From b50be96b34057da3fcb9fe7d7fbdae6535ab93c2 Mon Sep 17 00:00:00 2001
From: Arne Teuke <arne_teuke@confdroid.com>
Date: Thu, 23 Oct 2025 16:46:38 +0200
Subject: [PATCH] add webhook sections

---
 manifests/params.pp       |  8 ++++++
 manifests/r10k/webhook.pp | 54 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+)

diff --git a/manifests/params.pp b/manifests/params.pp
index 67f300b..d125443 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -82,6 +82,8 @@
 # @param [String] pt_r10k_remote the remote url for the r10k control repo
 # @param [Boolean] pt_r10k_prefix the r10k prefix. defaults to false
 # @param [String] pt_r10k_basedir the base directory for r10k.yaml
+# @param [String] pt_r10k_webhook_pkg the packages for the r10k webhook
+# @param [Boolean] pt_manage_user whether to manage the puppet user
 ###############################################################################
 class puppet_cd::params (
 
@@ -95,6 +97,7 @@ class puppet_cd::params (
   String $pt_server_pkg             = 'puppetserver',
   Array $pt_db_pkg                  = ['puppetdb','puppetdb-termini'],
   Array $pt_r10k_pkg                = ['ruby','ruby-devel','gcc','make','redhat-rpm-config','rpm-build'],
+  String $pt_r10k_webhook_pkg       = 'python3-pip',
 
   # user settings
   ## puppet user
@@ -200,6 +203,7 @@ class puppet_cd::params (
   $pt_puppetdb_var_dir              = '/opt/puppetlabs/server/data/puppetdb'
 ## r10k
   $pt_r10k_dir                      = "${pt_main_dir}/r10k"
+  $pt_r10k_webhook_dir              = '/opt/r10k-webhook'
 
 # files
 ## puppet
@@ -228,6 +232,10 @@ class puppet_cd::params (
 ## r10k
   $pt_r10k_file                     = "${pt_r10k_dir}/r10k.yaml"
   $pt_r10k_erb                      = 'puppet_cd/r10k/r10k.yaml.erb'
+  $pt_r10k_webhook_file             = "${pt_r10k_webhook_dir}/webhook_server.py"
+  $pt_r10k_webhook_erb              = 'puppet_cd/r10k/webhook.py.erb'
+  $pt_r10k_req_file                 = "${pt_r10k_webhook_dir}/requirements.txt"
+  $pt_r10k_req_erb                  = 'puppet_cd/r10k/requirements.txt.erb'
 
 # service
   $pt_server_service                = 'puppetserver'
diff --git a/manifests/r10k/webhook.pp b/manifests/r10k/webhook.pp
index 9ace78f..21ef888 100644
--- a/manifests/r10k/webhook.pp
+++ b/manifests/r10k/webhook.pp
@@ -6,5 +6,59 @@
 class puppet_cd::r10k::webhook (
 
 ) inherits puppet_cd::params {
+  if ($pt_pm_fqdn == $fqdn) and ($pt_use_r10k_webhook == true) {
+    # install packages
+    package { $pt_r10k_webhook_pkg:
+      ensure => $pt_pkg_ensure,
+    }
 
+    # create the webhook dir
+    file { '/opt/r10k-webhook':
+      ensure   => directory,
+      path     => $pt_r10k_webhook_dir,
+      owner    => 'puppet',
+      group    => 'puppet',
+      mode     => '0755',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+    }
+
+    # create the requirements file
+    file { $pt_r10k_req_file:
+      ensure   => file,
+      owner    => 'puppet',
+      group    => 'puppet',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_r10k_req_erb),
+      require  => File['/opt/r10k-webhook'],
+    }
+
+    # create the binary file
+    file { $pt_r10k_webhook_file:
+      ensure   => file,
+      owner    => 'puppet',
+      group    => 'puppet',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_r10k_webhook_erb),
+      require  => File['/opt/r10k-webhook'],
+    }
+
+    # install pip dependencies
+    exec { 'pip_install_r10k_webhook':
+      command => 'pip3 install --user -r /opt/r10k-webhook/requirements.txt',
+      user    => 'puppet',
+      require => [Package[$pt_r10k_webhook_pkg],File[$pt_r10k_req_file]],
+      unless  => 'pip3 show fastapi',  # Idempotent check
+    }
+  }
 }