talexander/webhook_bridge
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:v0.0.5
Branches Tags
talexander:main
talexander:v0.0.34 talexander:v0.0.33 talexander:v0.0.32 talexander:v0.0.31 talexander:v0.0.30 talexander:v0.0.29 talexander:v0.0.28 talexander:v0.0.27 talexander:v0.0.26 talexander:v0.0.25 talexander:v0.0.23 talexander:v0.0.22 talexander:v0.0.21 talexander:v0.0.20 talexander:v0.0.19 talexander:v0.0.18 talexander:v0.0.17 talexander:v0.0.16 talexander:v0.0.15 talexander:v0.0.14 talexander:v0.0.13 talexander:v0.0.12 talexander:v0.0.11 talexander:v0.0.10 talexander:v0.0.9 talexander:v0.0.8 talexander:v0.0.7 talexander:v0.0.6 talexander:v0.0.5 talexander:v0.0.4 talexander:v0.0.3 talexander:v0.0.2 talexander:v0.0.1
...
compare: talexander:v0.0.31
Branches Tags
talexander:main
talexander:v0.0.34 talexander:v0.0.33 talexander:v0.0.32 talexander:v0.0.31 talexander:v0.0.30 talexander:v0.0.29 talexander:v0.0.28 talexander:v0.0.27 talexander:v0.0.26 talexander:v0.0.25 talexander:v0.0.23 talexander:v0.0.22 talexander:v0.0.21 talexander:v0.0.20 talexander:v0.0.19 talexander:v0.0.18 talexander:v0.0.17 talexander:v0.0.16 talexander:v0.0.15 talexander:v0.0.14 talexander:v0.0.13 talexander:v0.0.12 talexander:v0.0.11 talexander:v0.0.10 talexander:v0.0.9 talexander:v0.0.8 talexander:v0.0.7 talexander:v0.0.6 talexander:v0.0.5 talexander:v0.0.4 talexander:v0.0.3 talexander:v0.0.2 talexander:v0.0.1

26 Commits
v0.0.5 ... v0.0.31

Author SHA1 Message Date
Tom Alexander
271d18fe2a Update the build pipelines.
Some checks failed
semver Build semver has succeeded
Details
build Build build has started
Details
format Build format has succeeded
Details
clippy Build clippy has failed
Details
rust-test Build rust-test has succeeded
Details
2026-05-02 23:04:49 -04:00
Tom Alexander
9e92c5c49f Add better logging.
Some checks failed
format Build format has failed
Details
rust-test Build rust-test has failed
Details
build Build build has failed
Details
semver Build semver has succeeded
Details
clippy Build clippy has failed
Details
2026-05-02 21:54:24 -04:00
Tom Alexander
cedf2eef54 Update to the latest catalog. 2026-05-02 21:14:51 -04:00
Tom Alexander
e5aff59cd2 Build using nix. 2026-05-02 21:14:51 -04:00
Tom Alexander
6e209bdcef Update for the latest gitea. 2026-05-02 16:35:31 -04:00
Tom Alexander
5fb1982930 Mark internal_tracker as optional.
Some checks failed
semver Build semver has succeeded
Details
format Build format has succeeded
Details
clippy Build clippy has failed
Details
build Build build has succeeded
Details
rust-test Build rust-test has succeeded
Details
2025-09-23 21:09:24 -04:00
Tom Alexander
ac3c23e65a Switch to local-path-provisioner.
Some checks failed
format Build format has succeeded
Details
clippy Build clippy has failed
Details
rust-test Build rust-test has succeeded
Details
semver Build semver has succeeded
Details
build Build build has succeeded
Details
2025-08-31 18:35:48 -04:00
Tom Alexander
3f2bdda8cb Add support for new fields in payload.
All checks were successful
semver Build semver has succeeded
Details
format Build format has succeeded
Details
clippy Build clippy has succeeded
Details
rust-test Build rust-test has succeeded
Details
build Build build has succeeded
Details
2025-02-08 21:11:23 -05:00
Tom Alexander
e7eeeefa53 Add back in docker targets.
All checks were successful
semver Build semver has succeeded
Details
format Build format has succeeded
Details
build Build build has succeeded
Details
clippy Build clippy has succeeded
Details
rust-test Build rust-test has succeeded
Details
2024-10-20 23:12:52 -04:00
Tom Alexander
a17f6502c0 Use linked copy. 2024-10-20 23:03:40 -04:00
Tom Alexander
16a39809e4 Merge branch 'buildkit'
All checks were successful
semver Build semver has succeeded
Details
format Build format has succeeded
Details
clippy Build clippy has succeeded
Details
rust-test Build rust-test has succeeded
Details
build Build build has succeeded
Details
2024-10-20 22:42:36 -04:00
Tom Alexander
7dd0a9d0ad Update dockerfiles to take advantage of BuildKit.
All checks were successful
format Build format has succeeded
Details
rust-test Build rust-test has succeeded
Details
clippy Build clippy has succeeded
Details
2024-10-20 22:35:16 -04:00
Tom Alexander
9d682cbe83 Switch to using BuiltKit instead of Kaniko to build docker images.
All checks were successful
format Build format has succeeded
Details
rust-test Build rust-test has succeeded
Details
clippy Build clippy has succeeded
Details
2024-10-20 22:28:04 -04:00
Tom Alexander
3ca037411a Add more new fields for webhook payload.
All checks were successful
semver Build semver has succeeded
Details
format Build format has succeeded
Details
clippy Build clippy has succeeded
Details
rust-test Build rust-test has succeeded
Details
2024-10-18 20:27:57 -04:00
Tom Alexander
e991b259f2 Add source_id to HookUser. 
This must be a new field that gitea added in an update.
 2024-10-18 19:41:56 -04:00
Tom Alexander
f3b00c46ea Test: Remove the clients from AppState entirely.
Some checks failed
semver Build semver has succeeded
Details
format Build format has succeeded
Details
clippy Build clippy has succeeded
Details
rust-test Build rust-test has failed
Details
build Build build has succeeded
Details
2024-09-30 00:38:32 -04:00
Tom Alexander
e4463fe79d Remove redundant runAfter directives from workflows.
Some checks failed
semver Build semver has failed
Details
format Build format has succeeded
Details
clippy Build clippy has failed
Details
rust-test Build rust-test has succeeded
Details
2024-09-30 00:29:07 -04:00
Tom Alexander
f18c1fe421 Fix typo in pipelines.
Some checks failed
semver Build semver has succeeded
Details
format Build format has succeeded
Details
rust-test Build rust-test has succeeded
Details
build Build build has succeeded
Details
clippy Build clippy has failed
Details
2024-09-30 00:03:10 -04:00
Tom Alexander
3c58d19a88 Add support for dockerfile targets to workflows.
Some checks failed
semver Build semver has succeeded
Details
format Build format has succeeded
Details
rust-test Build rust-test has succeeded
Details
build Build build has succeeded
Details
clippy Build clippy has failed
Details
2024-09-29 23:23:22 -04:00
Tom Alexander
f07c0dc971 Rename pipeline-build to pipeline-build-semver to distinguish it from pipeline-build-hash used in poudboot. 2024-09-29 22:21:37 -04:00
Tom Alexander
fd7b22c5ce Remove cranelift.
Some checks failed
semver Build semver has succeeded
Details
format Build format has succeeded
Details
clippy Build clippy has failed
Details
rust-test Build rust-test has succeeded
Details
build Build build has succeeded
Details 
I should be configuring cranelift globally in my per-machine configs, not spreading my build preferences in the project's Cargo.toml.
 2024-09-29 22:17:35 -04:00
Tom Alexander
1c082a5e24 Test: instantiate new clients for every request.
Some checks failed
semver Build semver has succeeded
Details
format Build format has succeeded
Details
build Build build has succeeded
Details
clippy Build clippy has failed
Details
rust-test Build rust-test has succeeded
Details 
Trying to figure out why I am getting the below error occasionally in gitea:

