Add more new fields for webhook payload.

Add source_id to HookUser.
This must be a new field that gitea added in an update.
2024-10-18 20:27:57 -04:00 · 2024-10-18 19:41:56 -04:00 · 2024-09-30 00:38:32 -04:00 · 2024-09-30 00:29:07 -04:00 · 2024-09-30 00:03:10 -04:00 · 2024-09-29 23:23:22 -04:00
23 changed files with 401 additions and 402 deletions
--- a/.webhook_bridge/pipeline-build-semver.yaml
+++ b/.webhook_bridge/pipeline-build-semver.yaml
@@ -14,6 +14,9 @@ spec:
      - name: image-name
        description: The name for the built image
        type: string
+      - name: target-name
+        description: The dockerfile target to build
+        type: string
      - name: path-to-image-context
        description: The path to the build context
        type: string
@@ -58,13 +61,11 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
-        runAfter:
-          - fetch-repository
        params:
          - name: CONTEXT
            value: "$(params.JOB_NAME)"
@@ -85,7 +86,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -105,11 +106,11 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
-              value: task/kaniko/0.6//kaniko.yaml
+              value: task/kaniko/0.6/kaniko.yaml
        params:
          - name: IMAGE
            value: "$(params.image-name):$(tasks.detect-tag.results.tag)"
@@ -122,6 +123,7 @@ spec:
          - name: EXTRA_ARGS
            value:
              - "--destination=$(params.image-name)" # Also write the :latest image
+              - "--target=$(params.target-name)"
              - --cache=true
              - --cache-copy-layers
              - --cache-repo=harbor.fizz.buzz/kanikocache/cache
@@ -135,8 +137,6 @@ spec:
            workspace: git-source
          - name: dockerconfig
            workspace: docker-credentials
-        runAfter:
-          - detect-tag
    finally:
      - name: report-success
        when:
@@ -147,7 +147,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -176,7 +176,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -216,6 +216,8 @@ spec:
  params:
    - name: image-name
      value: "harbor.fizz.buzz/private/webhook-bridge"
+    - name: target-name
+      value: ""
    - name: path-to-image-context
      value: .
    - name: path-to-dockerfile
--- a/.webhook_bridge/pipeline-format.yaml
+++ b/.webhook_bridge/pipeline-format.yaml
@@ -14,6 +14,9 @@ spec:
      - name: image-name
        description: The name for the built image
        type: string
+      - name: target-name
+        description: The dockerfile target to build
+        type: string
      - name: path-to-image-context
        description: The path to the build context
        type: string
@@ -26,13 +29,11 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
-        runAfter:
-          - fetch-repository
        params:
          - name: CONTEXT
            value: "$(params.JOB_NAME)"
@@ -53,7 +54,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -73,7 +74,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -89,6 +90,7 @@ spec:
            value: "gcr.io/kaniko-project/executor:v1.12.1"
          - name: EXTRA_ARGS
            value:
+              - "--target=$(params.target-name)"
              - --cache=true
              - --cache-copy-layers
              - --cache-repo=harbor.fizz.buzz/kanikocache/cache
@@ -102,8 +104,6 @@ spec:
            workspace: git-source
          - name: dockerconfig
            workspace: docker-credentials
-        runAfter:
-          - fetch-repository
      - name: run-cargo-fmt
        taskSpec:
          metadata: {}
@@ -149,7 +149,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -185,7 +185,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -214,7 +214,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -292,7 +292,9 @@ spec:
        secretName: harbor-plain
  params:
    - name: image-name
-      value: "harbor.fizz.buzz/private/webhook-bridge-development"
+      value: "harbor.fizz.buzz/private/webhook-bridge-development-format"
+    - name: target-name
+      value: ""
    - name: path-to-image-context
      value: docker/webhook_bridge_development/
    - name: path-to-dockerfile
--- a/.webhook_bridge/pipeline-rust-clippy.yaml
+++ b/.webhook_bridge/pipeline-rust-clippy.yaml
@@ -14,6 +14,9 @@ spec:
      - name: image-name
        description: The name for the built image
        type: string
+      - name: target-name
+        description: The dockerfile target to build
+        type: string
      - name: path-to-image-context
        description: The path to the build context
        type: string
@@ -26,13 +29,11 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
-        runAfter:
-          - fetch-repository
        params:
          - name: CONTEXT
            value: "$(params.JOB_NAME)"
@@ -53,7 +54,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -73,7 +74,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -89,6 +90,7 @@ spec:
            value: "gcr.io/kaniko-project/executor:v1.12.1"
          - name: EXTRA_ARGS
            value:
+              - "--target=$(params.target-name)"
              - --cache=true
              - --cache-copy-layers
              - --cache-repo=harbor.fizz.buzz/kanikocache/cache
@@ -102,8 +104,6 @@ spec:
            workspace: git-source
          - name: dockerconfig
            workspace: docker-credentials
-        runAfter:
-          - fetch-repository
      - name: run-cargo-clippy
        taskSpec:
          metadata: {}
@@ -164,7 +164,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -193,7 +193,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -271,7 +271,9 @@ spec:
        secretName: harbor-plain
  params:
    - name: image-name
-      value: "harbor.fizz.buzz/private/webhook-bridge-development"
+      value: "harbor.fizz.buzz/private/webhook-bridge-development-clippy"
+    - name: target-name
+      value: ""
    - name: path-to-image-context
      value: docker/webhook_bridge_development/
    - name: path-to-dockerfile
--- a/.webhook_bridge/pipeline-rust-test.yaml
+++ b/.webhook_bridge/pipeline-rust-test.yaml
@@ -14,6 +14,9 @@ spec:
      - name: image-name
        description: The name for the built image
        type: string
+      - name: target-name
+        description: The dockerfile target to build
+        type: string
      - name: path-to-image-context
        description: The path to the build context
        type: string
@@ -26,13 +29,11 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
-        runAfter:
-          - fetch-repository
        params:
          - name: CONTEXT
            value: "$(params.JOB_NAME)"
@@ -53,7 +54,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -73,11 +74,11 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
-              value: task/kaniko/0.6//kaniko.yaml
+              value: task/kaniko/0.6/kaniko.yaml
        params:
          - name: IMAGE
            value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
@@ -89,6 +90,7 @@ spec:
            value: "gcr.io/kaniko-project/executor:v1.12.1"
          - name: EXTRA_ARGS
            value:
+              - "--target=$(params.target-name)"
              - --cache=true
              - --cache-copy-layers
              - --cache-repo=harbor.fizz.buzz/kanikocache/cache
@@ -102,8 +104,6 @@ spec:
            workspace: git-source
          - name: dockerconfig
            workspace: docker-credentials
-        runAfter:
-          - fetch-repository
      - name: run-cargo-test
        taskSpec:
          metadata: {}
@@ -154,7 +154,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -183,7 +183,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -261,7 +261,9 @@ spec:
        secretName: harbor-plain
  params:
    - name: image-name
-      value: "harbor.fizz.buzz/private/webhook-bridge-development"
+      value: "harbor.fizz.buzz/private/webhook-bridge-development-test"
+    - name: target-name
+      value: ""
    - name: path-to-image-context
      value: docker/webhook_bridge_development/
    - name: path-to-dockerfile
--- a/.webhook_bridge/pipeline-semver.yaml
+++ b/.webhook_bridge/pipeline-semver.yaml
@@ -26,7 +26,7 @@ spec:
    tasks:
      - name: calculate-tag
        runAfter:
-          - report-pending
+          - fetch-repository
        workspaces:
          - name: source
            workspace: git-source
@@ -72,13 +72,11 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
-        runAfter:
-          - fetch-repository
        params:
          - name: CONTEXT
            value: "$(params.JOB_NAME)"
@@ -99,7 +97,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -124,7 +122,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
@@ -153,7 +151,7 @@ spec:
          resolver: git
          params:
            - name: url
-              value: https://github.com/tektoncd/catalog.git
+              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
              value: df36b3853a5657fd883015cdbf07ad6466918acf
            - name: pathInRepo
--- a/.webhook_bridge/webhook_bridge.toml
+++ b/.webhook_bridge/webhook_bridge.toml
@@ -26,6 +26,6 @@ version = "0.0.1"

