feat(trogon-source-gitlab): scaffold GitLab webhook source (#99)

Signed-off-by: Yordis Prieto <yordis.prieto@gmail.com>
Co-authored-by: Zach Bruhnke <zach@ordinary.company>
Co-authored-by: Dave <dave@bruhnke.us>

Author: 3 people

devops/docker/compose/.env.example

@@ -10,6 +10,15 @@
 # GITHUB_NATS_ACK_TIMEOUT_SECS=10
 # GITHUB_MAX_BODY_SIZE=26214400
 
+# --- GitLab Source ---
+# GITLAB_WEBHOOK_SECRET=
+# GITLAB_WEBHOOK_PORT=8080
+# GITLAB_SUBJECT_PREFIX=gitlab
+# GITLAB_STREAM_NAME=GITLAB
+# GITLAB_STREAM_MAX_AGE_SECS=604800
+# GITLAB_NATS_ACK_TIMEOUT_MS=10000
+# GITLAB_MAX_BODY_SIZE=26214400
+
 # --- Linear Source ---
 # LINEAR_WEBHOOK_SECRET=
 # LINEAR_WEBHOOK_PORT=8080

devops/docker/compose/compose.yml

@@ -67,6 +67,31 @@ services:
       start_period: 10s
       retries: 3
 
+  trogon-source-gitlab:
+    build:
+      context: ../../../rsworkspace
+      dockerfile: ../devops/docker/compose/services/trogon-source-gitlab/Dockerfile
+    environment:
+      NATS_URL: "nats:4222"
+      GITLAB_WEBHOOK_SECRET: "${GITLAB_WEBHOOK_SECRET:-}"
+      GITLAB_WEBHOOK_PORT: "${GITLAB_WEBHOOK_PORT:-8080}"
+      GITLAB_SUBJECT_PREFIX: "${GITLAB_SUBJECT_PREFIX:-gitlab}"
+      GITLAB_STREAM_NAME: "${GITLAB_STREAM_NAME:-GITLAB}"
+      GITLAB_STREAM_MAX_AGE_SECS: "${GITLAB_STREAM_MAX_AGE_SECS:-604800}"
+      GITLAB_NATS_ACK_TIMEOUT_MS: "${GITLAB_NATS_ACK_TIMEOUT_MS:-10000}"
+      GITLAB_MAX_BODY_SIZE: "${GITLAB_MAX_BODY_SIZE:-26214400}"
+      RUST_LOG: "${RUST_LOG:-info}"
+    depends_on:
+      nats:
+        condition: service_healthy
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-sf", "http://localhost:${GITLAB_WEBHOOK_PORT:-8080}/health"]
+      interval: 10s
+      timeout: 3s
+      start_period: 10s
+      retries: 3
+
   trogon-source-slack:
     build:
       context: ../../../rsworkspace
@@ -98,6 +123,7 @@ services:
     environment:
       NGROK_AUTHTOKEN: "${NGROK_AUTHTOKEN:-}"
       GITHUB_ADDR: "trogon-source-github:${GITHUB_WEBHOOK_PORT:-8080}"
+      GITLAB_ADDR: "trogon-source-gitlab:${GITLAB_WEBHOOK_PORT:-8080}"
       LINEAR_ADDR: "trogon-source-linear:${LINEAR_WEBHOOK_PORT:-8080}"
       SLACK_ADDR: "trogon-source-slack:${SLACK_WEBHOOK_PORT:-3000}"
     entrypoint:
@@ -110,6 +136,9 @@ services:
           github:
             addr: $${GITHUB_ADDR}
             proto: http
+          gitlab:
+            addr: $${GITLAB_ADDR}
+            proto: http
           linear:
             addr: $${LINEAR_ADDR}
             proto: http
@@ -121,6 +150,8 @@ services:
     depends_on:
       trogon-source-github:
         condition: service_healthy
+      trogon-source-gitlab:
+        condition: service_healthy
       trogon-source-linear:
         condition: service_healthy
       trogon-source-slack:

devops/docker/compose/services/trogon-source-gitlab/Dockerfile

@@ -0,0 +1,45 @@
+# ── Stage 1: chef — generate dependency recipe ──────────────────────────────
+FROM rust:1.93-slim AS chef
+
+RUN cargo install cargo-chef --locked
+
+WORKDIR /build
+
+# ── Stage 2: planner — capture dependency graph ─────────────────────────────
+FROM chef AS planner
+
+COPY Cargo.toml Cargo.lock ./
+COPY crates/ crates/
+
+RUN cargo chef prepare --recipe-path recipe.json
+
+# ── Stage 3: builder — cached dependency build + final compile ──────────────
+FROM chef AS builder
+
+COPY --from=planner /build/recipe.json recipe.json
+RUN cargo chef cook --release --recipe-path recipe.json -p trogon-source-gitlab
+
+COPY Cargo.toml Cargo.lock ./
+COPY crates/ crates/
+
+RUN cargo build --release -p trogon-source-gitlab && \
+    strip target/release/trogon-source-gitlab
+
+# ── Stage 4: runtime ────────────────────────────────────────────────────────
+FROM debian:bookworm-20250317-slim AS runtime
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates curl \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN useradd --no-create-home --shell /usr/sbin/nologin trogon
+
+COPY --from=builder /build/target/release/trogon-source-gitlab /usr/local/bin/trogon-source-gitlab
+
+USER trogon
+
+EXPOSE 8080
+
+STOPSIGNAL SIGTERM
+
+ENTRYPOINT ["/usr/local/bin/trogon-source-gitlab"]

