Webhook for build trigger in Fedora OpenShift

Purpose

This document explains how to setup an automatic build trigger for OpenShift deployment from Forgejo instance.

Setting up the OpenShift trigger

  1. Request a new secret for your project from Fedora Infrastructure. Open a ticket on https://forge.fedoraproject.org/infra/tickets/issues and request a secret for your OpenShift project for both staging and/or production.

  2. Add this secret to secret file in your OpenShift project. The secret file could look like this:

    ---
apiVersion: v1
kind: Secret
metadata:
  name: generic-webhook-secret
data:
  WebHookSecretKey: "{{ (env == 'production')|ternary(<project>_prod_generic_secret, <project>_stg_generic_secret) | b64encode }}"
type: Opaque

  3. Add generic build trigger to buildconfig file.

      triggers:
    - type: Generic
      generic:
        secretReference:
          name: generic-webhook-secret

Obtain webhook URL

  1. Install the OpenShift client from OKD tools. See Kubernetes documentation.

  2. Login to OpenShift instance you want to work with ( production or staging) and copy the login command (you can find it under your profile in top right corner)

  3. Login using the oc tool.

    oc login --token=XXX --server=https://api.ocp.[stg.]fedoraproject.org:6443

  4. Switch to your project

    oc project <project>

  5. Get the webhook url from the buildconfig

    oc describe bc

    And look for the Webhook Generic section, where you will find the URL.

  6. Obtain the secret to fill in to URL.

    oc get secret generic-webhook-secret -o jsonpath='{.data.WebHookSecretKey}' | base64 -d

Now you should have everything to construct the URL for webhook.

Add webhook to Forgejo project

  1. Go to project Settings and Webhooks

  2. Add webhook and choose Forgejo

  3. Fill in the webhook

    Target URL: https://api.ocp.fedoraproject.org:6443/apis/build.openshift.io/v1/namespaces/poddlers/buildconfigs/toddlers/webhooks/<secret>/generic
HTTP method: POST
Post content type: application/json
Secret:
Trigger on: Push events
Branch filter: <branch you want to trigger the build from>
Authorization header:

Now the trigger should work everytime you push in the selected branch.

Want to help? Learn how to contribute to Fedora Docs