraph />
-    </div>
-  );
+  return <div>{/* Dashboard coming soon... */}</div>;
 }