talexander/webhook_bridge
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:main
Branches Tags
talexander:main
talexander:v0.0.19
talexander:v0.0.18
talexander:v0.0.17
talexander:v0.0.16
talexander:v0.0.15
talexander:v0.0.14
talexander:v0.0.13
talexander:v0.0.12
talexander:v0.0.11
talexander:v0.0.10
talexander:v0.0.9
talexander:v0.0.8
talexander:v0.0.7
talexander:v0.0.6
talexander:v0.0.5
talexander:v0.0.4
talexander:v0.0.3
talexander:v0.0.2
talexander:v0.0.1
..
compare: talexander:v0.0.1
Branches Tags
talexander:main
talexander:v0.0.19
talexander:v0.0.18
talexander:v0.0.17
talexander:v0.0.16
talexander:v0.0.15
talexander:v0.0.14
talexander:v0.0.13
talexander:v0.0.12
talexander:v0.0.11
talexander:v0.0.10
talexander:v0.0.9
talexander:v0.0.8
talexander:v0.0.7
talexander:v0.0.6
talexander:v0.0.5
talexander:v0.0.4
talexander:v0.0.3
talexander:v0.0.2
talexander:v0.0.1

No commits in common. "main" and "v0.0.1" have entirely different histories.
main ... v0.0.1

26 changed files with 467 additions and 609 deletions
Show Stats Expand all files Collapse all files

82
.webhook_bridge/pipeline-build-semver.yaml → .webhook_bridge/pipeline-build.yaml
View File

@ -14,9 +14,6 @@ spec:
- name: image-name - name: image-name
description: The name for the built image description: The name for the built image
type: string type: string
- name: target-name
description: The dockerfile target to build
type: string
- name: path-to-image-context - name: path-to-image-context
description: The path to the build context description: The path to the build context
type: string type: string
@ -61,11 +58,13 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params: params:
- name: CONTEXT - name: CONTEXT
value: "$(params.JOB_NAME)" value: "$(params.JOB_NAME)"
@ -86,7 +85,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -101,74 +100,43 @@ spec:
value: $(params.PULL_BASE_SHA) value: $(params.PULL_BASE_SHA)
- name: deleteExisting - name: deleteExisting
value: "true" value: "true"
- name: get-git-commit-time
taskSpec:
metadata: {}
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: "$(workspaces.repo.path)"
results:
- name: unix-time
description: The time of the git commit in unix timestamp format.
steps:
- image: alpine/git:v2.34.2
name: detect-tag-step
script: |
#!/usr/bin/env sh
set -euo pipefail
echo -n "$(git log -1 --pretty=%ct)" | tee $(results.unix-time.path)
workspaces:
- name: repo
workspace: git-source
runAfter:
- fetch-repository
- name: build-image - name: build-image
taskRef: taskRef:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: 7ee31a185243ee6da13dcd26a592c585b64c80e5 value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml value: task/kaniko/0.6//kaniko.yaml
params: params:
- name: OUTPUT - name: IMAGE
value: >- value: "$(params.image-name):$(tasks.detect-tag.results.tag)"
type=image,"name=$(params.image-name):latest,$(params.image-name):$(tasks.detect-tag.results.tag)",push=true,compression=zstd,compression-level=22,oci-mediatypes=true
- name: CONTEXT - name: CONTEXT
value: $(params.path-to-image-context) value: $(params.path-to-image-context)
- name: DOCKERFILE - name: DOCKERFILE
value: $(params.path-to-dockerfile) value: $(params.path-to-dockerfile)
- name: BUILDER_IMAGE
value: "gcr.io/kaniko-project/executor:v1.12.1"
- name: EXTRA_ARGS - name: EXTRA_ARGS
value: value:
- "--opt" - "--destination=$(params.image-name)" # Also write the :latest image
- "target=$(params.target-name)" - --cache=true
- --import-cache - --cache-copy-layers
- "type=registry,ref=$(params.image-name):buildcache" - --cache-repo=harbor.fizz.buzz/kanikocache/cache
- --export-cache - --use-new-run # Should result in a speed-up
- "type=registry,ref=$(params.image-name):buildcache,mode=max,compression=zstd,compression-level=22,rewrite-timestamp=true,image-manifest=true,oci-mediatypes=true" - --reproducible # To remove timestamps so layer caching works.
- --opt - --snapshot-mode=redo
- build-arg:SOURCE_DATE_EPOCH=$(tasks.get-git-commit-time.results.unix-time) - --skip-unused-stages=true
- name: BUILDKITD_TOML - --registry-mirror=dockerhub.dockerhub.svc.cluster.local
value: |
debug = true
[registry."docker.io"]
mirrors = ["dockerhub.dockerhub.svc.cluster.local"]
[registry."dockerhub.dockerhub.svc.cluster.local"]
http = true
insecure = true
workspaces: workspaces:
- name: source - name: source
workspace: git-source workspace: git-source
- name: dockerconfig - name: dockerconfig
workspace: docker-credentials workspace: docker-credentials
runAfter: runAfter:
- fetch-repository - detect-tag
finally: finally:
- name: report-success - name: report-success
when: when:
@ -179,7 +147,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -208,7 +176,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -248,9 +216,7 @@ spec:
params: params:
- name: image-name - name: image-name
value: "harbor.fizz.buzz/private/webhook-bridge" value: "harbor.fizz.buzz/private/webhook-bridge"
- name: target-name
value: ""
- name: path-to-image-context - name: path-to-image-context
value: . value: .
- name: path-to-dockerfile - name: path-to-dockerfile
value: docker/webhook_bridge/ value: docker/webhook_bridge/Dockerfile

87
.webhook_bridge/pipeline-format.yaml
View File

@ -14,9 +14,6 @@ spec:
- name: image-name - name: image-name
description: The name for the built image description: The name for the built image
type: string type: string
- name: target-name
description: The dockerfile target to build
type: string
- name: path-to-image-context - name: path-to-image-context
description: The path to the build context description: The path to the build context
type: string type: string
@ -29,11 +26,13 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params: params:
- name: CONTEXT - name: CONTEXT
value: "$(params.JOB_NAME)" value: "$(params.JOB_NAME)"
@ -54,7 +53,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -69,67 +68,35 @@ spec:
value: $(params.PULL_BASE_SHA) value: $(params.PULL_BASE_SHA)
- name: deleteExisting - name: deleteExisting
value: "true" value: "true"
- name: get-git-commit-time
taskSpec:
metadata: {}
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: "$(workspaces.repo.path)"
results:
- name: unix-time
description: The time of the git commit in unix timestamp format.
steps:
- image: alpine/git:v2.34.2
name: detect-tag-step
script: |
#!/usr/bin/env sh
set -euo pipefail
echo -n "$(git log -1 --pretty=%ct)" | tee $(results.unix-time.path)
workspaces:
- name: repo
workspace: git-source
runAfter:
- fetch-repository
- name: build-image - name: build-image
taskRef: taskRef:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: 7ee31a185243ee6da13dcd26a592c585b64c80e5 value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml value: task/kaniko/0.6/kaniko.yaml
params: params:
- name: OUTPUT - name: IMAGE
value: >- value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
type=image,"name=$(params.image-name):latest,$(params.image-name):$(tasks.fetch-repository.results.commit)",push=true,compression=zstd,compression-level=22,oci-mediatypes=true
- name: CONTEXT - name: CONTEXT
value: $(params.path-to-image-context) value: $(params.path-to-image-context)
- name: DOCKERFILE - name: DOCKERFILE
value: $(params.path-to-dockerfile) value: $(params.path-to-dockerfile)
- name: BUILDER_IMAGE
value: "gcr.io/kaniko-project/executor:v1.12.1"
- name: EXTRA_ARGS - name: EXTRA_ARGS
value: value:
- "--opt" - --cache=true
- "target=$(params.target-name)" - --cache-copy-layers
- --import-cache - --cache-repo=harbor.fizz.buzz/kanikocache/cache
- "type=registry,ref=$(params.image-name):buildcache" - --use-new-run # Should result in a speed-up
- --export-cache - --reproducible # To remove timestamps so layer caching works.
- "type=registry,ref=$(params.image-name):buildcache,mode=max,compression=zstd,compression-level=22,rewrite-timestamp=true,image-manifest=true,oci-mediatypes=true" - --snapshot-mode=redo
- --opt - --skip-unused-stages=true
- build-arg:SOURCE_DATE_EPOCH=$(tasks.get-git-commit-time.results.unix-time) - --registry-mirror=dockerhub.dockerhub.svc.cluster.local
- name: BUILDKITD_TOML
value: |
debug = true
[registry."docker.io"]
mirrors = ["dockerhub.dockerhub.svc.cluster.local"]
[registry."dockerhub.dockerhub.svc.cluster.local"]
http = true
insecure = true
workspaces: workspaces:
- name: source - name: source
workspace: git-source workspace: git-source
@ -176,13 +143,13 @@ spec:
- build-image - build-image
params: params:
- name: docker-image - name: docker-image
value: "$(tasks.build-image.results.IMAGE_URL[1])" value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
- name: commit-changes - name: commit-changes
taskRef: taskRef:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -218,7 +185,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -247,7 +214,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -301,7 +268,7 @@ spec:
workspace: cargo-cache workspace: cargo-cache
params: params:
- name: docker-image - name: docker-image
value: "$(tasks.build-image.results.IMAGE_URL[1])" value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
workspaces: workspaces:
- name: git-source - name: git-source
- name: docker-credentials - name: docker-credentials
@ -325,10 +292,8 @@ spec:
secretName: harbor-plain secretName: harbor-plain
params: params:
- name: image-name - name: image-name
value: "harbor.fizz.buzz/private/webhook-bridge-development-format" value: "harbor.fizz.buzz/private/webhook-bridge-development"
- name: target-name
value: ""
- name: path-to-image-context - name: path-to-image-context
value: docker/webhook_bridge_development/ value: docker/webhook_bridge_development/
- name: path-to-dockerfile - name: path-to-dockerfile
value: docker/webhook_bridge_development/ value: docker/webhook_bridge_development/Dockerfile

