GitHub Receive adapter as a serving Service.#276
Conversation
google-prow-robot
added
the
size/XL
n3wscott
changed the title
google-prow-robot
added
the
do-not-merge/work-in-progress
| serviceName, ok := statusMap[targetFieldName] | ||
| if !ok { | ||
| return "", fmt.Errorf("%q does not contain field %q in status", targetFieldName, ref.Name) | ||
| return "", fmt.Errorf("%q/%q does not contain field %q in status", ref.Kind, ref.Name, targetFieldName) |
There was a problem hiding this comment.
you probably don't want %q/%q here because then both are quoted? Maybe just:
%s/%s
| serviceNameStr, ok := serviceName.(string) | ||
| if !ok { | ||
| return "", fmt.Errorf("%q status field %q is not a string", targetFieldName, ref.Name) | ||
| return "", fmt.Errorf("%q status field %q/%q is not a string", targetFieldName, ref.Kind, ref.Name) |
| source: github | ||
| image: github.com/knative/eventing/pkg/sources/github | ||
| parameters: | ||
| image: github.com/knative/eventing/pkg/sources/github/receive_adapter No newline at end of file |
There was a problem hiding this comment.
nit: looks like it's missing a newline here?
| namespace: default | ||
| roleRef: | ||
| kind: ClusterRole | ||
| name: cluster-admin |
There was a problem hiding this comment.
Since you're making such big changes anyway, can you look at the changes that @evankanderson did for tightening up the rules for k8s events when he moved it under knative/docs/eventing and make it stricter here too.
There was a problem hiding this comment.
I took a look at those examples and I ... need to learn more about rbac. I am not sure how to do the same thing for this PR yet. Maybe @evankanderson can help me?
There was a problem hiding this comment.
If you know what objects the service account is going to use in Kubernetes, you can basically just make a list.
You can start with create-deployment and feed-sa-deploy from the k8sevents/serviceaccount.yaml. Since you're using a service.serving.knative.dev resource, you'll probably need to add that to the list of rules on the create-deployment Role. (You'll probably also want to pick a different name.)
| @@ -15,19 +15,35 @@ | |||
| apiVersion: feeds.knative.dev/v1alpha1 | |||
There was a problem hiding this comment.
we shouldn't need a feed.yaml with flow.yaml anymore.
| knative.dev/type: function | ||
| spec: | ||
| container: | ||
| image: github.com/knative/eventing/sample/github |
There was a problem hiding this comment.
Can we make the github function actually then talk back to the github to modify something like it did before?
|
@vaikas-google I updated the sample to do what it did before now but it does not run as the github lib wehbook but just a normal webhook.. And then my cluster went craycray today and istio is just throwing 503's for posting to the channel... idk more tomorrow. |
google-prow-robot
added
size/XXL
n3wscott
changed the title
google-prow-robot
removed
the
do-not-merge/work-in-progress
|
/assign @inlined |
n3wscott
changed the title
inlined
left a comment
inlined
left a comment
There was a problem hiding this comment.
Generally LGTM. As a follow-up, I think we should consider the trouble we have setting up GitHub's webhook to be a pretty common case & simplify it in the core infra. E.g. I think we should copy or factor out what serving does with its single ingress. I also have mixed feelings about the event source being implemented as a Service. On one hand, this lets the system scale down to zero. On the other hand, this means that eventing will never break its dependency on serving. At minimum, I'd want to move this event source out of the core repo.
| postfixReceiveAdapter = "rcvadptr" | ||
|
|
||
| // watchTimeout is the timeout that the feedlet will wait for the Receiver Adapter to get a domain name. | ||
| watchTimeout int64 = 60 * 5 // 5 minutes? |
There was a problem hiding this comment.
Nit: time.Duration solves so many bugs by having unambiguous units and forced casts to primitives. I'd strongly prefer this to be
watchTimeout = 5 * time.Minute
and it to be used below as
TimeoutSeconds: int64(watchTimeout / time.Second)
| // watchTimeout is the timeout that the feedlet will wait for the Receiver Adapter to get a domain name. | ||
| watchTimeout int64 = 60 * 5 // 5 minutes? | ||
|
|
||
| //// secretName is the name of the secret that contains the GitHub credentials. |
| glog.Error("no Webhook ID Found, bailing...") | ||
| return nil | ||
| } | ||
| webhookID := feedContext.Context[webhookIDKey].(string) |
There was a problem hiding this comment.
As a matter of practice, I wonder if we should
A) Always , ok our casts. What if this somehow got corrupted? I'm glad you caught the nil case above since that had caused GCP Pub/Sub flows to be undeleteable.
B) Invest in certain framework safeguards (e.g. bail on N panics)
There was a problem hiding this comment.
I fixed and added a todo to elevate the helper method to pkg.
| } | ||
| webhookID := feedContext.Context[webhookIDKey].(string) | ||
|
|
||
| ctx := context.Background() |
There was a problem hiding this comment.
Not something to fix in this PR, but this again makes me wonder if base libraries should own the root context.Context. Why isn't there a timeout for example?
| return nil | ||
| } | ||
| } | ||
| glog.Errorf("gailed to delete the webhook: %#v", err) |
There was a problem hiding this comment.
s/gailed/failed
Also, %#v will ignore the error interface format rules. You'll also get pointer addresses instead of actually following anything. https://play.golang.org/p/bNajvEDPpv5
| hook := ghclient.Hook{ | ||
| Name: &name, | ||
| URL: &domain, | ||
| Events: []string{"pull_request"}, |
There was a problem hiding this comment.
