Skip to content

Commit

Permalink
Fix secret generation issue when GitOps comments are executed on commits
Browse files Browse the repository at this point in the history
This update corrects the creation of an auto-generated
secret that previously had an invalid or missing value
for git-provider-token key

Signed-off-by: Savita Ashture <[email protected]>
  • Loading branch information
savitaashture authored and chmouel committed May 28, 2024
1 parent 6d4be45 commit 9dcbe19
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 6 deletions.
17 changes: 11 additions & 6 deletions pkg/provider/github/parse_payload.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,23 +14,22 @@ import (
ghinstallation "github.com/bradleyfalzon/ghinstallation/v2"
oGitHub "github.com/google/go-github/v60/github"
"github.com/google/go-github/v61/github"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"

"github.com/openshift-pipelines/pipelines-as-code/pkg/apis/pipelinesascode/keys"
"github.com/openshift-pipelines/pipelines-as-code/pkg/opscomments"
"github.com/openshift-pipelines/pipelines-as-code/pkg/params"
"github.com/openshift-pipelines/pipelines-as-code/pkg/params/info"
"github.com/openshift-pipelines/pipelines-as-code/pkg/params/triggertype"
"github.com/openshift-pipelines/pipelines-as-code/pkg/provider"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
)

// GetAppIDAndPrivateKey retrieves the GitHub application ID and private key from a secret in the specified namespace.
// It takes a context, namespace, and Kubernetes client as input parameters.
// It returns the application ID (int64), private key ([]byte), and an error if any.
func (v *Provider) GetAppIDAndPrivateKey(ctx context.Context, ns string, kube kubernetes.Interface) (int64, []byte, error) {
paramsinfo := &v.Run.Info
secret, err := kube.CoreV1().Secrets(ns).Get(ctx, paramsinfo.Controller.Secret, v1.GetOptions{})
secret, err := kube.CoreV1().Secrets(ns).Get(ctx, paramsinfo.Controller.Secret, metav1.GetOptions{})
if err != nil {
return 0, []byte{}, fmt.Errorf("could not get the secret %s in ns %s: %w", paramsinfo.Controller.Secret, ns, err)
}
Expand Down Expand Up @@ -250,7 +249,10 @@ func (v *Provider) processEvent(ctx context.Context, event *info.Event, eventInt
if v.Client == nil {
return nil, fmt.Errorf("gitops style comments operation is only supported with github apps integration")
}
return v.handleCommitCommentEvent(ctx, gitEvent)
processedEvent, err = v.handleCommitCommentEvent(ctx, gitEvent)
if err != nil {
return nil, err
}
case *github.PushEvent:
processedEvent.Organization = gitEvent.GetRepo().GetOwner().GetLogin()
processedEvent.Repository = gitEvent.GetRepo().GetName()
Expand Down Expand Up @@ -293,7 +295,10 @@ func (v *Provider) processEvent(ctx context.Context, event *info.Event, eventInt
return nil, errors.New("this event is not supported")
}

processedEvent.TriggerTarget = event.TriggerTarget
// check before overriding the value for TriggerTarget
if processedEvent.TriggerTarget == "" {
processedEvent.TriggerTarget = event.TriggerTarget
}
processedEvent.Provider.Token = event.Provider.Token

return processedEvent, nil
Expand Down
9 changes: 9 additions & 0 deletions test/github_push_retest_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"testing"

"github.com/google/go-github/v61/github"
"github.com/openshift-pipelines/pipelines-as-code/pkg/apis/pipelinesascode/keys"
"github.com/openshift-pipelines/pipelines-as-code/test/pkg/cctx"
tgithub "github.com/openshift-pipelines/pipelines-as-code/test/pkg/github"
twait "github.com/openshift-pipelines/pipelines-as-code/test/pkg/wait"
Expand Down Expand Up @@ -58,6 +59,14 @@ func TestGithubPushRequestGitOpsCommentRetest(t *testing.T) {
pruns, err = g.Cnx.Clients.Tekton.TektonV1().PipelineRuns(g.TargetNamespace).List(ctx, metav1.ListOptions{})
assert.NilError(t, err)
assert.Equal(t, len(pruns.Items), 4)

for i := range pruns.Items {
sData, err := g.Cnx.Clients.Kube.CoreV1().Secrets(g.TargetNamespace).Get(ctx, pruns.Items[i].GetAnnotations()[keys.GitAuthSecret], metav1.GetOptions{})
assert.NilError(t, err)
assert.Assert(t, string(sData.Data["git-provider-token"]) != "")
assert.Assert(t, string(sData.Data[".git-credentials"]) != "")
assert.Assert(t, string(sData.Data[".gitconfig"]) != "")
}
}

func TestGithubPushRequestGitOpsCommentCancel(t *testing.T) {
Expand Down

0 comments on commit 9dcbe19

Please sign in to comment.