85
.webhook_bridge/pipeline-rust-clippy.yaml
View File

@ -14,9 +14,6 @@ spec:
- name: image-name - name: image-name
description: The name for the built image description: The name for the built image
type: string type: string
- name: target-name
description: The dockerfile target to build
type: string
- name: path-to-image-context - name: path-to-image-context
description: The path to the build context description: The path to the build context
type: string type: string
@ -29,11 +26,13 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params: params:
- name: CONTEXT - name: CONTEXT
value: "$(params.JOB_NAME)" value: "$(params.JOB_NAME)"
@ -54,7 +53,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -69,67 +68,35 @@ spec:
value: $(params.PULL_BASE_SHA) value: $(params.PULL_BASE_SHA)
- name: deleteExisting - name: deleteExisting
value: "true" value: "true"
- name: get-git-commit-time
taskSpec:
metadata: {}
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: "$(workspaces.repo.path)"
results:
- name: unix-time
description: The time of the git commit in unix timestamp format.
steps:
- image: alpine/git:v2.34.2
name: detect-tag-step
script: |
#!/usr/bin/env sh
set -euo pipefail
echo -n "$(git log -1 --pretty=%ct)" | tee $(results.unix-time.path)
workspaces:
- name: repo
workspace: git-source
runAfter:
- fetch-repository
- name: build-image - name: build-image
taskRef: taskRef:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: 7ee31a185243ee6da13dcd26a592c585b64c80e5 value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml value: task/kaniko/0.6/kaniko.yaml
params: params:
- name: OUTPUT - name: IMAGE
value: >- value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
type=image,"name=$(params.image-name):latest,$(params.image-name):$(tasks.fetch-repository.results.commit)",push=true,compression=zstd,compression-level=22,oci-mediatypes=true
- name: CONTEXT - name: CONTEXT
value: $(params.path-to-image-context) value: $(params.path-to-image-context)
- name: DOCKERFILE - name: DOCKERFILE
value: $(params.path-to-dockerfile) value: $(params.path-to-dockerfile)
- name: BUILDER_IMAGE
value: "gcr.io/kaniko-project/executor:v1.12.1"
- name: EXTRA_ARGS - name: EXTRA_ARGS
value: value:
- "--opt" - --cache=true
- "target=$(params.target-name)" - --cache-copy-layers
- --import-cache - --cache-repo=harbor.fizz.buzz/kanikocache/cache
- "type=registry,ref=$(params.image-name):buildcache" - --use-new-run # Should result in a speed-up
- --export-cache - --reproducible # To remove timestamps so layer caching works.
- "type=registry,ref=$(params.image-name):buildcache,mode=max,compression=zstd,compression-level=22,rewrite-timestamp=true,image-manifest=true,oci-mediatypes=true" - --snapshot-mode=redo
- --opt - --skip-unused-stages=true
- build-arg:SOURCE_DATE_EPOCH=$(tasks.get-git-commit-time.results.unix-time) - --registry-mirror=dockerhub.dockerhub.svc.cluster.local
- name: BUILDKITD_TOML
value: |
debug = true
[registry."docker.io"]
mirrors = ["dockerhub.dockerhub.svc.cluster.local"]
[registry."dockerhub.dockerhub.svc.cluster.local"]
http = true
insecure = true
workspaces: workspaces:
- name: source - name: source
workspace: git-source workspace: git-source
@ -186,7 +153,7 @@ spec:
- build-image - build-image
params: params:
- name: docker-image - name: docker-image
value: "$(tasks.build-image.results.IMAGE_URL[1])" value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
finally: finally:
- name: report-success - name: report-success
when: when:
@ -197,7 +164,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -226,7 +193,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -280,7 +247,7 @@ spec:
workspace: cargo-cache workspace: cargo-cache
params: params:
- name: docker-image - name: docker-image
value: "$(tasks.build-image.results.IMAGE_URL[1])" value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
workspaces: workspaces:
- name: git-source - name: git-source
- name: docker-credentials - name: docker-credentials
@ -304,10 +271,8 @@ spec:
secretName: harbor-plain secretName: harbor-plain
params: params:
- name: image-name - name: image-name
value: "harbor.fizz.buzz/private/webhook-bridge-development-clippy" value: "harbor.fizz.buzz/private/webhook-bridge-development"
- name: target-name
value: ""
- name: path-to-image-context - name: path-to-image-context
value: docker/webhook_bridge_development/ value: docker/webhook_bridge_development/
- name: path-to-dockerfile - name: path-to-dockerfile
value: docker/webhook_bridge_development/ value: docker/webhook_bridge_development/Dockerfile