Delivery: Post "https://webhookbridge.fizz.buzz/hook": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
 2024-09-29 21:58:05 -04:00
Tom Alexander
9ed8905a5c Always return status code ok.
All checks were successful
semver Build semver has succeeded
Details
format Build format has succeeded
Details
clippy Build clippy has succeeded
Details
build Build build has succeeded
Details
rust-test Build rust-test has succeeded
Details
2024-09-29 18:37:23 -04:00
Tom Alexander
8cb28459a0 Fix clippy lint. 2024-09-29 18:31:47 -04:00
Tom Alexander
753ad6dd05 Handle errors in push events.
Some checks failed
semver Build semver has succeeded
Details
format Build format has succeeded
Details
rust-test Build rust-test has failed
Details
clippy Build clippy has failed
Details
build Build build has succeeded
Details
2024-09-29 18:24:50 -04:00
Tom Alexander
dd4c20f0a7 Remove log of secret.
All checks were successful
semver Build semver has succeeded
Details
format Build format has succeeded
Details
build Build build has succeeded
Details
clippy Build clippy has succeeded
Details
rust-test Build rust-test has succeeded
Details
2024-09-29 18:14:36 -04:00
24 changed files with 615 additions and 491 deletions
Expand all files Collapse all files

1
.dockerignore
View File

@@ -2,3 +2,4 @@
target/
docker/
.dockerignore
*.bash

92
.webhook_bridge/pipeline-build.yaml → .webhook_bridge/pipeline-build-semver.yaml
View File

@@ -14,6 +14,9 @@ spec:
- name: image-name
description: The name for the built image
type: string
- name: target-name
description: The dockerfile target to build
type: string
- name: path-to-image-context
description: The path to the build context
type: string
@@ -58,13 +61,11 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
@@ -85,9 +86,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/git-clone/0.9/git-clone.yaml
workspaces:
@@ -100,43 +101,74 @@ spec:
value: $(params.PULL_BASE_SHA)
- name: deleteExisting
value: "true"
- name: get-git-commit-time
taskSpec:
metadata: {}
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: "$(workspaces.repo.path)"
results:
- name: unix-time
description: The time of the git commit in unix timestamp format.
steps:
- image: alpine/git:v2.34.2
name: detect-tag-step
script: |
#!/usr/bin/env sh
set -euo pipefail
echo -n "$(git log -1 --pretty=%ct)" | tee $(results.unix-time.path)
workspaces:
- name: repo
workspace: git-source
runAfter:
- fetch-repository
- name: build-image
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: af22c87d0db59dece97d03e6b6a796d84010158f
- name: pathInRepo
value: task/kaniko/0.6//kaniko.yaml
value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
params:
- name: IMAGE
value: "$(params.image-name):$(tasks.detect-tag.results.tag)"
- name: OUTPUT
value: >-
type=image,"name=$(params.image-name):latest,$(params.image-name):$(tasks.detect-tag.results.tag)",push=true,compression=zstd,compression-level=22,oci-mediatypes=true
- name: CONTEXT
value: $(params.path-to-image-context)
- name: DOCKERFILE
value: $(params.path-to-dockerfile)
- name: BUILDER_IMAGE
value: "gcr.io/kaniko-project/executor:v1.12.1"
- name: EXTRA_ARGS
value:
- "--destination=$(params.image-name)" # Also write the :latest image
- --cache=true
- --cache-copy-layers
- --cache-repo=harbor.fizz.buzz/kanikocache/cache
- --use-new-run # Should result in a speed-up
- --reproducible # To remove timestamps so layer caching works.
- --snapshot-mode=redo
- --skip-unused-stages=true
- --registry-mirror=dockerhub.dockerhub.svc.cluster.local
- "--opt"
- "target=$(params.target-name)"
- --import-cache
- "type=registry,ref=$(params.image-name):buildcache"
- --export-cache
- "type=registry,ref=$(params.image-name):buildcache,mode=max,compression=zstd,compression-level=22,rewrite-timestamp=true,image-manifest=true,oci-mediatypes=true"
- --opt
- build-arg:SOURCE_DATE_EPOCH=$(tasks.get-git-commit-time.results.unix-time)
- name: BUILDKITD_TOML
value: |
debug = true
[registry."docker.io"]
mirrors = ["dockerhub.dockerhub.svc.cluster.local"]
[registry."dockerhub.dockerhub.svc.cluster.local"]
http = true
insecure = true
workspaces:
- name: source
workspace: git-source
- name: dockerconfig
workspace: docker-credentials
runAfter:
- detect-tag
- fetch-repository
finally:
- name: report-success
when:
@@ -147,9 +179,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
@@ -176,9 +208,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
@@ -203,7 +235,7 @@ spec:
- name: git-source
volumeClaimTemplate:
spec:
storageClassName: "nfs-client"
storageClassName: "local-path"
accessModes:
- ReadWriteOnce
resources:
@@ -216,7 +248,9 @@ spec:
params:
- name: image-name
value: "harbor.fizz.buzz/private/webhook-bridge"
- name: target-name
value: ""
- name: path-to-image-context
value: .
- name: path-to-dockerfile
value: docker/webhook_bridge/Dockerfile
value: docker/webhook_bridge/

