Merge branch 'main' into patch-1

yapinxxx · web-flow · commit edcfe83626f7 · 2025-07-15T11:36:12.000+08:00
diff --git a/docs/self-hosted/azure-devops.md b/docs/self-hosted/azure-devops.md
@@ -127,13 +127,16 @@ LINEAR_PAT=[<linear-personal-access-token>]
 
 ENABLE_WEB_SEARCH=[true]
 PERPLEXITY_API_KEY=[<perplexity-api-key>]
+
+YAML_CONFIG=[<escaped-yaml-config>]
 ```
 
 :::note
 
 - If you are using Azure OpenAI, verify that the model deployment names are in the .env file.
 - Values marked with [] are not optional to provide.
 - You can generate `CODERABBIT_API_KEY` from CodeRabbit UI -> Organizations Settings -> API Keys.
+- `YAML_CONFIG` is an optional configuration file that can be used to customize CodeRabbit's behavior at the deployment level. It takes the same format as the [CodeRabbit YAML configuration](/docs/getting-started/configure-coderabbit.md) file. It requires the entire YAML file to be in an escaped string format, for example, `YAML_CONFIG="key1: value1\nkey2: value2"`. You can use [Escape YAML](https://escapeyaml.dev/) to generate the escaped string.
 
 :::
 
diff --git a/docs/self-hosted/bitbucket.md b/docs/self-hosted/bitbucket.md
@@ -122,13 +122,16 @@ LINEAR_PAT=[<linear-personal-access-token>]
 
 ENABLE_WEB_SEARCH=[true]
 PERPLEXITY_API_KEY=[<perplexity-api-key>]
+
+YAML_CONFIG=[<escaped-yaml-config>]
 ```
 
 :::note
 
 - If you are using Azure OpenAI, verify that the model deployment names are in the .env file.
   Values marked with [] are optional and can be omitted if the feature is not needed.
 - You can generate `CODERABBIT_API_KEY` from CodeRabbit UI -> Organizations Settings -> API Keys.
+- `YAML_CONFIG` is an optional configuration file that can be used to customize CodeRabbit's behavior at the deployment level. It takes the same format as the [CodeRabbit YAML configuration](/docs/getting-started/configure-coderabbit.md) file. It requires the entire YAML file to be in an escaped string format, for example, `YAML_CONFIG="key1: value1\nkey2: value2"`. You can use [Escape YAML](https://escapeyaml.dev/) to generate the escaped string.
 
 :::
 
diff --git a/docs/self-hosted/github.md b/docs/self-hosted/github.md
@@ -140,6 +140,8 @@ LINEAR_PAT=[<linear-personal-access-token>]
 
 ENABLE_WEB_SEARCH=[true]
 PERPLEXITY_API_KEY=[<perplexity-api-key>]
+
+YAML_CONFIG=[<escaped-yaml-config>]
 ```
 
 :::note
@@ -150,6 +152,7 @@ PERPLEXITY_API_KEY=[<perplexity-api-key>]
 - For `GITHUB_HOSTNAME`, use GitHub Enterprise server's hostname, for example, “github.acme-inc.com”
 - You can generate `CODERABBIT_API_KEY` from CodeRabbit UI -> Organizations Settings -> API Keys.
 - When `ENABLE_LEARNINGS` is set to `true`, CodeRabbit will use `CODERABBIT_API_KEY` to store learnings on our servers.
+- `YAML_CONFIG` is an optional configuration file that can be used to customize CodeRabbit's behavior at the deployment level. It takes the same format as the [CodeRabbit YAML configuration](/docs/getting-started/configure-coderabbit.md) file. It requires the entire YAML file to be in an escaped string format, for example, `YAML_CONFIG="key1: value1\nkey2: value2"`. You can use [Escape YAML](https://escapeyaml.dev/) to generate the escaped string.
 
 :::
 
diff --git a/docs/self-hosted/gitlab.md b/docs/self-hosted/gitlab.md
@@ -37,13 +37,46 @@ Consult official CodeRabbitAI documentation for a detailed [guide](https://docs.
 1. **Navigate to Add Webhook Page**: Go to the webhook configuration page in the desired GitLab project.
 2. **Add Webhook URL**: Enter the URL pointing to the CodeRabbit service, followed by `/gitlab_webhooks` (e.g., `http://127.0.0.1:8080/gitlab_webhooks`).
 3. **Generate and Save Secret Token**: Generate a secret token, add it to the webhook, and store it securely. This will be needed for the `.env` file as `GITLAB_WEBHOOK_SECRET` (you can use a single secret token for all projects).
-4. Select triggers:
+4. **Select triggers**:
 
    - Push events
    - Comments
    - Issues events
    - Merge request events
 
+## Add Webhook Using a Script
+
+We have a convenient [script](/code/gitlab-webhook.sh) to help you add webhooks to a project or all projects under a group in a GitLab instance.
+
+```bash
+# Make sure the script is executable:
+chmod +x gitlab-webhook.sh
+```
+
+Example usage:
+
+```bash
+# PAT example (header auto-detected)
+export GITLAB_TOKEN="glpat-xxxxx"
+./gitlab-add-webhook.sh \
+  -h "gitlab.example.com" -u "http://<coderabbit-agent-addr>/gitlab_webhooks" \
+  -s "mySecret" -p 42
+
+# PAT example (explicit header)
+./gitlab-add-webhook.sh \
+  -h "gitlab.example.com" -u "http://<coderabbit-agent-addr>/gitlab_webhooks" \
+  -s "mySecret" -g "mygroup/mysubgroup/myproject" \
+  -t "glpat-xxxxx" \
+  -A "PRIVATE-TOKEN"
+
+# OAuth token with explicit header
+./gitlab-add-webhook.sh \
+  -h "gitlab.example.com" -u "http://<coderabbit-agent-addr>/gitlab_webhooks" \
+  -s "mySecret" -g "company/backend" \
+  -t "eyJhbGciOi..." \
+  -A "Authorization: Bearer"
+```
+
 ## Prepare a `.env` file
 
 Create a `.env` file with the following content:
@@ -134,13 +167,16 @@ LINEAR_PAT=[<linear-personal-access-token>]
 
 ENABLE_WEB_SEARCH=[true]
 PERPLEXITY_API_KEY=[<perplexity-api-key>]
+
+YAML_CONFIG=[<escaped-yaml-config>]
 ```
 