 [[push]]
  name = "build"
-  source = "pipeline-build.yaml"
+  source = "pipeline-build-semver.yaml"
  clone_uri = "git@code.fizz.buzz:talexander/webhook_bridge.git"
  branches = [ "^v[0-9]+\\.[0-9]+\\.[0-9]+$" ]
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -17,8 +17,26 @@ include = [
  "Cargo.lock"
 ]

+[lib]
+name = "webhookbridge"
+path = "src/lib.rs"
+
+[[bin]]
+  name = "webhook_bridge"
+  path = "src/main.rs"
+
+[[bin]]
+  # This bin exists for development purposes only. The real target of this crate is the webhook_bridge server binary.
+  name = "local_trigger"
+  path = "src/bin_local_trigger.rs"
+  required-features = ["local_trigger"]
+
+[features]
+default = ["local_trigger"]
+local_trigger = []
+
 [dependencies]
-axum = { version = "0.7.5", default-features = false, features = ["tokio", "http1", "http2", "json"] }
+axum = { version = "0.7.5", default-features = false, features = ["tokio", "http1", "json"] }
 base64 = "0.22.1"
 hmac = "0.12.1"
 http-body-util = "0.1.2"
--- a/1
+++ b/1
@@ -33,3 +33,4 @@ format: ## Auto-format source files.
 .PHONY: clean
 clean:
 > $(MAKE) -C docker/webhook_bridge_development clean
+> rm -rf target
--- a/docker/webhook_bridge/Dockerfile
+++ b/docker/webhook_bridge/Dockerfile
@@ -6,7 +6,7 @@ RUN mkdir /source
 WORKDIR /source
 COPY . .
 # TODO: Add static build, which currently errors due to proc_macro. RUSTFLAGS="-C target-feature=+crt-static"
-RUN CARGO_TARGET_DIR=/target cargo build --profile release-lto
+RUN CARGO_TARGET_DIR=/target cargo build --profile release-lto --bin webhook_bridge

