talexander/webhook_bridge
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:201709c360be526dd74fec652ebd3f11fe89d87f
Branches Tags
talexander:main
talexander:v0.0.34 talexander:v0.0.33 talexander:v0.0.32 talexander:v0.0.31 talexander:v0.0.30 talexander:v0.0.29 talexander:v0.0.28 talexander:v0.0.27 talexander:v0.0.26 talexander:v0.0.25 talexander:v0.0.23 talexander:v0.0.22 talexander:v0.0.21 talexander:v0.0.20 talexander:v0.0.19 talexander:v0.0.18 talexander:v0.0.17 talexander:v0.0.16 talexander:v0.0.15 talexander:v0.0.14 talexander:v0.0.13 talexander:v0.0.12 talexander:v0.0.11 talexander:v0.0.10 talexander:v0.0.9 talexander:v0.0.8 talexander:v0.0.7 talexander:v0.0.6 talexander:v0.0.5 talexander:v0.0.4 talexander:v0.0.3 talexander:v0.0.2 talexander:v0.0.1
..
compare: talexander:v0.0.2
Branches Tags
talexander:main
talexander:v0.0.34 talexander:v0.0.33 talexander:v0.0.32 talexander:v0.0.31 talexander:v0.0.30 talexander:v0.0.29 talexander:v0.0.28 talexander:v0.0.27 talexander:v0.0.26 talexander:v0.0.25 talexander:v0.0.23 talexander:v0.0.22 talexander:v0.0.21 talexander:v0.0.20 talexander:v0.0.19 talexander:v0.0.18 talexander:v0.0.17 talexander:v0.0.16 talexander:v0.0.15 talexander:v0.0.14 talexander:v0.0.13 talexander:v0.0.12 talexander:v0.0.11 talexander:v0.0.10 talexander:v0.0.9 talexander:v0.0.8 talexander:v0.0.7 talexander:v0.0.6 talexander:v0.0.5 talexander:v0.0.4 talexander:v0.0.3 talexander:v0.0.2 talexander:v0.0.1

21 Commits
201709c360 ... v0.0.2

Author SHA1 Message Date
Tom Alexander
4bcf8b9ddc Merge branch 'lint'
Some checks failed
semver Build semver has succeeded
Details
format Build format has succeeded
Details
rust-test Build rust-test has failed
Details
clippy Build clippy has failed
Details
build Build build has succeeded
Details
2024-09-29 15:03:19 -04:00
Tom Alexander
14b38b7fcd Add rustfmt config. 2024-09-29 15:03:07 -04:00
Tom Alexander
0602f8472b Separate out to two binaries.
Some checks failed
format Build format has succeeded
Details
clippy Build clippy has failed
Details
rust-test Build rust-test has failed
Details
2024-09-29 14:59:39 -04:00
Tom Alexander
cdac8224c6 Fix clippy lints. 2024-09-29 14:08:05 -04:00
Tom Alexander
ef195cd4df Update to alpine 3.20.
Some checks failed
semver Build semver has succeeded
Details
build Build build has succeeded
Details
format Build format has succeeded
Details
rust-test Build rust-test has succeeded
Details
clippy Build clippy has failed
Details
2024-09-29 04:48:25 -04:00
Tom Alexander
a95339539b Use default namespace kubernetes client.
Some checks failed
semver Build semver has succeeded
Details
format Build format has succeeded
Details
rust-test Build rust-test has succeeded
Details
clippy Build clippy has failed
Details
build Build build has succeeded
Details
2024-09-29 02:44:58 -04:00
Tom Alexander
07797b9906 Move the logic into the server.
Some checks failed
semver Build semver has succeeded
Details
clippy Build clippy has failed
Details
format Build format has succeeded
Details
rust-test Build rust-test has succeeded
Details
build Build build has succeeded
Details
2024-09-29 01:27:00 -04:00
Tom Alexander
0548571b6b Add a pipeline to build the server image. 2024-09-29 00:36:51 -04:00
Tom Alexander
a2aca6d2f1 Add support for tags. 2024-09-29 00:13:56 -04:00
Tom Alexander
1efd7b1d73 Add a semver job to assign an automatically-incrementing version tag to commits to main.
Some checks failed
semver Build semver has succeeded
Details
rust-test Build rust-test has succeeded
Details
format Build format has succeeded
Details
clippy Build clippy has failed
Details 
This automatically increments the patch (3rd) digit, so to update the major or minor version, manually push a tag.
 2024-09-28 23:59:32 -04:00
Tom Alexander
b122e6ee99 Create a docker image for running the server. 2024-09-28 23:50:03 -04:00
Tom Alexander
c20927b726 Add Makefile for running CI jobs locally. 2024-09-28 23:20:35 -04:00
Tom Alexander
efe37f020a Generate names for pipeline runs.
Some checks failed
format Build format has succeeded
Details
clippy Build clippy has failed
Details
rust-test Build rust-test has succeeded
Details
2024-09-28 22:50:35 -04:00
Tom Alexander
470031251c Remove prettier.
Some checks failed
rust-test Build rust-test has started
Details
format Build format has started
Details
clippy Build clippy has failed
Details
2024-09-28 21:46:25 -04:00
Tom Alexander
ed1e1c08d0 Create PipelineRun in response to webhook triggers. 2024-09-28 21:40:00 -04:00
Tom Alexander
b8444344c4 Update PipelineRun to tekton v1 from v1beta.
Some checks failed
rust-test Build rust-test has failed
Details
format Build format has failed
Details
clippy Build clippy has failed
Details
2024-09-28 20:33:47 -04:00
Tom Alexander
d5902e3e7f Parse the pipeline templates. 2024-09-28 19:34:57 -04:00
Tom Alexander
6d3b9e9db8 Add pipelines and dockerfile. 2024-09-28 19:17:54 -04:00
Tom Alexander
5bd4862973 Find the workflow files. 2024-09-28 19:09:54 -04:00
Tom Alexander
66228f83f2 Fetch the in-repo config file from the remote repo. 2024-09-28 17:36:53 -04:00
Tom Alexander
c32a8650f5 Add parsing of the in-repo config file format. 2024-09-28 14:43:20 -04:00
34 changed files with 2530 additions and 266 deletions
Expand all files Collapse all files

4
.dockerignore Normal file
View File

@@ -0,0 +1,4 @@
**/.git
target/
docker/
.dockerignore

1
.gitignore vendored
View File

@@ -1 +1,2 @@
/target /target
TODO.org

222
.webhook_bridge/pipeline-build.yaml Normal file
View File

@@ -0,0 +1,222 @@
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
name: build
spec:
timeouts:
pipeline: "2h0m0s"
tasks: "1h0m0s"
finally: "0h30m0s"
taskRunTemplate:
serviceAccountName: build-bot
pipelineSpec:
params:
- name: image-name
description: The name for the built image
type: string
- name: path-to-image-context
description: The path to the build context
type: string
- name: path-to-dockerfile
description: The path to the Dockerfile
type: string
tasks:
- name: detect-tag
taskSpec:
metadata: {}
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: "$(workspaces.repo.path)"
results:
- name: tag
description: The tag to use for the docker container.
steps:
- image: alpine/git:v2.34.2
name: detect-tag-step
script: |
#!/usr/bin/env sh
set -euo pipefail
git fetch --tags
current_tag=$(git tag --points-at HEAD --list 'v*.*.*')
if [ -z "$current_tag" ]; then
echo "No tag at current commit"
exit 1
else
echo -n "${current_tag}" | tee $(results.tag.path)
fi
workspaces:
- name: repo
workspace: git-source
runAfter:
- fetch-repository
- name: report-pending
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has started"
- name: STATE
value: pending
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
- name: fetch-repository
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/git-clone/0.9/git-clone.yaml
workspaces:
- name: output
workspace: git-source
params:
- name: url
value: $(params.REPO_URL)
- name: revision
value: $(params.PULL_BASE_SHA)
- name: deleteExisting
value: "true"
- name: build-image
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/kaniko/0.6//kaniko.yaml
params:
- name: IMAGE
value: "$(params.image-name):$(tasks.detect-tag.results.tag)"
- name: CONTEXT
value: $(params.path-to-image-context)
- name: DOCKERFILE
value: $(params.path-to-dockerfile)
- name: BUILDER_IMAGE
value: "gcr.io/kaniko-project/executor:v1.12.1"
- name: EXTRA_ARGS
value:
- "--destination=$(params.image-name)" # Also write the :latest image
- --cache=true
- --cache-copy-layers
- --cache-repo=harbor.fizz.buzz/kanikocache/cache
- --use-new-run # Should result in a speed-up
- --reproducible # To remove timestamps so layer caching works.
- --snapshot-mode=redo
- --skip-unused-stages=true
- --registry-mirror=dockerhub.dockerhub.svc.cluster.local
workspaces:
- name: source
workspace: git-source
- name: dockerconfig
workspace: docker-credentials
runAfter:
- detect-tag
finally:
- name: report-success
when:
- input: "$(tasks.status)"
operator: in
values: ["Succeeded", "Completed"]
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has succeeded"
- name: STATE
value: success
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
- name: report-failure
when:
- input: "$(tasks.status)"
operator: in
values: ["Failed"]
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has failed"
- name: STATE
value: failure
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
workspaces:
- name: git-source
- name: docker-credentials
workspaces:
- name: git-source
volumeClaimTemplate:
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
subPath: rust-source
- name: docker-credentials
secret:
secretName: harbor-plain
params:
- name: image-name
value: "harbor.fizz.buzz/private/webhook-bridge"
- name: path-to-image-context
value: .
- name: path-to-dockerfile
value: docker/webhook_bridge/Dockerfile

