Setting up GitHub webhooks for an OpenShift build

Question

I tried to set up a github webhook to trigger builds on OpenShift following these docs.

I am confused about two things:

(1) When I create the secret, as prescribed by the above docs, do I need to create one YAML entry or two? Ie. are the following snippets (taken from the above link) supposed to be the same YAML entry?

type: "GitHub"
github:
  secretReference:
    name: "mysecret"

with the second one being:

- kind: Secret
  apiVersion: v1
  metadata:
    name: mysecret
    creationTimestamp:
  data:
    WebHookSecretKey: c2VjcmV0dmFsdWUx

(2) If I query oc describe bc [name-of-my-build-config], I get (all masks of [this] form were added by me)

Webhook GitHub:
    URL:    https://[blabla].openshift-online.com:6443/apis/build.openshift.io/v1/namespaces/[my-namespace]/buildconfigs/[my-build-config]/webhooks/<secret>/github

So now when I enter this url as a GitHub webhook, what should I replace <secret> with in the above URL? Also, what should I enter in the textbox for Secret on Github (see screenshot below)

I understand that the WebHookSecretKey: c2VjcmV0dmFsdWUx is just an encoded version of the plaintext secret key... So where should I use the plaintext key? Should I also use mysecret anywhere, eg substitute in for <secret> in the above url?

So `oc describe bc` gives you the URL...then `oc get bc -o yaml` will give you the value to fill in for `` — Will Gordon, Sep 21 '19 at 16:26
@WillGordon, ah this is much easier than the what the docs suggest... it solved my problem, please could you post it as an answer? — gen, Sep 22 '19 at 12:58

score 1 · Accepted Answer · answered Sep 22 '19 at 18:52

1

The easiest way to get the full GitHub Webhook URL in OpenShift 4.x is to first get the URL from

$ oc describe bc my-build

...
Webhook GitHub:
    URL:    https://api.example.com:6443/apis/build.openshift.io/v1/namespaces/my-project/buildconfigs/my-build/webhooks/<secret>/github
...

Then, to fill in the <secret> portion of the URL, you get this from

$ oc get bc -o yaml

...
  triggers:
  - github:
      secret: 467ed550-c447-411d-87ad-2d3a3fa81538
    type: GitHub
...

So, for this example, the GitHub Webhook URL would be

https://api.example.com:6443/apis/build.openshift.io/v1/namespaces/my-project/buildconfigs/my-build/webhooks/467ed550-c447-411d-87ad-2d3a3fa81538/github

answered Sep 22 '19 at 18:52

Will Gordon

3,303
2
11
22

So I am doing what you sugest, but when I test the webhook nothing happens. I do oc describe bc/ | grep Triggered and I get Triggered by: Do you have an idea why did could happen? – Babas Mar 15 '21 at 13:25
Is your cluster API accessible to the git instance? Assuming github.com, is your cluster API available to the public internet? – Will Gordon Mar 15 '21 at 18:31
1

Hey Will, I had to use a generic trigger type instead of a gitlab. That was the issue. – Babas Mar 16 '21 at 13:14

Setting up GitHub webhooks for an OpenShift build

1 Answers1