 FROM alpine:3.20 AS runner

--- a/example_tag_webhook_payload.json
+++ b/example_tag_webhook_payload.json
@@ -1,165 +0,0 @@
-{
-  "ref": "refs/tags/v0.0.2",
-  "before": "0000000000000000000000000000000000000000",
-  "after": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
-  "compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/0000000000000000000000000000000000000000...84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
-  "commits": [],
-  "total_commits": 0,
-  "head_commit": {
-    "id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
-    "message": "Add a pipeline to build the server image.\n",
-    "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
-    "author": {
-      "name": "Tom Alexander",
-      "email": "tom@fizz.buzz",
-      "username": ""
-    },
-    "committer": {
-      "name": "Tom Alexander",
-      "email": "tom@fizz.buzz",
-      "username": ""
-    },
-    "verification": null,
-    "timestamp": "2024-09-29T00:19:22-04:00",
-    "added": [
-      ".webhook_bridge/pipeline-build.yaml"
-    ],
-    "removed": [],
-    "modified": [
-      ".webhook_bridge/webhook_bridge.toml"
-    ]
-  },
-  "repository": {
-    "id": 21,
-    "owner": {
-      "id": 1,
-      "login": "talexander",
-      "login_name": "",
-      "full_name": "",
-      "email": "gitea@local.domain",
-      "avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
-      "language": "",
-      "is_admin": false,
-      "last_login": "0001-01-01T00:00:00Z",
-      "created": "2023-07-05T22:03:28Z",
-      "restricted": false,
-      "active": false,
-      "prohibit_login": false,
-      "location": "",
-      "website": "",
-      "description": "",
-      "visibility": "public",
-      "followers_count": 0,
-      "following_count": 0,
-      "starred_repos_count": 0,
-      "username": "talexander"
-    },
-    "name": "webhook_bridge",
-    "full_name": "talexander/webhook_bridge",
-    "description": "A server that receives webhooks from gitea and fires off Tekton jobs in response.",
-    "empty": false,
-    "private": false,
-    "fork": false,
-    "template": false,
-    "parent": null,
-    "mirror": false,
-    "size": 346,
-    "language": "",
-    "languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages",
-    "html_url": "https://code.fizz.buzz/talexander/webhook_bridge",
-    "url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge",
-    "link": "",
-    "ssh_url": "git@code.fizz.buzz:talexander/webhook_bridge.git",
-    "clone_url": "https://code.fizz.buzz/talexander/webhook_bridge.git",
-    "original_url": "",
-    "website": "",
-    "stars_count": 0,
-    "forks_count": 0,
-    "watchers_count": 1,
-    "open_issues_count": 0,
-    "open_pr_counter": 0,
-    "release_counter": 0,
-    "default_branch": "main",
-    "archived": false,
-    "created_at": "2024-07-14T18:48:52Z",
-    "updated_at": "2024-09-29T04:25:36Z",
-    "archived_at": "1970-01-01T00:00:00Z",
-    "permissions": {
-      "admin": true,
-      "push": true,
-      "pull": true
-    },
-    "has_issues": true,
-    "internal_tracker": {
-      "enable_time_tracker": true,
-      "allow_only_contributors_to_track_time": true,
-      "enable_issue_dependencies": true
-    },
-    "has_wiki": true,
-    "has_pull_requests": true,
-    "has_projects": true,
-    "has_releases": true,
-    "has_packages": true,
-    "has_actions": false,
-    "ignore_whitespace_conflicts": false,
-    "allow_merge_commits": true,
-    "allow_rebase": true,
-    "allow_rebase_explicit": true,
-    "allow_squash_merge": true,
-    "allow_rebase_update": true,
-    "default_delete_branch_after_merge": false,
-    "default_merge_style": "merge",
-    "default_allow_maintainer_edit": false,
-    "avatar_url": "",
-    "internal": false,
-    "mirror_interval": "",
-    "mirror_updated": "0001-01-01T00:00:00Z",
-    "repo_transfer": null
-  },
-  "pusher": {
-    "id": 2,
-    "login": "build-bot",
-    "login_name": "",
-    "full_name": "",
-    "email": "build-bot@noreply.code.fizz.buzz",
-    "avatar_url": "https://secure.gravatar.com/avatar/e39ef2faba8a3dfb3dcb4d8275a532d4?d=identicon",
-    "language": "",
-    "is_admin": false,
-    "last_login": "0001-01-01T00:00:00Z",
-    "created": "2023-07-09T04:25:44Z",
-    "restricted": false,
-    "active": false,
-    "prohibit_login": false,
-    "location": "",
-    "website": "",
-    "description": "",
-    "visibility": "private",
-    "followers_count": 0,
-    "following_count": 0,
-    "starred_repos_count": 0,
-    "username": "build-bot"
-  },
-  "sender": {
-    "id": 2,
-    "login": "build-bot",
-    "login_name": "",
-    "full_name": "",
-    "email": "build-bot@noreply.code.fizz.buzz",
-    "avatar_url": "https://secure.gravatar.com/avatar/e39ef2faba8a3dfb3dcb4d8275a532d4?d=identicon",
-    "language": "",
-    "is_admin": false,
-    "last_login": "0001-01-01T00:00:00Z",
-    "created": "2023-07-09T04:25:44Z",
-    "restricted": false,
-    "active": false,
-    "prohibit_login": false,
-    "location": "",
-    "website": "",
-    "description": "",
-    "visibility": "private",
-    "followers_count": 0,
-    "following_count": 0,
-    "starred_repos_count": 0,
-    "username": "build-bot"
-  }
-}
--- a/example_webhook_payload.json
+++ b/example_webhook_payload.json
@@ -1,13 +1,13 @@
 {
  "ref": "refs/heads/main",
-  "before": "a2aca6d2f1c85b5d4bef1349230fdaef1683622d",
-  "after": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
-  "compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/a2aca6d2f1c85b5d4bef1349230fdaef1683622d...84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
+  "before": "f3b00c46ea57d5314063ad6fbfcaf9e38712cafe",
+  "after": "e991b259f2bdf3f24a2cba309a93d81f32ab7f50",
+  "compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/f3b00c46ea57d5314063ad6fbfcaf9e38712cafe...e991b259f2bdf3f24a2cba309a93d81f32ab7f50",
  "commits": [
    {
-      "id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
-      "message": "Add a pipeline to build the server image.\n",
-      "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
+      "id": "e991b259f2bdf3f24a2cba309a93d81f32ab7f50",
+      "message": "Add source_id to HookUser.\n\nThis must be a new field that gitea added in an update.\n",
+      "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/e991b259f2bdf3f24a2cba309a93d81f32ab7f50",
      "author": {
        "name": "Tom Alexander",
        "email": "tom@fizz.buzz",
@@ -19,21 +19,24 @@
        "username": ""
      },
      "verification": null,
-      "timestamp": "2024-09-29T00:19:22-04:00",
-      "added": [
-        ".webhook_bridge/pipeline-build.yaml"
-      ],
+      "timestamp": "2024-10-18T19:41:56-04:00",
+      "added": [],
      "removed": [],
      "modified": [
-        ".webhook_bridge/webhook_bridge.toml"
+        ".webhook_bridge/pipeline-build-semver.yaml",
+        ".webhook_bridge/pipeline-format.yaml",
+        ".webhook_bridge/pipeline-rust-clippy.yaml",
+        ".webhook_bridge/pipeline-rust-test.yaml",
+        ".webhook_bridge/pipeline-semver.yaml",
+        "src/hook_push.rs"
      ]
    }
  ],
  "total_commits": 1,
  "head_commit": {
-    "id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
-    "message": "Add a pipeline to build the server image.\n",
-    "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
+    "id": "e991b259f2bdf3f24a2cba309a93d81f32ab7f50",
+    "message": "Add source_id to HookUser.\n\nThis must be a new field that gitea added in an update.\n",
+    "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/e991b259f2bdf3f24a2cba309a93d81f32ab7f50",
    "author": {
      "name": "Tom Alexander",
      "email": "tom@fizz.buzz",
@@ -45,13 +48,16 @@
      "username": ""
    },
    "verification": null,
-    "timestamp": "2024-09-29T00:19:22-04:00",
-    "added": [
-      ".webhook_bridge/pipeline-build.yaml"
-    ],
+    "timestamp": "2024-10-18T19:41:56-04:00",
+    "added": [],
    "removed": [],
    "modified": [
-      ".webhook_bridge/webhook_bridge.toml"
+      ".webhook_bridge/pipeline-build-semver.yaml",
+      ".webhook_bridge/pipeline-format.yaml",
+      ".webhook_bridge/pipeline-rust-clippy.yaml",
+      ".webhook_bridge/pipeline-rust-test.yaml",
+      ".webhook_bridge/pipeline-semver.yaml",
+      "src/hook_push.rs"
    ]
  },
  "repository": {
@@ -60,9 +66,11 @@
      "id": 1,
      "login": "talexander",
      "login_name": "",
+      "source_id": 0,
      "full_name": "",
      "email": "gitea@local.domain",
      "avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
+      "html_url": "https://code.fizz.buzz/talexander",
      "language": "",
      "is_admin": false,
      "last_login": "0001-01-01T00:00:00Z",
@@ -88,7 +96,7 @@
    "template": false,
    "parent": null,
    "mirror": false,
-    "size": 343,
+    "size": 151,
    "language": "",
    "languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages",
    "html_url": "https://code.fizz.buzz/talexander/webhook_bridge",
@@ -107,7 +115,7 @@
    "default_branch": "main",
    "archived": false,
    "created_at": "2024-07-14T18:48:52Z",
-    "updated_at": "2024-09-29T04:14:47Z",
+    "updated_at": "2024-09-30T04:41:20Z",
    "archived_at": "1970-01-01T00:00:00Z",
    "permissions": {
      "admin": true,
@@ -120,17 +128,19 @@
      "allow_only_contributors_to_track_time": true,
      "enable_issue_dependencies": true
    },
-    "has_wiki": true,
+    "has_wiki": false,
    "has_pull_requests": true,
-    "has_projects": true,
+    "has_projects": false,
+    "projects_mode": "all",
    "has_releases": true,
-    "has_packages": true,
+    "has_packages": false,
    "has_actions": false,
    "ignore_whitespace_conflicts": false,
    "allow_merge_commits": true,
    "allow_rebase": true,
    "allow_rebase_explicit": true,
    "allow_squash_merge": true,
+    "allow_fast_forward_only_merge": false,
    "allow_rebase_update": true,
    "default_delete_branch_after_merge": false,
    "default_merge_style": "merge",
@@ -138,6 +148,7 @@
    "avatar_url": "",
    "internal": false,
    "mirror_interval": "",
+    "object_format_name": "sha1",
    "mirror_updated": "0001-01-01T00:00:00Z",
    "repo_transfer": null
  },
@@ -145,9 +156,11 @@
    "id": 1,
    "login": "talexander",
    "login_name": "",
+    "source_id": 0,
    "full_name": "",
    "email": "talexander@noreply.code.fizz.buzz",
    "avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
+    "html_url": "https://code.fizz.buzz/talexander",
    "language": "",
    "is_admin": false,
    "last_login": "0001-01-01T00:00:00Z",
@@ -168,9 +181,11 @@
    "id": 1,
    "login": "talexander",
    "login_name": "",
+    "source_id": 0,
    "full_name": "",
    "email": "talexander@noreply.code.fizz.buzz",
    "avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
+    "html_url": "https://code.fizz.buzz/talexander",
    "language": "",
    "is_admin": false,
    "last_login": "0001-01-01T00:00:00Z",
--- a/rustfmt.toml
+++ b/rustfmt.toml
@@ -0,0 +1,14 @@
+imports_granularity = "Item"
+group_imports = "StdExternalCrate"
+
+# In rustfmt 2.0 I will want to adjust these settings.
+#
+# max_width controls the max length of a line before rustfmt gives up
+# but that also scales the length of a bunch of other lines
+# automaticaly due to width_heuristics. I want to find a way to enable
+# rustfmt to work on longer lines when necessary without making my
+# regular code too wide.
+#
+# max_width = 100
+# error_on_line_overflow = true
+# width_heuristics = "Off"
--- a/src/app_state.rs
+++ b/src/app_state.rs
@@ -0,0 +1,7 @@
+use std::collections::HashSet;
+use std::sync::Arc;
+
+#[derive(Clone)]
+pub(crate) struct AppState {
+    pub(crate) allowed_repos: Arc<HashSet<String>>,
+}
--- a/src/bin_local_trigger.rs
+++ b/src/bin_local_trigger.rs
@@ -0,0 +1,12 @@
+#![forbid(unsafe_code)]
+use webhookbridge::init_tracing;
+use webhookbridge::local_trigger;
+
+const EXAMPLE_WEBHOOK_PAYLOAD: &str = include_str!("../local_payload.json");
+
+#[tokio::main]
+#[allow(clippy::needless_return)]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+    init_tracing().await?;
+    local_trigger(EXAMPLE_WEBHOOK_PAYLOAD).await
+}
--- a/src/crd_pipeline_run.rs
+++ b/src/crd_pipeline_run.rs
@@ -17,14 +17,22 @@ use serde_json::Value;
 #[serde(deny_unknown_fields)]
 pub(crate) struct PipelineRunSpec {
    /// Contents of the Pipeline
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub(crate) pipelineSpec: Option<Value>,
+    #[serde(
+        rename = "pipelineSpec",
+        default,
+        skip_serializing_if = "Option::is_none"
+    )]
+    pub(crate) pipeline_spec: Option<Value>,