299
.webhook_bridge/pipeline-format.yaml Normal file
View File

@@ -0,0 +1,299 @@
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
name: rust-format
spec:
timeouts:
pipeline: "2h0m0s"
tasks: "1h0m0s"
finally: "0h30m0s"
taskRunTemplate:
serviceAccountName: build-bot
pipelineSpec:
params:
- name: image-name
description: The name for the built image
type: string
- name: path-to-image-context
description: The path to the build context
type: string
- name: path-to-dockerfile
description: The path to the Dockerfile
type: string
tasks:
- name: report-pending
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has started"
- name: STATE
value: pending
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
- name: fetch-repository
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/git-clone/0.9/git-clone.yaml
workspaces:
- name: output
workspace: git-source
params:
- name: url
value: $(params.REPO_URL)
- name: revision
value: $(params.PULL_BASE_SHA)
- name: deleteExisting
value: "true"
- name: build-image
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/kaniko/0.6/kaniko.yaml
params:
- name: IMAGE
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
- name: CONTEXT
value: $(params.path-to-image-context)
- name: DOCKERFILE
value: $(params.path-to-dockerfile)
- name: BUILDER_IMAGE
value: "gcr.io/kaniko-project/executor:v1.12.1"
- name: EXTRA_ARGS
value:
- --cache=true
- --cache-copy-layers
- --cache-repo=harbor.fizz.buzz/kanikocache/cache
- --use-new-run # Should result in a speed-up
- --reproducible # To remove timestamps so layer caching works.
- --snapshot-mode=redo
- --skip-unused-stages=true
- --registry-mirror=dockerhub.dockerhub.svc.cluster.local
workspaces:
- name: source
workspace: git-source
- name: dockerconfig
workspace: docker-credentials
runAfter:
- fetch-repository
- name: run-cargo-fmt
taskSpec:
metadata: {}
params:
- name: docker-image
type: string
description: Docker image to run.
default: alpine:3.20
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: /workspace/source
workspaces:
- name: source
mountPath: /source
- name: cargo-cache
mountPath: /usr/local/cargo/registry
optional: true
steps:
- name: run
image: $(params.docker-image)
workingDir: "$(workspaces.source.path)"
command: ["cargo", "fmt"]
args: []
env:
- name: CARGO_TARGET_DIR
value: /target
workspaces:
- name: source
workspace: git-source
- name: cargo-cache
workspace: cargo-cache
runAfter:
- build-image
params:
- name: docker-image
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
- name: commit-changes
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/git-cli/0.4/git-cli.yaml
params:
- name: GIT_USER_NAME
value: fluxcdbot
- name: GIT_USER_EMAIL
value: "fluxcdbot@users.noreply.github.com"
- name: GIT_SCRIPT
value: |
pwd
git config --global --add safe.directory /workspace/source
git_status=$(git status --porcelain)
if [ -n "$git_status" ]; then
git commit -a -m "CI: autofix rust code."
git push origin HEAD:$(params.PULL_BASE_REF)
else
echo "No changes to commit."
fi
workspaces:
- name: source
workspace: git-source
runAfter:
- run-cargo-fmt
finally:
- name: report-success
when:
- input: "$(tasks.status)"
operator: in
values: ["Succeeded", "Completed"]
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has succeeded"
- name: STATE
value: success
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
- name: report-failure
when:
- input: "$(tasks.status)"
operator: in
values: ["Failed"]
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has failed"
- name: STATE
value: failure
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
- name: cargo-cache-autoclean
taskSpec:
metadata: {}
params:
- name: docker-image
type: string
description: Docker image to run.
default: alpine:3.20
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: /workspace/source
workspaces:
- name: source
mountPath: /source
- name: cargo-cache
mountPath: /usr/local/cargo/registry
optional: true
steps:
- name: run
image: $(params.docker-image)
workingDir: "$(workspaces.source.path)"
command: [cargo, cache, --autoclean]
args: []
workspaces:
- name: source
workspace: git-source
- name: cargo-cache
workspace: cargo-cache
params:
- name: docker-image
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
workspaces:
- name: git-source
- name: docker-credentials
- name: cargo-cache
workspaces:
- name: git-source
volumeClaimTemplate:
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
subPath: rust-source
- name: cargo-cache
persistentVolumeClaim:
claimName: webhook-bridge-cargo-cache-fmt
- name: docker-credentials
secret:
secretName: harbor-plain
params:
- name: image-name
value: "harbor.fizz.buzz/private/webhook-bridge-development"
- name: path-to-image-context
value: docker/webhook_bridge_development/
- name: path-to-dockerfile
value: docker/webhook_bridge_development/Dockerfile

278
.webhook_bridge/pipeline-rust-clippy.yaml Normal file
View File

@@ -0,0 +1,278 @@
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
name: rust-clippy
spec:
taskRunTemplate:
serviceAccountName: build-bot
timeouts:
pipeline: "2h0m0s"
tasks: "1h0m40s"
finally: "0h30m0s"
pipelineSpec:
params:
- name: image-name
description: The name for the built image
type: string
- name: path-to-image-context
description: The path to the build context
type: string
- name: path-to-dockerfile
description: The path to the Dockerfile
type: string
tasks:
- name: report-pending
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has started"
- name: STATE
value: pending
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
- name: fetch-repository
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/git-clone/0.9/git-clone.yaml
workspaces:
- name: output
workspace: git-source
params:
- name: url
value: $(params.REPO_URL)
- name: revision
value: $(params.PULL_BASE_SHA)
- name: deleteExisting
value: "true"
- name: build-image
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/kaniko/0.6/kaniko.yaml
params:
- name: IMAGE
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
- name: CONTEXT
value: $(params.path-to-image-context)
- name: DOCKERFILE
value: $(params.path-to-dockerfile)
- name: BUILDER_IMAGE
value: "gcr.io/kaniko-project/executor:v1.12.1"
- name: EXTRA_ARGS
value:
- --cache=true
- --cache-copy-layers
- --cache-repo=harbor.fizz.buzz/kanikocache/cache
- --use-new-run # Should result in a speed-up
- --reproducible # To remove timestamps so layer caching works.
- --snapshot-mode=redo
- --skip-unused-stages=true
- --registry-mirror=dockerhub.dockerhub.svc.cluster.local
workspaces:
- name: source
workspace: git-source
- name: dockerconfig
workspace: docker-credentials
runAfter:
- fetch-repository
- name: run-cargo-clippy
taskSpec:
metadata: {}
params:
- name: docker-image
type: string
description: Docker image to run.
default: alpine:3.20
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: /workspace/source
workspaces:
- name: source
mountPath: /source
- name: cargo-cache
mountPath: /usr/local/cargo/registry
optional: true
steps:
- name: run
image: $(params.docker-image)
workingDir: "$(workspaces.source.path)"
command:
[
"cargo",
"clippy",
"--no-deps",
"--all-targets",
"--all-features",
"--",
"-D",
"warnings",
]
args: []
env:
- name: CARGO_TARGET_DIR
value: /target
workspaces:
- name: source
workspace: git-source
- name: cargo-cache
workspace: cargo-cache
runAfter:
- build-image
params:
- name: docker-image
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
finally:
- name: report-success
when:
- input: "$(tasks.status)"
operator: in
values: ["Succeeded", "Completed"]
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has succeeded"
- name: STATE
value: success
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
- name: report-failure
when:
- input: "$(tasks.status)"
operator: in
values: ["Failed"]
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has failed"
- name: STATE
value: failure
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
- name: cargo-cache-autoclean
taskSpec:
metadata: {}
params:
- name: docker-image
type: string
description: Docker image to run.
default: alpine:3.20
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: /workspace/source
workspaces:
- name: source
mountPath: /source
- name: cargo-cache
mountPath: /usr/local/cargo/registry
optional: true
steps:
- name: run
image: $(params.docker-image)
workingDir: "$(workspaces.source.path)"
command: [cargo, cache, --autoclean]
args: []
workspaces:
- name: source
workspace: git-source
- name: cargo-cache
workspace: cargo-cache
params:
- name: docker-image
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
workspaces:
- name: git-source
- name: docker-credentials
- name: cargo-cache
workspaces:
- name: git-source
volumeClaimTemplate:
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
subPath: rust-source
- name: cargo-cache
persistentVolumeClaim:
claimName: webhook-bridge-cargo-cache-clippy
- name: docker-credentials
secret:
secretName: harbor-plain
params:
- name: image-name
value: "harbor.fizz.buzz/private/webhook-bridge-development"
- name: path-to-image-context
value: docker/webhook_bridge_development/
- name: path-to-dockerfile
value: docker/webhook_bridge_development/Dockerfile

268
.webhook_bridge/pipeline-rust-test.yaml Normal file
View File

@@ -0,0 +1,268 @@
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
name: rust-test
spec:
timeouts:
pipeline: "2h0m0s"
tasks: "1h0m40s"
finally: "0h30m0s"
taskRunTemplate:
serviceAccountName: build-bot
pipelineSpec:
params:
- name: image-name
description: The name for the built image
type: string
- name: path-to-image-context
description: The path to the build context
type: string
- name: path-to-dockerfile
description: The path to the Dockerfile
type: string
tasks:
- name: report-pending
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has started"
- name: STATE
value: pending
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
- name: fetch-repository
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/git-clone/0.9/git-clone.yaml
workspaces:
- name: output
workspace: git-source
params:
- name: url
value: $(params.REPO_URL)
- name: revision
value: $(params.PULL_BASE_SHA)
- name: deleteExisting
value: "true"
- name: build-image
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/kaniko/0.6//kaniko.yaml
params:
- name: IMAGE
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
- name: CONTEXT
value: $(params.path-to-image-context)
- name: DOCKERFILE
value: $(params.path-to-dockerfile)
- name: BUILDER_IMAGE
value: "gcr.io/kaniko-project/executor:v1.12.1"
- name: EXTRA_ARGS
value:
- --cache=true
- --cache-copy-layers
- --cache-repo=harbor.fizz.buzz/kanikocache/cache
- --use-new-run # Should result in a speed-up
- --reproducible # To remove timestamps so layer caching works.
- --snapshot-mode=redo
- --skip-unused-stages=true
- --registry-mirror=dockerhub.dockerhub.svc.cluster.local
workspaces:
- name: source
workspace: git-source
- name: dockerconfig
workspace: docker-credentials
runAfter:
- fetch-repository
- name: run-cargo-test
taskSpec:
metadata: {}
params:
- name: docker-image
type: string
description: Docker image to run.
default: alpine:3.20
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: /workspace/source
workspaces:
- name: source
mountPath: /source
- name: cargo-cache
mountPath: /usr/local/cargo/registry
optional: true
steps:
- name: run
image: $(params.docker-image)
workingDir: "$(workspaces.source.path)"
command: [cargo, test, --no-fail-fast]
args: []
env:
- name: CARGO_TARGET_DIR
value: /target
workspaces:
- name: source
workspace: git-source
- name: cargo-cache
workspace: cargo-cache
runAfter:
- build-image
params:
- name: docker-image
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
finally:
- name: report-success
when:
- input: "$(tasks.status)"
operator: in
values: ["Succeeded", "Completed"]
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has succeeded"
- name: STATE
value: success
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
- name: report-failure
when:
- input: "$(tasks.status)"
operator: in
values: ["Failed"]
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has failed"
- name: STATE
value: failure
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
- name: cargo-cache-autoclean
taskSpec:
metadata: {}
params:
- name: docker-image
type: string
description: Docker image to run.
default: alpine:3.20
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: /workspace/source
workspaces:
- name: source
mountPath: /source
- name: cargo-cache
mountPath: /usr/local/cargo/registry
optional: true
steps:
- name: run
image: $(params.docker-image)
workingDir: "$(workspaces.source.path)"
command: [cargo, cache, --autoclean]
args: []
workspaces:
- name: source
workspace: git-source
- name: cargo-cache
workspace: cargo-cache
params:
- name: docker-image
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
workspaces:
- name: git-source
- name: docker-credentials
- name: cargo-cache
workspaces:
- name: git-source
volumeClaimTemplate:
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
subPath: rust-source
- name: cargo-cache
persistentVolumeClaim:
claimName: webhook-bridge-cargo-cache-test
- name: docker-credentials
secret:
secretName: harbor-plain
params:
- name: image-name
value: "harbor.fizz.buzz/private/webhook-bridge-development"
- name: path-to-image-context
value: docker/webhook_bridge_development/
- name: path-to-dockerfile
value: docker/webhook_bridge_development/Dockerfile

