Add webhook management for repositories and organizations #154
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gabriel-samfira
changed the title
* Add a new middleware that tests for admin access
* Add a new controller ID suffixed webhook endpoint. This will be used
to accept webhook events on a webhook URL that is suffixed with our own
controller ID.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
* Added a webhook show command. This gives us info about the webhook and
if it is installed.
* Return webhook info when installing the webhook
* Small typo fixes.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
* When removing a repo or org, we uninstall the webhook as well.
* Upgrade cobra command and mark "webhook-secret" and "random-webhook-secret"
as MarkFlagsOneRequired()
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
The user can opt to not delete the webhook (if installed) when removing the entity from garm. Garm will only ever try to remove a webhook that exactly matches the URL that is composed of the base webhook URL configured in the config.toml file and the unique controller ID that is generated when the controller is first installed. It should be safe to remove the webhook when the entity is removed. Of course, this behavior can be disabled. Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
gabriel-samfira
force-pushed
the
add-webhook-configuration
branch
from
896df4c
to
3b651af
Compare
|
Merging as is for now. Integration tests are forthcoming. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change adds the ability to install or uninstall the GitHub web hook in repositories and organizations (no enterprise support yet) that is needed by GARM to operate normally.
Currently, users have to manually configure a web hook in GitHub that points back to GARM. This is needed in order for garm to receive notifications about jobs, and react by creating or removing runners. In the current implementation, the API endpoint for webhooks is
/webhooks.This change makes it possible for GARM to also receive webhooks on
/webhooks/{controllerID}, where{controllerID}is theUUID4of the current controller.The old
/webhookendpoint still works and can be used for manual configuration. When installing or removing webhooks, GARM will only use the API endpoint that includes the controller ID. This way, we don't accidentally remove a user-defined web-hook.Or course, users can also manually configure web-hooks using the controllerID suffixed web-hook API endpoint if they wish, but in that case, GARM may remove the webhook if requested via CLI.
To use this feature, the PAT associated to a repo or org needs to have access to add/remove webhooks. A new setting will also be added that enables the API endpoints needed to manage web hooks.
Example usage:
You will have to add the webhook base URL in your
config.tomlfile under the[DEFAULT]section and enable the webhook management feature:Then you can install/uninstall webhooks.
Installing the webhook:
Installing the webhook and disabling TLS certificate verification (not recommended):
Uninstalling:
Show current status:
To view your current controller info and configured URLs, you can run:
Important notes
When removing a repo or an organization, by default garm will also cleanup any webhooks that may have been created. GARM will only ever touch webhooks that exactly match both the base URL configured in
webhook_urland thecontrollerIDsuffix.IF we assume that the controller ID that was automatically generated when you initialized GARM is
5eb2fc8d-b69b-4690-8e09-1c813b99bbf5and your webhook URL ishttps://garm.example.com/webhooks, then GARM will only cleanup webhooks that exactly matchhttps://garm.example.com/webhooks/5eb2fc8d-b69b-4690-8e09-1c813b99bbf5.This behavior can be disabled by adding
?keepWebhook=1to theDELETErequest or by using the--keep-webhook=trueflag for theorg deleteandrepo deleteCLI commands.