99
.webhook_bridge/pipeline-format.yaml
View File

@@ -14,6 +14,9 @@ spec:
- name: image-name
description: The name for the built image
type: string
- name: target-name
description: The dockerfile target to build
type: string
- name: path-to-image-context
description: The path to the build context
type: string
@@ -26,13 +29,11 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
@@ -53,9 +54,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/git-clone/0.9/git-clone.yaml
workspaces:
@@ -68,35 +69,67 @@ spec:
value: $(params.PULL_BASE_SHA)
- name: deleteExisting
value: "true"
- name: get-git-commit-time
taskSpec:
metadata: {}
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: "$(workspaces.repo.path)"
results:
- name: unix-time
description: The time of the git commit in unix timestamp format.
steps:
- image: alpine/git:v2.34.2
name: detect-tag-step
script: |
#!/usr/bin/env sh
set -euo pipefail
echo -n "$(git log -1 --pretty=%ct)" | tee $(results.unix-time.path)
workspaces:
- name: repo
workspace: git-source
runAfter:
- fetch-repository
- name: build-image
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: af22c87d0db59dece97d03e6b6a796d84010158f
- name: pathInRepo
value: task/kaniko/0.6/kaniko.yaml
value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
params:
- name: IMAGE
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
- name: OUTPUT
value: >-
type=image,"name=$(params.image-name):latest,$(params.image-name):$(tasks.fetch-repository.results.commit)",push=true,compression=zstd,compression-level=22,oci-mediatypes=true
- name: CONTEXT
value: $(params.path-to-image-context)
- name: DOCKERFILE
value: $(params.path-to-dockerfile)
- name: BUILDER_IMAGE
value: "gcr.io/kaniko-project/executor:v1.12.1"
- name: EXTRA_ARGS
value:
- --cache=true
- --cache-copy-layers
- --cache-repo=harbor.fizz.buzz/kanikocache/cache
- --use-new-run # Should result in a speed-up
- --reproducible # To remove timestamps so layer caching works.
- --snapshot-mode=redo
- --skip-unused-stages=true
- --registry-mirror=dockerhub.dockerhub.svc.cluster.local
- "--opt"
- "target=$(params.target-name)"
- --import-cache
- "type=registry,ref=$(params.image-name):buildcache"
- --export-cache
- "type=registry,ref=$(params.image-name):buildcache,mode=max,compression=zstd,compression-level=22,rewrite-timestamp=true,image-manifest=true,oci-mediatypes=true"
- --opt
- build-arg:SOURCE_DATE_EPOCH=$(tasks.get-git-commit-time.results.unix-time)
- name: BUILDKITD_TOML
value: |
debug = true
[registry."docker.io"]
mirrors = ["dockerhub.dockerhub.svc.cluster.local"]
[registry."dockerhub.dockerhub.svc.cluster.local"]
http = true
insecure = true
workspaces:
- name: source
workspace: git-source
@@ -143,15 +176,15 @@ spec:
- build-image
params:
- name: docker-image
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
value: "$(tasks.build-image.results.IMAGE_URL[1])"
- name: commit-changes
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/git-cli/0.4/git-cli.yaml
params:
@@ -185,9 +218,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
@@ -214,9 +247,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
@@ -268,7 +301,7 @@ spec:
workspace: cargo-cache
params:
- name: docker-image
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
value: "$(tasks.build-image.results.IMAGE_URL[1])"
workspaces:
- name: git-source
- name: docker-credentials
@@ -277,7 +310,7 @@ spec:
- name: git-source
volumeClaimTemplate:
spec:
storageClassName: "nfs-client"
storageClassName: "local-path"
accessModes:
- ReadWriteOnce
resources:
@@ -292,8 +325,10 @@ spec:
secretName: harbor-plain
params:
- name: image-name
value: "harbor.fizz.buzz/private/webhook-bridge-development"
value: "harbor.fizz.buzz/private/webhook-bridge-development-format"
- name: target-name
value: ""
- name: path-to-image-context
value: docker/webhook_bridge_development/
- name: path-to-dockerfile
value: docker/webhook_bridge_development/Dockerfile
value: docker/webhook_bridge_development/

95
.webhook_bridge/pipeline-rust-clippy.yaml
View File

@@ -14,6 +14,9 @@ spec:
- name: image-name
description: The name for the built image
type: string
- name: target-name
description: The dockerfile target to build
type: string
- name: path-to-image-context
description: The path to the build context
type: string
@@ -26,13 +29,11 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
@@ -53,9 +54,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/git-clone/0.9/git-clone.yaml
workspaces:
@@ -68,35 +69,67 @@ spec:
value: $(params.PULL_BASE_SHA)
- name: deleteExisting
value: "true"
- name: get-git-commit-time
taskSpec:
metadata: {}
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: "$(workspaces.repo.path)"
results:
- name: unix-time
description: The time of the git commit in unix timestamp format.
steps:
- image: alpine/git:v2.34.2
name: detect-tag-step
script: |
#!/usr/bin/env sh
set -euo pipefail
echo -n "$(git log -1 --pretty=%ct)" | tee $(results.unix-time.path)
workspaces:
- name: repo
workspace: git-source
runAfter:
- fetch-repository
- name: build-image
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: af22c87d0db59dece97d03e6b6a796d84010158f
- name: pathInRepo
value: task/kaniko/0.6/kaniko.yaml
value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
params:
- name: IMAGE
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
- name: OUTPUT
value: >-
type=image,"name=$(params.image-name):latest,$(params.image-name):$(tasks.fetch-repository.results.commit)",push=true,compression=zstd,compression-level=22,oci-mediatypes=true
- name: CONTEXT
value: $(params.path-to-image-context)
- name: DOCKERFILE
value: $(params.path-to-dockerfile)
- name: BUILDER_IMAGE
value: "gcr.io/kaniko-project/executor:v1.12.1"
- name: EXTRA_ARGS
value:
- --cache=true
- --cache-copy-layers
- --cache-repo=harbor.fizz.buzz/kanikocache/cache
- --use-new-run # Should result in a speed-up
- --reproducible # To remove timestamps so layer caching works.
- --snapshot-mode=redo
- --skip-unused-stages=true
- --registry-mirror=dockerhub.dockerhub.svc.cluster.local
- "--opt"
- "target=$(params.target-name)"
- --import-cache
- "type=registry,ref=$(params.image-name):buildcache"
- --export-cache
- "type=registry,ref=$(params.image-name):buildcache,mode=max,compression=zstd,compression-level=22,rewrite-timestamp=true,image-manifest=true,oci-mediatypes=true"
- --opt
- build-arg:SOURCE_DATE_EPOCH=$(tasks.get-git-commit-time.results.unix-time)
- name: BUILDKITD_TOML
value: |
debug = true
[registry."docker.io"]
mirrors = ["dockerhub.dockerhub.svc.cluster.local"]
[registry."dockerhub.dockerhub.svc.cluster.local"]
http = true
insecure = true
workspaces:
- name: source
workspace: git-source
@@ -153,7 +186,7 @@ spec:
- build-image
params:
- name: docker-image
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
value: "$(tasks.build-image.results.IMAGE_URL[1])"
finally:
- name: report-success
when:
@@ -164,9 +197,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
@@ -193,9 +226,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
@@ -247,7 +280,7 @@ spec:
workspace: cargo-cache
params:
- name: docker-image
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
value: "$(tasks.build-image.results.IMAGE_URL[1])"
workspaces:
- name: git-source
- name: docker-credentials
@@ -256,7 +289,7 @@ spec:
- name: git-source
volumeClaimTemplate:
spec:
storageClassName: "nfs-client"
storageClassName: "local-path"
accessModes:
- ReadWriteOnce
resources:
@@ -271,8 +304,10 @@ spec:
secretName: harbor-plain
params:
- name: image-name
value: "harbor.fizz.buzz/private/webhook-bridge-development"
value: "harbor.fizz.buzz/private/webhook-bridge-development-clippy"
- name: target-name
value: ""
- name: path-to-image-context
value: docker/webhook_bridge_development/
- name: path-to-dockerfile
value: docker/webhook_bridge_development/Dockerfile
value: docker/webhook_bridge_development/