85
.webhook_bridge/pipeline-rust-test.yaml
View File

@ -14,9 +14,6 @@ spec:
- name: image-name - name: image-name
description: The name for the built image description: The name for the built image
type: string type: string
- name: target-name
description: The dockerfile target to build
type: string
- name: path-to-image-context - name: path-to-image-context
description: The path to the build context description: The path to the build context
type: string type: string
@ -29,11 +26,13 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params: params:
- name: CONTEXT - name: CONTEXT
value: "$(params.JOB_NAME)" value: "$(params.JOB_NAME)"
@ -54,7 +53,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -69,67 +68,35 @@ spec:
value: $(params.PULL_BASE_SHA) value: $(params.PULL_BASE_SHA)
- name: deleteExisting - name: deleteExisting
value: "true" value: "true"
- name: get-git-commit-time
taskSpec:
metadata: {}
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: "$(workspaces.repo.path)"
results:
- name: unix-time
description: The time of the git commit in unix timestamp format.
steps:
- image: alpine/git:v2.34.2
name: detect-tag-step
script: |
#!/usr/bin/env sh
set -euo pipefail
echo -n "$(git log -1 --pretty=%ct)" | tee $(results.unix-time.path)
workspaces:
- name: repo
workspace: git-source
runAfter:
- fetch-repository
- name: build-image - name: build-image
taskRef: taskRef:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: 7ee31a185243ee6da13dcd26a592c585b64c80e5 value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml value: task/kaniko/0.6//kaniko.yaml
params: params:
- name: OUTPUT - name: IMAGE
value: >- value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
type=image,"name=$(params.image-name):latest,$(params.image-name):$(tasks.fetch-repository.results.commit)",push=true,compression=zstd,compression-level=22,oci-mediatypes=true
- name: CONTEXT - name: CONTEXT
value: $(params.path-to-image-context) value: $(params.path-to-image-context)
- name: DOCKERFILE - name: DOCKERFILE
value: $(params.path-to-dockerfile) value: $(params.path-to-dockerfile)
- name: BUILDER_IMAGE
value: "gcr.io/kaniko-project/executor:v1.12.1"
- name: EXTRA_ARGS - name: EXTRA_ARGS
value: value:
- "--opt" - --cache=true
- "target=$(params.target-name)" - --cache-copy-layers
- --import-cache - --cache-repo=harbor.fizz.buzz/kanikocache/cache
- "type=registry,ref=$(params.image-name):buildcache" - --use-new-run # Should result in a speed-up
- --export-cache - --reproducible # To remove timestamps so layer caching works.
- "type=registry,ref=$(params.image-name):buildcache,mode=max,compression=zstd,compression-level=22,rewrite-timestamp=true,image-manifest=true,oci-mediatypes=true" - --snapshot-mode=redo
- --opt - --skip-unused-stages=true
- build-arg:SOURCE_DATE_EPOCH=$(tasks.get-git-commit-time.results.unix-time) - --registry-mirror=dockerhub.dockerhub.svc.cluster.local
- name: BUILDKITD_TOML
value: |
debug = true
[registry."docker.io"]
mirrors = ["dockerhub.dockerhub.svc.cluster.local"]
[registry."dockerhub.dockerhub.svc.cluster.local"]
http = true
insecure = true
workspaces: workspaces:
- name: source - name: source
workspace: git-source workspace: git-source
@ -176,7 +143,7 @@ spec:
- build-image - build-image
params: params:
- name: docker-image - name: docker-image
value: "$(tasks.build-image.results.IMAGE_URL[1])" value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
finally: finally:
- name: report-success - name: report-success
when: when:
@ -187,7 +154,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -216,7 +183,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -270,7 +237,7 @@ spec:
workspace: cargo-cache workspace: cargo-cache
params: params:
- name: docker-image - name: docker-image
value: "$(tasks.build-image.results.IMAGE_URL[1])" value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
workspaces: workspaces:
- name: git-source - name: git-source
- name: docker-credentials - name: docker-credentials
@ -294,10 +261,8 @@ spec:
secretName: harbor-plain secretName: harbor-plain
params: params:
- name: image-name - name: image-name
value: "harbor.fizz.buzz/private/webhook-bridge-development-test" value: "harbor.fizz.buzz/private/webhook-bridge-development"
- name: target-name
value: ""
- name: path-to-image-context - name: path-to-image-context
value: docker/webhook_bridge_development/ value: docker/webhook_bridge_development/
- name: path-to-dockerfile - name: path-to-dockerfile
value: docker/webhook_bridge_development/ value: docker/webhook_bridge_development/Dockerfile

12
.webhook_bridge/pipeline-semver.yaml
View File

@ -26,7 +26,7 @@ spec:
tasks: tasks:
- name: calculate-tag - name: calculate-tag
runAfter: runAfter:
- fetch-repository - report-pending
workspaces: workspaces:
- name: source - name: source
workspace: git-source workspace: git-source
@ -72,11 +72,13 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params: params:
- name: CONTEXT - name: CONTEXT
value: "$(params.JOB_NAME)" value: "$(params.JOB_NAME)"
@ -97,7 +99,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -122,7 +124,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo
@ -151,7 +153,7 @@ spec:
resolver: git resolver: git
params: params:
- name: url - name: url
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git value: https://github.com/tektoncd/catalog.git
- name: revision - name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf value: df36b3853a5657fd883015cdbf07ad6466918acf
- name: pathInRepo - name: pathInRepo

2
.webhook_bridge/webhook_bridge.toml
View File

@ -26,6 +26,6 @@ version = "0.0.1"
[[push]] [[push]]
name = "build" name = "build"
source = "pipeline-build-semver.yaml" source = "pipeline-build.yaml"
clone_uri = "git@code.fizz.buzz:talexander/webhook_bridge.git" clone_uri = "git@code.fizz.buzz:talexander/webhook_bridge.git"
branches = [ "^v[0-9]+\\.[0-9]+\\.[0-9]+$" ] branches = [ "^v[0-9]+\\.[0-9]+\\.[0-9]+$" ]

20
Cargo.toml
View File

@ -17,26 +17,8 @@ include = [
"Cargo.lock" "Cargo.lock"
] ]
[lib]
name = "webhookbridge"
path = "src/lib.rs"
[[bin]]
name = "webhook_bridge"
path = "src/main.rs"
[[bin]]
# This bin exists for development purposes only. The real target of this crate is the webhook_bridge server binary.
name = "local_trigger"
path = "src/bin_local_trigger.rs"
required-features = ["local_trigger"]
[features]
default = ["local_trigger"]
local_trigger = []
[dependencies] [dependencies]
axum = { version = "0.7.5", default-features = false, features = ["tokio", "http1", "json"] } axum = { version = "0.7.5", default-features = false, features = ["tokio", "http1", "http2", "json"] }
base64 = "0.22.1" base64 = "0.22.1"
hmac = "0.12.1" hmac = "0.12.1"
http-body-util = "0.1.2" http-body-util = "0.1.2"

1
Makefile
View File

@ -33,4 +33,3 @@ format: ## Auto-format source files.
.PHONY: clean .PHONY: clean
clean: clean:
> $(MAKE) -C docker/webhook_bridge_development clean > $(MAKE) -C docker/webhook_bridge_development clean
> rm -rf target

13
docker/webhook_bridge/Dockerfile
View File

@ -1,18 +1,15 @@
# syntax=docker/dockerfile:1 FROM rustlang/rust:nightly-alpine3.20 AS builder
ARG ALPINE_VERSION="3.20"
FROM rustlang/rust:nightly-alpine$ALPINE_VERSION AS builder
RUN apk add --no-cache musl-dev pkgconfig libressl-dev RUN apk add --no-cache musl-dev pkgconfig libressl-dev
RUN mkdir /source RUN mkdir /source
WORKDIR /source WORKDIR /source
COPY --link . . COPY . .
# TODO: Add static build, which currently errors due to proc_macro. RUSTFLAGS="-C target-feature=+crt-static" # TODO: Add static build, which currently errors due to proc_macro. RUSTFLAGS="-C target-feature=+crt-static"
RUN --mount=type=tmpfs,target=/tmp --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked CARGO_TARGET_DIR=/target cargo build --profile release-lto --bin webhook_bridge RUN CARGO_TARGET_DIR=/target cargo build --profile release-lto
FROM alpine:$ALPINE_VERSION AS runner FROM alpine:3.20 AS runner
COPY --link --from=builder /target/release-lto/webhook_bridge /usr/bin/ COPY --from=builder /target/release-lto/webhook_bridge /usr/bin/
ENTRYPOINT ["/usr/bin/webhook_bridge"] ENTRYPOINT ["/usr/bin/webhook_bridge"]

