Skip to content
GitHub bot for using GitLab CI in OSS projects
Rust Python Ruby Other
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.dependabot
docs
helm/labhub
src
.dockerignore
.gitignore
.gitlab-ci.yml
Cargo.lock
Cargo.toml
Dockerfile
Dockerfile.builder
LICENSE
LabHub.toml
README.md
Rocket.toml

README.md

pipeline status codecov Current Crates.io Version

🤖 LabHub

A GitHub bot written in Rust for using GitLab CI in OSS projects.

Features

  • Listens for webhooks from GitHub
  • Pushes branches to GitLab from external (forked) PRs
  • Accepts commands by way of PR comments
  • Possibly more coming soon 👻

Commands

Commands can be executed by commenting on a PR with your CI user's login.

  • @labhub retry: retry a pipeline that has failed

The Problem

GitLab has a great CI system, however it's not suitable for open source projects 😧 (at the time of writing) because it won't build external PRs by default. There are security concerns about the risk of exposing secrets in external builds, and GitLab errs on the side of caution by not building external PRs by default.

For more details on the issue, please take a look at this GitLab discussion.

The Solution

If you're not concerned with leaking secrets, then LabHub may be for you! LabHub listens for webhooks from GitHub to notify for new pull requests. If the PR is from a forked repo, it will push a branch to GitLab (for the corresponding PR) to test the build.

🏃‍♀️ In Action

Using LabHub? Open a PR to add your project here! 😀

LabHub is currently being used by the following projects:

Compiling

LabHub requires Rust nightly. To compile using rustup:

$ rustup toolchain install nightly
$ rustup default nightly
$ cargo build

Be sure to switch back to stable with rustup default stable if that's your preferred toolchain.

🎛 Configuration

LabHub is configured using LabHub.toml. For details, see src/config.rs. You can specify the path to LabHub.toml by setting the LABHUB_TOML environment variable.

🚀 Deployment

Setup Webhooks

You'll need to set up webhooks for any repo you wish to enable LabHub for. Currently, only GitHub webhooks are required. To get started, go to github.com/<org>/<repo>/settings/hooks and add a new webhook.

Configure the webhook to send PR and push events.

  • Set the payload URL path to /github/events, which is the path LabHub is expecting for GitHub events.
  • Create a secret (ex: cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) and set the same value in the webhook config as in LabHub.
  • Make sure the payload type is application/json.
  • Here's how your webhook should look

Create SSH keys

You'll need a CI user with SSH keys for both GitHub and GitLab. Create an account on both sites (if you don't already have a CI user), and create an SSH key for LabHub:

$ ssh-keygen -f labhub-key.ecdsa -t ecdsa -b 521

Keep labhub-key.ecdsa safe, and upload labhub-key.ecdsa.pub to both GitHub and GitLab for the CI user.

Create Personal Access Tokens

Create personal access tokens for your CI user on both GitHub, and GitLab. Supply these tokens by setting the api_token parameter in LabHub.toml for both GitHub and GitLab.

Personal Access Token for GitHub

Personal Access Token for GitLab

Deploy to Kubernetes with Helm

There's a Helm chart included in this repo, which is the preferred method of deployment. To use you, you must first create the SSH key secrets with kubectl. Assuming your SSH private key is labhub-key.ecdsa:

$ kubectl create secret generic labhub-ssh-keys --from-file=github=labhub-key.ecdsa --from-file=gitlab=labhub-key.ecdsa

You may use separate keys for GitHub and GitLab if you choose, respectively.

Once you have the secrets, install the helm chart from helm/labhub/:

$ cd helm/labhub/
$ cp values.yaml myvalues.yaml
### Edit myvalues.yaml to your liking ###
$ helm upgrade --install labhub . -f myvalues.yaml

Not implemented:

  • No periodic reconciling of GitLab branches with open PRs: if a webhook is missed for any reason, the GitLab pipeline may not correctly reflect the PR state
You can’t perform that action at this time.