{"id":20155268,"url":"https://github.com/redhat-cop/gitwebhook-operator","last_synced_at":"2025-04-09T22:03:20.081Z","repository":{"id":63581814,"uuid":"567951710","full_name":"redhat-cop/gitwebhook-operator","owner":"redhat-cop","description":"Automates the setup and configuration of git webhooks","archived":false,"fork":false,"pushed_at":"2024-05-10T18:19:10.000Z","size":229,"stargazers_count":6,"open_issues_count":16,"forks_count":3,"subscribers_count":10,"default_branch":"main","last_synced_at":"2025-04-09T22:03:12.188Z","etag":null,"topics":["container-cop","k8s-operator"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/redhat-cop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-19T01:32:23.000Z","updated_at":"2024-05-10T16:18:00.000Z","dependencies_parsed_at":"2024-01-09T00:23:35.638Z","dependency_job_id":"e8683a74-6452-4285-a855-7a1bfc19687a","html_url":"https://github.com/redhat-cop/gitwebhook-operator","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-cop%2Fgitwebhook-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-cop%2Fgitwebhook-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-cop%2Fgitwebhook-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-cop%2Fgitwebhook-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/redhat-cop","download_url":"https://codeload.github.com/redhat-cop/gitwebhook-operator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248119297,"owners_count":21050755,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["container-cop","k8s-operator"],"created_at":"2024-11-13T23:31:10.100Z","updated_at":"2025-04-09T22:03:20.045Z","avatar_url":"https://github.com/redhat-cop.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Gitwebhook operator\n\nThis operator automates the setting up of git webhooks. Its main purpose is to stream line the configuration of operators such as Tekton or ArgoCD which rely on git webhooks for some of their functionalities.\n\n## The GitWebhook CRD\n\nA CRD is provided by this operator to create a git web hook, here is an example for github\n\n```yaml\napiVersion: redhatcop.redhat.io/v1alpha1\nkind: GitWebhook\nmetadata:\n  name: gitwebhook-github\nspec:\n  gitHub:\n    gitServerCredentials:\n      name: github-pat\n  repositoryOwner: ${repo_owner}\n  ownerType: user\n  repositoryName: ${repo_name}\n  webhookURL: https://hellowebhook.com\n  insecureSSL: false\n  webhookSecret:\n    name: webhook-secret\n  events:\n    - push  \n  contentType: json\n  active: true  \n```    \n\nhere is an explanation of each field:\n\n- `gihub` specifies how to connect to the git api server. It also requires a local reference to a secret (in the same namespace) containing a key `token` with a valid github token to be used to authenticate. A similar `gitLab` section exists when connecting to gitlab. Only one of `gitLab` or `gitHub` can be defined. \n- `repositoryOwner` and `repositoryName` identify the repository for which we want to receive events.\n- `ownerType` can have two values: `user` and `organization` and identifies the kind of owner.\n- `webhookURL` is the URL for to be called.\n- `insecureSSL` defines whether the target URL certificate should be validated (default `false`). \n- `webhookSecret` defines a local reference to a secret containing the `secret` key. The value is a shared secret between the webhook caller and the received for farther validation or identification of the caller.\n- `events` is the list of the repo-level events that the webhook should generate. The list of valid events for github can be found [here](https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads). The list of valid events for gitlab can be found [here](https://docs.gitlab.com/ee/user/project/integrations/webhook_events.html).\n- `contentType` defines the format of the webhook payload (default `json`) (github).\n- `active` whether the webhook should be turned on (default `true`) (github).\n- `pushEventBranchFilter` a regular expression to filter from which branches push events should be generated (gitlab only).\n\n## Security Considerations\n\nThis operator does not own credentials for the git server, but instead always allocate a new connection based on the credentials referenced in the CR and every reconcile cycle. As a result there is no risk of security escalation or credential leaking between tenants of a cluster using this operator. On the other hand it is the responsibility of the namespace owners or the platform owner to ensure that valid git credentials are always available in the namespace where the GitWebhook CRs need to defined.