95
.webhook_bridge/pipeline-rust-test.yaml
View File

@@ -14,6 +14,9 @@ spec:
- name: image-name
description: The name for the built image
type: string
- name: target-name
description: The dockerfile target to build
type: string
- name: path-to-image-context
description: The path to the build context
type: string
@@ -26,13 +29,11 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
@@ -53,9 +54,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/git-clone/0.9/git-clone.yaml
workspaces:
@@ -68,35 +69,67 @@ spec:
value: $(params.PULL_BASE_SHA)
- name: deleteExisting
value: "true"
- name: get-git-commit-time
taskSpec:
metadata: {}
stepTemplate:
image: alpine:3.20
computeResources:
requests:
cpu: 10m
memory: 600Mi
workingDir: "$(workspaces.repo.path)"
results:
- name: unix-time
description: The time of the git commit in unix timestamp format.
steps:
- image: alpine/git:v2.34.2
name: detect-tag-step
script: |
#!/usr/bin/env sh
set -euo pipefail
echo -n "$(git log -1 --pretty=%ct)" | tee $(results.unix-time.path)
workspaces:
- name: repo
workspace: git-source
runAfter:
- fetch-repository
- name: build-image
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: af22c87d0db59dece97d03e6b6a796d84010158f
- name: pathInRepo
value: task/kaniko/0.6//kaniko.yaml
value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
params:
- name: IMAGE
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
- name: OUTPUT
value: >-
type=image,"name=$(params.image-name):latest,$(params.image-name):$(tasks.fetch-repository.results.commit)",push=true,compression=zstd,compression-level=22,oci-mediatypes=true
- name: CONTEXT
value: $(params.path-to-image-context)
- name: DOCKERFILE
value: $(params.path-to-dockerfile)
- name: BUILDER_IMAGE
value: "gcr.io/kaniko-project/executor:v1.12.1"
- name: EXTRA_ARGS
value:
- --cache=true
- --cache-copy-layers
- --cache-repo=harbor.fizz.buzz/kanikocache/cache
- --use-new-run # Should result in a speed-up
- --reproducible # To remove timestamps so layer caching works.
- --snapshot-mode=redo
- --skip-unused-stages=true
- --registry-mirror=dockerhub.dockerhub.svc.cluster.local
- "--opt"
- "target=$(params.target-name)"
- --import-cache
- "type=registry,ref=$(params.image-name):buildcache"
- --export-cache
- "type=registry,ref=$(params.image-name):buildcache,mode=max,compression=zstd,compression-level=22,rewrite-timestamp=true,image-manifest=true,oci-mediatypes=true"
- --opt
- build-arg:SOURCE_DATE_EPOCH=$(tasks.get-git-commit-time.results.unix-time)
- name: BUILDKITD_TOML
value: |
debug = true
[registry."docker.io"]
mirrors = ["dockerhub.dockerhub.svc.cluster.local"]
[registry."dockerhub.dockerhub.svc.cluster.local"]
http = true
insecure = true
workspaces:
- name: source
workspace: git-source
@@ -143,7 +176,7 @@ spec:
- build-image
params:
- name: docker-image
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
value: "$(tasks.build-image.results.IMAGE_URL[1])"
finally:
- name: report-success
when:
@@ -154,9 +187,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
@@ -183,9 +216,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
@@ -237,7 +270,7 @@ spec:
workspace: cargo-cache
params:
- name: docker-image
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
value: "$(tasks.build-image.results.IMAGE_URL[1])"
workspaces:
- name: git-source
- name: docker-credentials
@@ -246,7 +279,7 @@ spec:
- name: git-source
volumeClaimTemplate:
spec:
storageClassName: "nfs-client"
storageClassName: "local-path"
accessModes:
- ReadWriteOnce
resources:
@@ -261,8 +294,10 @@ spec:
secretName: harbor-plain
params:
- name: image-name
value: "harbor.fizz.buzz/private/webhook-bridge-development"
value: "harbor.fizz.buzz/private/webhook-bridge-development-test"
- name: target-name
value: ""
- name: path-to-image-context
value: docker/webhook_bridge_development/
- name: path-to-dockerfile
value: docker/webhook_bridge_development/Dockerfile
value: docker/webhook_bridge_development/

22
.webhook_bridge/pipeline-semver.yaml
View File

@@ -26,7 +26,7 @@ spec:
tasks:
- name: calculate-tag
runAfter:
- report-pending
- fetch-repository
workspaces:
- name: source
workspace: git-source
@@ -72,13 +72,11 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
runAfter:
- fetch-repository
params:
- name: CONTEXT
value: "$(params.JOB_NAME)"
@@ -99,9 +97,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/git-clone/0.9/git-clone.yaml
workspaces:
@@ -124,9 +122,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
@@ -153,9 +151,9 @@ spec:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
- name: revision
value: df36b3853a5657fd883015cdbf07ad6466918acf
value: f914437a46978b95f325f68d791dcf1a35738f60
- name: pathInRepo
value: task/gitea-set-status/0.1/gitea-set-status.yaml
params:
@@ -179,7 +177,7 @@ spec:
- name: git-source
volumeClaimTemplate:
spec:
storageClassName: "nfs-client"
storageClassName: "local-path"
accessModes:
- ReadWriteOnce
resources:

2
.webhook_bridge/webhook_bridge.toml
View File

@@ -26,6 +26,6 @@ version = "0.0.1"
[[push]]
name = "build"
source = "pipeline-build.yaml"
source = "pipeline-build-semver.yaml"
clone_uri = "git@code.fizz.buzz:talexander/webhook_bridge.git"
branches = [ "^v[0-9]+\\.[0-9]+\\.[0-9]+$" ]