189
.webhook_bridge/pipeline-semver.yaml Normal file
View File

@@ -0,0 +1,189 @@
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
name: semver
spec:
timeouts:
pipeline: "2h0m0s"
tasks: "1h0m0s"
finally: "0h30m0s"
taskRunTemplate:
serviceAccountName: build-bot
pipelineSpec:
params:
- name: REPO_OWNER
description: Owner of the repo on gitea
type: string
- name: REPO_NAME
description: Name of the repo on gitea
type: string
- name: PULL_BASE_SHA
description: The commit sha
type: string
- name: JOB_NAME
description: The name of the job to report to gitea
type: string
tasks:
- name: calculate-tag
runAfter:
- report-pending
workspaces:
- name: source
workspace: git-source
taskSpec:
metadata: {}
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: /workspace/source
results:
- name: tag
description: The tag to use for the docker container
steps:
- image: alpine/git:2.43.0
name: calculate-tag
script: |
#!/usr/bin/env sh
set -euo pipefail
git config --global --add safe.directory $(workspaces.source.path)
git fetch --tags
current_tag=$(git tag --points-at HEAD --list 'v*.*.*')
if [ -z "$current_tag" ]; then
prev_tag=$(git tag --list 'v*.*.*' | sort -V -r | head -n 1)
if [ -n "$prev_tag" ]; then
last_bit=$(echo "$prev_tag" | cut -d '.' -f 3)
incremented=$((last_bit + 1))
prefix=$(echo "$prev_tag" | grep -oE 'v[0-9]*\.[0-9]*\.')
final_tag="${prefix}${incremented}"
else
final_tag="v0.0.1"
fi
echo -n "${final_tag}" | tee $(results.tag.path)
git tag "${final_tag}"
git push origin "${final_tag}"
else
echo -n "${current_tag}" | tee $(results.tag.path)
fi
- name: report-pending
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has started"
- name: STATE
value: pending
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
- name: fetch-repository
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/git-clone/0.9/git-clone.yaml
workspaces:
- name: output
workspace: git-source
params:
- name: url
value: $(params.REPO_URL)
- name: revision
value: $(params.PULL_BASE_SHA)
- name: deleteExisting
value: "true"
finally:
- name: report-success
when:
- input: "$(tasks.status)"
operator: in
values: ["Succeeded", "Completed"]
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has succeeded"
- name: STATE
value: success
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
- name: report-failure
when:
- input: "$(tasks.status)"
operator: in
values: ["Failed"]
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
- name: REPO_FULL_NAME
value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
- name: GITEA_HOST_URL
value: code.fizz.buzz
- name: SHA
value: "$(tasks.fetch-repository.results.commit)"
- name: DESCRIPTION
value: "Build $(params.JOB_NAME) has failed"
- name: STATE
value: failure
- name: TARGET_URL
value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
workspaces:
- name: git-source
workspaces:
- name: git-source
volumeClaimTemplate:
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
subPath: source
params: []

31
.webhook_bridge/webhook_bridge.toml Normal file
View File

@@ -0,0 +1,31 @@
version = "0.0.1"
[[push]]
name = "rust-test"
source = "pipeline-rust-test.yaml"
clone_uri = "git@code.fizz.buzz:talexander/webhook_bridge.git"
skip_branches = [ "^v[0-9]+\\.[0-9]+\\.[0-9]+$" ]
[[push]]
name = "clippy"
source = "pipeline-rust-clippy.yaml"
clone_uri = "git@code.fizz.buzz:talexander/webhook_bridge.git"
skip_branches = [ "^v[0-9]+\\.[0-9]+\\.[0-9]+$" ]
[[push]]
name = "format"
source = "pipeline-format.yaml"
clone_uri = "git@code.fizz.buzz:talexander/webhook_bridge.git"
skip_branches = [ "^v[0-9]+\\.[0-9]+\\.[0-9]+$" ]
[[push]]
name = "semver"
source = "pipeline-semver.yaml"
clone_uri = "git@code.fizz.buzz:talexander/webhook_bridge.git"
branches = [ "^main$", "^master$" ]
[[push]]
name = "build"
source = "pipeline-build.yaml"
clone_uri = "git@code.fizz.buzz:talexander/webhook_bridge.git"
branches = [ "^v[0-9]+\\.[0-9]+\\.[0-9]+$" ]

63
Cargo.lock generated
View File

@@ -805,9 +805,9 @@ dependencies = [
[[package]] [[package]]
name = "indexmap" name = "indexmap"
version = "2.2.6" version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" checksum = "68b900aa2f7301e21c36462b170ee99994de34dff39a4a6a528e80e7376d07e5"
dependencies = [ dependencies = [
"equivalent", "equivalent",
"hashbrown", "hashbrown",
@@ -1397,9 +1397,9 @@ dependencies = [
[[package]] [[package]]
name = "regex" name = "regex"
version = "1.10.5" version = "1.10.6"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f" checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619"
dependencies = [ dependencies = [
"aho-corasick", "aho-corasick",
"memchr", "memchr",
@@ -1717,6 +1717,15 @@ dependencies = [
"serde", "serde",
] ]
[[package]]
name = "serde_spanned"
version = "0.6.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "87607cb1398ed59d48732e575a4c28a7a8ebf2454b964fe3f224f2afc07909e1"
dependencies = [
"serde",
]
[[package]] [[package]]
name = "serde_urlencoded" name = "serde_urlencoded"
version = "0.7.1" version = "0.7.1"
@@ -2001,6 +2010,40 @@ dependencies = [
"tokio", "tokio",
] ]
[[package]]
name = "toml"
version = "0.8.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a1ed1f98e3fdc28d6d910e6737ae6ab1a93bf1985935a1193e68f93eeb68d24e"
dependencies = [
"serde",
"serde_spanned",
"toml_datetime",
"toml_edit",
]
[[package]]
name = "toml_datetime"
version = "0.6.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41"
dependencies = [
"serde",
]
[[package]]
name = "toml_edit"
version = "0.22.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4ae48d6208a266e853d946088ed816055e556cc6028c5e8e2b84d9fa5dd7c7f5"
dependencies = [
"indexmap",
"serde",
"serde_spanned",
"toml_datetime",
"winnow",
]
[[package]] [[package]]
name = "tower" name = "tower"
version = "0.4.13" version = "0.4.13"
@@ -2293,12 +2336,15 @@ dependencies = [
"http-body-util", "http-body-util",
"k8s-openapi", "k8s-openapi",
"kube", "kube",
"regex",
"reqwest", "reqwest",
"schemars", "schemars",
"serde", "serde",
"serde_json", "serde_json",
"serde_yaml",
"sha2", "sha2",
"tokio", "tokio",
"toml",
"tower-http", "tower-http",
"tracing", "tracing",
"tracing-subscriber", "tracing-subscriber",
@@ -2465,6 +2511,15 @@ version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
[[package]]
name = "winnow"
version = "0.6.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "36c1fec1a2bb5866f07c25f68c26e565c4c200aebb96d7e55710c19d3e8ac49b"
dependencies = [
"memchr",
]
[[package]] [[package]]
name = "winreg" name = "winreg"
version = "0.52.0" version = "0.52.0"

35
Cargo.toml
View File

@@ -1,3 +1,5 @@
cargo-features = ["codegen-backend"]
[package] [package]
name = "webhook_bridge" name = "webhook_bridge"
version = "0.0.1" version = "0.0.1"
@@ -17,29 +19,52 @@ include = [
"Cargo.lock" "Cargo.lock"
] ]
[lib]
name = "webhookbridge"
path = "src/lib.rs"
[[bin]]
name = "webhook_bridge"
path = "src/main.rs"
[[bin]]
# This bin exists for development purposes only. The real target of this crate is the webhook_bridge server binary.
name = "local_trigger"
path = "src/bin_local_trigger.rs"
required-features = ["local_trigger"]
[features]
default = ["local_trigger"]
local_trigger = []
[dependencies] [dependencies]
# default form, http1, json, matched-path, original-uri, query, tokio, tower-log, tracing
axum = { version = "0.7.5", default-features = false, features = ["tokio", "http1", "http2", "json"] } axum = { version = "0.7.5", default-features = false, features = ["tokio", "http1", "http2", "json"] }
base64 = "0.22.1" base64 = "0.22.1"
hmac = "0.12.1" hmac = "0.12.1"
http-body-util = "0.1.2" http-body-util = "0.1.2"
k8s-openapi = { version = "0.22.0", default-features = false, features = ["v1_30"] } k8s-openapi = { version = "0.22.0", default-features = false, features = ["v1_30"] }
# default client, config, rustls-tls
kube = { version = "0.92.1", default-features = false, features = ["client", "config", "rustls-tls", "derive", "runtime"] } kube = { version = "0.92.1", default-features = false, features = ["client", "config", "rustls-tls", "derive", "runtime"] }
regex = "1.10.6"
reqwest = "0.12.5" reqwest = "0.12.5"
schemars = "0.8.21" schemars = "0.8.21"
serde = { version = "1.0.204", features = ["derive"] } serde = { version = "1.0.204", features = ["derive"] }
# default std
serde_json = { version = "1.0.120", default-features = false, features = ["std"] } serde_json = { version = "1.0.120", default-features = false, features = ["std"] }
serde_yaml = "0.9.34"
sha2 = "0.10.8" sha2 = "0.10.8"
tokio = { version = "1.38.0", default-features = false, features = ["macros", "process", "rt-multi-thread", "signal"] } tokio = { version = "1.38.0", default-features = false, features = ["macros", "process", "rt-multi-thread", "signal"] }
toml = { version = "0.8.19", default-features = false, features = ["display", "parse"] }
tower-http = { version = "0.5.2", default-features = false, features = ["trace", "timeout"] } tower-http = { version = "0.5.2", default-features = false, features = ["trace", "timeout"] }
# default attributes, std, tracing-attributes
tracing = { version = "0.1.40", default-features = false, features = ["attributes", "std", "tracing-attributes", "async-await"] } tracing = { version = "0.1.40", default-features = false, features = ["attributes", "std", "tracing-attributes", "async-await"] }
# default alloc, ansi, fmt, nu-ansi-term, registry, sharded-slab, smallvec, std, thread_local, tracing-log
tracing-subscriber = { version = "0.3.18", default-features = false, features = ["alloc", "ansi", "fmt", "nu-ansi-term", "registry", "sharded-slab", "smallvec", "std", "thread_local", "tracing-log", "env-filter"] } tracing-subscriber = { version = "0.3.18", default-features = false, features = ["alloc", "ansi", "fmt", "nu-ansi-term", "registry", "sharded-slab", "smallvec", "std", "thread_local", "tracing-log", "env-filter"] }
[profile.release-lto] [profile.release-lto]
inherits = "release" inherits = "release"
lto = true lto = true
strip = "symbols" strip = "symbols"
[profile.dev]
codegen-backend = "cranelift"
[profile.dev.package."*"]
codegen-backend = "llvm"
opt-level = 3

35
Makefile Normal file
View File

@@ -0,0 +1,35 @@
SHELL := bash
.ONESHELL:
.SHELLFLAGS := -eu -o pipefail -c
.DELETE_ON_ERROR:
MAKEFLAGS += --warn-undefined-variables
MAKEFLAGS += --no-builtin-rules
OS:=$(shell uname -s)
ifeq ($(origin .RECIPEPREFIX), undefined)
$(error This Make does not support .RECIPEPREFIX. Please use GNU Make 4.0 or later)
endif
.RECIPEPREFIX = >
.PHONY: help
help:
> @grep -h "##" $(MAKEFILE_LIST) | grep -v grep | sed -E 's/^([^:]*): *## */\1: /'
.PHONY: test
test: ## Run the rust tests
> $(MAKE) -C docker/webhook_bridge_development build
> docker run --rm -i -t --mount type=tmpfs,destination=/tmp -v "$(shell readlink -f .):/source" --workdir=/source --env CARGO_TARGET_DIR=/target -v "webhook-bridge-cargo-registry:/usr/local/cargo/registry" -v "webhook-bridge-rust-target:/target" webhook-bridge-development cargo test
.PHONY: clippy
clippy: ## Run static analysis of the code.
> $(MAKE) -C docker/webhook_bridge_development build
> docker run --rm -i -t --mount type=tmpfs,destination=/tmp -v "$(shell readlink -f .):/source" --workdir=/source --env CARGO_TARGET_DIR=/target -v "webhook-bridge-cargo-registry:/usr/local/cargo/registry" -v "webhook-bridge-rust-target:/target" webhook-bridge-development cargo clippy --no-deps --all-targets --all-features -- -D warnings
.PHONY: format
format: ## Auto-format source files.
> $(MAKE) -C docker/webhook_bridge_development build
> docker run --rm -i -t --mount type=tmpfs,destination=/tmp -v "$(shell readlink -f .):/source" --workdir=/source --env CARGO_TARGET_DIR=/target -v "webhook-bridge-cargo-registry:/usr/local/cargo/registry" -v "webhook-bridge-rust-target:/target" webhook-bridge-development cargo fmt
.PHONY: clean
clean:
> $(MAKE) -C docker/webhook_bridge_development clean

15
docker/webhook_bridge/Dockerfile Normal file
View File

@@ -0,0 +1,15 @@
FROM rustlang/rust:nightly-alpine3.20 AS builder
RUN apk add --no-cache musl-dev pkgconfig libressl-dev
RUN mkdir /source
WORKDIR /source
COPY . .
# TODO: Add static build, which currently errors due to proc_macro. RUSTFLAGS="-C target-feature=+crt-static"
RUN CARGO_TARGET_DIR=/target cargo build --profile release-lto --bin webhook_bridge
FROM alpine:3.20 AS runner
COPY --from=builder /target/release-lto/webhook_bridge /usr/bin/
ENTRYPOINT ["/usr/bin/webhook_bridge"]

31
docker/webhook_bridge/Makefile Normal file
View File

@@ -0,0 +1,31 @@
SHELL := bash
.ONESHELL:
.SHELLFLAGS := -eu -o pipefail -c
.DELETE_ON_ERROR:
MAKEFLAGS += --warn-undefined-variables
MAKEFLAGS += --no-builtin-rules
ifeq ($(origin .RECIPEPREFIX), undefined)
$(error This Make does not support .RECIPEPREFIX. Please use GNU Make 4.0 or later)
endif
.RECIPEPREFIX = >
IMAGE_NAME:=webhook-bridge
TARGET :=
.PHONY: help
help:
> @grep -h "##" $(MAKEFILE_LIST) | grep -v grep | sed -E 's/^([^:]*): *## */\1: /'
.PHONY: build
build: ## Build the docker image.
> docker build --tag $(IMAGE_NAME) --target=$(TARGET) --file Dockerfile ../../
.PHONY: shell
shell: ## Launch an interactive shell inside the docker image with the source repository mounted at /source.
shell: build
> docker run --rm -i -t --entrypoint /bin/sh --mount type=tmpfs,destination=/tmp $(IMAGE_NAME)
.PHONY: clean
clean:
> docker rmi $(IMAGE_NAME)

6
docker/webhook_bridge_development/Dockerfile Normal file
View File

@@ -0,0 +1,6 @@
FROM rustlang/rust:nightly-alpine3.20 AS builder
RUN apk add --no-cache musl-dev pkgconfig libressl3.8-libssl libressl-dev
RUN cargo install --locked --no-default-features --features ci-autoclean cargo-cache
RUN rustup component add rustfmt
RUN rustup component add clippy

35
docker/webhook_bridge_development/Makefile Normal file
View File

@@ -0,0 +1,35 @@
SHELL := bash
.ONESHELL:
.SHELLFLAGS := -eu -o pipefail -c
.DELETE_ON_ERROR:
MAKEFLAGS += --warn-undefined-variables
MAKEFLAGS += --no-builtin-rules
ifeq ($(origin .RECIPEPREFIX), undefined)
$(error This Make does not support .RECIPEPREFIX. Please use GNU Make 4.0 or later)
endif
.RECIPEPREFIX = >
IMAGE_NAME:=webhook-bridge-development
TARGET :=
.PHONY: help
help:
> @grep -h "##" $(MAKEFILE_LIST) | grep -v grep | sed -E 's/^([^:]*): *## */\1: /'
.PHONY: build
build: ## Build the docker image.
> docker build --tag $(IMAGE_NAME) --target=$(TARGET) --file Dockerfile .
> docker volume create webhook-bridge-cargo-registry
> docker volume create webhook-bridge-rust-target
.PHONY: shell
shell: ## Launch an interactive shell inside the docker image with the source repository mounted at /source.
shell: build
> docker run --rm -i -t --entrypoint /bin/sh --mount type=tmpfs,destination=/tmp -v "$$(readlink -f ../../):/source" --workdir=/source --env CARGO_TARGET_DIR=/target -v "webhook-bridge-cargo-registry:/usr/local/cargo/registry" $(IMAGE_NAME)
.PHONY: clean
clean:
> docker rmi $(IMAGE_NAME)
> docker volume rm webhook-bridge-cargo-registry
> docker volume rm webhook-bridge-rust-target

70
example_pipeline_run.json
View File

@@ -1,70 +0,0 @@
{
"apiVersion": "tekton.dev/v1",
"kind": "PipelineRun",
"metadata": {
"name": "minimal-test",
"namespace": "lighthouse"
},
"spec": {
"pipelineSpec": {
"tasks": [
{
"name": "echo-variable",
"taskSpec": {
"metadata": {},
"stepTemplate": {
"image": "alpine:3.18",
"computeResources": {
"requests": {
"cpu": "10m",
"memory": "600Mi"
}
}
},
"steps": [
{
"image": "alpine:3.18",
"script": "#!/usr/bin/env sh\necho \"The variable: $(params.LOREM)\"\n"
}
]
},
"params": [
{
"name": "LOREM",
"value": "$(tasks.set-variable.results.ipsum)"
}
]
},
{
"name": "set-variable",
"taskSpec": {
"metadata": {},
"stepTemplate": {
"image": "alpine:3.18",
"computeResources": {
"requests": {
"cpu": "10m",
"memory": "600Mi"
}
}
},
"results": [
{
"name": "ipsum"
}
],
"steps": [
{
"image": "alpine:3.18",
"script": "#!/usr/bin/env sh\necho -n \"dolar\" > \"$(results.ipsum.path)\"\n"
}
]
}
}
]
},
"timeouts": {
"pipeline": "240h0m0s"
}
}
}

43
example_pipeline_run.yaml
View File

@@ -1,43 +0,0 @@
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
name: minimal-test
namespace: lighthouse
spec:
pipelineSpec:
tasks:
- name: echo-variable
taskSpec:
metadata: {}
stepTemplate:
image: alpine:3.18
computeResources:
requests:
cpu: 10m
memory: 600Mi
steps:
- image: alpine:3.18
script: |
#!/usr/bin/env sh
echo "The variable: $(params.LOREM)"
params:
- name: LOREM
value: $(tasks.set-variable.results.ipsum)
- name: set-variable
taskSpec:
metadata: {}
stepTemplate:
image: alpine:3.18
computeResources:
requests:
cpu: 10m
memory: 600Mi
results:
- name: ipsum
steps:
- image: alpine:3.18
script: |
#!/usr/bin/env sh
echo -n "dolar" > "$(results.ipsum.path)"
timeouts:
pipeline: 240h0m0s