7
docker/webhook_bridge_development/Dockerfile
View File

@ -1,9 +1,6 @@
# syntax=docker/dockerfile:1 FROM rustlang/rust:nightly-alpine3.20 AS builder
ARG ALPINE_VERSION="3.20"
FROM rustlang/rust:nightly-alpine$ALPINE_VERSION AS builder
RUN apk add --no-cache musl-dev pkgconfig libressl3.8-libssl libressl-dev RUN apk add --no-cache musl-dev pkgconfig libressl3.8-libssl libressl-dev
RUN --mount=type=tmpfs,target=/tmp --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked cargo install --locked --no-default-features --features ci-autoclean cargo-cache RUN cargo install --locked --no-default-features --features ci-autoclean cargo-cache
RUN rustup component add rustfmt RUN rustup component add rustfmt
RUN rustup component add clippy RUN rustup component add clippy

165
example_tag_webhook_payload.json Normal file
View File

@ -0,0 +1,165 @@
{
"ref": "refs/tags/v0.0.2",
"before": "0000000000000000000000000000000000000000",
"after": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/0000000000000000000000000000000000000000...84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"commits": [],
"total_commits": 0,
"head_commit": {
"id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"message": "Add a pipeline to build the server image.\n",
"url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"author": {
"name": "Tom Alexander",
"email": "tom@fizz.buzz",
"username": ""
},
"committer": {
"name": "Tom Alexander",
"email": "tom@fizz.buzz",
"username": ""
},
"verification": null,
"timestamp": "2024-09-29T00:19:22-04:00",
"added": [
".webhook_bridge/pipeline-build.yaml"
],
"removed": [],
"modified": [
".webhook_bridge/webhook_bridge.toml"
]
},
"repository": {
"id": 21,
"owner": {
"id": 1,
"login": "talexander",
"login_name": "",
"full_name": "",
"email": "gitea@local.domain",
"avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",
"created": "2023-07-05T22:03:28Z",
"restricted": false,
"active": false,
"prohibit_login": false,
"location": "",
"website": "",
"description": "",
"visibility": "public",
"followers_count": 0,
"following_count": 0,
"starred_repos_count": 0,
"username": "talexander"
},
"name": "webhook_bridge",
"full_name": "talexander/webhook_bridge",
"description": "A server that receives webhooks from gitea and fires off Tekton jobs in response.",
"empty": false,
"private": false,
"fork": false,
"template": false,
"parent": null,
"mirror": false,
"size": 346,
"language": "",
"languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages",
"html_url": "https://code.fizz.buzz/talexander/webhook_bridge",
"url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge",
"link": "",
"ssh_url": "git@code.fizz.buzz:talexander/webhook_bridge.git",
"clone_url": "https://code.fizz.buzz/talexander/webhook_bridge.git",
"original_url": "",
"website": "",
"stars_count": 0,
"forks_count": 0,
"watchers_count": 1,
"open_issues_count": 0,
"open_pr_counter": 0,
"release_counter": 0,
"default_branch": "main",
"archived": false,
"created_at": "2024-07-14T18:48:52Z",
"updated_at": "2024-09-29T04:25:36Z",
"archived_at": "1970-01-01T00:00:00Z",
"permissions": {
"admin": true,
"push": true,
"pull": true
},
"has_issues": true,
"internal_tracker": {
"enable_time_tracker": true,
"allow_only_contributors_to_track_time": true,
"enable_issue_dependencies": true
},
"has_wiki": true,
"has_pull_requests": true,
"has_projects": true,
"has_releases": true,
"has_packages": true,
"has_actions": false,
"ignore_whitespace_conflicts": false,
"allow_merge_commits": true,
"allow_rebase": true,
"allow_rebase_explicit": true,
"allow_squash_merge": true,
"allow_rebase_update": true,
"default_delete_branch_after_merge": false,
"default_merge_style": "merge",
"default_allow_maintainer_edit": false,
"avatar_url": "",
"internal": false,
"mirror_interval": "",
"mirror_updated": "0001-01-01T00:00:00Z",
"repo_transfer": null
},
"pusher": {
"id": 2,
"login": "build-bot",
"login_name": "",
"full_name": "",
"email": "build-bot@noreply.code.fizz.buzz",
"avatar_url": "https://secure.gravatar.com/avatar/e39ef2faba8a3dfb3dcb4d8275a532d4?d=identicon",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",
"created": "2023-07-09T04:25:44Z",
"restricted": false,
"active": false,
"prohibit_login": false,
"location": "",
"website": "",
"description": "",
"visibility": "private",
"followers_count": 0,
"following_count": 0,
"starred_repos_count": 0,
"username": "build-bot"
},
"sender": {
"id": 2,
"login": "build-bot",
"login_name": "",
"full_name": "",
"email": "build-bot@noreply.code.fizz.buzz",
"avatar_url": "https://secure.gravatar.com/avatar/e39ef2faba8a3dfb3dcb4d8275a532d4?d=identicon",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",
"created": "2023-07-09T04:25:44Z",
"restricted": false,
"active": false,
"prohibit_login": false,
"location": "",
"website": "",
"description": "",
"visibility": "private",
"followers_count": 0,
"following_count": 0,
"starred_repos_count": 0,
"username": "build-bot"
}
}

