feat: make github webhook creation optional (#690)

Signed-off-by: Artem Yarmoluk <koolgen@gmail.com> Co-authored-by: Derek Wang <whynowy@gmail.com>
argoproj · Nov 17, 2020 · 9c1d7dd · 9c1d7dd
1 parent feed801
commit 9c1d7dd
Show file tree

Hide file tree

Showing 8 changed files with 49 additions and 32 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -48,20 +48,8 @@ make all
 Follow [README](README.md#install) to install components.
 
 ## Changing Types
-If you're making a change to the `pkg/apis`  package, please ensure you re-run the K8 code-generator scripts found in the `/hack` folder.
+If you're making a change to the `pkg/apis`  package, please ensure you re-run:
 
-* Ensure you have the `generate-groups.sh` script at the path: `vendor/k8s.io/code-generator/`.
-* Install `gen-crd-api-reference-docs`
-
-```
-go get github.com/ahmetb/gen-crd-api-reference-docs
-cd $GOPATH/src/github.com/ahmetb/gen-crd-api-reference-docs
-go build
-```
-
-* [install pandoc](https://pandoc.org/installing.html)
-
-* Regenerate the code and documentation
 
 ```
 make codegen

diff --git a/api/event-source.html b/api/event-source.html
diff --git a/api/event-source.md b/api/event-source.md
diff --git a/eventsources/sources/github/start.go b/eventsources/sources/github/start.go
@@ -90,13 +90,7 @@ func (router *Router) HandleRoute(writer http.ResponseWriter, request *http.Requ
 		return
 	}
 
-	hook := router.hook
-	secret := ""
-	if s, ok := hook.Config["secret"]; ok {
-		secret = s.(string)
-	}
-
-	body, err := parseValidateRequest(request, []byte(secret))
+	body, err := parseValidateRequest(request, []byte(router.hookSecret))
 	if err != nil {
 		logger.Desugar().Error("request is not valid event notification, discarding it", zap.Error(err))
 		common.SendErrorResponse(writer, err.Error())
@@ -142,6 +136,20 @@ func (router *Router) PostActivate() error {
 		"repository", githubEventSource.Repository,
 	)
 
+	logger.Info("retrieving webhook secret credentials...")
+	if githubEventSource.WebhookSecret != nil {
+		webhookSecretCreds, err := router.getCredentials(githubEventSource.WebhookSecret)
+		if err != nil {
+			return errors.Errorf("failed to retrieve webhook secret. err: %+v", err)
+		}
+		router.hookSecret = webhookSecretCreds.secret
+	}
+
+	if githubEventSource.APIToken == nil || githubEventSource.Webhook.URL == "" {
+		logger.Info("no api credential or webhook url specified, skipping webhook creation...")
+		return nil
+	}
+
 	logger.Info("retrieving api token credentials...")
 	apiTokenCreds, err := router.getCredentials(githubEventSource.APIToken)
 	if err != nil {
@@ -169,13 +177,8 @@ func (router *Router) PostActivate() error {
 		hookConfig["insecure_ssl"] = "0"
 	}
 
-	logger.Info("retrieving webhook secret credentials...")
-	if githubEventSource.WebhookSecret != nil {
-		webhookSecretCreds, err := router.getCredentials(githubEventSource.WebhookSecret)
-		if err != nil {
-			return errors.Errorf("failed to retrieve webhook secret. err: %+v", err)
-		}
-		hookConfig["secret"] = webhookSecretCreds.secret
+	if router.hookSecret != "" {
+		hookConfig["secret"] = router.hookSecret
 	}
 
 	router.hook = &gh.Hook{
@@ -253,6 +256,15 @@ func (router *Router) PostInactivate() error {
 
 	githubEventSource := router.githubEventSource
 
+	if githubEventSource.APIToken == nil || githubEventSource.Webhook.URL == "" {
+		logger := router.route.Logger.With(
+			"repository", githubEventSource.Repository,
+		)
+
+		logger.Info("no api credential or webhook url specified, skipping webhook deletion...")
+		return nil
+	}
+
 	if githubEventSource.DeleteHookOnFinish {
 		logger := router.route.Logger.With(
 			"repository", githubEventSource.Repository,

diff --git a/eventsources/sources/github/types.go b/eventsources/sources/github/types.go
@@ -56,6 +56,8 @@ type Router struct {
 	githubClient *github.Client
 	// hook represents a GitHub (web and service) hook for a repository.
 	hook *github.Hook
+	// hookSecret is a GitHub webhook secret
+	hookSecret string
 }
 
 // cred stores the api access token or webhook secret

diff --git a/eventsources/sources/github/validate.go b/eventsources/sources/github/validate.go
@@ -37,9 +37,6 @@ func validate(githubEventSource *v1alpha1.GithubEventSource) error {
 	if githubEventSource.Owner == "" {
 		return fmt.Errorf("owner cannot be empty")
 	}
-	if githubEventSource.APIToken == nil {
-		return fmt.Errorf("api token can't be empty")
-	}
 	if githubEventSource.Events == nil || len(githubEventSource.Events) < 1 {
 		return fmt.Errorf("events must be defined")
 	}

diff --git a/examples/event-sources/github.yaml b/examples/event-sources/github.yaml
@@ -34,6 +34,8 @@ spec:
         - "*"
 
       # apiToken refers to K8s secret that stores the github api token
+      # if apiToken is provided controller will create webhook on GitHub repo
+      # +optional
       apiToken:
         # Name of the K8s secret that contains the access token
         name: github-access
@@ -55,6 +57,22 @@ spec:
       active: true
       # The media type used to serialize the payloads
       contentType: json
+
+    example-without-api-credentials:
+      owner: "argoproj"
+      repository: "argo"
+      webhook:
+        endpoint: "/push"
+        port: "13000"
+        method: "POST"
+      events:
+        - "*"
+      webhookSecret:
+        name: github-access
+        key: secret
+      insecure: true
+      active: true
+      contentType: "json"
 
 #    example-with-secure-connection:
 #      owner: "argoproj"

diff --git a/pkg/apis/eventsource/v1alpha1/types.go b/pkg/apis/eventsource/v1alpha1/types.go
@@ -519,6 +519,7 @@ type GithubEventSource struct {
 
 	Events []string `json:"events" protobuf:"bytes,5,rep,name=events"`
 	// APIToken refers to a K8s secret containing github api token
+	// +optional
 	APIToken *corev1.SecretKeySelector `json:"apiToken,omitempty" protobuf:"bytes,6,opt,name=apiToken"`
 	// WebhookSecret refers to K8s secret containing GitHub webhook secret
 	// https://developer.github.com/webhooks/securing/