devops/docker/compose/services/trogon-source-gitlab/README.md

@@ -0,0 +1,72 @@
+# Receiving GitLab Webhooks Locally
+
+## Prerequisites
+
+- Docker Compose
+- A [GitLab](https://gitlab.com) project with maintainer access (or a self-hosted instance)
+- An [ngrok](https://ngrok.com) account (free tier works)
+
+## 1. Get your ngrok tunnel URL
+
+Start only ngrok and NATS to obtain a public URL before configuring GitLab:
+
+```bash
+docker compose --profile dev up ngrok nats
+```
+
+Find the tunnel URL in the ngrok container logs:
+
+```bash
+docker compose logs ngrok
+```
+
+Look for the `gitlab` tunnel URL (e.g. `https://abc123.ngrok-free.app`).
+
+## 2. Configure your GitLab webhook
+
+1. Go to **Settings → Webhooks** in your GitLab project
+2. Click **Add new webhook**
+3. Set:
+   - **URL**: `https://<ngrok-url>/webhook`
+   - **Secret token**: a secret of your choice (you will use this as `GITLAB_WEBHOOK_SECRET`)
+4. Select the trigger events you want to receive (e.g. Push events, Merge request events)
+5. Click **Add webhook**
+
+## 3. Start the webhook receiver
+
+Set `GITLAB_WEBHOOK_SECRET` in your `.env` to the secret token from step 2,
+then bring up the full stack:
+
+```bash
+docker compose --profile dev up
+```
+
+## 4. Verify
+
+Trigger an event in GitLab (e.g. push a commit or open a merge request). You should see:
+
+- The webhook receiver log the incoming event
+- The event published to NATS on `gitlab.{event}`
+
+You can inspect NATS with:
+
+```bash
+nats sub -s nats://nats.trogonai.orb.local:4222 "gitlab.>"
+```
+
+Without `--profile dev`, ngrok is excluded and only the core services start.
+
+## Environment variables
+
+| Variable | Required | Default | Description |
+|---|---|---|---|
+| `GITLAB_WEBHOOK_SECRET` | yes | — | Secret token configured in GitLab's webhook settings |
+| `NGROK_AUTHTOKEN` | yes (dev profile) | — | ngrok auth token |
+| `GITLAB_WEBHOOK_PORT` | no | `8080` | HTTP port for the webhook receiver |
+| `GITLAB_SUBJECT_PREFIX` | no | `gitlab` | NATS subject prefix (must be valid NATS token) |
+| `GITLAB_STREAM_NAME` | no | `GITLAB` | JetStream stream name (must be valid NATS token) |
+| `GITLAB_STREAM_MAX_AGE_SECS` | no | `604800` | Max message age in seconds (7 days) |
+| `GITLAB_NATS_ACK_TIMEOUT_MS` | no | `10000` | JetStream ACK timeout in milliseconds |
+| `GITLAB_MAX_BODY_SIZE` | no | `26214400` | Maximum webhook body size in bytes (25 MB) |
+| `NATS_URL` | no | `localhost:4222` | NATS server URL(s) |
+| `RUST_LOG` | no | `info` | Log level |

rsworkspace/Cargo.lock

@@ -6,6 +6,7 @@ pub enum ServiceName {
     AcpNatsStdio,
     AcpNatsWs,
     TrogonSourceGithub,
+    TrogonSourceGitlab,
     TrogonSourceLinear,
     TrogonSourceSlack,
 }
@@ -16,6 +17,7 @@ impl ServiceName {
             Self::AcpNatsStdio => "acp-nats-stdio",
             Self::AcpNatsWs => "acp-nats-ws",
             Self::TrogonSourceGithub => "trogon-source-github",
+            Self::TrogonSourceGitlab => "trogon-source-gitlab",
             Self::TrogonSourceLinear => "trogon-source-linear",
             Self::TrogonSourceSlack => "trogon-source-slack",
         }
@@ -40,6 +42,10 @@ mod tests {
             ServiceName::TrogonSourceGithub.as_str(),
             "trogon-source-github"
         );
+        assert_eq!(
+            ServiceName::TrogonSourceGitlab.as_str(),
+            "trogon-source-gitlab"
+        );
         assert_eq!(
             ServiceName::TrogonSourceLinear.as_str(),
             "trogon-source-linear"
@@ -58,6 +64,10 @@ mod tests {
             format!("{}", ServiceName::TrogonSourceGithub),
             "trogon-source-github"
         );
+        assert_eq!(
+            format!("{}", ServiceName::TrogonSourceGitlab),
+            "trogon-source-gitlab"
+        );
         assert_eq!(
             format!("{}", ServiceName::TrogonSourceLinear),
             "trogon-source-linear"

rsworkspace/crates/acp-telemetry/src/service_name.rs

@@ -0,0 +1,32 @@
+[package]
+name = "trogon-source-gitlab"
+version = "0.1.0"
+edition = "2024"
+
+[lints]
+workspace = true
+
+[[bin]]
+name = "trogon-source-gitlab"
+path = "src/main.rs"
+
+[dependencies]
+acp-telemetry = { workspace = true }
+async-nats = { workspace = true, features = ["jetstream"] }
+axum = { workspace = true }
+bytes = { workspace = true }
+bytesize = "2.3.1"
+sha2 = "0.10"
+subtle = "2.6"
+tokio = { workspace = true, features = ["full"] }
+tower-http = { workspace = true, features = ["limit"] }
+tracing = { workspace = true }
+trogon-nats = { workspace = true }
+trogon-std = { workspace = true }
+
+[dev-dependencies]
+tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }
+tower = "0.5"
+tracing-subscriber = { workspace = true }
+trogon-nats = { workspace = true, features = ["test-support"] }
+trogon-std = { workspace = true, features = ["test-support"] }