    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub(crate) timeouts: Option<Value>,

-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub(crate) taskRunTemplate: Option<Value>,
+    #[serde(
+        rename = "taskRunTemplate",
+        default,
+        skip_serializing_if = "Option::is_none"
+    )]
+    pub(crate) task_run_template: Option<Value>,

    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub(crate) workspaces: Option<Value>,
--- a/src/discovery.rs
+++ b/src/discovery.rs
@@ -1,13 +1,13 @@
 use std::path::Path;
 use std::path::PathBuf;

+use regex::Regex;
+use tracing::debug;
+
 use crate::crd_pipeline_run::PipelineRun;
 use crate::gitea_client::GiteaClient;
 use crate::gitea_client::Tree;
-use crate::gitea_client::TreeFileReference;
 use crate::remote_config::RemoteConfig;
-use regex::Regex;
-use tracing::debug;

 pub(crate) async fn discover_webhook_bridge_config(
    gitea: &GiteaClient,
@@ -16,8 +16,7 @@ pub(crate) async fn discover_webhook_bridge_config(
    let remote_config_reference = repo_tree
        .files
        .iter()
-        .filter(|file_reference| file_reference.path == ".webhook_bridge/webhook_bridge.toml")
-        .next()
+        .find(|file_reference| file_reference.path == ".webhook_bridge/webhook_bridge.toml")
        .ok_or("File not found in remote repo: .webhook_bridge/webhook_bridge.toml.")?;

    let remote_config_contents =
@@ -47,8 +46,7 @@ pub(crate) async fn discover_matching_push_triggers<RE: AsRef<str>>(
        let pipeline_template = repo_tree
            .files
            .iter()
-            .filter(|file_reference| Path::new(&file_reference.path) == path_to_source.as_path())
-            .next()
+            .find(|file_reference| Path::new(&file_reference.path) == path_to_source.as_path())
            .ok_or("Trigger source not found in remote repo.")?;
        let pipeline_contents = String::from_utf8(gitea.read_file(pipeline_template).await?)?;
        debug!("Pipeline template contents: {}", pipeline_contents);
--- a/src/gitea_client/error.rs
+++ b/src/gitea_client/error.rs
@@ -2,7 +2,9 @@ use std::error::Error;

