tking/bxnet-ops
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(apply_gate): migrate Chronicle emission to CloudEvents

Browse source 
Replace fake Forgejo push webhook for APPLY_AUTHORIZED with
structured CloudEvents 1.0. Event carries diff_hash and mfa_method
as typed fields.

Event rename: APPLY_AUTHORIZED -> GOV_APPLY_AUTHORIZED

Signed-off-by: Tyler King <tking@guildhouse.dev>
This commit is contained in:
Tyler J King 2026-04-12 06:53:56 -04:00
parent 869cc610b5
commit 8f2884d5fa
1 changed files with 14 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
org-ops-core/src/apply_gate.rs
View file

@ -214,29 +214,22 @@ pub fn run_apply_gate(
_ => "no-mfa".to_string(), _ => "no-mfa".to_string(),
}; };
// Step 4: Chronicle APPLY_AUTHORIZED // Step 4: Chronicle GOV_APPLY_AUTHORIZED
let now = std::time::SystemTime::now() let chronicle = crate::chronicle_client::ChronicleClient::from_legacy_webhook(chronicle_webhook);
.duration_since(std::time::UNIX_EPOCH) let ok = chronicle.emit(
.unwrap() "GOV_APPLY_AUTHORIZED",
.as_secs(); actor_did,
let body = serde_json::json!({ &crate::chronicle_client::ChronicleClient::generate_id(),
"pusher": {"login": actor_did}, serde_json::json!({
"ref": "refs/governance/APPLY_AUTHORIZED", "kind": "GOV_APPLY_AUTHORIZED",
"repository": {"full_name": "platform/apply-governance"}, "description": format!("{} signed {}", actor_did, &diff_hash[..24]),
"commits": [{"message": format!("APPLY_AUTHORIZED: {} signed {}", actor_did, &diff_hash[..24])}], "diff_hash": diff_hash,
}); "mfa_method": policy.mfa_method,
}),
let ok = reqwest::blocking::Client::new() );
.post(chronicle_webhook)
.header("X-Forgejo-Event", "push")
.json(&body)
.timeout(Duration::from_secs(5))
.send()
.map(|r| r.status().is_success())
.unwrap_or(false);
if ok { if ok {
println!("\n Chronicle: APPLY_AUTHORIZED recorded"); println!("\n Chronicle: GOV_APPLY_AUTHORIZED recorded");
} }
println!(" Authorization valid for {} seconds.", policy.mfa_timeout_secs); println!(" Authorization valid for {} seconds.", policy.mfa_timeout_secs);