Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cr-gateway): Remove GitHub API requirement from CR server. #255

Merged
merged 1 commit into from
Jan 17, 2018
Merged

fix(cr-gateway): Remove GitHub API requirement from CR server. #255

merged 1 commit into from
Jan 17, 2018

Conversation

technosophos
Copy link
Contributor

Relates to #225

@technosophos technosophos self-assigned this Jan 9, 2018
mumoshu
mumoshu reviewed Jan 10, 2018
View reviewed changes
pkg/webhook/dockerhub.go
b := &brigade.Build{
ProjectID: proj.ID,
Type: "image_push",
Provider: "dockerhub",
Commit: commit,
Payload: payload,
Script: brigadeJS,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we really just defer determining the script to be executed for a build like this?

As far as I understand, brigade-controller as of today doesn't have an ability to populate missing brigade.js(=script in a secret representing an brigade event) - it looks like we have to populate it on gateway-side.

I'm writing this referring the followings:

Please correct me if I'm missing something!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just noticed that brigade does handle this case here.
Sorry for bothering!

For anyone interested, in nutshell brigade seems to create a vcs-sidecar(as an init-container) to populate /vcs/brigade.js only when script isn't included in an event. Then, the brigade-worker runs either /etc/brigade/script(corresponds to the script included in a brigade.Build=secret) or /vcs/brigade.js according to this code. So, if we omit a script in a brigade.Build coming from the cr-gateway, the worker just tries to git-clone the necessary script=brigade.js from the vcs repo. No problem.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for taking the time to look through all of that.

blimmer
blimmer approved these changes Jan 11, 2018
View reviewed changes
Copy link
Contributor

@blimmer blimmer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm - this is a great security improvement 🥇

charts/brigade-project/values.yaml
@@ -12,8 +12,7 @@ cloneURL: "https://github.com/deis/empty-testbed.git"
sharedSecret: "IBrakeForSeaBeasts"

# OPTIONAL: Use this to have Brigade update your project about the build.
# You probably want this if you want pull requests or commits to show
# the build status.
# This is REQUIRED for the GitHub gateway, but optional otherwise.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@technosophos technosophos merged commit c5fbdb9 into brigadecore:master Jan 17, 2018
@technosophos technosophos deleted the fix/cr-doesnt-use-github-api branch January 17, 2018 23:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mumoshu mumoshu mumoshu approved these changes

@blimmer blimmer blimmer approved these changes

@adamreese adamreese adamreese approved these changes

Assignees

@technosophos technosophos

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@technosophos @mumoshu @blimmer @adamreese