3.2. 使用带有 GitHub Webhook 的 Pipelines as Code

流程

1. 配置 Webhook 并创建一个 Repository 自定义资源 (CR)。

   • 要配置 webhook 并使用 tkn pac CLI 工具自动创建一个 Repository CR，请使用以下命令：

     $ tkn pac create repo

     Copy to Clipboard Toggle word wrap

     互动输出示例

     ? Enter the Git repository url (default: https://github.com/owner/repo):
     ? Please enter the namespace where the pipeline should run (default: repo-pipelines):
     ! Namespace repo-pipelines is not found
     ? Would you like me to create the namespace repo-pipelines? Yes
     ✓ Repository owner-repo has been created in repo-pipelines namespace
     ✓ Setting up GitHub Webhook for Repository https://github.com/owner/repo
     👀 I have detected a controller url: https://pipelines-as-code-controller-openshift-pipelines.apps.example.com
     ? Do you want me to use it? Yes
     ? Please enter the secret to configure the webhook for payload validation (default: sJNwdmTifHTs):  sJNwdmTifHTs
     ℹ ️You now need to create a GitHub personal access token, please checkout the docs at https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token for the required scopes
     ? Please enter the GitHub access token:  ****************************************
     ✓ Webhook has been created on repository owner/repo
     🔑 Webhook Secret owner-repo has been created in the repo-pipelines namespace.
     🔑 Repository CR owner-repo has been updated with webhook secret in the repo-pipelines namespace
     ℹ Directory .tekton has been created.
     ✓ We have detected your repository using the programming language Go.
     ✓ A basic template has been created in /home/Go/src/github.com/owner/repo/.tekton/pipelinerun.yaml, feel free to customize it.

     Copy to Clipboard Toggle word wrap

   • 要配置 webhook 并 手动创建 Repository CR，请执行以下步骤：

     1. 在 OpenShift 集群中，提取 Pipelines as Code 控制器的公共 URL。

        $ echo https://$(oc get route -n openshift-pipelines pipelines-as-code-controller -o jsonpath='{.spec.host}')

        Copy to Clipboard Toggle word wrap

     2. 在 GitHub 存储库或机构中执行以下步骤：

        1. 进入 Settings -> Webhooks 并点 Add webhook。
        2. 将 Payload URL 设置为 Pipelines as Code 的公共 URL。
        3. 将内容类型选为 application/json。

        4. 添加 webhook secret 并在另一个位置记录它。在本地机器上安装 openssl 后，生成一个随机 secret。

           $ openssl rand -hex 20

           Copy to Clipboard Toggle word wrap
        5. 点 Let me select individual events 并选择这些事件：Commit comments, Issue comments, Pull request, 和 Pushes.
        6. 点击 Add webhook。

     3. 在 OpenShift 集群中，使用个人访问令牌和 webhook secret 创建一个 Secret 对象。

        $ oc -n target-namespace create secret generic github-webhook-config \
          --from-literal provider.token="<GITHUB_PERSONAL_ACCESS_TOKEN>" \
          --from-literal webhook.secret="<WEBHOOK_SECRET>"

        Copy to Clipboard Toggle word wrap

     4. 创建 Repository CR。

        示例： Repository CR

        apiVersion: "pipelinesascode.tekton.dev/v1alpha1"
        kind: Repository
        metadata:
          name: my-repo
          namespace: target-namespace
        spec:
          url: "https://github.com/owner/repo"
          git_provider:
            secret:
              name: "github-webhook-config"
              key: "provider.token" # Set this if you have a different key in your secret
            webhook_secret:
              name: "github-webhook-config"
              key: "webhook.secret" # Set this if you have a different key for your secret

        Copy to Clipboard Toggle word wrap

        注意

        Pipelines as Code 假设 OpenShift Secret 对象和 Repository CR 位于同一命名空间中。

2. 可选： 对于现有的 Repository CR，请添加多个 GitHub Webhook secret 或为已删除的 secret 提供替换。

   1. 使用 tkn pac CLI 工具添加 webhook。

      示例：使用 tkn pac CLI 的额外 Webhook

      $ tkn pac webhook add -n repo-pipelines

      Copy to Clipboard Toggle word wrap

      互动输出示例

      ✓ Setting up GitHub Webhook for Repository https://github.com/owner/repo
      👀 I have detected a controller url: https://pipelines-as-code-controller-openshift-pipelines.apps.example.com
      ? Do you want me to use it? Yes
      ? Please enter the secret to configure the webhook for payload validation (default: AeHdHTJVfAeH):  AeHdHTJVfAeH
      ✓ Webhook has been created on repository owner/repo
      🔑 Secret owner-repo has been updated with webhook secert in the repo-pipelines namespace.

      Copy to Clipboard Toggle word wrap

   2. 更新现有 OpenShift Secret 对象中的 webhook.secret 密钥。

3. 可选： 对于现有的 Repository CR，更新个人访问令牌。

   • 使用 tkn pac CLI 工具更新个人访问令牌。

     示例：使用 tkn pac CLI 更新个人访问令牌

     $ tkn pac webhook update-token -n repo-pipelines

     Copy to Clipboard Toggle word wrap

     互动输出示例

     ? Please enter your personal access token:  ****************************************
     🔑 Secret owner-repo has been updated with new personal access token in the repo-pipelines namespace.

     Copy to Clipboard Toggle word wrap

   • 或者，通过修改 Repository CR 来更新个人访问令牌。

     1. 在 Repository CR 中查找 secret 的名称。

        apiVersion: "pipelinesascode.tekton.dev/v1alpha1"
        kind: Repository
        metadata:
          name: my-repo
          namespace: target-namespace
        spec:
        # ...
          git_provider:
            secret:
              name: "github-webhook-config"
        # ...

        Copy to Clipboard Toggle word wrap

     2. 使用 oc patch 命令更新 $target_namespace 命名空间中的 $NEW_TOKEN 的值。

        $ oc -n $target_namespace patch secret github-webhook-config -p "{\"data\": {\"provider.token\": \"$(echo -n $NEW_TOKEN|base64 -w0)\"}}"

        Copy to Clipboard Toggle word wrap