106
Cargo.lock generated
View File

@@ -1,6 +1,6 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 3
version = 4
[[package]]
name = "addr2line"
@@ -1039,11 +1039,11 @@ checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24"
[[package]]
name = "matchers"
version = "0.1.0"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558"
checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9"
dependencies = [
"regex-automata 0.1.10",
"regex-automata",
]
[[package]]
@@ -1101,16 +1101,6 @@ dependencies = [
"tempfile",
]
[[package]]
name = "nu-ansi-term"
version = "0.46.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84"
dependencies = [
"overload",
"winapi",
]
[[package]]
name = "num-traits"
version = "0.2.19"
@@ -1198,12 +1188,6 @@ dependencies = [
"num-traits",
]
[[package]]
name = "overload"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
[[package]]
name = "parking"
version = "2.2.0"
@@ -1403,17 +1387,8 @@ checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619"
dependencies = [
"aho-corasick",
"memchr",
"regex-automata 0.4.7",
"regex-syntax 0.8.4",
]
[[package]]
name = "regex-automata"
version = "0.1.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
dependencies = [
"regex-syntax 0.6.29",
"regex-automata",
"regex-syntax",
]
[[package]]
@@ -1424,15 +1399,9 @@ checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df"
dependencies = [
"aho-corasick",
"memchr",
"regex-syntax 0.8.4",
"regex-syntax",
]
[[package]]
name = "regex-syntax"
version = "0.6.29"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
[[package]]
name = "regex-syntax"
version = "0.8.4"
@@ -2095,9 +2064,9 @@ checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52"
[[package]]
name = "tracing"
version = "0.1.40"
version = "0.1.44"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef"
checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100"
dependencies = [
"log",
"pin-project-lite",
@@ -2107,9 +2076,9 @@ dependencies = [
[[package]]
name = "tracing-attributes"
version = "0.1.27"
version = "0.1.31"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
dependencies = [
"proc-macro2",
"quote",
@@ -2118,41 +2087,26 @@ dependencies = [
[[package]]
name = "tracing-core"
version = "0.1.32"
version = "0.1.36"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54"
checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a"
dependencies = [
"once_cell",
"valuable",
]
[[package]]
name = "tracing-log"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3"
dependencies = [
"log",
"once_cell",
"tracing-core",
]
[[package]]
name = "tracing-subscriber"
version = "0.3.18"
version = "0.3.23"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ad0f048c97dbd9faa9b7df56362b8ebcaa52adb06b498c050d2f4e32f90a7a8b"
checksum = "cb7f578e5945fb242538965c2d0b04418d38ec25c79d160cd279bf0731c8d319"
dependencies = [
"matchers",
"nu-ansi-term",
"once_cell",
"regex",
"regex-automata",
"sharded-slab",
"smallvec",
"thread_local",
"tracing",
"tracing-core",
"tracing-log",
]
[[package]]
@@ -2217,12 +2171,6 @@ dependencies = [
"percent-encoding",
]
[[package]]
name = "valuable"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
[[package]]
name = "vcpkg"
version = "0.2.15"
@@ -2350,28 +2298,6 @@ dependencies = [
"tracing-subscriber",
]
[[package]]
name = "winapi"
version = "0.3.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
dependencies = [
"winapi-i686-pc-windows-gnu",
"winapi-x86_64-pc-windows-gnu",
]
[[package]]
name = "winapi-i686-pc-windows-gnu"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
[[package]]
name = "winapi-x86_64-pc-windows-gnu"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
[[package]]
name = "windows-sys"
version = "0.48.0"

13
Cargo.toml
View File

@@ -1,5 +1,3 @@
cargo-features = ["codegen-backend"]
[package]
name = "webhook_bridge"
version = "0.0.1"
@@ -54,17 +52,10 @@ sha2 = "0.10.8"
tokio = { version = "1.38.0", default-features = false, features = ["macros", "process", "rt-multi-thread", "signal"] }
toml = { version = "0.8.19", default-features = false, features = ["display", "parse"] }
tower-http = { version = "0.5.2", default-features = false, features = ["trace", "timeout"] }
tracing = { version = "0.1.40", default-features = false, features = ["attributes", "std", "tracing-attributes", "async-await"] }
tracing-subscriber = { version = "0.3.18", default-features = false, features = ["alloc", "ansi", "fmt", "nu-ansi-term", "registry", "sharded-slab", "smallvec", "std", "thread_local", "tracing-log", "env-filter"] }
tracing = { version = "0.1.44", default-features = false, features = [] }
tracing-subscriber = { version = "0.3.23", default-features = false, features = ["env-filter", "fmt"] }
[profile.release-lto]
inherits = "release"
lto = true
strip = "symbols"
[profile.dev]
codegen-backend = "cranelift"
[profile.dev.package."*"]
codegen-backend = "llvm"
opt-level = 3

47
docker/webhook_bridge/Dockerfile
View File

@@ -1,15 +1,42 @@
FROM rustlang/rust:nightly-alpine3.20 AS builder
#
# Builder
#
RUN apk add --no-cache musl-dev pkgconfig libressl-dev
FROM nixos/nix:latest AS builder
RUN mkdir /source
WORKDIR /source
COPY . .
# TODO: Add static build, which currently errors due to proc_macro. RUSTFLAGS="-C target-feature=+crt-static"
RUN CARGO_TARGET_DIR=/target cargo build --profile release-lto --bin webhook_bridge
RUN cp "$(nix --extra-experimental-features "nix-command flakes" --option filter-syscalls false build nixpkgs#cacert --print-out-paths)/etc/ssl/certs/ca-bundle.crt" /tmp/ca-bundle.crt
FROM alpine:3.20 AS runner
COPY . /tmp/build
WORKDIR /tmp/build
COPY --from=builder /target/release-lto/webhook_bridge /usr/bin/
RUN nix \
--extra-experimental-features "nix-command flakes" \
--option filter-syscalls false \
build '.#docker_env'
ENTRYPOINT ["/usr/bin/webhook_bridge"]
# Export the built closure to a folder
RUN mkdir /tmp/nix-store-closure
RUN cp -R $(nix-store -qR result/) /tmp/nix-store-closure
RUN ln -s $(readlink -f /tmp/build/result/bin/sh) /tmp/sh
#
# Runner
#
FROM scratch
WORKDIR /app
ENV PATH="$PATH:/app/bin"
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
ENV NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
COPY --from=builder /tmp/ca-bundle.crt /etc/ssl/certs/ca-bundle.crt
COPY --from=builder /tmp/nix-store-closure /nix/store
COPY --from=builder /tmp/build/result /app
COPY --from=builder /tmp/sh /bin/sh
EXPOSE 9988
CMD ["/app/bin/webhook_bridge"]

8
docker/webhook_bridge_development/Dockerfile
View File

@@ -1,7 +1,9 @@
FROM rustlang/rust:nightly-alpine3.20 AS builder
# syntax=docker/dockerfile:1
ARG ALPINE_VERSION="3.20"
FROM rustlang/rust:nightly-alpine$ALPINE_VERSION AS builder
RUN apk add --no-cache musl-dev pkgconfig libressl3.8-libssl libressl-dev
RUN cargo install --locked --no-default-features --features ci-autoclean cargo-cache
RUN rustup component add rustc-codegen-cranelift
RUN --mount=type=tmpfs,target=/tmp --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked cargo install --locked --no-default-features --features ci-autoclean cargo-cache
RUN rustup component add rustfmt
RUN rustup component add clippy

