feat: Refactor webhook configuration logic and initial support for Github pull request #1878
Conversation
Bumps [antd](https://github.com/ant-design/ant-design) from 5.22.2 to 5.22.3. - [Release notes](https://github.com/ant-design/ant-design/releases) - [Changelog](https://github.com/ant-design/ant-design/blob/master/CHANGELOG.en-US.md) - [Commits](ant-design/ant-design@5.22.2...5.22.3) --- updated-dependencies: - dependency-name: antd dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: Team permissions by workspace
Co-authored-by: Benjamin Decreusefond <benjamin.decreusefond@weezevent.com> Co-authored-by: Stanley Zhang <stanley.zhang@ityin.net>
|
@alfespa17 @BenjaminDecreusefond please review, sorry, this certainly took much longer time than I'd thought because of lack of self-discipline :)
|
|
Thank you @stanleyz I will check in the following days |
|
Hello @stanleyz quick comments: Can you please add <sql dbms="postgresql, mysql">
insert into webhook_event (id, branch, path, event, template_id, webhook_id, created_date, updated_date, created_by, updated_by)
select id, branch, path, event, template_id, id, created_date, updated_date, created_by, updated_by from webhook;
</sql> |
|
Hello @stanleyz You will also have to refactor the workspace create page, because those properties were deleted in a liquibase script
New workspace failed with the following
|
that's right, forgot this, I'll remove the configuration section for webhook from the workspace creation process since configuring webhook is getting much complicated with this new feature added in. |
And remove webhook creation from workspace creation process.
Updated both, please check @alfespa17 |
|
Wow Stanleyz the goat !! thank you very much ! Just to clarify, with this PR terrakube now uses one github webhook per workspace ? Or one github webhook for all workspaces ? |
That didn't change from what I saw, is still using one for each workspace |
|
@stanleyz I am getting the following when trying to save a new webhook, any idea?
|
No from the above information, did you create the VCS provider successfully? Additionally the GitHub App needs to have access to "pull request" if you have configured Pull_request based webhook. |
|
created a discord server for collaboration if you guys are keen |
I will double check tomorrow, maybe I added the wrong infornation inside the vcs connection |
Thank you but I don't use discord, there is a slack community that you can find inside the Readme.md that you can join, there you can find several terrakube users. |
|
Looks like I was using the wrong private key, I was able to create the webhooks
But I am getting the following when creating the pull request: |
|
I found the issue I was using the wrong regex my bad :( Pull request logic is working
Push logic to main branch
|
alfespa17
changed the title
Ok, will give that a try. The thing I don't like Slack is that it doesn't provide multiple person huddle with free version. |
|
Hi @stanleyz ! Thank you very much for your work it's amazing! I was wondering something, at our company we are now having almost 200 workspaces. The issue is that if Terrakube creates one webhook per workspace we should have 200 webhooks but github is sadly limited to 20 only :(. Would you know if it is possible to refactor a bit of logic to make this incredible feature usable at production level ? :) regards ! |
|
@BenjaminDecreusefond I remember the 20 webhooks limit is on repository right, are you suggesting you have more than 20 workspaces per repository?
Yes, it's achievable, but I wonder whether you can reduce the workspace number per repository to under 20, other than that, I'd be more keen to implement GitHub check run and check suite instead of adding this feature. |
|
I too am getting None of my existing |
Can you share one example? , I had the same issue but I was using a wrong regex |
|
Sure!
Webhook was previously just I also want a Pull Request hook to trigger on the same working directory with every branch too (except main I guess) |
|
I think you are missing one |
|
Good spot! That was it. Probably worth considering this as a breaking change as before it used to factor in the working directory. I'll go through and update all my webhooks now. Thanks! |
I will add it as comment inside the release notes once we create the final 2.26.0 version, by the way if you are using github apps for the connection dont forget to put the PULL REQUEST permission to the app |
|
Right, my bloody memory, I thought that was changed by somebody else, no, it was done by me. Sorry. Thinking about this again, it makes sense I believe. With the support of multiple events and webhook triggers, the settings of each trigger should be independent, so we should not take the workspace settings as the default values for corresponding fields, similar logic applies also template and branch settings. |
Agreed. Maybe we can come up with a way of migrating all the existing push webhooks? I have about 70 I'll have to update to fix this. I don't mind doing it, just a lot of work! |
Hi @stanleyz ! Yep we do use a single repository to host all our workspaces ! Refactoring all our infra to split it across multiple repos is not really achievable and I tend to believe that 20 workspace per repos is very short if we count that for instance, for a single bucket, we might want 2 workspaces (one to deploy your bucket in prod account and one to deploy in staging account) so it adds up very fast. Your work on webhooks is amazing and we would really like to use it in production but we are limited by the number |
Ah, sorry about that. Personally I think it's good to list this as a breaking feature instead of adding the workspace folder as a trigger for every webhook. The webhook logic changed anyway. I am sorry for the process you have to go through. However there should be some SQL you can use to do this in bulk. Something like the below, make sure to test in several individual workspaces first. |
Yeah, that's a bit annoying. I'll be keep working on the check run and check suite any way, will evaluate how hard it is and whether it's good to move this forward to the approach you suggested. |
No problem, it's all good. Part of testing and open source :D In the end I just went through them all manually as I enabled the PR hook too, which works perfectly by the way, thanks for your amazing contribution! Comes at a great time as we're going to need it for compliance reasons.
We actually have something similar. Luckily not quite hit the limit yet, our biggest repo is 15, so approaching that. Probably not a use case thats common though. |
Cool, you probably want to consider using the Terakube Terraform provider to automate this, it's going to be easier for such situations if automated. Speaking that, I do need to add the feature of this PR to the Terrakube provider. https://registry.terraform.io/providers/AzBuilder/terrakube/latest/docs |
Heh yes, I do actually already use it for other things, didn't really consider it until afterwards 🙈 |
This change includes the following:
fix #703