This commit is contained in:
parent
c36a4527c0
commit
71cf9a125e
GPG key ID:
E9602264D639FF68
3 changed files with 15 additions and 7 deletions
|
|
@ -3,4 +3,5 @@
|
|||
set -euxo pipefail
|
||||
|
||||
go build
|
||||
cat $SECRET_PATH
|
||||
echo "done" >&2
|
||||
|
|
|
|||
|
|
@ -1,11 +1,14 @@
|
|||
{
|
||||
"ref": "refs/heads/main",
|
||||
"after": "d5b22924745b8ea9fb5618e45cb78d1a2f61734b",
|
||||
"after": "c36a4527c06f0cbea1d4441f859265a73da04cca",
|
||||
"repository": {
|
||||
"owner": {
|
||||
"username": "quentin"
|
||||
},
|
||||
"name": "albatros",
|
||||
"clone_url": "https://git.deuxfleurs.fr/quentin/albatros.git"
|
||||
},
|
||||
"sender": {
|
||||
"username": "quentin"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
16
main.go
16
main.go
|
|
@ -8,6 +8,7 @@ import (
|
|||
"github.com/caarlos0/env/v7"
|
||||
consul "github.com/hashicorp/consul/api"
|
||||
nomad "github.com/hashicorp/nomad/api"
|
||||
"golang.org/x/exp/slices"
|
||||
"io"
|
||||
"log"
|
||||
"net/http"
|
||||
|
|
@ -115,7 +116,7 @@ func notifSummary(notification *GiteaNotification) string {
|
|||
func lifecycle(notification *GiteaNotification, dispatch *nomad.JobDispatchResponse, giteaCreds *SecretGitea) {
|
||||
notifInfo := notifSummary(notification)
|
||||
|
||||
log.Printf("[lifecyle] Commit to build: %s, Gitea URL: %s\n", notifInfo, giteaCreds.Url)
|
||||
log.Printf("[lifecycle] Commit to build: %s, Gitea URL: %s\n", notifInfo, giteaCreds.Url)
|
||||
// init Gitea
|
||||
forge, err := gitea.NewClient(giteaCreds.Url, gitea.SetToken(giteaCreds.Token))
|
||||
if err != nil {
|
||||
|
|
@ -239,19 +240,22 @@ func hook(w http.ResponseWriter, r *http.Request) {
|
|||
"BRANCH": strings.ReplaceAll(notification.Ref, "refs/heads/", ""),
|
||||
}
|
||||
|
||||
// @FIXME logic on how to inject secrets securely
|
||||
// 1. Check senders
|
||||
// 2. Transform the consul object into a nomad payload
|
||||
// Check sender
|
||||
payload := []byte{}
|
||||
if slices.Contains(repoDesc.Trusted.Senders, notification.Sender.Username) {
|
||||
log.Printf("Trusted build of %s as %s in the list of allowed senders, inject secrets\n", notifInfo, notification.Sender.Username)
|
||||
// Write payload
|
||||
payload = []byte(repoDesc.Inject)
|
||||
}
|
||||
|
||||
jobs := NomadClient.Jobs()
|
||||
dres, _, err := jobs.Dispatch("builder", meta, []byte{}, "albatros", &nomad.WriteOptions{})
|
||||
dres, _, err := jobs.Dispatch("builder", meta, payload, "albatros", &nomad.WriteOptions{})
|
||||
if err != nil {
|
||||
http.Error(w, "Can't submit your job to Nomad", http.StatusInternalServerError)
|
||||
}
|
||||
log.Printf("Created job %s for %s\n", dres.DispatchedJobID, notifInfo)
|
||||
|
||||
// Start a lifecycle observer to update gitea status
|
||||
// @FIXME: need to inject gitea descriptor
|
||||
go lifecycle(¬ification, dres, &repoDesc.Gitea)
|
||||
|
||||
io.WriteString(w, dres.DispatchedJobID)
|
||||
|
|
|
|||
Loading…
Reference in a new issue