[WIP] drivers jenkins -> change trigger to github webhook #444
Conversation
There was a problem hiding this comment.
Reviewed 3 of 3 files at r1.
Reviewable status: all files reviewed, 3 unresolved discussions (waiting on @lwsanty)
README.md, line 183 at r1 (raw file):
## License GPLv3, see [LICENSE](LICENSE)
It's unrelated, so please revert.
etc/skeleton/Jenkinsfile.tpl, line 46 at r1 (raw file):
[key: 'ref', value: '$.ref'] ], token: '{{.Manifest.Language}}-driver',
Wondering, what this "token" does?
etc/skeleton/Jenkinsfile.tpl, line 53 at r1 (raw file):
regexpFilterText: '$ref', regexpFilterExpression: 'refs/heads/' + BRANCH_NAME
Will it trigger on tags?
Signed-off-by: lwsanty <[email protected]>
lwsanty
force-pushed
the
jenkins-webhook4
branch
from
c88a578 to
0551b75
Compare
There was a problem hiding this comment.
Reviewable status: all files reviewed, 3 unresolved discussions (waiting on @dennwc)
README.md, line 183 at r1 (raw file):
Previously, dennwc (Denys Smirnov) wrote…
It's unrelated, so please revert.
Done.
etc/skeleton/Jenkinsfile.tpl, line 46 at r1 (raw file):
There is a special token parameter. When supplied, the invocation will only trigger jobs with that exact token. The token also allows invocations without any other authentication credentials.
https://wiki.jenkins.io/display/JENKINS/Generic+Webhook+Trigger+Plugin
etc/skeleton/Jenkinsfile.tpl, line 53 at r1 (raw file):
Previously, dennwc (Denys Smirnov) wrote…
Will it trigger on tags?
according to https://github.com/src-d/infrastructure/issues/1249#issuecomment-547509076
our middle-ware will work only with push events, so the answer is no
There was a problem hiding this comment.
Reviewed 1 of 1 files at r2.
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @lwsanty)
etc/skeleton/Jenkinsfile.tpl, line 46 at r1 (raw file):
Previously, lwsanty wrote…
There is a special token parameter. When supplied, the invocation will only trigger jobs with that exact token. The token also allows invocations without any other authentication credentials.
https://wiki.jenkins.io/display/JENKINS/Generic+Webhook+Trigger+Plugin
I see. So now I'm also concerned with https://github.com/src-d/infrastructure/issues/1249#issuecomment-547819998.
etc/skeleton/Jenkinsfile.tpl, line 53 at r1 (raw file):
Previously, lwsanty wrote…
according to https://github.com/src-d/infrastructure/issues/1249#issuecomment-547509076
our middle-ware will work only with push events, so the answer is no
But we may need triggers on tags as well. It should be possible to pass all events from the Github.
There was a problem hiding this comment.
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @dennwc)
etc/skeleton/Jenkinsfile.tpl, line 46 at r1 (raw file):
Previously, dennwc (Denys Smirnov) wrote…
I see. So now I'm also concerned with https://github.com/src-d/infrastructure/issues/1249#issuecomment-547819998.
You should not, middleware will be protected by the secret
etc/skeleton/Jenkinsfile.tpl, line 53 at r1 (raw file):
hm, I double checked
Branch pushes and repository tag pushes also trigger webhook push events
https://developer.github.com/webhooks/
So tags will be included.
There was a problem hiding this comment.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @lwsanty)
etc/skeleton/Jenkinsfile.tpl, line 46 at r1 (raw file):
Previously, lwsanty wrote…
You should not, middleware will be protected by the secret
You mean that the token will be send inside the cluster, while a real secret will be used to expose that middleware?
etc/skeleton/Jenkinsfile.tpl, line 53 at r1 (raw file):
Previously, lwsanty wrote…
hm, I double checked
Branch pushes and repository tag pushes also trigger webhook push events
https://developer.github.com/webhooks/So tags will be included.
Awesome, thanks!
There was a problem hiding this comment.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @dennwc)
etc/skeleton/Jenkinsfile.tpl, line 46 at r1 (raw file):
Previously, dennwc (Denys Smirnov) wrote…
You mean that the token will be send inside the cluster, while a real secret will be used to expose that middleware?
Generally yes, I just don't know what means real :)
There was a problem hiding this comment.
Reviewable status:
complete! all files reviewed, all discussions resolved
etc/skeleton/Jenkinsfile.tpl, line 46 at r1 (raw file):
Previously, lwsanty wrote…
Generally yes, I just don't know what means
real:)
"Real" means the one that provides security ("go-driver" as a token doesn't).
So OK, assuming we only send insecure tokens inside our own cluster, LGTM.
There was a problem hiding this comment.
Reviewable status: all files reviewed, 1 unresolved discussion
a discussion (no related file):
blocked until https://github.com/src-d/infrastructure/issues/1249
Note this issue must be closed first https://github.com/src-d/infrastructure/issues/1249
Signed-off-by: lwsanty [email protected]
This change is