165
example_tag_webhook_payload.json Normal file
View File

@@ -0,0 +1,165 @@
{
"ref": "refs/tags/v0.0.2",
"before": "0000000000000000000000000000000000000000",
"after": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/0000000000000000000000000000000000000000...84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"commits": [],
"total_commits": 0,
"head_commit": {
"id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"message": "Add a pipeline to build the server image.\n",
"url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"author": {
"name": "Tom Alexander",
"email": "tom@fizz.buzz",
"username": ""
},
"committer": {
"name": "Tom Alexander",
"email": "tom@fizz.buzz",
"username": ""
},
"verification": null,
"timestamp": "2024-09-29T00:19:22-04:00",
"added": [
".webhook_bridge/pipeline-build.yaml"
],
"removed": [],
"modified": [
".webhook_bridge/webhook_bridge.toml"
]
},
"repository": {
"id": 21,
"owner": {
"id": 1,
"login": "talexander",
"login_name": "",
"full_name": "",
"email": "gitea@local.domain",
"avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",
"created": "2023-07-05T22:03:28Z",
"restricted": false,
"active": false,
"prohibit_login": false,
"location": "",
"website": "",
"description": "",
"visibility": "public",
"followers_count": 0,
"following_count": 0,
"starred_repos_count": 0,
"username": "talexander"
},
"name": "webhook_bridge",
"full_name": "talexander/webhook_bridge",
"description": "A server that receives webhooks from gitea and fires off Tekton jobs in response.",
"empty": false,
"private": false,
"fork": false,
"template": false,
"parent": null,
"mirror": false,
"size": 346,
"language": "",
"languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages",
"html_url": "https://code.fizz.buzz/talexander/webhook_bridge",
"url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge",
"link": "",
"ssh_url": "git@code.fizz.buzz:talexander/webhook_bridge.git",
"clone_url": "https://code.fizz.buzz/talexander/webhook_bridge.git",
"original_url": "",
"website": "",
"stars_count": 0,
"forks_count": 0,
"watchers_count": 1,
"open_issues_count": 0,
"open_pr_counter": 0,
"release_counter": 0,
"default_branch": "main",
"archived": false,
"created_at": "2024-07-14T18:48:52Z",
"updated_at": "2024-09-29T04:25:36Z",
"archived_at": "1970-01-01T00:00:00Z",
"permissions": {
"admin": true,
"push": true,
"pull": true
},
"has_issues": true,
"internal_tracker": {
"enable_time_tracker": true,
"allow_only_contributors_to_track_time": true,
"enable_issue_dependencies": true
},
"has_wiki": true,
"has_pull_requests": true,
"has_projects": true,
"has_releases": true,
"has_packages": true,
"has_actions": false,
"ignore_whitespace_conflicts": false,
"allow_merge_commits": true,
"allow_rebase": true,
"allow_rebase_explicit": true,
"allow_squash_merge": true,
"allow_rebase_update": true,
"default_delete_branch_after_merge": false,
"default_merge_style": "merge",
"default_allow_maintainer_edit": false,
"avatar_url": "",
"internal": false,
"mirror_interval": "",
"mirror_updated": "0001-01-01T00:00:00Z",
"repo_transfer": null
},
"pusher": {
"id": 2,
"login": "build-bot",
"login_name": "",
"full_name": "",
"email": "build-bot@noreply.code.fizz.buzz",
"avatar_url": "https://secure.gravatar.com/avatar/e39ef2faba8a3dfb3dcb4d8275a532d4?d=identicon",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",
"created": "2023-07-09T04:25:44Z",
"restricted": false,
"active": false,
"prohibit_login": false,
"location": "",
"website": "",
"description": "",
"visibility": "private",
"followers_count": 0,
"following_count": 0,
"starred_repos_count": 0,
"username": "build-bot"
},
"sender": {
"id": 2,
"login": "build-bot",
"login_name": "",
"full_name": "",
"email": "build-bot@noreply.code.fizz.buzz",
"avatar_url": "https://secure.gravatar.com/avatar/e39ef2faba8a3dfb3dcb4d8275a532d4?d=identicon",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",
"created": "2023-07-09T04:25:44Z",
"restricted": false,
"active": false,
"prohibit_login": false,
"location": "",
"website": "",
"description": "",
"visibility": "private",
"followers_count": 0,
"following_count": 0,
"starred_repos_count": 0,
"username": "build-bot"
}
}

190
example_webhook_payload.json Normal file
View File

@@ -0,0 +1,190 @@
{
"ref": "refs/heads/main",
"before": "a2aca6d2f1c85b5d4bef1349230fdaef1683622d",
"after": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/a2aca6d2f1c85b5d4bef1349230fdaef1683622d...84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"commits": [
{
"id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"message": "Add a pipeline to build the server image.\n",
"url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"author": {
"name": "Tom Alexander",
"email": "tom@fizz.buzz",
"username": ""
},
"committer": {
"name": "Tom Alexander",
"email": "tom@fizz.buzz",
"username": ""
},
"verification": null,
"timestamp": "2024-09-29T00:19:22-04:00",
"added": [
".webhook_bridge/pipeline-build.yaml"
],
"removed": [],
"modified": [
".webhook_bridge/webhook_bridge.toml"
]
}
],
"total_commits": 1,
"head_commit": {
"id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"message": "Add a pipeline to build the server image.\n",
"url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"author": {
"name": "Tom Alexander",
"email": "tom@fizz.buzz",
"username": ""
},
"committer": {
"name": "Tom Alexander",
"email": "tom@fizz.buzz",
"username": ""
},
"verification": null,
"timestamp": "2024-09-29T00:19:22-04:00",
"added": [
".webhook_bridge/pipeline-build.yaml"
],
"removed": [],
"modified": [
".webhook_bridge/webhook_bridge.toml"
]
},
"repository": {
"id": 21,
"owner": {
"id": 1,
"login": "talexander",
"login_name": "",
"full_name": "",
"email": "gitea@local.domain",
"avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",
"created": "2023-07-05T22:03:28Z",
"restricted": false,
"active": false,
"prohibit_login": false,
"location": "",
"website": "",
"description": "",
"visibility": "public",
"followers_count": 0,
"following_count": 0,
"starred_repos_count": 0,
"username": "talexander"
},
"name": "webhook_bridge",
"full_name": "talexander/webhook_bridge",
"description": "A server that receives webhooks from gitea and fires off Tekton jobs in response.",
"empty": false,
"private": false,
"fork": false,
"template": false,
"parent": null,
"mirror": false,
"size": 343,
"language": "",
"languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages",
"html_url": "https://code.fizz.buzz/talexander/webhook_bridge",
"url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge",
"link": "",
"ssh_url": "git@code.fizz.buzz:talexander/webhook_bridge.git",
"clone_url": "https://code.fizz.buzz/talexander/webhook_bridge.git",
"original_url": "",
"website": "",
"stars_count": 0,
"forks_count": 0,
"watchers_count": 1,
"open_issues_count": 0,
"open_pr_counter": 0,
"release_counter": 0,
"default_branch": "main",
"archived": false,
"created_at": "2024-07-14T18:48:52Z",
"updated_at": "2024-09-29T04:14:47Z",
"archived_at": "1970-01-01T00:00:00Z",
"permissions": {
"admin": true,
"push": true,
"pull": true
},
"has_issues": true,
"internal_tracker": {
"enable_time_tracker": true,
"allow_only_contributors_to_track_time": true,
"enable_issue_dependencies": true
},
"has_wiki": true,
"has_pull_requests": true,
"has_projects": true,
"has_releases": true,
"has_packages": true,
"has_actions": false,
"ignore_whitespace_conflicts": false,
"allow_merge_commits": true,
"allow_rebase": true,
"allow_rebase_explicit": true,
"allow_squash_merge": true,
"allow_rebase_update": true,
"default_delete_branch_after_merge": false,
"default_merge_style": "merge",
"default_allow_maintainer_edit": false,
"avatar_url": "",
"internal": false,
"mirror_interval": "",
"mirror_updated": "0001-01-01T00:00:00Z",
"repo_transfer": null
},
"pusher": {
"id": 1,
"login": "talexander",
"login_name": "",
"full_name": "",
"email": "talexander@noreply.code.fizz.buzz",
"avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",
"created": "2023-07-05T22:03:28Z",
"restricted": false,
"active": false,
"prohibit_login": false,
"location": "",
"website": "",
"description": "",
"visibility": "public",
"followers_count": 0,
"following_count": 0,
"starred_repos_count": 0,
"username": "talexander"
},
"sender": {
"id": 1,
"login": "talexander",
"login_name": "",
"full_name": "",
"email": "talexander@noreply.code.fizz.buzz",
"avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",
"created": "2023-07-05T22:03:28Z",
"restricted": false,
"active": false,
"prohibit_login": false,
"location": "",
"website": "",
"description": "",
"visibility": "public",
"followers_count": 0,
"following_count": 0,
"starred_repos_count": 0,
"username": "talexander"
}
}

7
list_files_curl.bash Executable file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
curl -vv -H "Authorization: token $(cat /bridge/git/mrmanager/k8s/webhook-bridge/secrets/webhook-bridge/webhook-bridge/OAUTH_TOKEN)" 'https://code.fizz.buzz/api/v1/repos/talexander/organic/git/trees/841a348dd02f31ee8828f069b2a948712369069d?recursive=true&per_page=10&page=60'

7
run.bash Executable file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
RUST_LOG=webhook_bridge=DEBUG WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" WEBHOOK_BRIDGE_HMAC_SECRET=$(cat /bridge/git/mrmanager/k8s/webhook-bridge/secrets/webhook-bridge/webhook-bridge/HMAC_TOKEN) WEBHOOK_BRIDGE_OAUTH_TOKEN=$(cat /bridge/git/mrmanager/k8s/webhook-bridge/secrets/webhook-bridge/webhook-bridge/OAUTH_TOKEN) cargo run

14
rustfmt.toml Normal file
View File

@@ -0,0 +1,14 @@
imports_granularity = "Item"
group_imports = "StdExternalCrate"
# In rustfmt 2.0 I will want to adjust these settings.
#
# max_width controls the max length of a line before rustfmt gives up
# but that also scales the length of a bunch of other lines
# automaticaly due to width_heuristics. I want to find a way to enable
# rustfmt to work on longer lines when necessary without making my
# regular code too wide.
#
# max_width = 100
# error_on_line_overflow = true
# width_heuristics = "Off"

9
src/app_state.rs Normal file
View File

@@ -0,0 +1,9 @@
use kube::Client;
use crate::gitea_client::GiteaClient;
#[derive(Clone)]
pub(crate) struct AppState {
pub(crate) kubernetes_client: Client,
pub(crate) gitea: GiteaClient,
}