63
local_payload.json → example_webhook_payload.json
View File

@ -1,13 +1,13 @@
{ {
"ref": "refs/heads/main", "ref": "refs/heads/main",
"before": "f3b00c46ea57d5314063ad6fbfcaf9e38712cafe", "before": "a2aca6d2f1c85b5d4bef1349230fdaef1683622d",
"after": "e991b259f2bdf3f24a2cba309a93d81f32ab7f50", "after": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/f3b00c46ea57d5314063ad6fbfcaf9e38712cafe...e991b259f2bdf3f24a2cba309a93d81f32ab7f50", "compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/a2aca6d2f1c85b5d4bef1349230fdaef1683622d...84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"commits": [ "commits": [
{ {
"id": "e991b259f2bdf3f24a2cba309a93d81f32ab7f50", "id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"message": "Add source_id to HookUser.\n\nThis must be a new field that gitea added in an update.\n", "message": "Add a pipeline to build the server image.\n",
"url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/e991b259f2bdf3f24a2cba309a93d81f32ab7f50", "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"author": { "author": {
"name": "Tom Alexander", "name": "Tom Alexander",
"email": "tom@fizz.buzz", "email": "tom@fizz.buzz",
@ -19,24 +19,21 @@
"username": "" "username": ""
}, },
"verification": null, "verification": null,
"timestamp": "2024-10-18T19:41:56-04:00", "timestamp": "2024-09-29T00:19:22-04:00",
"added": [], "added": [
".webhook_bridge/pipeline-build.yaml"
],
"removed": [], "removed": [],
"modified": [ "modified": [
".webhook_bridge/pipeline-build-semver.yaml", ".webhook_bridge/webhook_bridge.toml"
".webhook_bridge/pipeline-format.yaml",
".webhook_bridge/pipeline-rust-clippy.yaml",
".webhook_bridge/pipeline-rust-test.yaml",
".webhook_bridge/pipeline-semver.yaml",
"src/hook_push.rs"
] ]
} }
], ],
"total_commits": 1, "total_commits": 1,
"head_commit": { "head_commit": {
"id": "e991b259f2bdf3f24a2cba309a93d81f32ab7f50", "id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"message": "Add source_id to HookUser.\n\nThis must be a new field that gitea added in an update.\n", "message": "Add a pipeline to build the server image.\n",
"url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/e991b259f2bdf3f24a2cba309a93d81f32ab7f50", "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"author": { "author": {
"name": "Tom Alexander", "name": "Tom Alexander",
"email": "tom@fizz.buzz", "email": "tom@fizz.buzz",
@ -48,16 +45,13 @@
"username": "" "username": ""
}, },
"verification": null, "verification": null,
"timestamp": "2024-10-18T19:41:56-04:00", "timestamp": "2024-09-29T00:19:22-04:00",
"added": [], "added": [
".webhook_bridge/pipeline-build.yaml"
],
"removed": [], "removed": [],
"modified": [ "modified": [
".webhook_bridge/pipeline-build-semver.yaml", ".webhook_bridge/webhook_bridge.toml"
".webhook_bridge/pipeline-format.yaml",
".webhook_bridge/pipeline-rust-clippy.yaml",
".webhook_bridge/pipeline-rust-test.yaml",
".webhook_bridge/pipeline-semver.yaml",
"src/hook_push.rs"
] ]
}, },
"repository": { "repository": {
@ -66,11 +60,9 @@
"id": 1, "id": 1,
"login": "talexander", "login": "talexander",
"login_name": "", "login_name": "",
"source_id": 0,
"full_name": "", "full_name": "",
"email": "gitea@local.domain", "email": "gitea@local.domain",
"avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289", "avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
"html_url": "https://code.fizz.buzz/talexander",
"language": "", "language": "",
"is_admin": false, "is_admin": false,
"last_login": "0001-01-01T00:00:00Z", "last_login": "0001-01-01T00:00:00Z",
@ -96,7 +88,7 @@
"template": false, "template": false,
"parent": null, "parent": null,
"mirror": false, "mirror": false,
"size": 151, "size": 343,
"language": "", "language": "",
"languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages", "languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages",
"html_url": "https://code.fizz.buzz/talexander/webhook_bridge", "html_url": "https://code.fizz.buzz/talexander/webhook_bridge",
@ -115,7 +107,7 @@
"default_branch": "main", "default_branch": "main",
"archived": false, "archived": false,
"created_at": "2024-07-14T18:48:52Z", "created_at": "2024-07-14T18:48:52Z",
"updated_at": "2024-09-30T04:41:20Z", "updated_at": "2024-09-29T04:14:47Z",
"archived_at": "1970-01-01T00:00:00Z", "archived_at": "1970-01-01T00:00:00Z",
"permissions": { "permissions": {
"admin": true, "admin": true,
@ -128,19 +120,17 @@
"allow_only_contributors_to_track_time": true, "allow_only_contributors_to_track_time": true,
"enable_issue_dependencies": true "enable_issue_dependencies": true
}, },
"has_wiki": false, "has_wiki": true,
"has_pull_requests": true, "has_pull_requests": true,
"has_projects": false, "has_projects": true,
"projects_mode": "all",
"has_releases": true, "has_releases": true,
"has_packages": false, "has_packages": true,
"has_actions": false, "has_actions": false,
"ignore_whitespace_conflicts": false, "ignore_whitespace_conflicts": false,
"allow_merge_commits": true, "allow_merge_commits": true,
"allow_rebase": true, "allow_rebase": true,
"allow_rebase_explicit": true, "allow_rebase_explicit": true,
"allow_squash_merge": true, "allow_squash_merge": true,
"allow_fast_forward_only_merge": false,
"allow_rebase_update": true, "allow_rebase_update": true,
"default_delete_branch_after_merge": false, "default_delete_branch_after_merge": false,
"default_merge_style": "merge", "default_merge_style": "merge",
@ -148,7 +138,6 @@
"avatar_url": "", "avatar_url": "",
"internal": false, "internal": false,
"mirror_interval": "", "mirror_interval": "",
"object_format_name": "sha1",
"mirror_updated": "0001-01-01T00:00:00Z", "mirror_updated": "0001-01-01T00:00:00Z",
"repo_transfer": null "repo_transfer": null
}, },
@ -156,11 +145,9 @@
"id": 1, "id": 1,
"login": "talexander", "login": "talexander",
"login_name": "", "login_name": "",
"source_id": 0,
"full_name": "", "full_name": "",
"email": "talexander@noreply.code.fizz.buzz", "email": "talexander@noreply.code.fizz.buzz",
"avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289", "avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
"html_url": "https://code.fizz.buzz/talexander",
"language": "", "language": "",
"is_admin": false, "is_admin": false,
"last_login": "0001-01-01T00:00:00Z", "last_login": "0001-01-01T00:00:00Z",
@ -181,11 +168,9 @@
"id": 1, "id": 1,
"login": "talexander", "login": "talexander",
"login_name": "", "login_name": "",
"source_id": 0,
"full_name": "", "full_name": "",
"email": "talexander@noreply.code.fizz.buzz", "email": "talexander@noreply.code.fizz.buzz",
"avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289", "avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
"html_url": "https://code.fizz.buzz/talexander",
"language": "", "language": "",
"is_admin": false, "is_admin": false,
"last_login": "0001-01-01T00:00:00Z", "last_login": "0001-01-01T00:00:00Z",

2
run.bash
View File

@ -4,4 +4,4 @@ set -euo pipefail
IFS=$'\n\t' IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
RUST_LOG=webhook_bridge=DEBUG WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" WEBHOOK_BRIDGE_HMAC_SECRET=$(cat /bridge/git/mrmanager/k8s/webhook_bridge/secrets/webhook-bridge/webhook-bridge/HMAC_TOKEN) WEBHOOK_BRIDGE_OAUTH_TOKEN=$(cat /bridge/git/mrmanager/k8s/webhook_bridge/secrets/webhook-bridge/webhook-bridge/OAUTH_TOKEN) WEBHOOK_BRIDGE_REPO_WHITELIST="talexander/webhook_bridge,talexander/homepage,talexander/natter,talexander/poudboot,talexander/ta_waybar_pipewire,talexander/organic" cargo run RUST_LOG=webhook_bridge=DEBUG WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" WEBHOOK_BRIDGE_HMAC_SECRET=$(cat /bridge/git/mrmanager/k8s/webhook-bridge/secrets/webhook-bridge/webhook-bridge/HMAC_TOKEN) WEBHOOK_BRIDGE_OAUTH_TOKEN=$(cat /bridge/git/mrmanager/k8s/webhook-bridge/secrets/webhook-bridge/webhook-bridge/OAUTH_TOKEN) cargo run

4
rust-toolchain.toml
View File

@ -1,4 +0,0 @@
[toolchain]
channel = "nightly"
profile = "default"
components = ["clippy", "rustfmt"]

14
rustfmt.toml
View File

@ -1,14 +0,0 @@
imports_granularity = "Item"
group_imports = "StdExternalCrate"
# In rustfmt 2.0 I will want to adjust these settings.
#
# max_width controls the max length of a line before rustfmt gives up
# but that also scales the length of a bunch of other lines
# automaticaly due to width_heuristics. I want to find a way to enable
# rustfmt to work on longer lines when necessary without making my
# regular code too wide.
#
# max_width = 100
# error_on_line_overflow = true
# width_heuristics = "Off"

7
src/app_state.rs
View File

@ -1,7 +0,0 @@
use std::collections::HashSet;
use std::sync::Arc;
#[derive(Clone)]
pub(crate) struct AppState {
pub(crate) allowed_repos: Arc<HashSet<String>>,
}

12
src/bin_local_trigger.rs
View File

@ -1,12 +0,0 @@
#![forbid(unsafe_code)]
use webhookbridge::init_tracing;
use webhookbridge::local_trigger;
const EXAMPLE_WEBHOOK_PAYLOAD: &str = include_str!("../local_payload.json");
#[tokio::main]
#[allow(clippy::needless_return)]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
init_tracing().await?;
local_trigger(EXAMPLE_WEBHOOK_PAYLOAD).await
}

16
src/crd_pipeline_run.rs
View File

@ -17,22 +17,14 @@ use serde_json::Value;
#[serde(deny_unknown_fields)] #[serde(deny_unknown_fields)]
pub(crate) struct PipelineRunSpec { pub(crate) struct PipelineRunSpec {
/// Contents of the Pipeline /// Contents of the Pipeline
#[serde( #[serde(default, skip_serializing_if = "Option::is_none")]
rename = "pipelineSpec", pub(crate) pipelineSpec: Option<Value>,
default,
skip_serializing_if = "Option::is_none"
)]
pub(crate) pipeline_spec: Option<Value>,
#[serde(default, skip_serializing_if = "Option::is_none")] #[serde(default, skip_serializing_if = "Option::is_none")]
pub(crate) timeouts: Option<Value>, pub(crate) timeouts: Option<Value>,
#[serde( #[serde(default, skip_serializing_if = "Option::is_none")]
rename = "taskRunTemplate", pub(crate) taskRunTemplate: Option<Value>,
default,
skip_serializing_if = "Option::is_none"
)]
pub(crate) task_run_template: Option<Value>,
#[serde(default, skip_serializing_if = "Option::is_none")] #[serde(default, skip_serializing_if = "Option::is_none")]
pub(crate) workspaces: Option<Value>, pub(crate) workspaces: Option<Value>,

