github-jira-proxy, prow, plugin: add plugin that checks github webhooks #3516
Conversation
kubevirt-bot
added
the
dco-signoff: yes
kubevirt-bot
added
do-not-merge/work-in-progress
There was a problem hiding this comment.
Looks good for a start @avlitman - comments inline.
Maybe @brianmcarey can chime in here on how we should configure the ingress rule - and what else is necessary to get it reachable from external sources.
github/ci/prow-deploy/files/jobs/kubevirt/project-infra/project-infra-postsubmits.yaml
Outdated
Show resolved
Hide resolved
| @@ -0,0 +1,20 @@ | |||
|
|
|||
There was a problem hiding this comment.
I think we can consume from your own GitHub repository for a start. Other than that, this folder is reserved for proper external prow plugins, which the code here doesn't match (yet). Having said that, you can either build from your public repo in the images Dockerfile, or move your code to the robots folder.
| @@ -546,6 +546,10 @@ external_plugins: | |||
| endpoint: http://referee:9900 | |||
| events: | |||
| - issue_comment | |||
| - name: github-jira-proxy | |||
There was a problem hiding this comment.
This should be removed until the code matches the setup for a proper external plugin.
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
avlitman
force-pushed
the
add-jira-proxy
branch
2 times, most recently
from
e9a3d4d
to
2b60454
Compare
github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-deployment.yaml
Outdated
Show resolved
Hide resolved
github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-deployment.yaml
Show resolved
Hide resolved
github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-deployment.yaml
Show resolved
Hide resolved
github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-deployment.yaml
Show resolved
Hide resolved
github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-deployment.yaml
Outdated
Show resolved
Hide resolved
kubevirt-bot
removed
the
do-not-merge/work-in-progress
|
/uncc @davidvossel @vladikr |
There was a problem hiding this comment.
Looks good @avlitman - I think it would be worth adding your pod to this list so that it is checked in the prow-deploy presubmit -
avlitman
force-pushed
the
add-jira-proxy
branch
2 times, most recently
from
494a794
to
fe14a8d
Compare
Added (: |
|
@avlitman looks like your pod is failing to reach a running state for some reason - https://prow.ci.kubevirt.io/view/gs/kubevirt-prow/pr-logs/pull/kubevirt_project-infra/3516/pull-project-infra-prow-deploy-test/1829076461068226560 You should be able to run a test deploy against a kubevirtci cluster to check out why. You probably need ansible installed though. |
So just install ansible and run it from my laptop? |
The test env may be missing the necessary secrets to start the pod - I will try to run it here locally to see and let you know. |
Much appreciated! does it make sense to push changes to this pr to see if |
It justs the one job so you should be ok to push whatever changes you want - the lane is pretty quick too so you wouldn't be generating too much load. |
There was a problem hiding this comment.
Yes it looks like it is missing a couple of secrets for the testing env
Warning FailedMount 30s (x9 over 2m38s) kubelet MountVolume.SetUp failed for volume "github-webhook-secret" : secret "github-webhook-secret" not found
Warning FailedMount 30s (x9 over 2m38s) kubelet MountVolume.SetUp failed for volume "jira-webhook-url" : secret "jira-webhook-url" not found
You can add dummy secrets here for testing - https://github.com/kubevirt/project-infra/blob/main/github/ci/prow-deploy/vars/kubevirtci-testing/secrets.yml
avlitman
force-pushed
the
add-jira-proxy
branch
6 times, most recently
from
4a0c234
to
707f44d
Compare
There was a problem hiding this comment.
Looks good @avlitman - just a couple of questions on the ingress.
| - prow.ci.kubevirt.io | ||
| secretName: github-jira-proxy-tls | ||
| rules: | ||
| - host: prow.ci.kubevirt.io |
There was a problem hiding this comment.
We will need to use a different host name here as prow.ci.kubevirt.io is already in use by prow.
There was a problem hiding this comment.
fixed in both places
| pathType: Prefix | ||
| backend: | ||
| service: | ||
| name: github-jira-proxy |
There was a problem hiding this comment.
Should this be github-jira-proxy-service as that is what the service is named below?
Signed-off-by: avlitman <alitman@redhat.com>
avlitman
force-pushed
the
add-jira-proxy
branch
from
707f44d
to
eaeb657
Compare
@brianmcarey thanks a lot brian- fixed all your comments (: |
kubevirt-bot
added
the
do-not-merge/hold
What this PR does / why we need it:
This pr added in order to make sure jira webhook secret url is private and no reachable by github repo maintainers outside of redhat.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Jira-ticket: https://issues.redhat.com/browse/CNV-45739
Special notes for your reviewer:
this service needs to have a public URL github can reach.
Checklist
This checklist is not enforcing, but it's a reminder of items that could be relevant to every PR.
Approvers are expected to review this list.
Release note: