-
Notifications
You must be signed in to change notification settings - Fork 246
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(cr-gateway): Remove GitHub API requirement from CR server. #255
fix(cr-gateway): Remove GitHub API requirement from CR server. #255
Conversation
22763d3
to
0b4a23a
Compare
b := &brigade.Build{ | ||
ProjectID: proj.ID, | ||
Type: "image_push", | ||
Provider: "dockerhub", | ||
Commit: commit, | ||
Payload: payload, | ||
Script: brigadeJS, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we really just defer determining the script to be executed for a build like this?
As far as I understand, brigade-controller as of today doesn't have an ability to populate missing brigade.js(=script
in a secret representing an brigade event) - it looks like we have to populate it on gateway-side.
I'm writing this referring the followings:
- https://github.com/Azure/brigade/search?utf8=%E2%9C%93&q=syncSecret&type=
- https://github.com/Azure/brigade/search?utf8=%E2%9C%93&q=Script&type=
Please correct me if I'm missing something!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just noticed that brigade does handle this case here.
Sorry for bothering!
For anyone interested, in nutshell brigade seems to create a vcs-sidecar(as an init-container) to populate /vcs/brigade.js
only when script
isn't included in an event. Then, the brigade-worker runs either /etc/brigade/script
(corresponds to the script
included in a brigade.Build
=secret) or /vcs/brigade.js
according to this code. So, if we omit a script
in a brigade.Build coming from the cr-gateway, the worker just tries to git-clone the necessary script=brigade.js
from the vcs repo. No problem.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for taking the time to look through all of that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm - this is a great security improvement 🥇
@@ -12,8 +12,7 @@ cloneURL: "https://github.com/deis/empty-testbed.git" | |||
sharedSecret: "IBrakeForSeaBeasts" | |||
|
|||
# OPTIONAL: Use this to have Brigade update your project about the build. | |||
# You probably want this if you want pull requests or commits to show | |||
# the build status. | |||
# This is REQUIRED for the GitHub gateway, but optional otherwise. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Relates to #225