Architecture alternative: private Gitlab job

[florimondmanca]

Idea:

• Setup a single shared Gitlab job to run what we currently run in GitHub Actions.
• It will need to have a hardcoded mapping of { repo -> channel_ids[] } to know which channels to fetch messages from when getting a review event for a given repo.

User configuration:

• Users will need to configure a webhook (Settings -> Webhooks) with the job trigger URL, passing any configuration as query params. This is much simpler than having to setup an Action with various secrets and channel/bot IDs.

Security:

• We will need to provide a secret (shared via a password vault).
• Gitlab job will only approve requests for which the generated HMAC signature is correct.
• Slack secrets, bot IDs, etc will be stored on Gitlab.

Benefits:

• Simpler user configuration: update the mapping in the job repo, configure the webhook, done.
• Configuration and secrets are centralized on Gitlab.
• Workload is on our private Gitlab instance, instead of GitHub Actions free tier.

Non-goals:

• Latency won't necessarily decrease.