 #[derive(Debug, Clone)]
 pub(crate) enum GiteaClientError {
+    #[allow(dead_code)]
    Static(#[allow(dead_code)] &'static str),
+    #[allow(dead_code)]
    String(#[allow(dead_code)] String),
    NoTotalCountHeaderInResponse,
 }
--- a/src/gitea_client/mod.rs
+++ b/src/gitea_client/mod.rs
@@ -1,4 +1,5 @@
-use base64::{engine::general_purpose, Engine as _};
+use base64::engine::general_purpose;
+use base64::Engine as _;
 use serde::Deserialize;
 use tracing::debug;

@@ -37,7 +38,7 @@ impl GiteaClient {
                owner = owner.as_ref(),
                repo = repo.as_ref(),
                commit = commit.as_ref(),
-                page = page.map(|num| format!("&page={}", num)).unwrap_or_else(|| String::new())
+                page = page.map(|num| format!("&page={}", num)).unwrap_or_default()
            );
            let response = self
                .http_client
@@ -99,11 +100,18 @@ impl GiteaClient {
 #[derive(Debug, Deserialize)]
 #[serde(deny_unknown_fields)]
 struct ResponseGetTree {
+    #[allow(dead_code)]
    sha: String,
+
+    #[allow(dead_code)]
    url: String,
    tree: Vec<ResponseObjectReference>,
+
+    #[allow(dead_code)]
    truncated: bool,
    page: u64,
+
+    #[allow(dead_code)]
    total_count: u64,
 }