\n\n## Current support\n\nCurrently this operator support creating repo-level webhooks for github and gitlab. Potentially this operator could be extended to support org-level webhook or other git systems. Contributions are welcome.\n\n\n## Deploying the Operator\n\nThis is a cluster-level operator that you can deploy in any namespace, `gitwebhook-operator` is recommended.\n\nIt is recommended to deploy this operator via [`OperatorHub`](https://operatorhub.io/), but you can also deploy it using [`Helm`](https://helm.sh/).\n\n### Multiarch Support\n\n| Arch  | Support  |\n|:-:|:-:|\n| amd64  | ✅ |\n| arm64  | ✅  |\n| ppc64le  | ✅  |\n| s390x  | ✅  |\n\n### Deploying from OperatorHub\n\n\u003e **Note**: This operator supports being installed disconnected environments\n\nIf you want to utilize the Operator Lifecycle Manager (OLM) to install this operator, you can do so in two ways: from the UI or the CLI.\n\n#### Deploying from OperatorHub UI\n\n- If you would like to launch this operator from the UI, you'll need to navigate to the OperatorHub tab in the console. Before starting, make sure you've created the namespace that you want to install this operator to with the following:\n\n```sh\noc new-project gitwebhook-operator\n```\n\n- Once there, you can search for this operator by name: `patch operator`. This will then return an item for our operator and you can select it to get started. Once you've arrived here, you'll be presented with an option to install, which will begin the process.\n- After clicking the install button, you can then select the namespace that you would like to install this to as well as the installation strategy you would like to proceed with (`Automatic` or `Manual`).\n- Once you've made your selection, you can select `Subscribe` and the installation will begin. After a few moments you can go ahead and check your namespace and you should see the operator running.\n\n#### Deploying from OperatorHub using CLI\n\nIf you'd like to launch this operator from the command line, you can use the manifests contained in this repository by running the following commands from the folder where you cloned the repository:\n\n```sh\noc new-project gitwebhook-operator\noc apply -f config/operatorhub -n gitwebhook-operator\n```\n\nThis will create the appropriate OperatorGroup and Subscription and will trigger OLM to launch the operator in the specified namespace.\n\n### Deploying with Helm\n\nHere are the instructions to install the latest release with Helm.\n\n```sh\noc new-project gitwebhook-operator\nhelm repo add gitwebhook-operator https://redhat-cop.github.io/gitwebhook-operator\nhelm repo update\nhelm install gitwebhook-operator gitwebhook-operator/gitwebhook-operator\n```\n\nThis can later be updated with the following commands:\n\n```sh\nhelm repo update\nhelm upgrade gitwebhook-operator gitwebhook-operator/gitwebhook-operator\n```\n\n## Metrics\n\nPrometheus compatible metrics are exposed by the Operator and can be integrated into OpenShift's default cluster monitoring. To enable OpenShift cluster monitoring, label the namespace the operator is deployed in with the label `openshift.io/cluster-monitoring=\"true\"`.\n\n```sh\noc label namespace \u003cnamespace\u003e openshift.io/cluster-monitoring=\"true\"\n```\n\n### Testing metrics\n\n```sh\nexport operatorNamespace=gitwebhook-operator-local # or gitwebhook-operator\noc label namespace ${operatorNamespace} openshift.io/cluster-monitoring=\"true\"\noc rsh -n openshift-monitoring -c prometheus prometheus-k8s-0 /bin/bash\nexport operatorNamespace=gitwebhook-operator-local # or gitwebhook-operator\ncurl -v -s -k -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" https://gitwebhook-operator-controller-manager-metrics.${operatorNamespace}.svc.cluster.local:8443/metrics\nexit\n```\n\n## Development\n\n### Run the operator\n\n```sh\nexport repo=raffaelespazzoli\ndocker login quay.io/$repo\noc new-project gitwebhook-operator\noc project gitwebhook-operator\noc label namespace gitwebhook-operator openshift.io/cluster-monitoring=\"true\"\nenvsubst \u003c config/local-development/tilt/env-replace-image.yaml \u003e config/local-development/tilt/replace-image.yaml\nmake manifests\ntilt up\n```\n\n### Test Manually\n\n#### Github\n\nCreate a github PAT and a webhook secret and export them as variables.