Tekton笔记(二)之github webhook
本文使用github webhook来触发tekton。
·
本文使用github webhook来触发tekton
准备工作
- 环境配置请参考前文Tekton笔记(一)
- 需要安装tkn命令行工具看这里https://github.com/tektoncd/cli
- 本文所用代码参考https://github.com/tektoncd/triggers/tree/v0.20.0/examples/v1beta1/github
配置EventListener使用LoadBalancer
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: github-listener
spec:
serviceAccountName: tekton-triggers-example-sa
triggers:
- name: github-listener
bindings:
- ref: github-pr-binding
template:
ref: github-template
resources:
kubernetesResource:
serviceType: LoadBalancer
servicePort: 8128
确认LoadBalancer IP
# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
el-github-listener LoadBalancer 172.16.255.204 43.135.66.251 8128:30513/TCP,9000:30569/TCP 63m
kubernetes ClusterIP 172.16.252.1 <none> 443/TCP 109m
无验证的简单webhook
添加TriggerBinding,TriggerTemplate
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: github-pr-binding
spec:
params:
- name: gitrevision
value: $(body.pull_request.head.sha)
- name: gitrepositoryurl
value: $(body.repository.clone_url)
---
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: github-template
spec:
params:
- name: gitrevision
- name: gitrepositoryurl
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
generateName: github-run-
spec:
serviceAccountName: tekton-triggers-example-sa
taskSpec:
steps:
- image: ubuntu
script: |
#! /bin/bash
echo "Revision is : $(tt.params.gitrevision). RepoURL is $(tt.params.gitrepositoryurl)"
其中TriggerBinding只是从webhook的json请求中提取$(body.pull_request.head.sha), $(body.repository.clone_url)
TriggerTemplate最终在log里打印这两个参数
这里接受的必须是pull_request请求。如果是push的请求则没有pull_request字段,不会触发tekton。
手动测试
curl -v \
-H 'X-GitHub-Event: pull_request' \
-H 'X-Hub-Signature: sha1=ba0cdc263b3492a74b601d240c27efe81c4720cb' \
-H 'Content-Type: application/json' \
-d '{"action": "opened", "pull_request":{"head":{"sha": "28911bbb5a3e2ea034daf1f6be0a822d50e31e73"}},"repository":{"clone_url": "https://github.com/tektoncd/triggers.git"}}' \
http://43.135.66.251:8128
在dashboard上可以看到已经触发taskRun
有token验证的webhook
先配置github webhook
进一步配置EventListener
在EventListener里增加两个interceptors
apiVersion: v1
kind: Secret
metadata:
name: github-secret
type: Opaque
stringData:
secretToken: "1234567"
---
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: github-listener
spec:
serviceAccountName: tekton-triggers-example-sa
triggers:
- name: github-listener
interceptors:
- ref:
name: "github"
params:
- name: "secretRef"
value:
secretName: github-secret
secretKey: secretToken
- name: "eventTypes"
value: ["pull_request"]
- name: "only when PRs are opened"
ref:
name: "cel"
params:
- name: "filter"
value: "body.action in ['opened', 'synchronize', 'reopened']"
bindings:
- ref: github-pr-binding
template:
ref: github-template
resources:
kubernetesResource:
serviceType: LoadBalancer
servicePort: 8128
这里的interceptors里使用了两个ClusterInterceptors
Interceptors github用来验证github的请求。secretRef对应最上面的kind: Secret。
用来验证github在x-hub-signature-256 header里的token
详细可以参考:https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks
Interceptors cel 则是限制请求类型
关于其他几个Interceptors的具体文档请看这里https://tekton.dev/docs/triggers/interceptors/
创建PR测试webhook
github上查看webhook
tekton dashboard上验证正常触发
从最后一张图可以看到打印出来的Revision和 RepoURL
Troubleshooting
用tkn cli查看触发记录,如果因为配置错误无法解析json的话,这里会有报错。
# tkn eventlistener list
NAME AGE URL AVAILABLE
github-listener 1 hour ago http://el-github-listener.default.svc.cluster.local:8080 True
# tkn eventlistener logs github-listener -t 3
[github-listener-el-github-listener-67b6d4f458-l5nrz]: {"severity":"info","timestamp":"2022-09-13T02:29:36.195Z","logger":"eventlistener","caller":"sink/sink.go:409","message":"ResolvedParams : [{Name:gitrevision Value:5bbd66a94e90ef3e2476795f30dc7830fc8c76a8} {Name:gitrepositoryurl Value:https://github.com/massivezh/xxx.git}]","eventlistener":"github-listener","namespace":"default","/triggers-eventid":"6d7a5bc8-4ccd-496f-9ac8-d56e3a8f2c08","eventlistenerUID":"614731e5-fae4-41ee-8762-ec9bfb21f8c8","/triggers-eventid":"6d7a5bc8-4ccd-496f-9ac8-d56e3a8f2c08","/trigger":"github-listener"}
[github-listener-el-github-listener-67b6d4f458-l5nrz]: {"severity":"info","timestamp":"2022-09-13T02:29:36.196Z","logger":"eventlistener","caller":"resources/create.go:98","message":"Generating resource: kind: &APIResource{Name:taskruns,Namespaced:true,Kind:TaskRun,Verbs:[delete deletecollection get list patch create update watch],ShortNames:[tr trs],SingularName:taskrun,Categories:[tekton tekton-pipelines],Group:tekton.dev,Version:v1beta1,StorageVersionHash:Z11in7AH8TA=,}, name: github-run-"}
[github-listener-el-github-listener-67b6d4f458-l5nrz]: {"severity":"info","timestamp":"2022-09-13T02:29:36.196Z","logger":"eventlistener","caller":"resources/create.go:106","message":"For event ID \"6d7a5bc8-4ccd-496f-9ac8-d56e3a8f2c08\" creating resource tekton.dev/v1beta1, Resource=taskruns"}
参考文档:https://tekton.dev/docs/triggers/troubleshooting/
腾讯云面向开发者汇聚海量精品云计算使用和开发经验,营造开放的云计算技术生态圈。
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)