12
src/bin_local_trigger.rs Normal file
View File

@@ -0,0 +1,12 @@
#![forbid(unsafe_code)]
use webhookbridge::init_tracing;
use webhookbridge::local_trigger;
const EXAMPLE_WEBHOOK_PAYLOAD: &str = include_str!("../example_tag_webhook_payload.json");
#[tokio::main]
#[allow(clippy::needless_return)]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
init_tracing().await?;
local_trigger(EXAMPLE_WEBHOOK_PAYLOAD).await
}

37
src/crd_pipeline_run.rs
View File

@@ -14,11 +14,40 @@ use serde_json::Value;
plural = "pipelineruns" plural = "pipelineruns"
)] )]
#[kube(namespaced)] #[kube(namespaced)]
pub struct PipelineRunSpec { #[serde(deny_unknown_fields)]
pub(crate) struct PipelineRunSpec {
/// Contents of the Pipeline /// Contents of the Pipeline
#[serde(default, skip_serializing_if = "Option::is_none")] #[serde(
pub pipelineSpec: Option<Value>, rename = "pipelineSpec",
default,
skip_serializing_if = "Option::is_none"
)]
pub(crate) pipeline_spec: Option<Value>,
#[serde(default, skip_serializing_if = "Option::is_none")] #[serde(default, skip_serializing_if = "Option::is_none")]
pub timeouts: Option<Value>, pub(crate) timeouts: Option<Value>,
#[serde(
rename = "taskRunTemplate",
default,
skip_serializing_if = "Option::is_none"
)]
pub(crate) task_run_template: Option<Value>,
#[serde(default, skip_serializing_if = "Option::is_none")]
pub(crate) workspaces: Option<Value>,
#[serde(default, skip_serializing_if = "Option::is_none")]
pub(crate) params: Option<Vec<PipelineParam>>,
}
#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)]
#[serde(deny_unknown_fields)]
pub(crate) struct PipelineParam {
/// Contents of the Pipeline
#[serde(default, skip_serializing_if = "Option::is_none")]
pub(crate) name: Option<String>,
#[serde(default, skip_serializing_if = "Option::is_none")]
pub(crate) value: Option<Value>,
} }

105
src/discovery.rs Normal file
View File

@@ -0,0 +1,105 @@
use std::path::Path;
use std::path::PathBuf;
use regex::Regex;
use tracing::debug;
use crate::crd_pipeline_run::PipelineRun;
use crate::gitea_client::GiteaClient;
use crate::gitea_client::Tree;
use crate::remote_config::RemoteConfig;
pub(crate) async fn discover_webhook_bridge_config(
gitea: &GiteaClient,
repo_tree: &Tree,
) -> Result<RemoteConfig, Box<dyn std::error::Error>> {
let remote_config_reference = repo_tree
.files
.iter()
.find(|file_reference| file_reference.path == ".webhook_bridge/webhook_bridge.toml")
.ok_or("File not found in remote repo: .webhook_bridge/webhook_bridge.toml.")?;
let remote_config_contents =
String::from_utf8(gitea.read_file(remote_config_reference).await?)?;
let parsed_remote_config = RemoteConfig::from_str(remote_config_contents)?;
Ok(parsed_remote_config)
}
pub(crate) async fn discover_matching_push_triggers<RE: AsRef<str>>(
gitea: &GiteaClient,
repo_tree: &Tree,
git_ref: RE,
remote_config: &RemoteConfig,
) -> Result<Vec<PipelineTemplate>, Box<dyn std::error::Error>> {
let mut ret = Vec::new();
let ref_to_branch_regex = Regex::new(r"refs/(heads|tags)/(?P<branch>.+)")?;
let captures = ref_to_branch_regex
.captures(git_ref.as_ref())
.ok_or("Could not find branch name.")?;
let branch = &captures["branch"];
debug!("Detected branch from push as {:?}", branch);
let push_triggers = remote_config.get_push_triggers_for_branch(branch)?;
for trigger in push_triggers {
let path_to_source = normalize_path(Path::new(".webhook_bridge").join(&trigger.source));
let pipeline_template = repo_tree
.files
.iter()
.find(|file_reference| Path::new(&file_reference.path) == path_to_source.as_path())
.ok_or("Trigger source not found in remote repo.")?;
let pipeline_contents = String::from_utf8(gitea.read_file(pipeline_template).await?)?;
debug!("Pipeline template contents: {}", pipeline_contents);
let pipeline: PipelineRun = serde_yaml::from_str(&pipeline_contents)?;
ret.push(PipelineTemplate::new(
trigger.name.clone(),
trigger.clone_uri.clone(),
pipeline,
));
}
Ok(ret)
}
fn normalize_path<P: AsRef<Path>>(path: P) -> PathBuf {
let mut ret = PathBuf::new();
for component in path.as_ref().components() {
match component {
// Prefix does not happen on unix-based systems.
std::path::Component::Prefix(_)
| std::path::Component::RootDir
| std::path::Component::Normal(_) => {
ret.push(component);
}
std::path::Component::CurDir => {}
std::path::Component::ParentDir => {
ret.pop();
}
}
}
ret
}
#[derive(Debug)]
pub(crate) struct PipelineTemplate {
pub(crate) name: String,
pub(crate) clone_uri: Option<String>,
pub(crate) pipeline: PipelineRun,
}
impl PipelineTemplate {
pub(crate) fn new<N: Into<String>, C: Into<Option<String>>>(
name: N,
clone_uri: C,
pipeline: PipelineRun,
) -> PipelineTemplate {
PipelineTemplate {
name: name.into(),
clone_uri: clone_uri.into(),
pipeline,
}
}
}

2
src/gitea_client/error.rs
View File

@@ -2,7 +2,9 @@ use std::error::Error;
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub(crate) enum GiteaClientError { pub(crate) enum GiteaClientError {
#[allow(dead_code)]
Static(#[allow(dead_code)] &'static str), Static(#[allow(dead_code)] &'static str),
#[allow(dead_code)]
String(#[allow(dead_code)] String), String(#[allow(dead_code)] String),
NoTotalCountHeaderInResponse, NoTotalCountHeaderInResponse,
} }

67
src/gitea_client/mod.rs
View File

@@ -1,4 +1,7 @@
use base64::engine::general_purpose;
use base64::Engine as _;
use serde::Deserialize; use serde::Deserialize;
use tracing::debug;
use self::error::GiteaClientError; use self::error::GiteaClientError;
pub(crate) mod error; pub(crate) mod error;
@@ -30,12 +33,12 @@ impl GiteaClient {
let mut num_responses: u64 = 0; let mut num_responses: u64 = 0;
loop { loop {
let url = format!( let url = format!(
"{api_root}/v1/repos/{owner}/{repo}/git/trees/{commit}?recursive=true&per_page=10{page}", "{api_root}/v1/repos/{owner}/{repo}/git/trees/{commit}?recursive=true&per_page=100{page}",
api_root = self.api_root, api_root = self.api_root,
owner = owner.as_ref(), owner = owner.as_ref(),
repo = repo.as_ref(), repo = repo.as_ref(),
commit = commit.as_ref(), commit = commit.as_ref(),
page = page.map(|num| format!("&page={}", num)).unwrap_or_else(|| String::new()) page = page.map(|num| format!("&page={}", num)).unwrap_or_default()
); );
let response = self let response = self
.http_client .http_client
@@ -70,26 +73,64 @@ impl GiteaClient {
} }
Ok(Tree::new(files)) Ok(Tree::new(files))
} }
pub(crate) async fn read_file(
&self,
file_reference: &TreeFileReference,
) -> Result<Vec<u8>, Box<dyn std::error::Error>> {
let response = self
.http_client
.get(&file_reference.url)
.header("Authorization", format!("token {}", self.token))
.send()
.await?;
let response = response.error_for_status()?;
let body = response.text().await?;
debug!("read_file response: {}", body);
let parsed_body: ResponseReadFile = serde_json::from_str(body.as_str())?;
assert!(
parsed_body.encoding == "base64",
"We currently only support base64 file encoding from gitea."
);
Ok(general_purpose::STANDARD.decode(parsed_body.content)?)
}
} }
/// A single API response for GetTree containing only one page. /// A single API response for GetTree containing only one page.
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
struct ResponseGetTree { struct ResponseGetTree {
#[allow(dead_code)]
sha: String, sha: String,
#[allow(dead_code)]
url: String, url: String,
tree: Vec<ResponseObjectReference>, tree: Vec<ResponseObjectReference>,
#[allow(dead_code)]
truncated: bool, truncated: bool,
page: u64, page: u64,
#[allow(dead_code)]
total_count: u64, total_count: u64,
} }
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
struct ResponseObjectReference { struct ResponseObjectReference {
path: String, path: String,
#[allow(dead_code)]
mode: String, mode: String,
#[allow(dead_code)]
#[serde(rename = "type")] #[serde(rename = "type")]
object_type: String, object_type: String,
#[allow(dead_code)]
size: u64, size: u64,
#[allow(dead_code)]
sha: String, sha: String,
url: String, url: String,
} }
@@ -101,13 +142,13 @@ pub(crate) struct Tree {
#[derive(Debug)] #[derive(Debug)]
pub(crate) struct TreeFileReference { pub(crate) struct TreeFileReference {
path: String, pub(crate) path: String,
url: String, pub(crate) url: String,
} }
impl Tree { impl Tree {
pub(crate) fn new(files: Vec<TreeFileReference>) -> Tree { pub(crate) fn new(files: Vec<TreeFileReference>) -> Tree {
Tree { files: Vec::new() } Tree { files }
} }
} }
@@ -119,3 +160,19 @@ impl TreeFileReference {
} }
} }
} }
#[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
struct ResponseReadFile {
content: String,
encoding: String,
#[allow(dead_code)]
url: String,
#[allow(dead_code)]
sha: String,
#[allow(dead_code)]
size: u64,
}