This should be dynamic. We're going to need a map from our CloudEvents types to their native types. Feel free to do a TODO for now I guess or use the trigger.EventType.
| // odd that you have to also pass context around for the | ||
| // calls even after giving it to client. But, whatever. | ||
| ctx := context.Background() | ||
| //ts := oauth2.StaticTokenSource( |
There was a problem hiding this comment.
Please yank commented out code
| hook := github.New(&github.Config{Secret: credentials.SecretToken}) | ||
| hook.RegisterEvents(h.HandlePullRequest, github.PullRequestEvent) | ||
|
|
||
| err = webhooks.Run(hook, ":8080", "/") |
There was a problem hiding this comment.
Should we be using fmt.Sprintf(":%s", os.Getevn("PORT"))?
There was a problem hiding this comment.
left a TODO. not sure if it matters because this is not the port that is exposed
| target: | ||
| kind: Route | ||
| apiVersion: serving.knative.dev/v1alpha1 | ||
| name: legit No newline at end of file |
| "accessToken": "<YOUR PERSONAL TOKEN FROM GITHUB>", | ||
| "secretToken": "<YOUR RANDOM STRING>" | ||
| } | ||
| } No newline at end of file |
There was a problem hiding this comment.
nit: another trailing newline missing
|
@inlined re: using Service to implement github handler seems totally reasonable to me. It's an implementation detail of a particular receive adapter and not a hard dependency on eventing itself. I'd for example expect these sources to move out of this repo into somewhere else and not be part of the pkg/sources in eventing. |
|
@vaikas-google Yeah, I assumed that this would leave the core repo which helps us meet the goal of breaking dependencies. It's hard to not want to use knative/serving; it's just too good a product! |
|
lol, trudat
…On Fri, Jul 27, 2018 at 9:20 AM Thomas Bouldin ***@***.***> wrote:
@vaikas-google <https://github.com/vaikas-google> Yeah, I assumed that
this would leave the core repo which helps us meet the goal of breaking
dependencies. It's hard to not want to use knative/serving; it's just too
good a product!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#276 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AKwedJMQ1_kPpHnw8_fCCwA7L1N9DlhPks5uKz3igaJpZM4VdL9v>
.
|
|
FYI I'm headed on vacation tonight. I don't want to leave you stuck with an AWOL reviewer. /assign @vaikas-google |
| // watchTimeout is the timeout that the feedlet will wait for the Receiver Adapter to get a domain name. | ||
| watchTimeout int64 = 60 * 5 // 5 minutes? | ||
|
|
||
| //// secretName is the name of the secret that contains the GitHub credentials. |
| glog.Error("no Webhook ID Found, bailing...") | ||
| return nil | ||
| } | ||
| webhookID := feedContext.Context[webhookIDKey].(string) |
There was a problem hiding this comment.
I fixed and added a todo to elevate the helper method to pkg.
| return nil, err | ||
| } | ||
|
|
||
| glog.Infof("created Service: %+v", service) |
| func receiveAdapterName(resource string) string { | ||
| serviceName := fmt.Sprintf("%s-%s-%s", "github", resource, postfixReceiveAdapter) // TODO: this needs more UUID on the end of it. | ||
| serviceName = strings.Replace(serviceName, "/", "-", -1) | ||
| serviceName = strings.Replace(serviceName, ".", "-", -1) |
There was a problem hiding this comment.
resources can but there are limitations on knative service I think. I was getting errors for "." because I think it turns the name into a domain. and k8s service has some limitations in addition to k8s resources.
| return nil, nil | ||
| } | ||
|
|
||
| glog.Infof("secretName %s ; secretKey: %s", trigger.Parameters[secretName].(string), trigger.Parameters[secretKey].(string)) |
There was a problem hiding this comment.
That is not the secret value, but the k8s secret resource name and internal key to find the secret. But yes, I need to remove this.
| hook := github.New(&github.Config{Secret: credentials.SecretToken}) | ||
| hook.RegisterEvents(h.HandlePullRequest, github.PullRequestEvent) | ||
|
|
||
| err = webhooks.Run(hook, ":8080", "/") |
There was a problem hiding this comment.
left a TODO. not sure if it matters because this is not the port that is exposed
|
/unassign @vaikas-google Ville is on vacation for a couple weeks. /assign @mattmoor |
|
/test pull-knative-eventing-integration-tests |
|
|
||
| The `Flow` will accept the Webhook calls from GitHub and pass them to the _legit_ service. | ||
|
|
||
| The `Flow` will configure a Receive Adapter pod from the ` |
There was a problem hiding this comment.
Looks like there should be a link/name at the end of this sentence.
| ``` | ||
|
|
||
| Then create a PR for the repo you configured the webhook for, and you'll see that the Title | ||
| will be modified with the suffix '(I buy it)' |
There was a problem hiding this comment.
'(I buy it)' should be replaced with '(looks pretty legit)'.
n3wscott
force-pushed
the
github_channel_service
branch
from
d731ced to
aa06033
Compare
|
/assign @evankanderson @inlined is on vacation for a bit |
|
/test pull-knative-eventing-integration-tests |
n3wscott
force-pushed
the
github_channel_service
branch
from
8a1a833 to
c8a5a6c
Compare
| APIVersion: "v1alpha1", | ||
| }, | ||
| FieldSelector: fmt.Sprintf("metadata.name=%s", serviceName), | ||
| LabelSelector: "receive-adapter=github", |
There was a problem hiding this comment.
Do we want to ever "adopt" an existing service if it's for another Flow? It seems like checking an OwnerReference would be the right way to avoid that. It would also make the cleanup easier.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: evankanderson, grantr, n3wscott The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
knative-prow-robot
added
the
approved
|
/retest |
|
(I'm playing |
10 participants
Fixes #208