@@ -111,10 +119,18 @@ struct ResponseGetTree {
 #[serde(deny_unknown_fields)]
 struct ResponseObjectReference {
    path: String,
+
+    #[allow(dead_code)]
    mode: String,
+
+    #[allow(dead_code)]
    #[serde(rename = "type")]
    object_type: String,
+
+    #[allow(dead_code)]
    size: u64,
+
+    #[allow(dead_code)]
    sha: String,
    url: String,
 }
@@ -150,7 +166,13 @@ impl TreeFileReference {
 struct ResponseReadFile {
    content: String,
    encoding: String,
+
+    #[allow(dead_code)]
    url: String,
+
+    #[allow(dead_code)]
    sha: String,
+
+    #[allow(dead_code)]
    size: u64,
 }
--- a/src/hook_push.rs
+++ b/src/hook_push.rs
@@ -16,7 +16,7 @@ pub(crate) struct HookPush {
    commits: Vec<HookCommit>,
    total_commits: u64,
    head_commit: HookCommit,
-    repository: HookRepository,
+    pub(crate) repository: HookRepository,
    pusher: HookUser,
    sender: HookUser,
 }
@@ -28,9 +28,12 @@ pub(crate) struct HookUser {
    id: u64,
    login: String,
    login_name: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    source_id: Option<u64>,
    full_name: String,
    email: String,
    avatar_url: String,
+    html_url: String,
    language: String,
    is_admin: bool,
    last_login: String, // TODO: parse to datetime
@@ -55,7 +58,7 @@ pub(crate) struct HookRepository {
    id: u64,
    owner: HookUser,
    name: String,
-    full_name: String,
+    pub(crate) full_name: String,
    description: String,
    empty: bool,
    private: bool,
@@ -90,6 +93,7 @@ pub(crate) struct HookRepository {
    has_wiki: bool,
    has_pull_requests: bool,
    has_projects: bool,
+    projects_mode: String,
    has_releases: bool,
    has_packages: bool,
    has_actions: bool,
@@ -98,6 +102,7 @@ pub(crate) struct HookRepository {
    allow_rebase: bool,
    allow_rebase_explicit: bool,
    allow_squash_merge: bool,
+    allow_fast_forward_only_merge: bool,
    allow_rebase_update: bool,
    default_delete_branch_after_merge: bool,
    default_merge_style: String,
@@ -105,6 +110,7 @@ pub(crate) struct HookRepository {
    avatar_url: String,
    internal: bool,
    mirror_interval: String,
+    object_format_name: String,
    mirror_updated: String, // TODO: parse to datetime
    repo_transfer: Value,   // Was null in test hook
 }
--- a/src/kubernetes.rs
+++ b/src/kubernetes.rs
@@ -55,7 +55,7 @@ pub(crate) async fn run_pipelines(
                name: Some("REPO_URL".to_owned()),
                value: pipeline
                    .clone_uri
-                    .map(|uri| serde_json::Value::String(uri))
+                    .map(serde_json::Value::String)
                    .or_else(|| Some(serde_json::Value::String(hook_repo_url.into_owned()))),
            });
            param_list.push(PipelineParam {
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -0,0 +1,136 @@
+#![forbid(unsafe_code)]
+use std::collections::HashSet;
+use std::sync::Arc;
+use std::time::Duration;
+
+use axum::http::StatusCode;
+use axum::middleware;
+use axum::routing::get;
+use axum::routing::post;
+use axum::Json;
+use axum::Router;
+use kube::Client;
+use serde::Serialize;
+use tokio::signal;
+use tower_http::timeout::TimeoutLayer;
+use tower_http::trace::TraceLayer;
+use tracing_subscriber::layer::SubscriberExt;
+use tracing_subscriber::util::SubscriberInitExt;
+
+use self::app_state::AppState;
+use self::gitea_client::GiteaClient;
+use self::hook_push::HookPush;
+use self::webhook::handle_push;
+use self::webhook::hook;
+use self::webhook::verify_signature;
+
+mod app_state;
+mod crd_pipeline_run;
+mod discovery;
+mod gitea_client;
+mod hook_push;
+mod kubernetes;
+mod remote_config;
+mod webhook;
+
+pub async fn init_tracing() -> Result<(), Box<dyn std::error::Error>> {
+    tracing_subscriber::registry()
+        .with(
+            tracing_subscriber::EnvFilter::try_from_default_env().unwrap_or_else(|_| {
+                "webhookbridge=info,webhook_bridge=info,local_trigger=info,tower_http=debug,axum::rejection=trace"
+                    .into()
+            }),
+        )
+        .with(tracing_subscriber::fmt::layer())
+        .init();
+    Ok(())
+}
+
+pub async fn launch_server() -> Result<(), Box<dyn std::error::Error>> {
+    let allowed_repos = std::env::var("WEBHOOK_BRIDGE_REPO_WHITELIST")?;
+    let allowed_repos: HashSet<_> = allowed_repos
+        .split(",")
+        .filter(|s| !s.is_empty())
+        .map(str::to_owned)
+        .collect();
+    tracing::debug!("Using repo whitelist: {:?}", allowed_repos);
+
+    let app = Router::new()
+        .route("/hook", post(hook))
+        .layer(middleware::from_fn(verify_signature))
+        .route("/health", get(health))
+        .layer((
+            TraceLayer::new_for_http(),
+            // Add a timeout layer so graceful shutdown can't wait forever.
+            TimeoutLayer::new(Duration::from_secs(600)),
+        ))
+        .with_state(AppState {
+            allowed_repos: Arc::new(allowed_repos),
+        });
+
+    let listener = tokio::net::TcpListener::bind("0.0.0.0:9988").await?;
+    tracing::info!("listening on {}", listener.local_addr().unwrap());
+    axum::serve(listener, app)
+        .with_graceful_shutdown(shutdown_signal())
+        .await?;
+    Ok(())
+}
+
+pub async fn local_trigger(payload: &str) -> Result<(), Box<dyn std::error::Error>> {
+    let kubernetes_client: Client = Client::try_default()
+        .await
+        .expect("Set KUBECONFIG to a valid kubernetes config.");
+
+    let gitea_api_root = std::env::var("WEBHOOK_BRIDGE_API_ROOT")?;
+    let gitea_api_token = std::env::var("WEBHOOK_BRIDGE_OAUTH_TOKEN")?;
+    let gitea = GiteaClient::new(gitea_api_root, gitea_api_token);
+
+    let allowed_repos = std::env::var("WEBHOOK_BRIDGE_REPO_WHITELIST")
+        .ok()
+        .unwrap_or_default();
+    let allowed_repos: HashSet<_> = allowed_repos
+        .split(",")
+        .filter(|s| !s.is_empty())
+        .map(str::to_owned)
+        .collect();
+    tracing::debug!("Using repo whitelist: {:?}", allowed_repos);
+
+    let webhook_payload: HookPush = serde_json::from_str(payload)?;
+
+    handle_push(gitea, kubernetes_client, &allowed_repos, webhook_payload).await?;
+
+    Ok(())
+}
+
+async fn shutdown_signal() {
+    let ctrl_c = async {
+        signal::ctrl_c()
+            .await
+            .expect("failed to install Ctrl+C handler");
+    };
+
+    #[cfg(unix)]
+    let terminate = async {
+        signal::unix::signal(signal::unix::SignalKind::terminate())
+            .expect("failed to install signal handler")
+            .recv()
+            .await;
+    };
+
+    #[cfg(not(unix))]
+    let terminate = std::future::pending::<()>();
+
+    tokio::select! {
+        _ = ctrl_c => {},
+        _ = terminate => {},
+    }
+}
+
+async fn health() -> (StatusCode, Json<HealthResponse>) {
+    (StatusCode::OK, Json(HealthResponse { ok: true }))
+}
+
+#[derive(Serialize)]
+struct HealthResponse {
+    ok: bool,
+}
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,136 +1,10 @@
 #![forbid(unsafe_code)]
-use std::time::Duration;
-
-use axum::http::StatusCode;
-use axum::middleware;
-use axum::routing::get;
-use axum::routing::post;
-use axum::Json;
-use axum::Router;
-use kube::Client;
-use serde::Serialize;
-use tokio::signal;
-use tower_http::timeout::TimeoutLayer;
-use tower_http::trace::TraceLayer;
-use tracing_subscriber::layer::SubscriberExt;
-use tracing_subscriber::util::SubscriberInitExt;
-
-use self::discovery::discover_matching_push_triggers;
-use self::discovery::discover_webhook_bridge_config;
-use self::gitea_client::GiteaClient;
-use self::hook_push::HookPush;
-use self::hook_push::PipelineParamters;
-use self::kubernetes::run_pipelines;
-use self::webhook::handle_push;
-use self::webhook::hook;
-use self::webhook::verify_signature;
-
-mod crd_pipeline_run;
-mod discovery;
-mod gitea_client;
-mod hook_push;
-mod kubernetes;
-mod remote_config;
-mod webhook;
-
-const EXAMPLE_WEBHOOK_PAYLOAD: &'static str = include_str!("../example_tag_webhook_payload.json");
+use webhookbridge::init_tracing;
+use webhookbridge::launch_server;