165
example_tag_webhook_payload.json
View File

@@ -1,165 +0,0 @@
{
"ref": "refs/tags/v0.0.2",
"before": "0000000000000000000000000000000000000000",
"after": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/0000000000000000000000000000000000000000...84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"commits": [],
"total_commits": 0,
"head_commit": {
"id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"message": "Add a pipeline to build the server image.\n",
"url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"author": {
"name": "Tom Alexander",
"email": "tom@fizz.buzz",
"username": ""
},
"committer": {
"name": "Tom Alexander",
"email": "tom@fizz.buzz",
"username": ""
},
"verification": null,
"timestamp": "2024-09-29T00:19:22-04:00",
"added": [
".webhook_bridge/pipeline-build.yaml"
],
"removed": [],
"modified": [
".webhook_bridge/webhook_bridge.toml"
]
},
"repository": {
"id": 21,
"owner": {
"id": 1,
"login": "talexander",
"login_name": "",
"full_name": "",
"email": "gitea@local.domain",
"avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",
"created": "2023-07-05T22:03:28Z",
"restricted": false,
"active": false,
"prohibit_login": false,
"location": "",
"website": "",
"description": "",
"visibility": "public",
"followers_count": 0,
"following_count": 0,
"starred_repos_count": 0,
"username": "talexander"
},
"name": "webhook_bridge",
"full_name": "talexander/webhook_bridge",
"description": "A server that receives webhooks from gitea and fires off Tekton jobs in response.",
"empty": false,
"private": false,
"fork": false,
"template": false,
"parent": null,
"mirror": false,
"size": 346,
"language": "",
"languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages",
"html_url": "https://code.fizz.buzz/talexander/webhook_bridge",
"url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge",
"link": "",
"ssh_url": "git@code.fizz.buzz:talexander/webhook_bridge.git",
"clone_url": "https://code.fizz.buzz/talexander/webhook_bridge.git",
"original_url": "",
"website": "",
"stars_count": 0,
"forks_count": 0,
"watchers_count": 1,
"open_issues_count": 0,
"open_pr_counter": 0,
"release_counter": 0,
"default_branch": "main",
"archived": false,
"created_at": "2024-07-14T18:48:52Z",
"updated_at": "2024-09-29T04:25:36Z",
"archived_at": "1970-01-01T00:00:00Z",
"permissions": {
"admin": true,
"push": true,
"pull": true
},
"has_issues": true,
"internal_tracker": {
"enable_time_tracker": true,
"allow_only_contributors_to_track_time": true,
"enable_issue_dependencies": true
},
"has_wiki": true,
"has_pull_requests": true,
"has_projects": true,
"has_releases": true,
"has_packages": true,
"has_actions": false,
"ignore_whitespace_conflicts": false,
"allow_merge_commits": true,
"allow_rebase": true,
"allow_rebase_explicit": true,
"allow_squash_merge": true,
"allow_rebase_update": true,
"default_delete_branch_after_merge": false,
"default_merge_style": "merge",
"default_allow_maintainer_edit": false,
"avatar_url": "",
"internal": false,
"mirror_interval": "",
"mirror_updated": "0001-01-01T00:00:00Z",
"repo_transfer": null
},
"pusher": {
"id": 2,
"login": "build-bot",
"login_name": "",
"full_name": "",
"email": "build-bot@noreply.code.fizz.buzz",
"avatar_url": "https://secure.gravatar.com/avatar/e39ef2faba8a3dfb3dcb4d8275a532d4?d=identicon",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",
"created": "2023-07-09T04:25:44Z",
"restricted": false,
"active": false,
"prohibit_login": false,
"location": "",
"website": "",
"description": "",
"visibility": "private",
"followers_count": 0,
"following_count": 0,
"starred_repos_count": 0,
"username": "build-bot"
},
"sender": {
"id": 2,
"login": "build-bot",
"login_name": "",
"full_name": "",
"email": "build-bot@noreply.code.fizz.buzz",
"avatar_url": "https://secure.gravatar.com/avatar/e39ef2faba8a3dfb3dcb4d8275a532d4?d=identicon",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",
"created": "2023-07-09T04:25:44Z",
"restricted": false,
"active": false,
"prohibit_login": false,
"location": "",
"website": "",
"description": "",
"visibility": "private",
"followers_count": 0,
"following_count": 0,
"starred_repos_count": 0,
"username": "build-bot"
}
}

48
flake.lock generated Normal file
View File

@@ -0,0 +1,48 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1777578337,
"narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "15f4ee454b1dce334612fa6843b3e05cf546efab",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1777691680,
"narHash": "sha256-sdCAzrPAaKu+yo7L2pWddy5PN6U9bO++WEWc1zcr7aQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "4757db4358c77c1cbe878fa5990e6ea88d82f6b5",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

92
flake.nix Normal file
View File

@@ -0,0 +1,92 @@
{
description = "webhook-bridge development environment";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
};
outputs =
{
self,
nixpkgs,
rust-overlay,
}:
let
forAllSystems =
func:
builtins.listToAttrs (
map (system: {
name = system;
value = func system;
}) nixpkgs.lib.systems.flakeExposed
);
in
{
devShells = forAllSystems (
system:
let
overlays = [ (import rust-overlay) ];
pkgs = import nixpkgs {
inherit system overlays;
};
rustToolchain = pkgs.pkgsBuildHost.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
in
{
default = pkgs.mkShell {
nativeBuildInputs = [
pkgs.pkg-config
rustToolchain
pkgs.openssl
];
buildInputs = with pkgs; [
# sqlx-cli # For sqlx CLI to manage migrations
# sqlite # To access the database (sqlite is bundled into the together_alone binary but this is for manually accessing the db).
];
};
}
);
packages = forAllSystems (
system:
let
overlays = [ (import rust-overlay) ];
pkgs = import nixpkgs {
inherit system overlays;
};
rustToolchain = pkgs.pkgsBuildHost.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
in
rec {
app = pkgs.rustPlatform.buildRustPackage {
pname = "webhook-bridge";
version = "0.0.0";
src = ./.;
# If you have a Cargo.lock file, use this:
cargoLock.lockFile = ./Cargo.lock;
nativeBuildInputs = [
pkgs.pkg-config
];
buildInputs = [
pkgs.openssl
];
};
docker_env = pkgs.buildEnv {
name = "webhook-bridge";
paths = with pkgs; [
app
bash
uutils-coreutils-noprefix
# toybox # Smaller than uutils-coreutils?
];
};
default = app;
}
);
};
}

