From fe4b685fb62dc38bab788bf75ef5432b5fa5074f Mon Sep 17 00:00:00 2001
From: Meysam Azad <meysam@developer-friendly.blog>
Date: Tue, 17 Dec 2024 15:35:54 +0700
Subject: [PATCH] chore(gh-webhook): allow overriding the secret phrase

Release-As: 0.2.1
---
 docs/github-repo-webhook.md      |  2 ++
 github-repo-webhook/README.md    |  2 ++
 github-repo-webhook/locals.tf    |  3 +++
 github-repo-webhook/main.tf      |  6 ++++--
 github-repo-webhook/outputs.tf   |  2 +-
 github-repo-webhook/variables.tf | 12 ++++++++++++
 mkdocs.yml                       |  2 +-
 7 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 github-repo-webhook/locals.tf

diff --git a/docs/github-repo-webhook.md b/docs/github-repo-webhook.md
index 1495db4..4ea4a85 100644
--- a/docs/github-repo-webhook.md
+++ b/docs/github-repo-webhook.md
@@ -32,6 +32,8 @@ No modules.
 | <a name="input_events"></a> [events](#input\_events) | The events to trigger the webhook | `list(string)` | <pre>[<br/>  "push"<br/>]</pre> | no |
 | <a name="input_repository"></a> [repository](#input\_repository) | The repository to add the webhook to | `string` | n/a | yes |
 | <a name="input_secret_length"></a> [secret\_length](#input\_secret\_length) | The length of the webhook secret string | `number` | `32` | no |
+| <a name="input_secret_phrase"></a> [secret\_phrase](#input\_secret\_phrase) | The secret phrase to use for the webhook secret (default: auto-generated) | `string` | `""` | no |
+| <a name="input_special"></a> [special](#input\_special) | Whether to include special characters in the secret | `bool` | `false` | no |
 | <a name="input_webhook_url"></a> [webhook\_url](#input\_webhook\_url) | The URL to send the webhook to | `string` | n/a | yes |
 
 ## Outputs
diff --git a/github-repo-webhook/README.md b/github-repo-webhook/README.md
index a3dc1c6..f78103d 100644
--- a/github-repo-webhook/README.md
+++ b/github-repo-webhook/README.md
@@ -33,6 +33,8 @@ No modules.
 | <a name="input_events"></a> [events](#input\_events) | The events to trigger the webhook | `list(string)` | <pre>[<br/>  "push"<br/>]</pre> | no |
 | <a name="input_repository"></a> [repository](#input\_repository) | The repository to add the webhook to | `string` | n/a | yes |
 | <a name="input_secret_length"></a> [secret\_length](#input\_secret\_length) | The length of the webhook secret string | `number` | `32` | no |
+| <a name="input_secret_phrase"></a> [secret\_phrase](#input\_secret\_phrase) | The secret phrase to use for the webhook secret (default: auto-generated) | `string` | `""` | no |
+| <a name="input_special"></a> [special](#input\_special) | Whether to include special characters in the secret | `bool` | `false` | no |
 | <a name="input_webhook_url"></a> [webhook\_url](#input\_webhook\_url) | The URL to send the webhook to | `string` | n/a | yes |
 
 ## Outputs
diff --git a/github-repo-webhook/locals.tf b/github-repo-webhook/locals.tf
new file mode 100644
index 0000000..8d16f50
--- /dev/null
+++ b/github-repo-webhook/locals.tf
@@ -0,0 +1,3 @@
+locals {
+  create_secret = var.secret_phrase == "" ? true : false
+}
diff --git a/github-repo-webhook/main.tf b/github-repo-webhook/main.tf
index c28bc1e..89ccab1 100644
--- a/github-repo-webhook/main.tf
+++ b/github-repo-webhook/main.tf
@@ -1,6 +1,8 @@
 resource "random_password" "this" {
+  count = local.create_secret ? 1 : 0
+
   length  = var.secret_length
-  special = false
+  special = var.special
 }
 
 resource "github_repository_webhook" "this" {
@@ -9,7 +11,7 @@ resource "github_repository_webhook" "this" {
   configuration {
     url          = var.webhook_url
     content_type = var.content_type
-    secret       = random_password.this.result
+    secret       = local.create_secret ? random_password.this[0].result : var.secret_phrase
     insecure_ssl = false
   }
 
diff --git a/github-repo-webhook/outputs.tf b/github-repo-webhook/outputs.tf
index 210820f..dc34cf9 100644
--- a/github-repo-webhook/outputs.tf
+++ b/github-repo-webhook/outputs.tf
@@ -1,4 +1,4 @@
 output "secret_value" {
-  value     = random_password.this.result
+  value     = try(random_password.this[0].result, null)
   sensitive = true
 }
diff --git a/github-repo-webhook/variables.tf b/github-repo-webhook/variables.tf
index 1d99624..4475e6e 100644
--- a/github-repo-webhook/variables.tf
+++ b/github-repo-webhook/variables.tf
@@ -27,3 +27,15 @@ variable "events" {
   type        = list(string)
   default     = ["push"]
 }
+
+variable "special" {
+  description = "Whether to include special characters in the secret"
+  type        = bool
+  default     = false
+}
+
+variable "secret_phrase" {
+  description = "The secret phrase to use for the webhook secret (default: auto-generated)"
+  type        = string
+  default     = ""
+}
diff --git a/mkdocs.yml b/mkdocs.yml
index 542c690..3138aed 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -65,7 +65,7 @@ plugins:
       version_selector: true
 remote_branch: gh-pages
 remote_name: origin
-repo_name: meysam81/terraform-modules
+repo_name: GitHub
 repo_url: https://github.com/meysam81/terraform-modules
 site_author: Meysam Azad <meysam@developer-friendly.blog>
 site_description: This repo holds the Terraform modules that I have created and used in my projects.