From eaeb6579c22c2836363f941c0703c3a59767ee8f Mon Sep 17 00:00:00 2001
From: avlitman <alitman@redhat.com>
Date: Tue, 9 Jul 2024 16:48:29 +0300
Subject: [PATCH] github-jira-proxy, prow, plugin: add plugin that checks
 github webhooks

Signed-off-by: avlitman <alitman@redhat.com>
---
 .../kustom/base/kustomization.yaml            |  3 ++
 .../local/github-jira-proxy-deployment.yaml   | 38 +++++++++++++++++++
 .../local/github-jira-proxy-ingress.yaml      | 24 ++++++++++++
 .../local/github-jira-proxy-service.yaml      | 11 ++++++
 .../kustomization.yaml                        | 10 +++++
 github/ci/prow-deploy/tasks/secrets.yml       | 10 +++++
 github/ci/prow-deploy/tasks/tests.yml         |  1 +
 .../vars/kubevirtci-testing/secrets.yml       |  4 ++
 8 files changed, 101 insertions(+)
 create mode 100644 github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-deployment.yaml
 create mode 100644 github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-ingress.yaml
 create mode 100644 github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-service.yaml

diff --git a/github/ci/prow-deploy/kustom/base/kustomization.yaml b/github/ci/prow-deploy/kustom/base/kustomization.yaml
index 239dd20c72..04947eca6b 100644
--- a/github/ci/prow-deploy/kustom/base/kustomization.yaml
+++ b/github/ci/prow-deploy/kustom/base/kustomization.yaml
@@ -18,6 +18,9 @@ resources:
   - manifests/local/prow-phased-service.yaml
   - manifests/local/referee-deployment.yaml
   - manifests/local/referee-service.yaml
+  - manifests/local/github-jira-proxy-ingress.yaml
+  - manifests/local/github-jira-proxy-deployment.yaml
+  - manifests/local/github-jira-proxy-service.yaml
   - manifests/local/referee-servicemonitor.yaml
   - manifests/local/release-blocker_deployment.yaml
   - manifests/local/release-blocker_service.yaml
diff --git a/github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-deployment.yaml b/github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-deployment.yaml
new file mode 100644
index 0000000000..36dcaf7b74
--- /dev/null
+++ b/github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-deployment.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: github-jira-proxy
+  labels:
+    app: github-jira-proxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: github-jira-proxy
+  template:
+    metadata:
+      labels:
+        app: github-jira-proxy
+    spec:
+      containers:
+        - name: github-jira-proxy
+          image: quay.io/alitman_storage_ocs/github-proxy:v0.0.3
+          args:
+            - '--github-webhook-secret-path=/etc/webhook-github/secret'
+            - '--jira-webhook-secret-path=/etc/webhook-jira/url'
+          ports:
+            - containerPort: 9900
+          volumeMounts:
+            - name: github-webhook-secret
+              mountPath: /etc/webhook-github
+              readOnly: true
+            - name: jira-webhook-url
+              mountPath: /etc/webhook-jira
+              readOnly: true
+      volumes:
+        - name: github-webhook-secret
+          secret:
+            secretName: github-webhook-secret
+        - name: jira-webhook-url
+          secret:
+            secretName: jira-webhook-url
diff --git a/github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-ingress.yaml b/github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-ingress.yaml
new file mode 100644
index 0000000000..8867fb9647
--- /dev/null
+++ b/github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-ingress.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+  name: github-jira-proxy
+  namespace: default
+spec:
+  tls:
+    - hosts:
+        - prow.proxy.kubevirt.io
+      secretName: github-jira-proxy-tls
+  rules:
+    - host: prow.proxy.kubevirt.io
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: github-jira-proxy-service
+                port:
+                  number: 80
diff --git a/github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-service.yaml b/github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-service.yaml
new file mode 100644
index 0000000000..375e6e51bf
--- /dev/null
+++ b/github/ci/prow-deploy/kustom/base/manifests/local/github-jira-proxy-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: github-jira-proxy-service
+spec:
+  selector:
+    app: github-jira-proxy
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 9900
diff --git a/github/ci/prow-deploy/kustom/overlays/kubevirt-prow-control-plane/kustomization.yaml b/github/ci/prow-deploy/kustom/overlays/kubevirt-prow-control-plane/kustomization.yaml
index bcb0261fda..2bca935923 100644
--- a/github/ci/prow-deploy/kustom/overlays/kubevirt-prow-control-plane/kustomization.yaml
+++ b/github/ci/prow-deploy/kustom/overlays/kubevirt-prow-control-plane/kustomization.yaml
@@ -370,6 +370,16 @@ secretGenerator:
       # coverallsToken
       - token=secrets/kubevirtci-coveralls-token
     type: Opaque
+  - name: jira-webhook-url
+    namespace: kubevirt-prow
+    files:
+      - url=secrets/jira-webhook-url
+    type: Opaque
+  - name: github-webhook-secret
+    namespace: kubevirt-prow
+    files:
+      - secret=secrets/github-webhook-secret
+    type: Opaque
   - name: containerized-data-importer-coveralls-token
     namespace: kubevirt-prow-jobs
     files:
diff --git a/github/ci/prow-deploy/tasks/secrets.yml b/github/ci/prow-deploy/tasks/secrets.yml
index 7714e3bbd2..ed49c02916 100644
--- a/github/ci/prow-deploy/tasks/secrets.yml
+++ b/github/ci/prow-deploy/tasks/secrets.yml
@@ -116,6 +116,16 @@
     content: '{{ githubBotreviewToken }}'
     dest: '{{ secrets_dir }}/botreview-oauth-token'
 
+- name: Create jira-webhook-url
+  copy:
+    content: '{{ jiraWebhookURL }}'
+    dest: '{{ secrets_dir }}/jira-webhook-url'
+
+- name: Create github-webhook-secret
+  copy:
+    content: '{{ githubWebhookToken }}'
+    dest: '{{ secrets_dir }}/github-webhook-secret'
+
 - name: Create coveralls token secret
   copy:
     content: '{{ coverallsToken }}'
diff --git a/github/ci/prow-deploy/tasks/tests.yml b/github/ci/prow-deploy/tasks/tests.yml
index afcb6067d8..1e4985a7db 100644
--- a/github/ci/prow-deploy/tasks/tests.yml
+++ b/github/ci/prow-deploy/tasks/tests.yml
@@ -22,6 +22,7 @@
     - crier
     - prow-controller-manager
     - horologium
+    - github-jira-proxy
 
 - name: deploy ingress controller
   shell: |
diff --git a/github/ci/prow-deploy/vars/kubevirtci-testing/secrets.yml b/github/ci/prow-deploy/vars/kubevirtci-testing/secrets.yml
index 8674bd2973..bb51f0c1ab 100644
--- a/github/ci/prow-deploy/vars/kubevirtci-testing/secrets.yml
+++ b/github/ci/prow-deploy/vars/kubevirtci-testing/secrets.yml
@@ -43,3 +43,7 @@ windowsProductKeys:
 fossaToken: d3c481176ace1b6c5eb417b0d3dd01497
 
 prowKubevirtbotSSHPrivateKey: "fakie fake"
+
+githubWebhookToken: fd5d76ff40e470c0a6c92f2
+
+jiraWebhookURL: https://issues.kubevirt.io