52
src/hook_push.rs
View File

@@ -1,12 +1,17 @@
use std::borrow::Cow;
use regex::Regex;
use serde::Deserialize; use serde::Deserialize;
use serde_json::Value; use serde_json::Value;
#[allow(dead_code)] #[allow(dead_code)]
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub(crate) struct HookPush { pub(crate) struct HookPush {
#[serde(rename = "ref")] #[serde(rename = "ref")]
ref_field: String, pub(crate) ref_field: String,
before: String, before: String,
after: String,
compare_url: String, compare_url: String,
commits: Vec<HookCommit>, commits: Vec<HookCommit>,
total_commits: u64, total_commits: u64,
@@ -18,6 +23,7 @@ pub(crate) struct HookPush {
#[allow(dead_code)] #[allow(dead_code)]
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub(crate) struct HookUser { pub(crate) struct HookUser {
id: u64, id: u64,
login: String, login: String,
@@ -44,6 +50,7 @@ pub(crate) struct HookUser {
#[allow(dead_code)] #[allow(dead_code)]
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub(crate) struct HookRepository { pub(crate) struct HookRepository {
id: u64, id: u64,
owner: HookUser, owner: HookUser,
@@ -104,6 +111,7 @@ pub(crate) struct HookRepository {
#[allow(dead_code)] #[allow(dead_code)]
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub(crate) struct HookRepositoryPermissions { pub(crate) struct HookRepositoryPermissions {
admin: bool, admin: bool,
push: bool, push: bool,
@@ -112,6 +120,7 @@ pub(crate) struct HookRepositoryPermissions {
#[allow(dead_code)] #[allow(dead_code)]
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub(crate) struct HookRepositoryInternalTracker { pub(crate) struct HookRepositoryInternalTracker {
enable_time_tracker: bool, enable_time_tracker: bool,
allow_only_contributors_to_track_time: bool, allow_only_contributors_to_track_time: bool,
@@ -120,6 +129,7 @@ pub(crate) struct HookRepositoryInternalTracker {
#[allow(dead_code)] #[allow(dead_code)]
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub(crate) struct HookCommit { pub(crate) struct HookCommit {
id: String, id: String,
message: String, message: String,
@@ -135,8 +145,48 @@ pub(crate) struct HookCommit {
#[allow(dead_code)] #[allow(dead_code)]
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub(crate) struct HookGitUser { pub(crate) struct HookGitUser {
name: String, name: String,
email: String, email: String,
username: String, username: String,
} }
pub(crate) trait PipelineParamters {
fn get_pull_base_ref(&self) -> Result<Cow<str>, Box<dyn std::error::Error>>;
fn get_pull_base_sha(&self) -> Result<Cow<str>, Box<dyn std::error::Error>>;
fn get_repo_url(&self) -> Result<Cow<str>, Box<dyn std::error::Error>>;
fn get_repo_name(&self) -> Result<Cow<str>, Box<dyn std::error::Error>>;
fn get_repo_owner(&self) -> Result<Cow<str>, Box<dyn std::error::Error>>;
}
impl PipelineParamters for HookPush {
fn get_pull_base_ref(&self) -> Result<Cow<str>, Box<dyn std::error::Error>> {
let ref_to_branch_regex = Regex::new(r"refs/(heads|tags)/(?P<branch>.+)")?;
let captures = ref_to_branch_regex
.captures(self.ref_field.as_str())
.ok_or("Could not find branch name.")?;
let branch = &captures["branch"];
Ok(Cow::Owned(branch.to_owned()))
}
fn get_pull_base_sha(&self) -> Result<Cow<str>, Box<dyn std::error::Error>> {
Ok(Cow::Borrowed(self.after.as_str()))
}
fn get_repo_url(&self) -> Result<Cow<str>, Box<dyn std::error::Error>> {
Ok(Cow::Borrowed(self.repository.clone_url.as_str()))
}
fn get_repo_name(&self) -> Result<Cow<str>, Box<dyn std::error::Error>> {
Ok(Cow::Borrowed(self.repository.name.as_str()))
}
fn get_repo_owner(&self) -> Result<Cow<str>, Box<dyn std::error::Error>> {
Ok(Cow::Borrowed(self.repository.owner.username.as_str()))
}
}

125
src/kubernetes.rs Normal file
View File

@@ -0,0 +1,125 @@
use std::borrow::Borrow;
use std::borrow::Cow;
use kube::api::PostParams;
use kube::Api;
use kube::CustomResourceExt;
use regex::Regex;
use tracing::debug;
use tracing::info;
use crate::crd_pipeline_run::PipelineParam;
use crate::crd_pipeline_run::PipelineRun;
use crate::discovery::PipelineTemplate;
use crate::hook_push::HookPush;
use crate::hook_push::PipelineParamters;
pub(crate) async fn run_pipelines(
hook: HookPush,
pipelines: Vec<PipelineTemplate>,
kubernetes_client: kube::Client,
) -> Result<(), Box<dyn std::error::Error>> {
// let jobs: Api<PipelineRun> = Api::namespaced(kubernetes_client, "webhook-bridge");
let jobs: Api<PipelineRun> = Api::default_namespaced(kubernetes_client);
tracing::debug!("Using crd: {}", serde_json::to_string(&PipelineRun::crd())?);
for mut pipeline in pipelines {
info!(
"Kicking off {} for repo {}/{}",
pipeline.name,
hook.get_repo_owner()?,
hook.get_repo_name()?,
);
if pipeline.pipeline.spec.params.is_none() {
pipeline.pipeline.spec.params = Some(Vec::new());
}
if let Some(param_list) = pipeline.pipeline.spec.params.as_mut() {
param_list.push(PipelineParam {
name: Some("JOB_NAME".to_owned()),
value: Some(serde_json::Value::String(pipeline.name.clone())),
});
param_list.push(PipelineParam {
name: Some("REPO_OWNER".to_owned()),
value: Some(serde_json::Value::String(
hook.get_repo_owner()?.into_owned(),
)),
});
param_list.push(PipelineParam {
name: Some("REPO_NAME".to_owned()),
value: Some(serde_json::Value::String(
hook.get_repo_name()?.into_owned(),
)),
});
let hook_repo_url = hook.get_repo_url()?;
param_list.push(PipelineParam {
name: Some("REPO_URL".to_owned()),
value: pipeline
.clone_uri
.map(serde_json::Value::String)
.or_else(|| Some(serde_json::Value::String(hook_repo_url.into_owned()))),
});
param_list.push(PipelineParam {
name: Some("PULL_BASE_SHA".to_owned()),
value: Some(serde_json::Value::String(
hook.get_pull_base_sha()?.into_owned(),
)),
});
param_list.push(PipelineParam {
name: Some("PULL_BASE_REF".to_owned()),
value: Some(serde_json::Value::String(
hook.get_pull_base_ref()?.into_owned(),
)),
});
}
if pipeline.pipeline.metadata.generate_name.is_none()
&& pipeline.pipeline.metadata.name.is_some()
{
std::mem::swap(
&mut pipeline.pipeline.metadata.generate_name,
&mut pipeline.pipeline.metadata.name,
);
if let Some(ref mut name) = pipeline.pipeline.metadata.generate_name {
let mut new_name_stub = sanitize_kubernetes_identifier(format!(
"{}-{}-{}",
name,
hook.get_repo_name()?,
hook.get_repo_owner()?
))?
.into_owned();
new_name_stub.truncate(63);
(*name) = new_name_stub + "-";
debug!("Using generate name: {}", name);
}
}
let pp = PostParams::default();
let created_run = jobs.create(&pp, &pipeline.pipeline).await?;
info!("Created PipelineRun {:?}", created_run.metadata.name);
}
Ok(())
}
fn sanitize_kubernetes_identifier<'a, O: Into<Cow<'a, str>>>(
original: O,
) -> Result<Cow<'a, str>, Box<dyn std::error::Error>> {
let validate_identifier_regex =
Regex::new(r"[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*")?;
let original = original.into();
if !validate_identifier_regex.is_match(original.borrow()) {
return Ok(original);
}
let mut clean_identifier = String::with_capacity(original.len());
for c in original.chars() {
match c {
'a'..='z' | 'A'..='Z' | '0'..='9' | '.' | '-' => {
clean_identifier.push(c);
}
_ => {
clean_identifier.push('-');
}
};
}
Ok(Cow::Owned(clean_identifier))
}

124
src/lib.rs Normal file
View File

@@ -0,0 +1,124 @@
#![forbid(unsafe_code)]
use std::time::Duration;
use axum::http::StatusCode;
use axum::middleware;
use axum::routing::get;
use axum::routing::post;
use axum::Json;
use axum::Router;
use kube::Client;
use serde::Serialize;
use tokio::signal;
use tower_http::timeout::TimeoutLayer;
use tower_http::trace::TraceLayer;
use tracing_subscriber::layer::SubscriberExt;
use tracing_subscriber::util::SubscriberInitExt;
use self::app_state::AppState;
use self::gitea_client::GiteaClient;
use self::hook_push::HookPush;
use self::webhook::handle_push;
use self::webhook::hook;
use self::webhook::verify_signature;
mod app_state;
mod crd_pipeline_run;
mod discovery;
mod gitea_client;
mod hook_push;
mod kubernetes;
mod remote_config;
mod webhook;
pub async fn init_tracing() -> Result<(), Box<dyn std::error::Error>> {
tracing_subscriber::registry()
.with(
tracing_subscriber::EnvFilter::try_from_default_env().unwrap_or_else(|_| {
"webhook_bridge=info,tower_http=debug,axum::rejection=trace".into()
}),
)
.with(tracing_subscriber::fmt::layer())
.init();
Ok(())
}
pub async fn launch_server() -> Result<(), Box<dyn std::error::Error>> {
let kubernetes_client: Client = Client::try_default()
.await
.expect("Set KUBECONFIG to a valid kubernetes config.");
let gitea_api_root = std::env::var("WEBHOOK_BRIDGE_API_ROOT")?;
let gitea_api_token = std::env::var("WEBHOOK_BRIDGE_OAUTH_TOKEN")?;
let gitea = GiteaClient::new(gitea_api_root, gitea_api_token);
let app = Router::new()
.route("/hook", post(hook))
.layer(middleware::from_fn(verify_signature))
.route("/health", get(health))
.layer((
TraceLayer::new_for_http(),
// Add a timeout layer so graceful shutdown can't wait forever.
TimeoutLayer::new(Duration::from_secs(600)),
))
.with_state(AppState {
kubernetes_client,
gitea,
});
let listener = tokio::net::TcpListener::bind("0.0.0.0:9988").await?;
tracing::info!("listening on {}", listener.local_addr().unwrap());
axum::serve(listener, app)
.with_graceful_shutdown(shutdown_signal())
.await?;
Ok(())
}
pub async fn local_trigger(payload: &str) -> Result<(), Box<dyn std::error::Error>> {
let kubernetes_client: Client = Client::try_default()
.await
.expect("Set KUBECONFIG to a valid kubernetes config.");
let gitea_api_root = std::env::var("WEBHOOK_BRIDGE_API_ROOT")?;
let gitea_api_token = std::env::var("WEBHOOK_BRIDGE_OAUTH_TOKEN")?;
let gitea = GiteaClient::new(gitea_api_root, gitea_api_token);
let webhook_payload: HookPush = serde_json::from_str(payload)?;
handle_push(gitea, kubernetes_client, webhook_payload).await?;
Ok(())
}
async fn shutdown_signal() {
let ctrl_c = async {
signal::ctrl_c()
.await
.expect("failed to install Ctrl+C handler");
};
#[cfg(unix)]
let terminate = async {
signal::unix::signal(signal::unix::SignalKind::terminate())
.expect("failed to install signal handler")
.recv()
.await;
};
#[cfg(not(unix))]
let terminate = std::future::pending::<()>();
tokio::select! {
_ = ctrl_c => {},
_ = terminate => {},
}
}
async fn health() -> (StatusCode, Json<HealthResponse>) {
(StatusCode::OK, Json(HealthResponse { ok: true }))
}
#[derive(Serialize)]
struct HealthResponse {
ok: bool,
}

