3.3. 在 GitLab 中使用 Pipelines as Code

流程

1. 配置 Webhook 并创建一个 Repository 自定义资源 (CR)。

   • 要配置 webhook 并使用 tkn pac CLI 工具自动创建一个 Repository CR，请使用以下命令：

     $ tkn pac create repo

     Copy to Clipboard Toggle word wrap

     互动输出示例

     ? Enter the Git repository url (default: https://gitlab.com/owner/repo):
     ? Please enter the namespace where the pipeline should run (default: repo-pipelines):
     ! Namespace repo-pipelines is not found
     ? Would you like me to create the namespace repo-pipelines? Yes
     ✓ Repository repositories-project has been created in repo-pipelines namespace
     ✓ Setting up GitLab Webhook for Repository https://gitlab.com/owner/repo
     ? Please enter the project ID for the repository you want to be configured,
       project ID refers to an unique ID (e.g. 34405323) shown at the top of your GitLab project : 17103
     👀 I have detected a controller url: https://pipelines-as-code-controller-openshift-pipelines.apps.example.com
     ? Do you want me to use it? Yes
     ? Please enter the secret to configure the webhook for payload validation (default: lFjHIEcaGFlF):  lFjHIEcaGFlF
     ℹ ️You now need to create a GitLab personal access token with `api` scope
     ℹ ️Go to this URL to generate one https://gitlab.com/-/profile/personal_access_tokens, see https://is.gd/rOEo9B for documentation
     ? Please enter the GitLab access token:  **************************
     ? Please enter your GitLab API URL::  https://gitlab.com
     ✓ Webhook has been created on your repository
     🔑 Webhook Secret repositories-project has been created in the repo-pipelines namespace.
     🔑 Repository CR repositories-project has been updated with webhook secret in the repo-pipelines namespace
     ℹ Directory .tekton has been created.
     ✓ A basic template has been created in /home/Go/src/gitlab.com/repositories/project/.tekton/pipelinerun.yaml, feel free to customize it.

     Copy to Clipboard Toggle word wrap

   • 要配置 webhook 并 手动创建 Repository CR，请执行以下步骤：

     1. 在 OpenShift 集群中，提取 Pipelines as Code 控制器的公共 URL。

        $ echo https://$(oc get route -n openshift-pipelines pipelines-as-code-controller -o jsonpath='{.spec.host}')

        Copy to Clipboard Toggle word wrap

     2. 在 GitLab 项目中，执行以下步骤：

        1. 使用左侧边栏进入 Settings -> Webhooks。
        2. 将 URL 设置为 Pipelines as Code 控制器公共 URL。

        3. 添加 webhook secret 并在另一个位置记录它。在本地机器上安装 openssl 后，生成一个随机 secret。

           $ openssl rand -hex 20

           Copy to Clipboard Toggle word wrap
        4. 点 Let me select individual events 并选择这些事件：Commit comments, Issue comments, Pull request, 和 Pushes.
        5. 点 Save Changes。

     3. 在 OpenShift 集群中，使用个人访问令牌和 webhook secret 创建一个 Secret 对象。

        $ oc -n target-namespace create secret generic gitlab-webhook-config \
          --from-literal provider.token="<GITLAB_PERSONAL_ACCESS_TOKEN>" \
          --from-literal webhook.secret="<WEBHOOK_SECRET>"

        Copy to Clipboard Toggle word wrap

     4. 创建 Repository CR。

        示例： Repository CR

        apiVersion: "pipelinesascode.tekton.dev/v1alpha1"
        kind: Repository
        metadata:
          name: my-repo
          namespace: target-namespace
        spec:
          url: "https://gitlab.com/owner/repo" # The repository URL
          git_provider:
            #url: "https://gitlab.example.com/" 

        1

        
            secret:
              name: "gitlab-webhook-config"
              key: "provider.token" # Set this if you have a different key in your secret
            webhook_secret:
              name: "gitlab-webhook-config"
              key: "webhook.secret" # Set this if you have a different key for your secret

        Copy to Clipboard Toggle word wrap

        1

        如果您使用 GitLab 的私有实例而不是 GitLab.com，请取消注释此字段并将其设置为 GitLab API 的 URL。GitLab API 与存储库相同。例如，如果仓库是 https://gitlab.example.com/owner/repo，API URL 为 https://gitlab.example.com/。

   注意
   • Pipelines as Code 假设 OpenShift Secret 对象和 Repository CR 位于同一命名空间中。

2. 可选： 对于现有的 Repository CR，请添加多个 GitLab Webhook secret 或为已删除的 secret 提供替换。

   1. 使用 tkn pac CLI 工具添加 webhook。

      示例：使用 tkn pac CLI 添加额外的 Webhook

      $ tkn pac webhook add -n repo-pipelines

      Copy to Clipboard Toggle word wrap

      互动输出示例

      ✓ Setting up GitLab Webhook for Repository https://gitlab.com/owner/repo
      👀 I have detected a controller url: https://pipelines-as-code-controller-openshift-pipelines.apps.example.com
      ? Do you want me to use it? Yes
      ? Please enter the secret to configure the webhook for payload validation (default: AeHdHTJVfAeH):  AeHdHTJVfAeH
      ✓ Webhook has been created on repository owner/repo
      🔑 Secret owner-repo has been updated with webhook secert in the repo-pipelines namespace.

      Copy to Clipboard Toggle word wrap

   2. 更新现有 OpenShift Secret 对象中的 webhook.secret 密钥。

3. 可选： 对于现有的 Repository CR，更新个人访问令牌。

   • 使用 tkn pac CLI 工具更新个人访问令牌。

     示例：使用 tkn pac CLI 更新个人访问令牌

     $ tkn pac webhook update-token -n repo-pipelines

     Copy to Clipboard Toggle word wrap

     互动输出示例

     ? Please enter your personal access token:  ****************************************
     🔑 Secret owner-repo has been updated with new personal access token in the repo-pipelines namespace.

     Copy to Clipboard Toggle word wrap

   • 或者，通过修改 Repository CR 来更新个人访问令牌。

     1. 在 Repository CR 中查找 secret 的名称。

        ...
        spec:
          git_provider:
            secret:
              name: "gitlab-webhook-config"
        ...

        Copy to Clipboard Toggle word wrap

     2. 使用 oc patch 命令更新 $target_namespace 命名空间中的 $NEW_TOKEN 的值。

        $ oc -n $target_namespace patch secret gitlab-webhook-config -p "{\"data\": {\"provider.token\": \"$(echo -n $NEW_TOKEN|base64 -w0)\"}}"

        Copy to Clipboard Toggle word wrap