GHE: All orgs webhook configuration -- global webhooks

[DaedalusG]

Feature request description

The current method for configuring webhooks requires users to create a webhook per an org in a codehost. For example in Github:

"webhooks": [
  {"org": "your_org", "secret": "verylongrandomsecret"}
]

Is your feature request related to a problem? If so, please describe.

Some Sourcegraph users belong to a company with many (#orgs>= 250) Sourcegraph Orgs, some method to simplify the process of adding many orgs to Sourcegraph would be nice.

Describe alternatives you've considered.

For GHE users a global Webhooks exist, however this webhook type currently isnt supported with batch changes, since Global webhooks are mostly for instance level events and many of the event triggers required by Sourcegraph aren't covered.

From the github documentation

Global webhooks can subscribe to the organization, user, repository, team, member, membership, fork, and ping event types.

For a list of events Sourcegraph handles from github see this code snippet

var (
--
  | // eventTypeMapping maps webhooks types to their corresponding go-github struct types.
  | eventTypeMapping = map[string]string{
  | "branch_protection_rule":         "BranchProtectionRuleEvent",
  | "check_run":                      "CheckRunEvent",
  | "check_suite":                    "CheckSuiteEvent",
  | "commit_comment":                 "CommitCommentEvent",
  | "content_reference":              "ContentReferenceEvent",
  | "create":                         "CreateEvent",
  | "delete":                         "DeleteEvent",
  | "deploy_key":                     "DeployKeyEvent",
  | "deployment":                     "DeploymentEvent",
  | "deployment_status":              "DeploymentStatusEvent",
  | "discussion":                     "DiscussionEvent",
  | "fork":                           "ForkEvent",
  | "github_app_authorization":       "GitHubAppAuthorizationEvent",
  | "gollum":                         "GollumEvent",
  | "installation":                   "InstallationEvent",
  | "installation_repositories":      "InstallationRepositoriesEvent",
  | "issue_comment":                  "IssueCommentEvent",
  | "issues":                         "IssuesEvent",
  | "label":                          "LabelEvent",
  | "marketplace_purchase":           "MarketplacePurchaseEvent",
  | "member":                         "MemberEvent",
  | "membership":                     "MembershipEvent",
  | "meta":                           "MetaEvent",
  | "milestone":                      "MilestoneEvent",
  | "organization":                   "OrganizationEvent",
  | "org_block":                      "OrgBlockEvent",
  | "package":                        "PackageEvent",
  | "page_build":                     "PageBuildEvent",
  | "ping":                           "PingEvent",
  | "project":                        "ProjectEvent",
  | "project_card":                   "ProjectCardEvent",
  | "project_column":                 "ProjectColumnEvent",
  | "public":                         "PublicEvent",
  | "pull_request":                   "PullRequestEvent",
  | "pull_request_review":            "PullRequestReviewEvent",
  | "pull_request_review_comment":    "PullRequestReviewCommentEvent",
  | "pull_request_target":            "PullRequestTargetEvent",
  | "push":                           "PushEvent",
  | "repository":                     "RepositoryEvent",
  | "repository_dispatch":            "RepositoryDispatchEvent",
  | "repository_vulnerability_alert": "RepositoryVulnerabilityAlertEvent",
  | "release":                        "ReleaseEvent",
  | "secret_scanning_alert":          "SecretScanningAlertEvent",
  | "star":                           "StarEvent",
  | "status":                         "StatusEvent",
  | "team":                           "TeamEvent",
  | "team_add":                       "TeamAddEvent",
  | "user":                           "UserEvent",
  | "watch":                          "WatchEvent",
  | "workflow_dispatch":              "WorkflowDispatchEvent",
  | "workflow_job":                   "WorkflowJobEvent",
  | "workflow_run":                   "WorkflowRunEvent",
  | }
  | )

Additional context

At first blush it looked like global webhooks might just work with Sourcegraph so we tried them out. Unfortunately Initial testing with global webhooks shows that they aren't currently compatible with Sourcegraph

[github-actions[bot]]

Hey, @sourcegraph/batchers (@eseliger @LawnGnome @courier-new @adeola-ak @BolajiOlajide @Piszmog @malomarrec @chrispine @danielmarquespt) - we have been mentioned. Let's take a look.

[courier-new]

Feels like this could use a spike to understand how different GHE global webhooks look/behave, if they have the same coverage as normal org ones (seems like the answer is yes if they can "subscribe to the organization" but I don't just want to assume that they're 1:1 with per-org webhook events), and how much work it would take to support them.

GHE global webhooks would impact strategic customers with many orgs to manage, so this seems like something that could be worth prioritizing if the spike reveals it wouldn't take too long to support.

[eseliger]

Oh I investigated this in response to some support request recently and the GHE global webhooks are confusingly not the same webhooks, it's for GHE events, not PR/issue events :|

[courier-new]

Oh really? That's too bad. 😞 Does that mean we should interpret this line ("Global webhooks can subscribe to the organization, user, repository, team, member, membership, fork, and ping event types.") as it cannot subscribe to PR/issue event types? I had thought maybe they were considered a subset of org events, based on Warren's comment, but I didn't really look into it.

Sounds like this is a non-starter and should probably be closed, then?

[eseliger]

Maybe I understood it wrong, but AFAIK it can only inform about Repo create, user create etc events, essentially audit log events. I think we should still investigate if there are better ways (ie us automatedly creating webhooks, github apps solving that ootb, etc) but it's likely going to be backlog. WDYT?

[courier-new]

Yeah probably. Though if https://github.com/sourcegraph/sourcegraph/issues/40939 is high priority and we agree webhooks are core to that, some automation here or the ability to use global webhooks would actually be a massive value add to customers with >10 orgs using batch changes.

[LawnGnome]

Also feels backloggy to me for now — there's probably a broader "make Sourcegraph do smart things if you connect it as a full blown GitHub App" ticket somewhere that this is really a part of.

[eseliger]

I wonder if this should get a strategic-ready label. @malomarrec WDYT? Until we hear more feedback, still feels like backlog.

[ryanslade]

We're proposing making webhooks more "first class". See this doc