12
src/discovery.rs
View File

@ -1,13 +1,13 @@
use std::path::Path; use std::path::Path;
use std::path::PathBuf; use std::path::PathBuf;
use regex::Regex;
use tracing::debug;
use crate::crd_pipeline_run::PipelineRun; use crate::crd_pipeline_run::PipelineRun;
use crate::gitea_client::GiteaClient; use crate::gitea_client::GiteaClient;
use crate::gitea_client::Tree; use crate::gitea_client::Tree;
use crate::gitea_client::TreeFileReference;
use crate::remote_config::RemoteConfig; use crate::remote_config::RemoteConfig;
use regex::Regex;
use tracing::debug;
pub(crate) async fn discover_webhook_bridge_config( pub(crate) async fn discover_webhook_bridge_config(
gitea: &GiteaClient, gitea: &GiteaClient,
@ -16,7 +16,8 @@ pub(crate) async fn discover_webhook_bridge_config(
let remote_config_reference = repo_tree let remote_config_reference = repo_tree
.files .files
.iter() .iter()
.find(|file_reference| file_reference.path == ".webhook_bridge/webhook_bridge.toml") .filter(|file_reference| file_reference.path == ".webhook_bridge/webhook_bridge.toml")
.next()
.ok_or("File not found in remote repo: .webhook_bridge/webhook_bridge.toml.")?; .ok_or("File not found in remote repo: .webhook_bridge/webhook_bridge.toml.")?;
let remote_config_contents = let remote_config_contents =
@ -46,7 +47,8 @@ pub(crate) async fn discover_matching_push_triggers<RE: AsRef<str>>(
let pipeline_template = repo_tree let pipeline_template = repo_tree
.files .files
.iter() .iter()
.find(|file_reference| Path::new(&file_reference.path) == path_to_source.as_path()) .filter(|file_reference| Path::new(&file_reference.path) == path_to_source.as_path())
.next()
.ok_or("Trigger source not found in remote repo.")?; .ok_or("Trigger source not found in remote repo.")?;
let pipeline_contents = String::from_utf8(gitea.read_file(pipeline_template).await?)?; let pipeline_contents = String::from_utf8(gitea.read_file(pipeline_template).await?)?;
debug!("Pipeline template contents: {}", pipeline_contents); debug!("Pipeline template contents: {}", pipeline_contents);

2
src/gitea_client/error.rs
View File

@ -2,9 +2,7 @@ use std::error::Error;
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub(crate) enum GiteaClientError { pub(crate) enum GiteaClientError {
#[allow(dead_code)]
Static(#[allow(dead_code)] &'static str), Static(#[allow(dead_code)] &'static str),
#[allow(dead_code)]
String(#[allow(dead_code)] String), String(#[allow(dead_code)] String),
NoTotalCountHeaderInResponse, NoTotalCountHeaderInResponse,
} }

26
src/gitea_client/mod.rs
View File

@ -1,5 +1,4 @@
use base64::engine::general_purpose; use base64::{engine::general_purpose, Engine as _};
use base64::Engine as _;
use serde::Deserialize; use serde::Deserialize;
use tracing::debug; use tracing::debug;
@ -38,7 +37,7 @@ impl GiteaClient {
owner = owner.as_ref(), owner = owner.as_ref(),
repo = repo.as_ref(), repo = repo.as_ref(),
commit = commit.as_ref(), commit = commit.as_ref(),
page = page.map(|num| format!("&page={}", num)).unwrap_or_default() page = page.map(|num| format!("&page={}", num)).unwrap_or_else(|| String::new())
); );
let response = self let response = self
.http_client .http_client
@ -100,18 +99,11 @@ impl GiteaClient {
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)] #[serde(deny_unknown_fields)]
struct ResponseGetTree { struct ResponseGetTree {
#[allow(dead_code)]
sha: String, sha: String,
#[allow(dead_code)]
url: String, url: String,
tree: Vec<ResponseObjectReference>, tree: Vec<ResponseObjectReference>,
#[allow(dead_code)]
truncated: bool, truncated: bool,
page: u64, page: u64,
#[allow(dead_code)]
total_count: u64, total_count: u64,
} }
@ -119,18 +111,10 @@ struct ResponseGetTree {
#[serde(deny_unknown_fields)] #[serde(deny_unknown_fields)]
struct ResponseObjectReference { struct ResponseObjectReference {
path: String, path: String,
#[allow(dead_code)]
mode: String, mode: String,
#[allow(dead_code)]
#[serde(rename = "type")] #[serde(rename = "type")]
object_type: String, object_type: String,
#[allow(dead_code)]
size: u64, size: u64,
#[allow(dead_code)]
sha: String, sha: String,
url: String, url: String,
} }
@ -166,13 +150,7 @@ impl TreeFileReference {
struct ResponseReadFile { struct ResponseReadFile {
content: String, content: String,
encoding: String, encoding: String,
#[allow(dead_code)]
url: String, url: String,
#[allow(dead_code)]
sha: String, sha: String,
#[allow(dead_code)]
size: u64, size: u64,
} }

12
src/hook_push.rs
View File

@ -16,7 +16,7 @@ pub(crate) struct HookPush {
commits: Vec<HookCommit>, commits: Vec<HookCommit>,
total_commits: u64, total_commits: u64,
head_commit: HookCommit, head_commit: HookCommit,
pub(crate) repository: HookRepository, repository: HookRepository,
pusher: HookUser, pusher: HookUser,
sender: HookUser, sender: HookUser,
} }
@ -28,12 +28,9 @@ pub(crate) struct HookUser {
id: u64, id: u64,
login: String, login: String,
login_name: String, login_name: String,
#[serde(default, skip_serializing_if = "Option::is_none")]
source_id: Option<u64>,
full_name: String, full_name: String,
email: String, email: String,
avatar_url: String, avatar_url: String,
html_url: String,
language: String, language: String,
is_admin: bool, is_admin: bool,
last_login: String, // TODO: parse to datetime last_login: String, // TODO: parse to datetime
@ -58,7 +55,7 @@ pub(crate) struct HookRepository {
id: u64, id: u64,
owner: HookUser, owner: HookUser,
name: String, name: String,
pub(crate) full_name: String, full_name: String,
description: String, description: String,
empty: bool, empty: bool,
private: bool, private: bool,
@ -93,7 +90,6 @@ pub(crate) struct HookRepository {
has_wiki: bool, has_wiki: bool,
has_pull_requests: bool, has_pull_requests: bool,
has_projects: bool, has_projects: bool,
projects_mode: String,
has_releases: bool, has_releases: bool,
has_packages: bool, has_packages: bool,
has_actions: bool, has_actions: bool,
@ -102,7 +98,6 @@ pub(crate) struct HookRepository {
allow_rebase: bool, allow_rebase: bool,
allow_rebase_explicit: bool, allow_rebase_explicit: bool,
allow_squash_merge: bool, allow_squash_merge: bool,
allow_fast_forward_only_merge: bool,
allow_rebase_update: bool, allow_rebase_update: bool,
default_delete_branch_after_merge: bool, default_delete_branch_after_merge: bool,
default_merge_style: String, default_merge_style: String,
@ -110,11 +105,8 @@ pub(crate) struct HookRepository {
avatar_url: String, avatar_url: String,
internal: bool, internal: bool,
mirror_interval: String, mirror_interval: String,
object_format_name: String,
mirror_updated: String, // TODO: parse to datetime mirror_updated: String, // TODO: parse to datetime
repo_transfer: Value, // Was null in test hook repo_transfer: Value, // Was null in test hook
topics: Value, // Was null in test hook
licenses: Value, // Was null in test hook
} }
#[allow(dead_code)] #[allow(dead_code)]