\nAlso export a repo owner and name on which the pat has access.\nFor frequent testing it is recommended to create a secrets.sh file a then source it. It will not be committed.\nThe PAT must have these permissions:\n\n![PAT permissions](./media/github-pat-permissions.png \"PAT permissions\")\n\n```sh\nexport github_pat=\u003cyour-github-pat\u003e\nexport webhook_secret=\u003cyour webhook secret\u003e\nexport repo_owner=\u003cyour-repo-owner\u003e\nexport repo_name=\u003cyour repo name\u003e\n\noc new-project test-gitwebhook-github\nenvsubst \u003c ./test/pat-secret-github.yaml | oc apply -f - -n test-gitwebhook-github\nenvsubst \u003c ./test/webhook-secret.yaml | oc apply -f - -n test-gitwebhook-github\nenvsubst \u003c ./test/gitwebhook-github.yaml | oc apply -f - -n test-gitwebhook-github\n```\n\n#### Gitlab\n\nCreate a github PAT and a webhook secret and export them as variables.\nAlso export a repo owner and name on which the pat has access.\nFor frequent testing it is recommended to create a secrets.sh file a then source it. It will not be committed.\n\n```sh\nexport gitlab_pat=\u003cyour-gitlab-pat\u003e\nexport webhook_secret=\u003cyour webhook secret\u003e\nexport gitlab_repo_owner=\u003cyour-repo-owner\u003e\nexport gitlab_repo_name=\u003cyour repo name\u003e\n\noc new-project test-gitwebhook-gitlab\nenvsubst \u003c ./test/pat-secret-gitlab.yaml | oc apply -f - -n test-gitwebhook-gitlab\nenvsubst \u003c ./test/webhook-secret.yaml | oc apply -f - -n test-gitwebhook-gitlab\nenvsubst \u003c ./test/gitwebhook-gitlab.yaml | oc apply -f - -n test-gitwebhook-gitlab\n```\n\n### Test helm chart locally\n\nDefine an image and tag. For example...\n\n```sh\nexport imageRepository=\"quay.io/redhat-cop/gitwebhook-operator\"\nexport imageTag=\"$(git -c 'versionsort.suffix=-' ls-remote --exit-code --refs --sort='version:refname' --tags https://github.com/redhat-cop/gitwebhook-operator.git '*.*.*' | tail --lines=1 | cut --delimiter='/' --fields=3)\"\n```\n\nDeploy chart...\n\n```sh\nmake helmchart IMG=${imageRepository} VERSION=${imageTag}\nhelm upgrade -i gitwebhook-operator-local charts/gitwebhook-operator -n gitwebhook-operator-local --create-namespace\n```\n\nDelete...\n\n```sh\nhelm delete gitwebhook-operator-local -n gitwebhook-operator-local\nkubectl delete -f charts/gitwebhook-operator/crds/crds.yaml\n```\n\n## Building/Pushing the operator image\n\n```sh\nexport repo=raffaelespazzoli #replace with yours\ndocker login quay.io/$repo\nmake docker-build IMG=quay.io/$repo/gitwebhook-operator:latest\nmake docker-push IMG=quay.io/$repo/gitwebhook-operator:latest\n```\n\n## Deploy to OLM via bundle\n\n```sh\nmake manifests\nmake bundle IMG=quay.io/$repo/gitwebhook-operator:latest\noperator-sdk bundle validate ./bundle --select-optional name=operatorhub\nmake bundle-build BUNDLE_IMG=quay.io/$repo/gitwebhook-operator-bundle:latest\ndocker push quay.io/$repo/gitwebhook-operator-bundle:latest\noperator-sdk bundle validate quay.io/$repo/gitwebhook-operator-bundle:latest --select-optional name=operatorhub\noc new-project gitwebhook-operator\noc label namespace gitwebhook-operator openshift.io/cluster-monitoring=\"true\"\noperator-sdk cleanup gitwebhook-operator -n gitwebhook-operator\noperator-sdk run bundle --install-mode AllNamespaces -n gitwebhook-operator quay.io/$repo/gitwebhook-operator-bundle:latest\n```\n\n## Releasing\n\n```sh\ngit tag -a \"\u003ctagname\u003e\" -m \"\u003ccommit message\u003e\"\ngit push upstream \u003ctagname\u003e\n```\n\nIf you need to remove a release:\n\n```sh\ngit tag -d \u003ctagname\u003e\ngit push upstream --delete \u003ctagname\u003e\n```\n\nIf you need to \"move\" a release to the current main\n\n```sh\ngit tag -f \u003ctagname\u003e\ngit push upstream -f \u003ctagname\u003e\n```\n\n### Cleaning up\n\n```sh\noperator-sdk cleanup gitwebhook-operator -n gitwebhook-operator\noc delete operatorgroup operator-sdk-og\noc delete catalogsource gitwebhook-operator-catalog\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredhat-cop%2Fgitwebhook-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredhat-cop%2Fgitwebhook-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredhat-cop%2Fgitwebhook-operator/lists"}