 #[tokio::main]
+#[allow(clippy::needless_return)]
 async fn main() -> Result<(), Box<dyn std::error::Error>> {
-    tracing_subscriber::registry()
-        .with(
-            tracing_subscriber::EnvFilter::try_from_default_env().unwrap_or_else(|_| {
-                "webhook_bridge=info,tower_http=debug,axum::rejection=trace".into()
-            }),
-        )
-        .with(tracing_subscriber::fmt::layer())
-        .init();
-
+    init_tracing().await?;
    launch_server().await
 }
-
-async fn launch_server() -> Result<(), Box<dyn std::error::Error>> {
-    let kubernetes_client: Client = Client::try_default()
-        .await
-        .expect("Set KUBECONFIG to a valid kubernetes config.");
-
-    let gitea_api_root = std::env::var("WEBHOOK_BRIDGE_API_ROOT")?;
-    let gitea_api_token = std::env::var("WEBHOOK_BRIDGE_OAUTH_TOKEN")?;
-    let gitea = GiteaClient::new(gitea_api_root, gitea_api_token);
-
-    let app = Router::new()
-        .route("/hook", post(hook))
-        .layer(middleware::from_fn(verify_signature))
-        .route("/health", get(health))
-        .layer((
-            TraceLayer::new_for_http(),
-            // Add a timeout layer so graceful shutdown can't wait forever.
-            TimeoutLayer::new(Duration::from_secs(600)),
-        ))
-        .with_state(AppState {
-            kubernetes_client,
-            gitea,
-        });
-
-    let listener = tokio::net::TcpListener::bind("0.0.0.0:9988").await?;
-    tracing::info!("listening on {}", listener.local_addr().unwrap());
-    axum::serve(listener, app)
-        .with_graceful_shutdown(shutdown_signal())
-        .await?;
-    Ok(())
-}
-
-async fn local_trigger() -> Result<(), Box<dyn std::error::Error>> {
-    let kubernetes_client: Client = Client::try_default()
-        .await
-        .expect("Set KUBECONFIG to a valid kubernetes config.");
-
-    let gitea_api_root = std::env::var("WEBHOOK_BRIDGE_API_ROOT")?;
-    let gitea_api_token = std::env::var("WEBHOOK_BRIDGE_OAUTH_TOKEN")?;
-    let gitea = GiteaClient::new(gitea_api_root, gitea_api_token);
-
-    let webhook_payload: HookPush = serde_json::from_str(EXAMPLE_WEBHOOK_PAYLOAD)?;
-
-    handle_push(gitea, kubernetes_client, webhook_payload).await?;
-
-    Ok(())
-}
-
-#[derive(Clone)]
-struct AppState {
-    kubernetes_client: Client,
-    gitea: GiteaClient,
-}
-
-async fn shutdown_signal() {
-    let ctrl_c = async {
-        signal::ctrl_c()
-            .await
-            .expect("failed to install Ctrl+C handler");
-    };
-
-    #[cfg(unix)]
-    let terminate = async {
-        signal::unix::signal(signal::unix::SignalKind::terminate())
-            .expect("failed to install signal handler")
-            .recv()
-            .await;
-    };
-
-    #[cfg(not(unix))]
-    let terminate = std::future::pending::<()>();
-
-    tokio::select! {
-        _ = ctrl_c => {},
-        _ = terminate => {},
-    }
-}
-
-async fn health() -> (StatusCode, Json<HealthResponse>) {
-    (StatusCode::OK, Json(HealthResponse { ok: true }))
-}
-
-#[derive(Serialize)]
-struct HealthResponse {
-    ok: bool,
-}
--- a/src/webhook.rs
+++ b/src/webhook.rs
@@ -1,5 +1,6 @@
+use std::borrow::Borrow;
+use std::collections::HashSet;
 use std::future::Future;
-use std::sync::Arc;

 use axum::async_trait;
 use axum::body::Body;
@@ -14,7 +15,8 @@ use axum::response::IntoResponse;
 use axum::response::Response;
 use axum::Json;
 use axum::RequestExt;
-use base64::{engine::general_purpose, Engine as _};
+use base64::engine::general_purpose;
+use base64::Engine as _;
 use hmac::Hmac;
 use hmac::Mac;
 use http_body_util::BodyExt;
@@ -22,13 +24,13 @@ use serde::Serialize;
 use sha2::Sha256;
 use tracing::debug;

+use crate::app_state::AppState;
 use crate::discovery::discover_matching_push_triggers;
 use crate::discovery::discover_webhook_bridge_config;
 use crate::gitea_client::GiteaClient;
 use crate::hook_push::HookPush;
 use crate::hook_push::PipelineParamters;
 use crate::kubernetes::run_pipelines;
-use crate::AppState;

 type HmacSha256 = Hmac<Sha256>;

@@ -40,19 +42,54 @@ pub(crate) async fn hook(
    debug!("REQ: {:?}", payload);
    match payload {
        HookRequest::Push(webhook_payload) => {
-            handle_push(state.gitea, state.kubernetes_client, webhook_payload)
+            let kubernetes_client: kube::Client = kube::Client::try_default()
                .await
-                .expect("Failed to handle push event.");
-            (
+                .expect("Set KUBECONFIG to a valid kubernetes config.");
+
+            let gitea_api_root = std::env::var("WEBHOOK_BRIDGE_API_ROOT");
+            let gitea_api_token = std::env::var("WEBHOOK_BRIDGE_OAUTH_TOKEN");
+            let (gitea_api_root, gitea_api_token) = match (gitea_api_root, gitea_api_token) {
+                (Ok(r), Ok(t)) => (r, t),
+                _ => {
+                    return (
                        StatusCode::OK,
                        Json(HookResponse {
                            ok: true,
                            message: None,
                        }),
+                    );
+                }
+            };
+            let gitea = GiteaClient::new(gitea_api_root, gitea_api_token);
+
+            let push_result = handle_push(
+                gitea,
+                kubernetes_client,
+                state.allowed_repos.borrow(),
+                webhook_payload,
            )
+            .await;
+            match push_result {
+                Ok(_) => (
+                    StatusCode::OK,
+                    Json(HookResponse {
+                        ok: true,
+                        message: None,
+                    }),
+                ),
+                Err(_) => (
+                    // StatusCode::INTERNAL_SERVER_ERROR,
+                    StatusCode::OK,
+                    Json(HookResponse {
+                        ok: false,
+                        message: Some("Failed to handle push event.".to_string()),
+                    }),
+                ),
+            }
        }
        HookRequest::Unrecognized(payload) => (
-            StatusCode::BAD_REQUEST,
+            // StatusCode::BAD_REQUEST,
+            StatusCode::OK,
            Json(HookResponse {
                ok: false,
                message: Some(format!("unrecognized event type: {payload}")),
@@ -139,9 +176,9 @@ where
 }