2
src/kubernetes.rs
View File

@ -55,7 +55,7 @@ pub(crate) async fn run_pipelines(
name: Some("REPO_URL".to_owned()), name: Some("REPO_URL".to_owned()),
value: pipeline value: pipeline
.clone_uri .clone_uri
.map(serde_json::Value::String) .map(|uri| serde_json::Value::String(uri))
.or_else(|| Some(serde_json::Value::String(hook_repo_url.into_owned()))), .or_else(|| Some(serde_json::Value::String(hook_repo_url.into_owned()))),
}); });
param_list.push(PipelineParam { param_list.push(PipelineParam {

136
src/lib.rs
View File

@ -1,136 +0,0 @@
#![forbid(unsafe_code)]
use std::collections::HashSet;
use std::sync::Arc;
use std::time::Duration;
use axum::http::StatusCode;
use axum::middleware;
use axum::routing::get;
use axum::routing::post;
use axum::Json;
use axum::Router;
use kube::Client;
use serde::Serialize;
use tokio::signal;
use tower_http::timeout::TimeoutLayer;
use tower_http::trace::TraceLayer;
use tracing_subscriber::layer::SubscriberExt;
use tracing_subscriber::util::SubscriberInitExt;
use self::app_state::AppState;
use self::gitea_client::GiteaClient;
use self::hook_push::HookPush;
use self::webhook::handle_push;
use self::webhook::hook;
use self::webhook::verify_signature;
mod app_state;
mod crd_pipeline_run;
mod discovery;
mod gitea_client;
mod hook_push;
mod kubernetes;
mod remote_config;
mod webhook;
pub async fn init_tracing() -> Result<(), Box<dyn std::error::Error>> {
tracing_subscriber::registry()
.with(
tracing_subscriber::EnvFilter::try_from_default_env().unwrap_or_else(|_| {
"webhookbridge=info,webhook_bridge=info,local_trigger=info,tower_http=debug,axum::rejection=trace"
.into()
}),
)
.with(tracing_subscriber::fmt::layer())
.init();
Ok(())
}
pub async fn launch_server() -> Result<(), Box<dyn std::error::Error>> {
let allowed_repos = std::env::var("WEBHOOK_BRIDGE_REPO_WHITELIST")?;
let allowed_repos: HashSet<_> = allowed_repos
.split(",")
.filter(|s| !s.is_empty())
.map(str::to_owned)
.collect();
tracing::debug!("Using repo whitelist: {:?}", allowed_repos);
let app = Router::new()
.route("/hook", post(hook))
.layer(middleware::from_fn(verify_signature))
.route("/health", get(health))
.layer((
TraceLayer::new_for_http(),
// Add a timeout layer so graceful shutdown can't wait forever.
TimeoutLayer::new(Duration::from_secs(600)),
))
.with_state(AppState {
allowed_repos: Arc::new(allowed_repos),
});
let listener = tokio::net::TcpListener::bind("0.0.0.0:9988").await?;
tracing::info!("listening on {}", listener.local_addr().unwrap());
axum::serve(listener, app)
.with_graceful_shutdown(shutdown_signal())
.await?;
Ok(())
}
pub async fn local_trigger(payload: &str) -> Result<(), Box<dyn std::error::Error>> {
let kubernetes_client: Client = Client::try_default()
.await
.expect("Set KUBECONFIG to a valid kubernetes config.");
let gitea_api_root = std::env::var("WEBHOOK_BRIDGE_API_ROOT")?;
let gitea_api_token = std::env::var("WEBHOOK_BRIDGE_OAUTH_TOKEN")?;
let gitea = GiteaClient::new(gitea_api_root, gitea_api_token);
let allowed_repos = std::env::var("WEBHOOK_BRIDGE_REPO_WHITELIST")
.ok()
.unwrap_or_default();
let allowed_repos: HashSet<_> = allowed_repos
.split(",")
.filter(|s| !s.is_empty())
.map(str::to_owned)
.collect();
tracing::debug!("Using repo whitelist: {:?}", allowed_repos);
let webhook_payload: HookPush = serde_json::from_str(payload)?;
handle_push(gitea, kubernetes_client, &allowed_repos, webhook_payload).await?;
Ok(())
}
async fn shutdown_signal() {
let ctrl_c = async {
signal::ctrl_c()
.await
.expect("failed to install Ctrl+C handler");
};
#[cfg(unix)]
let terminate = async {
signal::unix::signal(signal::unix::SignalKind::terminate())
.expect("failed to install signal handler")
.recv()
.await;
};
#[cfg(not(unix))]
let terminate = std::future::pending::<()>();
tokio::select! {
_ = ctrl_c => {},
_ = terminate => {},
}
}
async fn health() -> (StatusCode, Json<HealthResponse>) {
(StatusCode::OK, Json(HealthResponse { ok: true }))
}
#[derive(Serialize)]
struct HealthResponse {
ok: bool,
}

134
src/main.rs
View File

@ -1,10 +1,136 @@
#![forbid(unsafe_code)] #![forbid(unsafe_code)]
use webhookbridge::init_tracing; use std::time::Duration;
use webhookbridge::launch_server;
use axum::http::StatusCode;
use axum::middleware;
use axum::routing::get;
use axum::routing::post;
use axum::Json;
use axum::Router;
use kube::Client;
use serde::Serialize;
use tokio::signal;
use tower_http::timeout::TimeoutLayer;
use tower_http::trace::TraceLayer;
use tracing_subscriber::layer::SubscriberExt;
use tracing_subscriber::util::SubscriberInitExt;
use self::discovery::discover_matching_push_triggers;
use self::discovery::discover_webhook_bridge_config;
use self::gitea_client::GiteaClient;
use self::hook_push::HookPush;
use self::hook_push::PipelineParamters;
use self::kubernetes::run_pipelines;
use self::webhook::handle_push;
use self::webhook::hook;
use self::webhook::verify_signature;
mod crd_pipeline_run;
mod discovery;
mod gitea_client;
mod hook_push;
mod kubernetes;
mod remote_config;
mod webhook;
const EXAMPLE_WEBHOOK_PAYLOAD: &'static str = include_str!("../example_tag_webhook_payload.json");
#[tokio::main] #[tokio::main]
#[allow(clippy::needless_return)]
async fn main() -> Result<(), Box<dyn std::error::Error>> { async fn main() -> Result<(), Box<dyn std::error::Error>> {
init_tracing().await?; tracing_subscriber::registry()
.with(
tracing_subscriber::EnvFilter::try_from_default_env().unwrap_or_else(|_| {
"webhook_bridge=info,tower_http=debug,axum::rejection=trace".into()
}),
)
.with(tracing_subscriber::fmt::layer())
.init();
launch_server().await launch_server().await
} }
async fn launch_server() -> Result<(), Box<dyn std::error::Error>> {
let kubernetes_client: Client = Client::try_default()
.await
.expect("Set KUBECONFIG to a valid kubernetes config.");
let gitea_api_root = std::env::var("WEBHOOK_BRIDGE_API_ROOT")?;
let gitea_api_token = std::env::var("WEBHOOK_BRIDGE_OAUTH_TOKEN")?;
let gitea = GiteaClient::new(gitea_api_root, gitea_api_token);
let app = Router::new()
.route("/hook", post(hook))
.layer(middleware::from_fn(verify_signature))
.route("/health", get(health))
.layer((
TraceLayer::new_for_http(),
// Add a timeout layer so graceful shutdown can't wait forever.
TimeoutLayer::new(Duration::from_secs(600)),
))
.with_state(AppState {
kubernetes_client,
gitea,
});
let listener = tokio::net::TcpListener::bind("0.0.0.0:9988").await?;
tracing::info!("listening on {}", listener.local_addr().unwrap());
axum::serve(listener, app)
.with_graceful_shutdown(shutdown_signal())
.await?;
Ok(())
}
async fn local_trigger() -> Result<(), Box<dyn std::error::Error>> {
let kubernetes_client: Client = Client::try_default()
.await
.expect("Set KUBECONFIG to a valid kubernetes config.");
let gitea_api_root = std::env::var("WEBHOOK_BRIDGE_API_ROOT")?;
let gitea_api_token = std::env::var("WEBHOOK_BRIDGE_OAUTH_TOKEN")?;
let gitea = GiteaClient::new(gitea_api_root, gitea_api_token);
let webhook_payload: HookPush = serde_json::from_str(EXAMPLE_WEBHOOK_PAYLOAD)?;
handle_push(gitea, kubernetes_client, webhook_payload).await?;
Ok(())
}
#[derive(Clone)]
struct AppState {
kubernetes_client: Client,
gitea: GiteaClient,
}
async fn shutdown_signal() {
let ctrl_c = async {
signal::ctrl_c()
.await
.expect("failed to install Ctrl+C handler");
};
#[cfg(unix)]
let terminate = async {
signal::unix::signal(signal::unix::SignalKind::terminate())
.expect("failed to install signal handler")
.recv()
.await;
};
#[cfg(not(unix))]
let terminate = std::future::pending::<()>();
tokio::select! {
_ = ctrl_c => {},
_ = terminate => {},
}
}
async fn health() -> (StatusCode, Json<HealthResponse>) {
(StatusCode::OK, Json(HealthResponse { ok: true }))
}
#[derive(Serialize)]
struct HealthResponse {
ok: bool,
}