76
example_webhook_payload.json → local_payload.json
View File

@@ -1,13 +1,13 @@
{
"ref": "refs/heads/main",
"before": "a2aca6d2f1c85b5d4bef1349230fdaef1683622d",
"after": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/a2aca6d2f1c85b5d4bef1349230fdaef1683622d...84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"before": "1f52dd8995987337a3a33ce675625647545490c2",
"after": "f55834712245bd546a5ca982d95ecf47669ba4ab",
"compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/1f52dd8995987337a3a33ce675625647545490c2...f55834712245bd546a5ca982d95ecf47669ba4ab",
"commits": [
{
"id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"message": "Add a pipeline to build the server image.\n",
"url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"id": "f55834712245bd546a5ca982d95ecf47669ba4ab",
"message": "Update to the latest catalog.\n",
"url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/f55834712245bd546a5ca982d95ecf47669ba4ab",
"author": {
"name": "Tom Alexander",
"email": "tom@fizz.buzz",
@@ -19,21 +19,25 @@
"username": ""
},
"verification": null,
"timestamp": "2024-09-29T00:19:22-04:00",
"added": [
".webhook_bridge/pipeline-build.yaml"
],
"timestamp": "2026-05-02T17:50:49-04:00",
"added": [],
"removed": [],
"modified": [
".webhook_bridge/webhook_bridge.toml"
".webhook_bridge/pipeline-build-semver.yaml",
".webhook_bridge/pipeline-format.yaml",
".webhook_bridge/pipeline-rust-clippy.yaml",
".webhook_bridge/pipeline-rust-test.yaml",
".webhook_bridge/pipeline-semver.yaml",
"local_payload.json",
"run.bash"
]
}
],
"total_commits": 1,
"head_commit": {
"id": "84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"message": "Add a pipeline to build the server image.\n",
"url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/84fe1ec23ae242cb1bbccbc2ab999c3082f54d45",
"id": "f55834712245bd546a5ca982d95ecf47669ba4ab",
"message": "Update to the latest catalog.\n",
"url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/f55834712245bd546a5ca982d95ecf47669ba4ab",
"author": {
"name": "Tom Alexander",
"email": "tom@fizz.buzz",
@@ -45,13 +49,17 @@
"username": ""
},
"verification": null,
"timestamp": "2024-09-29T00:19:22-04:00",
"added": [
".webhook_bridge/pipeline-build.yaml"
],
"timestamp": "2026-05-02T17:50:49-04:00",
"added": [],
"removed": [],
"modified": [
".webhook_bridge/webhook_bridge.toml"
".webhook_bridge/pipeline-build-semver.yaml",
".webhook_bridge/pipeline-format.yaml",
".webhook_bridge/pipeline-rust-clippy.yaml",
".webhook_bridge/pipeline-rust-test.yaml",
".webhook_bridge/pipeline-semver.yaml",
"local_payload.json",
"run.bash"
]
},
"repository": {
@@ -60,9 +68,11 @@
"id": 1,
"login": "talexander",
"login_name": "",
"source_id": 0,
"full_name": "",
"email": "gitea@local.domain",
"avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
"html_url": "https://code.fizz.buzz/talexander",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",
@@ -86,15 +96,14 @@
"private": false,
"fork": false,
"template": false,
"parent": null,
"mirror": false,
"size": 343,
"size": 193,
"language": "",
"languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages",
"html_url": "https://code.fizz.buzz/talexander/webhook_bridge",
"url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge",
"link": "",
"ssh_url": "git@code.fizz.buzz:talexander/webhook_bridge.git",
"ssh_url": "git@git.example.com:talexander/webhook_bridge.git",
"clone_url": "https://code.fizz.buzz/talexander/webhook_bridge.git",
"original_url": "",
"website": "",
@@ -107,47 +116,58 @@
"default_branch": "main",
"archived": false,
"created_at": "2024-07-14T18:48:52Z",
"updated_at": "2024-09-29T04:14:47Z",
"updated_at": "2026-05-02T22:11:33Z",
"archived_at": "1970-01-01T00:00:00Z",
"permissions": {
"admin": true,
"push": true,
"pull": true
},
"has_code": true,
"has_issues": true,
"internal_tracker": {
"enable_time_tracker": true,
"allow_only_contributors_to_track_time": true,
"enable_issue_dependencies": true
},
"has_wiki": true,
"has_wiki": false,
"has_pull_requests": true,
"has_projects": true,
"has_projects": false,
"projects_mode": "all",
"has_releases": true,
"has_packages": true,
"has_packages": false,
"has_actions": false,
"ignore_whitespace_conflicts": false,
"allow_merge_commits": true,
"allow_rebase": true,
"allow_rebase_explicit": true,
"allow_squash_merge": true,
"allow_fast_forward_only_merge": false,
"allow_rebase_update": true,
"allow_manual_merge": false,
"autodetect_manual_merge": false,
"default_delete_branch_after_merge": false,
"default_merge_style": "merge",
"default_allow_maintainer_edit": false,
"avatar_url": "",
"internal": false,
"mirror_interval": "",
"object_format_name": "sha1",
"mirror_updated": "0001-01-01T00:00:00Z",
"repo_transfer": null
"topics": [],
"licenses": [
"0BSD"
]
},
"pusher": {
"id": 1,
"login": "talexander",
"login_name": "",
"source_id": 0,
"full_name": "",
"email": "talexander@noreply.code.fizz.buzz",
"avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
"html_url": "https://code.fizz.buzz/talexander",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",
@@ -168,9 +188,11 @@
"id": 1,
"login": "talexander",
"login_name": "",
"source_id": 0,
"full_name": "",
"email": "talexander@noreply.code.fizz.buzz",
"avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
"html_url": "https://code.fizz.buzz/talexander",
"language": "",
"is_admin": false,
"last_login": "0001-01-01T00:00:00Z",

11
run.bash
View File

@@ -4,4 +4,13 @@ set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
RUST_LOG=webhook_bridge=DEBUG WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" WEBHOOK_BRIDGE_HMAC_SECRET=$(cat /bridge/git/mrmanager/k8s/webhook-bridge/secrets/webhook-bridge/webhook-bridge/HMAC_TOKEN) WEBHOOK_BRIDGE_OAUTH_TOKEN=$(cat /bridge/git/mrmanager/k8s/webhook-bridge/secrets/webhook-bridge/webhook-bridge/OAUTH_TOKEN) cargo run
function main {
exec env RUST_LOG=webhookbridge=DEBUG WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" WEBHOOK_BRIDGE_HMAC_SECRET="$(decrypt_k8s_secret -n webhook-bridge webhook-bridge | jq -r '.HMAC_TOKEN')" WEBHOOK_BRIDGE_OAUTH_TOKEN="$(decrypt_k8s_secret -n webhook-bridge webhook-bridge | jq -r '.OAUTH_TOKEN')" WEBHOOK_BRIDGE_REPO_WHITELIST="talexander/webhook_bridge,talexander/homepage,talexander/natter,talexander/poudboot,talexander/ta_waybar_pipewire,talexander/organic" cargo run "${@}"
#"${@}"
}
function decrypt_k8s_secret {
kubectl get secret -o json "${@}" | jq '.data[] |= @base64d | .data'
}
main "${@}"

16
run_docker.bash Executable file
View File

@@ -0,0 +1,16 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
function main {
make -C docker/webhook_bridge build
docker run --rm -i -t -p 9988:9988 -e RUST_LOG=webhookbridge=DEBUG -e WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" -e WEBHOOK_BRIDGE_HMAC_SECRET="$(decrypt_k8s_secret -n webhook-bridge webhook-bridge | jq -r '.HMAC_TOKEN')" -e WEBHOOK_BRIDGE_OAUTH_TOKEN="$(decrypt_k8s_secret -n webhook-bridge webhook-bridge | jq -r '.OAUTH_TOKEN')" -e WEBHOOK_BRIDGE_REPO_WHITELIST="talexander/webhook_bridge,talexander/homepage,talexander/natter,talexander/poudboot,talexander/ta_waybar_pipewire,talexander/organic" webhook-bridge:latest
}
function decrypt_k8s_secret {
kubectl get secret -o json "${@}" | jq '.data[] |= @base64d | .data'
}
main "${@}"

4
rust-toolchain.toml Normal file
View File

@@ -0,0 +1,4 @@
[toolchain]
channel = "nightly"
profile = "default"
components = ["clippy", "rustfmt"]

6
src/app_state.rs
View File

@@ -1,13 +1,7 @@
use std::collections::HashSet;
use std::sync::Arc;
use kube::Client;
use crate::gitea_client::GiteaClient;
#[derive(Clone)]
pub(crate) struct AppState {
pub(crate) kubernetes_client: Client,
pub(crate) gitea: GiteaClient,
pub(crate) allowed_repos: Arc<HashSet<String>>,
}