 :::note
 
 - If you are using Azure OpenAI, verify that the model deployment names are in the .env file.
 - Values marked with [] are not optional to provide.
 - You can generate `CODERABBIT_API_KEY` from CodeRabbit UI -> Organizations Settings -> API Keys.
+- `YAML_CONFIG` is an optional configuration file that can be used to customize CodeRabbit's behavior at the deployment level. It takes the same format as the [CodeRabbit YAML configuration](/docs/getting-started/configure-coderabbit.md) file. It requires the entire YAML file to be in an escaped string format, for example, `YAML_CONFIG="key1: value1\nkey2: value2"`. You can use [Escape YAML](https://escapeyaml.dev/) to generate the escaped string.
 
 :::
 
diff --git a/static/code/gitlab-webhook.sh b/static/code/gitlab-webhook.sh
@@ -0,0 +1,188 @@
+#!/usr/bin/env bash
+
+## gitlab-webhook.sh
+# Add a webhook to one project, or every project in a subgroup tree.
+
+## Example usage:
+# Make sure the script is executable:
+# chmod +x gitlab-webhook.sh
+
+# PAT auto-detected header
+# export GITLAB_TOKEN="glpat-xxxxx"
+# ./gitlab-add-webhook.sh \
+#   -h "gitlab.example.com" -u "https://ci.example.com/gitlab-hook" \
+#   -s "mySecret" -p 42
+
+# PAT with explicit header
+# ./gitlab-add-webhook.sh \
+#   -h "gitlab.example.com" -u "https://ci.example.com/gitlab-hook" \
+#   -s "mySecret" -g "mygroup/mysubgroup/myproject" \
+#   -t "glpat-qj5s..." \
+#   -A "PRIVATE-TOKEN"
+
+# OAuth token with explicit header
+# ./gitlab-add-webhook.sh \
+#   -h "gitlab.example.com" -u "https://ci.example.com/gitlab-hook" \
+#   -s "mySecret" -g "company/backend" \
+#   -t "eyJhbGciOi..." \
+#   -A "Authorization: Bearer"
+
+
+set -euo pipefail
+
+usage() {
+  cat <<EOF
+Usage:
+  $0 -h <gitlab-host> -u <webhook-url> -s <webhook-secret> \\
+     [-t <access-token>] [-A <auth-header>] [-p <project> | -g <group>]
+
+Required:
+  -h  GitLab host (e.g. gitlab.example.com)
+  -u  Webhook endpoint URL to receive POSTs
+  -s  Webhook secret token (used for signature verification)
+
+Authentication (one of):
+  -t  Access token (PAT, project, group or OAuth). If omitted, \$GITLAB_TOKEN is used
+  -A  Auth header to use. Default detects:
+        PAT → "PRIVATE-TOKEN"
+        anything else → "Authorization: Bearer"
+
+Scope (choose one):
+  -p  Project ID or full path (e.g. 42 or group/app)
+  -g  Group ID or full path, recurse through all subgroups & projects
+EOF
+  exit 1
+}
+
+HOST="" HOOK_URL="" HOOK_SECRET=""
+TOKEN="${GITLAB_TOKEN:-}" AUTH_HEADER=""
+PROJECT="" GROUP=""
+
+while getopts "h:u:s:t:A:p:g:" opt; do
+  case "$opt" in
+    h) HOST=$OPTARG ;;
+    u) HOOK_URL=$OPTARG ;;
+    s) HOOK_SECRET=$OPTARG ;;
+    t) TOKEN=$OPTARG ;;
+    A) AUTH_HEADER=$OPTARG ;;
+    p) PROJECT=$OPTARG ;;
+    g) GROUP=$OPTARG ;;
+    *) usage ;;
+  esac
+done
+
+# Mandatory checks
+[[ -z $HOST || -z $HOOK_URL || -z $HOOK_SECRET ]] && usage
+[[ -n $PROJECT && -n $GROUP ]] && usage
+[[ -z $PROJECT && -z $GROUP ]] && usage
+
+# Token handling
+if [[ -z $TOKEN ]]; then