65
src/webhook.rs
View File

@ -1,6 +1,5 @@
use std::borrow::Borrow;
use std::collections::HashSet;
use std::future::Future; use std::future::Future;
use std::sync::Arc;
use axum::async_trait; use axum::async_trait;
use axum::body::Body; use axum::body::Body;
@ -15,8 +14,7 @@ use axum::response::IntoResponse;
use axum::response::Response; use axum::response::Response;
use axum::Json; use axum::Json;
use axum::RequestExt; use axum::RequestExt;
use base64::engine::general_purpose; use base64::{engine::general_purpose, Engine as _};
use base64::Engine as _;
use hmac::Hmac; use hmac::Hmac;
use hmac::Mac; use hmac::Mac;
use http_body_util::BodyExt; use http_body_util::BodyExt;
@ -24,13 +22,13 @@ use serde::Serialize;
use sha2::Sha256; use sha2::Sha256;
use tracing::debug; use tracing::debug;
use crate::app_state::AppState;
use crate::discovery::discover_matching_push_triggers; use crate::discovery::discover_matching_push_triggers;
use crate::discovery::discover_webhook_bridge_config; use crate::discovery::discover_webhook_bridge_config;
use crate::gitea_client::GiteaClient; use crate::gitea_client::GiteaClient;
use crate::hook_push::HookPush; use crate::hook_push::HookPush;
use crate::hook_push::PipelineParamters; use crate::hook_push::PipelineParamters;
use crate::kubernetes::run_pipelines; use crate::kubernetes::run_pipelines;
use crate::AppState;
type HmacSha256 = Hmac<Sha256>; type HmacSha256 = Hmac<Sha256>;
@ -42,54 +40,19 @@ pub(crate) async fn hook(
debug!("REQ: {:?}", payload); debug!("REQ: {:?}", payload);
match payload { match payload {
HookRequest::Push(webhook_payload) => { HookRequest::Push(webhook_payload) => {
let kubernetes_client: kube::Client = kube::Client::try_default() handle_push(state.gitea, state.kubernetes_client, webhook_payload)
.await .await
.expect("Set KUBECONFIG to a valid kubernetes config."); .expect("Failed to handle push event.");
(
let gitea_api_root = std::env::var("WEBHOOK_BRIDGE_API_ROOT");
let gitea_api_token = std::env::var("WEBHOOK_BRIDGE_OAUTH_TOKEN");
let (gitea_api_root, gitea_api_token) = match (gitea_api_root, gitea_api_token) {
(Ok(r), Ok(t)) => (r, t),
_ => {
return (
StatusCode::OK, StatusCode::OK,
Json(HookResponse { Json(HookResponse {
ok: true, ok: true,
message: None, message: None,
}), }),
);
}
};
let gitea = GiteaClient::new(gitea_api_root, gitea_api_token);
let push_result = handle_push(
gitea,
kubernetes_client,
state.allowed_repos.borrow(),
webhook_payload,
) )
.await;
match push_result {
Ok(_) => (
StatusCode::OK,
Json(HookResponse {
ok: true,
message: None,
}),
),
Err(_) => (
// StatusCode::INTERNAL_SERVER_ERROR,
StatusCode::OK,
Json(HookResponse {
ok: false,
message: Some("Failed to handle push event.".to_string()),
}),
),
}
} }
HookRequest::Unrecognized(payload) => ( HookRequest::Unrecognized(payload) => (
// StatusCode::BAD_REQUEST, StatusCode::BAD_REQUEST,
StatusCode::OK,
Json(HookResponse { Json(HookResponse {
ok: false, ok: false,
message: Some(format!("unrecognized event type: {payload}")), message: Some(format!("unrecognized event type: {payload}")),
@ -176,9 +139,9 @@ where
} }
async fn check_hash(body: Bytes, secret: String, signature: Vec<u8>) -> Result<Bytes, Response> { async fn check_hash(body: Bytes, secret: String, signature: Vec<u8>) -> Result<Bytes, Response> {
tracing::debug!("Checking signature {:02x?}", signature.as_slice()); tracing::info!("Checking signature {:02x?}", signature.as_slice());
// tracing::info!("Using secret {:?}", secret); tracing::info!("Using secret {:?}", secret);
tracing::debug!("and body {}", general_purpose::STANDARD.encode(&body)); tracing::info!("and body {}", general_purpose::STANDARD.encode(&body));
let mut mac = HmacSha256::new_from_slice(secret.as_bytes()) let mut mac = HmacSha256::new_from_slice(secret.as_bytes())
.map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response())?; .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response())?;
mac.update(&body); mac.update(&body);
@ -204,19 +167,11 @@ fn hex_to_bytes(s: &str) -> Option<Vec<u8>> {
pub(crate) async fn handle_push( pub(crate) async fn handle_push(
gitea: GiteaClient, gitea: GiteaClient,
kubernetes_client: kube::Client, kubernetes_client: kube::Client,
allowed_repos: &HashSet<String>,
webhook_payload: HookPush, webhook_payload: HookPush,
) -> Result<(), Box<dyn std::error::Error>> { ) -> Result<(), Box<dyn std::error::Error>> {
let repo_owner = webhook_payload.get_repo_owner()?; let repo_owner = webhook_payload.get_repo_owner()?;
let repo_name = webhook_payload.get_repo_name()?; let repo_name = webhook_payload.get_repo_name()?;
let pull_base_sha = webhook_payload.get_pull_base_sha()?; let pull_base_sha = webhook_payload.get_pull_base_sha()?;
if !allowed_repos.contains(&webhook_payload.repository.full_name) {
tracing::info!(
"{} is not an allowed repository.",
webhook_payload.repository.full_name
);
return Ok(());
}
let repo_tree = gitea.get_tree(repo_owner, repo_name, pull_base_sha).await?; let repo_tree = gitea.get_tree(repo_owner, repo_name, pull_base_sha).await?;
let remote_config = discover_webhook_bridge_config(&gitea, &repo_tree).await?; let remote_config = discover_webhook_bridge_config(&gitea, &repo_tree).await?;
let pipelines = discover_matching_push_triggers( let pipelines = discover_matching_push_triggers(