129
src/main.rs
View File

@@ -1,129 +1,10 @@
#![forbid(unsafe_code)] #![forbid(unsafe_code)]
use std::sync::Arc; use webhookbridge::init_tracing;
use std::time::Duration; use webhookbridge::launch_server;
use axum::http::StatusCode;
use axum::middleware;
use axum::routing::get;
use axum::routing::post;
use axum::Json;
use axum::Router;
use kube::api::PostParams;
use kube::Api;
use kube::Client;
use serde::Serialize;
use tokio::signal;
use tower_http::timeout::TimeoutLayer;
use tower_http::trace::TraceLayer;
use tracing_subscriber::layer::SubscriberExt;
use tracing_subscriber::util::SubscriberInitExt;
use self::crd_pipeline_run::PipelineRun;
use self::gitea_client::GiteaClient;
use self::webhook::hook;
use self::webhook::verify_signature;
use kube::CustomResourceExt;
mod crd_pipeline_run;
mod gitea_client;
mod hook_push;
mod webhook;
const EXAMPLE_PIPELINE_RUN: &'static str = include_str!("../example_pipeline_run.json");
#[tokio::main] #[tokio::main]
#[allow(clippy::needless_return)]
async fn main() -> Result<(), Box<dyn std::error::Error>> { async fn main() -> Result<(), Box<dyn std::error::Error>> {
tracing_subscriber::registry() init_tracing().await?;
.with( launch_server().await
tracing_subscriber::EnvFilter::try_from_default_env().unwrap_or_else(|_| {
"webhook_bridge=info,tower_http=debug,axum::rejection=trace".into()
}),
)
.with(tracing_subscriber::fmt::layer())
.init();
let kubernetes_client: Client = Client::try_default()
.await
.expect("Set KUBECONFIG to a valid kubernetes config.");
let gitea_api_root = std::env::var("WEBHOOK_BRIDGE_API_ROOT")?;
let gitea_api_token = std::env::var("WEBHOOK_BRIDGE_OAUTH_TOKEN")?;
let gitea = GiteaClient::new(gitea_api_root, gitea_api_token);
gitea
.get_tree(
"talexander",
"organic",
"841a348dd02f31ee8828f069b2a948712369069d",
)
.await?;
// let jobs: Api<PipelineRun> = Api::namespaced(kubernetes_client, "lighthouse");
// let jobs: Api<PipelineRun> = Api::default_namespaced(kubernetes_client);
// tracing::info!("Using crd: {}", serde_json::to_string(&PipelineRun::crd())?);
// let test_run: PipelineRun = serde_json::from_str(EXAMPLE_PIPELINE_RUN)?;
// let pp = PostParams::default();
// let created_run = jobs.create(&pp, &test_run).await?;
// let app = Router::new()
// .route("/hook", post(hook))
// .layer(middleware::from_fn(verify_signature))
// .route("/health", get(health))
// .layer((
// TraceLayer::new_for_http(),
// // Add a timeout layer so graceful shutdown can't wait forever.
// TimeoutLayer::new(Duration::from_secs(600)),
// ))
// .with_state(AppState {
// kubernetes_client,
// gitea,
// });
// let listener = tokio::net::TcpListener::bind("0.0.0.0:9988").await?;
// tracing::info!("listening on {}", listener.local_addr().unwrap());
// axum::serve(listener, app)
// .with_graceful_shutdown(shutdown_signal())
// .await?;
Ok(())
}
#[derive(Clone)]
struct AppState {
kubernetes_client: Client,
gitea: GiteaClient,
}
async fn shutdown_signal() {
let ctrl_c = async {
signal::ctrl_c()
.await
.expect("failed to install Ctrl+C handler");
};
#[cfg(unix)]
let terminate = async {
signal::unix::signal(signal::unix::SignalKind::terminate())
.expect("failed to install signal handler")
.recv()
.await;
};
#[cfg(not(unix))]
let terminate = std::future::pending::<()>();
tokio::select! {
_ = ctrl_c => {},
_ = terminate => {},
}
}
async fn health() -> (StatusCode, Json<HealthResponse>) {
(StatusCode::OK, Json(HealthResponse { ok: true }))
}
#[derive(Serialize)]
struct HealthResponse {
ok: bool,
} }

73
src/remote_config.rs Normal file
View File

@@ -0,0 +1,73 @@
use regex::Regex;
use serde::Deserialize;
use serde::Serialize;
/// The webhook_bridge.toml file that lives inside repos that have their CI triggered by webhook_bridge.
#[derive(Serialize, Deserialize, Clone, Debug)]
#[serde(deny_unknown_fields)]
pub(crate) struct RemoteConfig {
pub(crate) version: String,
#[serde(default, skip_serializing_if = "Vec::is_empty")]
pub(crate) push: Vec<TriggerPush>,
}
/// A config for a job that is triggered by a push to a git repo.
#[derive(Serialize, Deserialize, Clone, Debug)]
#[serde(deny_unknown_fields)]
pub(crate) struct TriggerPush {
pub(crate) name: String,
pub(crate) source: String,
#[serde(default, skip_serializing_if = "Option::is_none")]
pub(crate) clone_uri: Option<String>,
#[serde(default, skip_serializing_if = "Vec::is_empty")]
pub(crate) branches: Vec<String>,
#[serde(default, skip_serializing_if = "Vec::is_empty")]
pub(crate) skip_branches: Vec<String>,
}
impl RemoteConfig {
pub(crate) fn from_str<S: AsRef<str>>(
contents: S,
) -> Result<RemoteConfig, Box<dyn std::error::Error>> {
let parsed_remote_config: RemoteConfig = toml::from_str(contents.as_ref())?;
assert!(
parsed_remote_config.version == "0.0.1",
"We only support version 0.0.1 currently."
);
Ok(parsed_remote_config)
}
pub(crate) fn get_push_triggers_for_branch<B: AsRef<str>>(
&self,
branch: B,
) -> Result<Vec<&TriggerPush>, Box<dyn std::error::Error>> {
let branch = branch.as_ref();
let mut ret = Vec::new();
for push in &self.push {
let skip_regex: Vec<_> = push
.skip_branches
.iter()
.map(|s| Regex::new(s.as_str()))
.collect::<Result<_, _>>()?;
if skip_regex.iter().any(|r| r.is_match(branch)) {
continue;
}
let match_regex: Vec<_> = push
.branches
.iter()
.map(|s| Regex::new(s.as_str()))
.collect::<Result<_, _>>()?;
if !push.branches.is_empty() && !match_regex.iter().any(|r| r.is_match(branch)) {
continue;
}
ret.push(push);
}
Ok(ret)
}
}

53
src/webhook.rs
View File

@@ -1,5 +1,4 @@
use std::future::Future; use std::future::Future;
use std::sync::Arc;
use axum::async_trait; use axum::async_trait;
use axum::body::Body; use axum::body::Body;
@@ -14,7 +13,8 @@ use axum::response::IntoResponse;
use axum::response::Response; use axum::response::Response;
use axum::Json; use axum::Json;
use axum::RequestExt; use axum::RequestExt;
use base64::{engine::general_purpose, Engine as _}; use base64::engine::general_purpose;
use base64::Engine as _;
use hmac::Hmac; use hmac::Hmac;
use hmac::Mac; use hmac::Mac;
use http_body_util::BodyExt; use http_body_util::BodyExt;
@@ -22,8 +22,13 @@ use serde::Serialize;
use sha2::Sha256; use sha2::Sha256;
use tracing::debug; use tracing::debug;
use crate::app_state::AppState;
use crate::discovery::discover_matching_push_triggers;
use crate::discovery::discover_webhook_bridge_config;
use crate::gitea_client::GiteaClient;
use crate::hook_push::HookPush; use crate::hook_push::HookPush;
use crate::AppState; use crate::hook_push::PipelineParamters;
use crate::kubernetes::run_pipelines;
type HmacSha256 = Hmac<Sha256>; type HmacSha256 = Hmac<Sha256>;
@@ -34,13 +39,18 @@ pub(crate) async fn hook(
) -> (StatusCode, Json<HookResponse>) { ) -> (StatusCode, Json<HookResponse>) {
debug!("REQ: {:?}", payload); debug!("REQ: {:?}", payload);
match payload { match payload {
HookRequest::Push(_payload) => ( HookRequest::Push(webhook_payload) => {
StatusCode::OK, handle_push(state.gitea, state.kubernetes_client, webhook_payload)
Json(HookResponse { .await
ok: true, .expect("Failed to handle push event.");
message: None, (
}), StatusCode::OK,
), Json(HookResponse {
ok: true,
message: None,
}),
)
}
HookRequest::Unrecognized(payload) => ( HookRequest::Unrecognized(payload) => (
StatusCode::BAD_REQUEST, StatusCode::BAD_REQUEST,
Json(HookResponse { Json(HookResponse {
@@ -153,3 +163,26 @@ fn hex_to_bytes(s: &str) -> Option<Vec<u8>> {
None None
} }
} }
pub(crate) async fn handle_push(
gitea: GiteaClient,
kubernetes_client: kube::Client,
webhook_payload: HookPush,
) -> Result<(), Box<dyn std::error::Error>> {
let repo_owner = webhook_payload.get_repo_owner()?;
let repo_name = webhook_payload.get_repo_name()?;
let pull_base_sha = webhook_payload.get_pull_base_sha()?;
let repo_tree = gitea.get_tree(repo_owner, repo_name, pull_base_sha).await?;
let remote_config = discover_webhook_bridge_config(&gitea, &repo_tree).await?;
let pipelines = discover_matching_push_triggers(
&gitea,
&repo_tree,
&webhook_payload.ref_field,
&remote_config,
)
.await?;
run_pipelines(webhook_payload, pipelines, kubernetes_client).await?;
Ok(())
}