From 7b18631de64936e85f15345ec46cf3da00e15def Mon Sep 17 00:00:00 2001 From: Matus Madzin Date: Tue, 26 Nov 2024 20:48:24 +0100 Subject: [PATCH] Update webhook secret logic again to keep the compatibility --- Parameters.md | 44 ++++++++++++------- api/v1alpha1/webserver_types.go | 15 ++++++- api/v1alpha1/zz_generated.deepcopy.go | 20 +++++++++ .../crd/bases/web.servers.org_webservers.yaml | 19 +++++++- controllers/templates.go | 40 ++++++++++++++--- 5 files changed, 111 insertions(+), 27 deletions(-) diff --git a/Parameters.md b/Parameters.md index 0b5d87c..e87bab3 100644 --- a/Parameters.md +++ b/Parameters.md @@ -166,18 +166,11 @@ The sub directory where the pom.xml is located and where the `mvn install` shoul contextDir: / ``` -#### webSourcesParams -Those are additional parameter of webSourcesParams to describe how to build the application images. - -##### artifactDir (webSourcesParams) -The artifactDir is a parameter of the SourceBuildStrategy the operator is using. It is the directory where maven places the war it creates for the webapp. -The contents of artifactDir is copied in the webapps directory of the image used to deploy the application /opt/jws-5.x/tomcat/webapps. The default value is target. +#### webhookSecrets +Secret names for triggering a build through webhook. -##### mavenMirrorUrl (webSourcesParams) -The mavenMirrorUrl is a parameter of the SourceBuildStrategy the operator is using. It is the maven proxy URL that maven will use to build the webapp. It is required if the cluster doesn't have access to the Internet. - -##### genericWebhookSecret (webSourcesParams) -This explains how to use a secret for a generic webhook to trigger a build. +##### Generic (webhookSecrets) +Secret name for triggering a build. 1 - Create a base64 secret string: Base64 encoded string secret can be created by base64 tool. In the following example, the secret "qwerty" is used @@ -204,7 +197,8 @@ secret/jws-secret created So here we use: ``` -genericWebhookSecret: jws-secret +webhookSecrets: + generic: jws-secret ``` To test it: @@ -249,12 +243,28 @@ The build is triggered. Go to Setting+Webhooks+Add webhook in your github project and add the URL in the Payload URL, set Content type: application/json, Disable SSL verification if needed and click Add webhook. See https://docs.openshift.com/container-platform/4.6/builds/triggering-builds-build-hooks.html for more details. -##### githubWebhookSecret (webSourcesParams) -That is a web hook specific to GitHub, it works like `genericWebhookSecret` +##### Github (webhookSecrets) +Secret name for triggering a build from Github. + +##### Gitlab (webhookSecrets) +Secret name for triggering a build from Gitlab. + +#### webSourcesParams +Those are additional parameter of webSourcesParams to describe how to build the application images. + +##### artifactDir (webSourcesParams) +The artifactDir is a parameter of the SourceBuildStrategy the operator is using. It is the directory where maven places the war it creates for the webapp. +The contents of artifactDir is copied in the webapps directory of the image used to deploy the application /opt/jws-5.x/tomcat/webapps. The default value is target. + +##### mavenMirrorUrl (webSourcesParams) +The mavenMirrorUrl is a parameter of the SourceBuildStrategy the operator is using. It is the maven proxy URL that maven will use to build the webapp. It is required if the cluster doesn't have access to the Internet. + +##### (Deprecated) genericWebhookSecret (webSourcesParams) +Web hook secret string + +##### (Deprecated) githubWebhookSecret (webSourcesParams) +That is a web hook secret string specific to GitHub, it works like `genericWebhookSecret` -``` -githubWebhookSecret: jws-secret -``` Note that it is not possible to test the Github webhook by hands: The playload is generated by github and it is NOT empty. diff --git a/api/v1alpha1/webserver_types.go b/api/v1alpha1/webserver_types.go index feca2cf..e43e8e7 100644 --- a/api/v1alpha1/webserver_types.go +++ b/api/v1alpha1/webserver_types.go @@ -112,6 +112,8 @@ type WebSourcesSpec struct { ContextDir string `json:"contextDir,omitempty"` // (Optional) Sources related parameters WebSourcesParams *WebSourcesParamsSpec `json:"webSourcesParams,omitempty"` + // Webhook secrets configuration + WebhookSecrets *WebhookSecrets `json:"webhookSecrets,omitempty"` } // (Optional) Sources related parameters @@ -120,12 +122,21 @@ type WebSourcesParamsSpec struct { MavenMirrorURL string `json:"mavenMirrorUrl,omitempty"` // Directory where the jar/war is created ArtifactDir string `json:"artifactDir,omitempty"` - // Secret for a generic web hook + // (Deprecated - Use WebhookSecrets instead) Secret string for a generic web hook GenericWebhookSecret string `json:"genericWebhookSecret,omitempty"` - // Secret for a Github web hook + // (Deprecated - Use WebhookSecrets instead) Secret string for a Github web hook GithubWebhookSecret string `json:"githubWebhookSecret,omitempty"` } +type WebhookSecrets struct { + // Secret for generic webhook + Generic string `json:"generic,omitempty"` + // Secret for Github webhook + Github string `json:"github,omitempty"` + // Secret for Gitlab webhook + Gitlab string `json:"gitlab,omitempty"` +} + type WebServerHealthCheckSpec struct { // String for the pod readiness health check logic ServerReadinessScript string `json:"serverReadinessScript"` diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 75eba6f..83cc120 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -286,6 +286,11 @@ func (in *WebSourcesSpec) DeepCopyInto(out *WebSourcesSpec) { *out = new(WebSourcesParamsSpec) **out = **in } + if in.WebhookSecrets != nil { + in, out := &in.WebhookSecrets, &out.WebhookSecrets + *out = new(WebhookSecrets) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebSourcesSpec. @@ -297,3 +302,18 @@ func (in *WebSourcesSpec) DeepCopy() *WebSourcesSpec { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookSecrets) DeepCopyInto(out *WebhookSecrets) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookSecrets. +func (in *WebhookSecrets) DeepCopy() *WebhookSecrets { + if in == nil { + return nil + } + out := new(WebhookSecrets) + in.DeepCopyInto(out) + return out +} diff --git a/config/crd/bases/web.servers.org_webservers.yaml b/config/crd/bases/web.servers.org_webservers.yaml index a5f10cc..d8e533f 100644 --- a/config/crd/bases/web.servers.org_webservers.yaml +++ b/config/crd/bases/web.servers.org_webservers.yaml @@ -477,15 +477,30 @@ spec: description: Directory where the jar/war is created type: string genericWebhookSecret: - description: Secret for a generic web hook + description: (Deprecated - Use WebhookSecrets instead) + Secret string for a generic web hook type: string githubWebhookSecret: - description: Secret for a Github web hook + description: (Deprecated - Use WebhookSecrets instead) + Secret string for a Github web hook type: string mavenMirrorUrl: description: URL to a maven repository type: string type: object + webhookSecrets: + description: Webhook secrets configuration + properties: + generic: + description: Secret for generic webhook + type: string + github: + description: Secret for Github webhook + type: string + gitlab: + description: Secret for Gitlab webhook + type: string + type: object required: - sourceRepositoryUrl type: object diff --git a/controllers/templates.go b/controllers/templates.go index f1aefff..2896726 100644 --- a/controllers/templates.go +++ b/controllers/templates.go @@ -523,24 +523,52 @@ func (r *WebServerReconciler) generateBuildTriggerPolicy(webServer *webserversv1 sources := webServer.Spec.WebImageStream.WebSources if sources != nil { params := sources.WebSourcesParams - if params != nil { - if params.GithubWebhookSecret != "" { + + if sources.WebhookSecrets != nil { + if sources.WebhookSecrets.Generic != "" { + buildTriggerPolicies = append(buildTriggerPolicies, buildv1.BuildTriggerPolicy{ + Type: "Generic", + GenericWebHook: &buildv1.WebHookTrigger{ + SecretReference: &buildv1.SecretLocalReference{ + Name: sources.WebhookSecrets.Generic, + }, + }, + }) + } + if sources.WebhookSecrets.Github != "" { buildTriggerPolicies = append(buildTriggerPolicies, buildv1.BuildTriggerPolicy{ Type: "GitHub", GitHubWebHook: &buildv1.WebHookTrigger{ SecretReference: &buildv1.SecretLocalReference{ - Name: params.GithubWebhookSecret, + Name: sources.WebhookSecrets.Github, + }, + }, + }) + } + if sources.WebhookSecrets.Gitlab != "" { + buildTriggerPolicies = append(buildTriggerPolicies, buildv1.BuildTriggerPolicy{ + Type: "GitLab", + GitLabWebHook: &buildv1.WebHookTrigger{ + SecretReference: &buildv1.SecretLocalReference{ + Name: sources.WebhookSecrets.Gitlab, }, }, }) } + } else if params != nil { + if params.GithubWebhookSecret != "" { + buildTriggerPolicies = append(buildTriggerPolicies, buildv1.BuildTriggerPolicy{ + Type: "GitHub", + GitHubWebHook: &buildv1.WebHookTrigger{ + Secret: params.GithubWebhookSecret, + }, + }) + } if params.GenericWebhookSecret != "" { buildTriggerPolicies = append(buildTriggerPolicies, buildv1.BuildTriggerPolicy{ Type: "Generic", GenericWebHook: &buildv1.WebHookTrigger{ - SecretReference: &buildv1.SecretLocalReference{ - Name: params.GenericWebhookSecret, - }, + Secret: params.GenericWebhookSecret, }, }) }