+  echo "❌  No access token provided. Use -t or set \$GITLAB_TOKEN" >&2
+  exit 1
+fi
+
+# Choose header if not forced
+if [[ -z $AUTH_HEADER ]]; then
+  if [[ $TOKEN == glpat-* || $TOKEN == "PAT-"* ]]; then
+    AUTH_HEADER="PRIVATE-TOKEN"
+  else
+    AUTH_HEADER="Authorization: Bearer"
+  fi
+fi
+
+API="https://${HOST}/api/v4"
+CURL_BASE=(curl -sSf --header "${AUTH_HEADER}: ${TOKEN}")
+
+# Track processed projects to avoid duplicates
+declare -A PROCESSED_PROJECTS
+# Track projects where webhooks were successfully added
+WEBHOOK_PROJECTS=()
+
+##############################################################################
+# Helpers
+##############################################################################
+url_encode() {
+  local string="$1"
+  # URL encode the string using printf and sed
+  printf '%s' "$string" | sed 's/\//%2F/g; s/ /%20/g; s/@/%40/g; s/:/%3A/g; s/#/%23/g; s/?/%3F/g; s/&/%26/g; s/=/%3D/g; s/+/%2B/g'
+}
+
+create_hook() {
+  local pid=$1
+
+  # Skip if already processed
+  if [[ -n "${PROCESSED_PROJECTS[$pid]:-}" ]]; then
+    return 0
+  fi
+
+  # Mark as processed
+  PROCESSED_PROJECTS[$pid]=1
+
+  local encoded_pid
+  # URL encode if pid is not purely numeric
+  if [[ $pid =~ ^[0-9]+$ ]]; then
+    encoded_pid=$pid
+  else
+    encoded_pid=$(url_encode "$pid")
+  fi
+
+  "${CURL_BASE[@]}" --request POST \
+    --data-urlencode "url=${HOOK_URL}" \
+    --data "token=${HOOK_SECRET}" \
+    --data "push_events=true" \
+    --data "note_events=true" \
+    --data "issues_events=true" \
+    --data "merge_requests_events=true" \
+    --data "enable_ssl_verification=true" \
+    "${API}/projects/${encoded_pid}/hooks" \
+    >/dev/null
+
+  # Track successful webhook creation
+  WEBHOOK_PROJECTS+=("$pid")
+}
+
+traverse_group() {
+  local gid=$1
+  local encoded_gid
+  # URL encode if gid is not purely numeric
+  if [[ $gid =~ ^[0-9]+$ ]]; then
+    encoded_gid=$gid
+  else
+    encoded_gid=$(url_encode "$gid")
+  fi
+  # projects (includes nested sub-groups)
+  while IFS= read -r pid; do
+    [[ -n "$pid" ]] && create_hook "$pid"
+  done < <(
+    "${CURL_BASE[@]}" \
+      "${API}/groups/${encoded_gid}/projects?include_subgroups=true&per_page=100" |
+      jq -r '.[].id'
+  )
+  # recurse explicit subgroups (older GitLab)
+  while IFS= read -r sg; do
+    [[ -n "$sg" ]] && traverse_group "$sg"
+  done < <(
+    "${CURL_BASE[@]}" "${API}/groups/${encoded_gid}/subgroups?per_page=100" |
+      jq -r '.[].id'
+  )
+}
+
+##############################################################################
+# Main
+##############################################################################
+if [[ -n $PROJECT ]]; then
+  create_hook "$PROJECT"
+else
+  traverse_group "$GROUP"
+fi
+
+# Print final summary
+if [[ ${#WEBHOOK_PROJECTS[@]} -eq 0 ]]; then
+  echo "❌  No webhooks were installed."
+else
+  echo "✅  Webhooks installed successfully on ${#WEBHOOK_PROJECTS[@]} project(s):"
+  for pid in "${WEBHOOK_PROJECTS[@]}"; do
+    echo "  - Project ID: $pid"
+  done
+fi
diff --git a/static/schema/schema.v2.json b/static/schema/schema.v2.json