 async fn check_hash(body: Bytes, secret: String, signature: Vec<u8>) -> Result<Bytes, Response> {
-    tracing::info!("Checking signature {:02x?}", signature.as_slice());
-    tracing::info!("Using secret {:?}", secret);
-    tracing::info!("and body {}", general_purpose::STANDARD.encode(&body));
+    tracing::debug!("Checking signature {:02x?}", signature.as_slice());
+    // tracing::info!("Using secret {:?}", secret);
+    tracing::debug!("and body {}", general_purpose::STANDARD.encode(&body));
    let mut mac = HmacSha256::new_from_slice(secret.as_bytes())
        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response())?;
    mac.update(&body);
@@ -167,11 +204,19 @@ fn hex_to_bytes(s: &str) -> Option<Vec<u8>> {
 pub(crate) async fn handle_push(
    gitea: GiteaClient,
    kubernetes_client: kube::Client,
+    allowed_repos: &HashSet<String>,
    webhook_payload: HookPush,
 ) -> Result<(), Box<dyn std::error::Error>> {
    let repo_owner = webhook_payload.get_repo_owner()?;
    let repo_name = webhook_payload.get_repo_name()?;
    let pull_base_sha = webhook_payload.get_pull_base_sha()?;
+    if !allowed_repos.contains(&webhook_payload.repository.full_name) {
+        tracing::info!(
+            "{} is not an allowed repository.",
+            webhook_payload.repository.full_name
+        );
+        return Ok(());
+    }
    let repo_tree = gitea.get_tree(repo_owner, repo_name, pull_base_sha).await?;
    let remote_config = discover_webhook_bridge_config(&gitea, &repo_tree).await?;
    let pipelines = discover_matching_push_triggers(
Author	SHA1	Message	Date
Tom Alexander	3ca037411a	Add more new fields for webhook payload. All checks were successful semver Build semver has succeeded Details format Build format has succeeded Details clippy Build clippy has succeeded Details rust-test Build rust-test has succeeded Details	2024-10-18 20:27:57 -04:00
Tom Alexander	e991b259f2	Add source_id to HookUser. This must be a new field that gitea added in an update.	2024-10-18 19:41:56 -04:00
Tom Alexander	f3b00c46ea	Test: Remove the clients from AppState entirely. Some checks failed semver Build semver has succeeded Details format Build format has succeeded Details clippy Build clippy has succeeded Details rust-test Build rust-test has failed Details build Build build has succeeded Details	2024-09-30 00:38:32 -04:00
Tom Alexander	e4463fe79d	Remove redundant runAfter directives from workflows. Some checks failed semver Build semver has failed Details format Build format has succeeded Details clippy Build clippy has failed Details rust-test Build rust-test has succeeded Details	2024-09-30 00:29:07 -04:00
Tom Alexander	f18c1fe421	Fix typo in pipelines. Some checks failed semver Build semver has succeeded Details format Build format has succeeded Details rust-test Build rust-test has succeeded Details build Build build has succeeded Details clippy Build clippy has failed Details	2024-09-30 00:03:10 -04:00
Tom Alexander	3c58d19a88	Add support for dockerfile targets to workflows. Some checks failed semver Build semver has succeeded Details format Build format has succeeded Details rust-test Build rust-test has succeeded Details build Build build has succeeded Details clippy Build clippy has failed Details	2024-09-29 23:23:22 -04:00
Tom Alexander	f07c0dc971	Rename pipeline-build to pipeline-build-semver to distinguish it from pipeline-build-hash used in poudboot.	2024-09-29 22:21:37 -04:00
Tom Alexander	fd7b22c5ce	Remove cranelift. Some checks failed semver Build semver has succeeded Details format Build format has succeeded Details clippy Build clippy has failed Details rust-test Build rust-test has succeeded Details build Build build has succeeded Details I should be configuring cranelift globally in my per-machine configs, not spreading my build preferences in the project's Cargo.toml.	2024-09-29 22:17:35 -04:00
Tom Alexander	1c082a5e24	Test: instantiate new clients for every request. Some checks failed semver Build semver has succeeded Details format Build format has succeeded Details build Build build has succeeded Details clippy Build clippy has failed Details rust-test Build rust-test has succeeded Details Trying to figure out why I am getting the below error occasionally in gitea: Delivery: Post "https://webhookbridge.fizz.buzz/hook": context deadline exceeded (Client.Timeout exceeded while awaiting headers)	2024-09-29 21:58:05 -04:00
Tom Alexander	9ed8905a5c	Always return status code ok. All checks were successful semver Build semver has succeeded Details format Build format has succeeded Details clippy Build clippy has succeeded Details build Build build has succeeded Details rust-test Build rust-test has succeeded Details	2024-09-29 18:37:23 -04:00
Tom Alexander	8cb28459a0	Fix clippy lint.	2024-09-29 18:31:47 -04:00
Tom Alexander	753ad6dd05	Handle errors in push events. Some checks failed semver Build semver has succeeded Details format Build format has succeeded Details rust-test Build rust-test has failed Details clippy Build clippy has failed Details build Build build has succeeded Details	2024-09-29 18:24:50 -04:00
Tom Alexander	dd4c20f0a7	Remove log of secret. All checks were successful semver Build semver has succeeded Details format Build format has succeeded Details build Build build has succeeded Details clippy Build clippy has succeeded Details rust-test Build rust-test has succeeded Details	2024-09-29 18:14:36 -04:00
Tom Alexander	c04b4e8da5	Fix bug that prevented actions from triggering. All checks were successful semver Build semver has succeeded Details format Build format has succeeded Details build Build build has succeeded Details clippy Build clippy has succeeded Details rust-test Build rust-test has succeeded Details	2024-09-29 18:09:07 -04:00
Tom Alexander	69dd1ba156	Remove support for http2. Nginx does not support http2 for upstream proxies because there is not much point for low-latency connections.	2024-09-29 18:00:34 -04:00
Tom Alexander	65c964b329	Fix clippy lint.	2024-09-29 17:42:08 -04:00
Tom Alexander	613026b326	Adding repo whitelist. Some checks failed semver Build semver has succeeded Details format Build format has succeeded Details clippy Build clippy has failed Details build Build build has succeeded Details rust-test Build rust-test has succeeded Details	2024-09-29 16:54:58 -04:00
Tom Alexander	cd56bb2fe1	Fix debug build in docker container by adding cranelift. All checks were successful semver Build semver has succeeded Details format Build format has succeeded Details clippy Build clippy has succeeded Details build Build build has succeeded Details rust-test Build rust-test has succeeded Details	2024-09-29 15:31:24 -04:00
Tom Alexander	4bcf8b9ddc	Merge branch 'lint' Some checks failed semver Build semver has succeeded Details format Build format has succeeded Details rust-test Build rust-test has failed Details clippy Build clippy has failed Details build Build build has succeeded Details	2024-09-29 15:03:19 -04:00
Tom Alexander	14b38b7fcd	Add rustfmt config.	2024-09-29 15:03:07 -04:00
Tom Alexander	0602f8472b	Separate out to two binaries. Some checks failed format Build format has succeeded Details clippy Build clippy has failed Details rust-test Build rust-test has failed Details	2024-09-29 14:59:39 -04:00
Tom Alexander	cdac8224c6	Fix clippy lints.	2024-09-29 14:08:05 -04:00