2
src/bin_local_trigger.rs
View File

@@ -2,7 +2,7 @@
use webhookbridge::init_tracing;
use webhookbridge::local_trigger;
const EXAMPLE_WEBHOOK_PAYLOAD: &str = include_str!("../example_tag_webhook_payload.json");
const EXAMPLE_WEBHOOK_PAYLOAD: &str = include_str!("../local_payload.json");
#[tokio::main]
#[allow(clippy::needless_return)]

18
src/hook_push.rs
View File

@@ -6,7 +6,6 @@ use serde_json::Value;
#[allow(dead_code)]
#[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub(crate) struct HookPush {
#[serde(rename = "ref")]
pub(crate) ref_field: String,
@@ -23,14 +22,16 @@ pub(crate) struct HookPush {
#[allow(dead_code)]
#[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub(crate) struct HookUser {
id: u64,
login: String,
login_name: String,
#[serde(default, skip_serializing_if = "Option::is_none")]
source_id: Option<u64>,
full_name: String,
email: String,
avatar_url: String,
html_url: String,
language: String,
is_admin: bool,
last_login: String, // TODO: parse to datetime
@@ -50,7 +51,6 @@ pub(crate) struct HookUser {
#[allow(dead_code)]
#[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub(crate) struct HookRepository {
id: u64,
owner: HookUser,
@@ -61,7 +61,6 @@ pub(crate) struct HookRepository {
private: bool,
fork: bool,
template: bool,
parent: Value, // Was null in test hook
mirror: bool,
size: u64,
language: String,
@@ -86,10 +85,12 @@ pub(crate) struct HookRepository {
archived_at: String, // TODO: parse to datetime
permissions: HookRepositoryPermissions,
has_issues: bool,
internal_tracker: HookRepositoryInternalTracker,
#[serde(default, skip_serializing_if = "Option::is_none")]
internal_tracker: Option<HookRepositoryInternalTracker>,
has_wiki: bool,
has_pull_requests: bool,
has_projects: bool,
projects_mode: String,
has_releases: bool,
has_packages: bool,
has_actions: bool,
@@ -98,6 +99,7 @@ pub(crate) struct HookRepository {
allow_rebase: bool,
allow_rebase_explicit: bool,
allow_squash_merge: bool,
allow_fast_forward_only_merge: bool,
allow_rebase_update: bool,
default_delete_branch_after_merge: bool,
default_merge_style: String,
@@ -105,13 +107,12 @@ pub(crate) struct HookRepository {
avatar_url: String,
internal: bool,
mirror_interval: String,
object_format_name: String,
mirror_updated: String, // TODO: parse to datetime
repo_transfer: Value, // Was null in test hook
}
#[allow(dead_code)]
#[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub(crate) struct HookRepositoryPermissions {
admin: bool,
push: bool,
@@ -120,7 +121,6 @@ pub(crate) struct HookRepositoryPermissions {
#[allow(dead_code)]
#[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub(crate) struct HookRepositoryInternalTracker {
enable_time_tracker: bool,
allow_only_contributors_to_track_time: bool,
@@ -129,7 +129,6 @@ pub(crate) struct HookRepositoryInternalTracker {
#[allow(dead_code)]
#[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub(crate) struct HookCommit {
id: String,
message: String,
@@ -145,7 +144,6 @@ pub(crate) struct HookCommit {
#[allow(dead_code)]
#[derive(Debug, Deserialize)]
#[serde(deny_unknown_fields)]
pub(crate) struct HookGitUser {
name: String,
email: String,

10
src/lib.rs
View File

@@ -47,14 +47,6 @@ pub async fn init_tracing() -> Result<(), Box<dyn std::error::Error>> {
}
pub async fn launch_server() -> Result<(), Box<dyn std::error::Error>> {
let kubernetes_client: Client = Client::try_default()
.await
.expect("Set KUBECONFIG to a valid kubernetes config.");
let gitea_api_root = std::env::var("WEBHOOK_BRIDGE_API_ROOT")?;
let gitea_api_token = std::env::var("WEBHOOK_BRIDGE_OAUTH_TOKEN")?;
let gitea = GiteaClient::new(gitea_api_root, gitea_api_token);
let allowed_repos = std::env::var("WEBHOOK_BRIDGE_REPO_WHITELIST")?;
let allowed_repos: HashSet<_> = allowed_repos
.split(",")
@@ -73,8 +65,6 @@ pub async fn launch_server() -> Result<(), Box<dyn std::error::Error>> {
TimeoutLayer::new(Duration::from_secs(600)),
))
.with_state(AppState {
kubernetes_client,
gitea,
allowed_repos: Arc::new(allowed_repos),
});

57
src/webhook.rs
View File

@@ -42,24 +42,57 @@ pub(crate) async fn hook(
debug!("REQ: {:?}", payload);
match payload {
HookRequest::Push(webhook_payload) => {
handle_push(
state.gitea,
state.kubernetes_client,
state.allowed_repos.borrow(),
webhook_payload,
)
let kubernetes_client: kube::Client = kube::Client::try_default()
.await
.expect("Failed to handle push event.");
(
.expect("Set KUBECONFIG to a valid kubernetes config.");
let gitea_api_root = std::env::var("WEBHOOK_BRIDGE_API_ROOT");
let gitea_api_token = std::env::var("WEBHOOK_BRIDGE_OAUTH_TOKEN");
let (gitea_api_root, gitea_api_token) = match (gitea_api_root, gitea_api_token) {
(Ok(r), Ok(t)) => (r, t),
_ => {
return (
StatusCode::OK,
Json(HookResponse {
ok: true,
message: None,
}),
);
}
};
let gitea = GiteaClient::new(gitea_api_root, gitea_api_token);
let push_result = handle_push(
gitea,
kubernetes_client,
state.allowed_repos.borrow(),
webhook_payload,
)
.await;
match push_result {
Ok(_) => (
StatusCode::OK,
Json(HookResponse {
ok: true,
message: None,
}),
),
Err(e) => {
tracing::error!("Failed to handle push event: {}", e);
(
// StatusCode::INTERNAL_SERVER_ERROR,
StatusCode::OK,
Json(HookResponse {
ok: false,
message: Some("Failed to handle push event.".to_string()),
}),
)
}
}
}
HookRequest::Unrecognized(payload) => (
StatusCode::BAD_REQUEST,
// StatusCode::BAD_REQUEST,
StatusCode::OK,
Json(HookResponse {
ok: false,
message: Some(format!("unrecognized event type: {payload}")),
@@ -146,9 +179,9 @@ where
}
async fn check_hash(body: Bytes, secret: String, signature: Vec<u8>) -> Result<Bytes, Response> {
tracing::info!("Checking signature {:02x?}", signature.as_slice());
tracing::info!("Using secret {:?}", secret);
tracing::info!("and body {}", general_purpose::STANDARD.encode(&body));
tracing::debug!("Checking signature {:02x?}", signature.as_slice());
// tracing::info!("Using secret {:?}", secret);
tracing::debug!("and body {}", general_purpose::STANDARD.encode(&body));
let mut mac = HmacSha256::new_from_slice(secret.as_bytes())
.map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response())?;
mac.update(&body);

13
test_webhook.bash
View File

File diff suppressed because one or more lines are too long