feat: per-repo issue tracker, Gitea support, PR review pipeline (#10)

2026-03-11 12:13:59 +00:00
parent be4b43ed64
commit 491665559f
22 changed files with 1582 additions and 122 deletions
--- a/compliance-core/src/models/issue.rs
+++ b/compliance-core/src/models/issue.rs
@@ -6,6 +6,7 @@ use serde::{Deserialize, Serialize};
 pub enum TrackerType {
    GitHub,
    GitLab,
+    Gitea,
    Jira,
 }

@@ -14,6 +15,7 @@ impl std::fmt::Display for TrackerType {
        match self {
            Self::GitHub => write!(f, "github"),
            Self::GitLab => write!(f, "gitlab"),
+            Self::Gitea => write!(f, "gitea"),
            Self::Jira => write!(f, "jira"),
        }
    }
--- a/compliance-core/src/models/repository.rs
+++ b/compliance-core/src/models/repository.rs
@@ -25,9 +25,15 @@ pub struct TrackedRepository {
    pub scan_schedule: Option<String>,
    #[serde(default)]
    pub webhook_enabled: bool,
+    /// Auto-generated HMAC secret for verifying incoming webhooks
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub webhook_secret: Option<String>,
    pub tracker_type: Option<TrackerType>,
    pub tracker_owner: Option<String>,
    pub tracker_repo: Option<String>,
+    /// Optional per-repo PAT for the issue tracker (GitHub/GitLab/Jira)
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub tracker_token: Option<String>,
    /// Optional auth token for HTTPS private repos (PAT or password)
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub auth_token: Option<String>,
@@ -69,6 +75,8 @@ where
 impl TrackedRepository {
    pub fn new(name: String, git_url: String) -> Self {
        let now = Utc::now();
+        // Generate a random webhook secret (hex-encoded UUID v4, no dashes)
+        let webhook_secret = uuid::Uuid::new_v4().to_string().replace('-', "");
        Self {
            id: None,
            name,
@@ -79,9 +87,11 @@ impl TrackedRepository {
            auth_token: None,
            auth_username: None,
            webhook_enabled: false,
+            webhook_secret: Some(webhook_secret),
            tracker_type: None,
            tracker_owner: None,
            tracker_repo: None,
+            tracker_token: None,
            last_scanned_commit: None,
            findings_count: 0,
            created_at: now,