Create webhook automatically when creating Repo/Org/Enterprise CR

[Fabiosilvero]

What is the feature you would like to have?

Hello,

First of all, thank you for your operator, it is awesome :)

Is it possible to make the webhook install from CR instead of doing it from Github ?

It is possible with garm-cli :

/home/user/bin/garm-cli repository add \
    --name github-actions \
    --owner The_Org \
    --credentials github-pat \
    --install-webhook \
    --pool-balancer-type roundrobin \
    --random-webhook-secret

But with manifests like that, it doesn't seem to install it :

---
apiVersion: v1
kind: Secret
metadata:
  name: webhook-secret
  namespace: garm-operator-system
data:
  webhookSecret: <base64>
---
apiVersion: garm-operator.mercedes-benz.com/v1beta1
kind: GarmServerConfig
metadata:
  name: garm-server-config
  namespace: garm-operator-system
spec:
  callbackUrl: https://stg-garm.my.dns.zone/api/v1/callbacks
  metadataUrl: https://stg-garm.my.dns.zone//api/v1/metadata
  webhookUrl: https://stg-garm.my.dns.zone//webhooks
---
apiVersion: garm-operator.mercedes-benz.com/v1beta1
kind: GitHubEndpoint
metadata:
  name: my-ghes
  namespace: garm-operator-system
spec:
  description: "My GHES"
  apiBaseUrl: "https://github.my.dns.zone/api/v3"
  uploadBaseUrl: "https://github.my.dns.zone/api/uploads"
  baseUrl: "https://github.my.dns.zone"
---
apiVersion: garm-operator.mercedes-benz.com/v1beta1
kind: GitHubCredential
metadata:
  name: github-pat
  namespace: garm-operator-system
spec:
  description: credentials for mercedes-benz github
  endpointRef:
    apiGroup: garm-operator.mercedes-benz.com
    kind: GitHubEndpoint
    name: my-ghes
  authType: pat
  secretRef:
    name: github-pat
    key: token
---
apiVersion: v1
kind: Secret
metadata:
  name: github-pat
  namespace: garm-operator-system
data:
  token: <base64>
---
apiVersion: garm-operator.mercedes-benz.com/v1beta1
kind: Repository
metadata:
  name: github-actions
spec:
  webhookSecretRef:
    key: "webhookSecret"
    name: "webhook-secret"
  credentialsRef:
    apiGroup: garm-operator.mercedes-benz.com
    kind: GitHubCredentials
    name: github-pat
  owner: "The_Org"
---
apiVersion: garm-operator.mercedes-benz.com/v1beta1
kind: Image
metadata:
  labels:
    app.kubernetes.io/name: image
    app.kubernetes.io/instance: image-sample
    app.kubernetes.io/part-of: garm-operator
  name: runner-default
  namespace: garm-operator-system
spec:
  tag: "<GCP_Self_Link_Image>"
---
apiVersion: garm-operator.mercedes-benz.com/v1beta1
kind: Pool
metadata:
  labels:
    app.kubernetes.io/instance: pool-sample
    app.kubernetes.io/name: pool
    app.kubernetes.io/part-of: garm-operator
  name: gcp-test-pool
  namespace: garm-operator-system
spec:
  githubScopeRef:
    apiGroup: garm-operator.mercedes-benz.com
    kind: Repository
    name: github-actions
  enabled: true
  extraSpecs: '{}'
  flavor: e2-standard-2
  githubRunnerGroup: ""
  imageName: runner-default
  maxRunners: 10
  minIdleRunners: 2
  osArch: amd64
  osType: linux
  providerName: gcp
  runnerBootstrapTimeout: 600
  runnerPrefix: ""
  tags:
    - poc-garm

Reading this line I guess it is a current limitation ? Or did I miss something ?

A mockup would be :

---
apiVersion: garm-operator.mercedes-benz.com/v1beta1
kind: Repository
metadata:
  name: github-actions
spec:
  webhookAutoCreate: true   <---------
  webhookSecretRef:
    key: "webhookSecret"
    name: "webhook-secret"
  credentialsRef:
    apiGroup: garm-operator.mercedes-benz.com
    kind: GitHubCredentials
    name: github-pat
  owner: "The_Org"

Thanks,

Anything else you would like to add?

No response

[bavarianbidi]

Hey @Fabiosilvero thanks for raising this issue.

You're totally right, atm it's just not implemented and we've sometimes spoke about that feature internally.
From a technical point of view, garm is able to create webhooks on a repository or organization level. For enterprises it's not implemented (because there is no Github-API for creating webhooks on enterprise level).

I rather think about creating a own CRD for the webhooks and do a reference in the corresponding repository or organization CR instead of integrating it into the CR itself.

Are you open to implement that feature or should we take care of it?

[Fabiosilvero]

Unfortunately I can't dev even if my life depended on it :/ But if you need testing the feature before release, I would gladly doing it :)

I rather think about creating a own CRD for the webhooks and do a reference in the corresponding repository or organization CR instead of integrating it into the CR itself.

Yes, it was inherited from garm-cli way of working but I can understand the operator won't work that way. As long as the webhook gets created, I think this is neat :)

[chickenkiller]

That's the single piece missing to have a fully declarative definition of our garm system. I can deploy everything using kubernetes and garm-operator now, and I still need to call garm-cli organization webhook install. So this addition would be great indeed ! Thank you for all your great work so far.

[bavarianbidi]

That's the single piece missing to have a fully declarative definition of our garm system. I can deploy everything using kubernetes and garm-operator now, and I still need to call garm-cli organization webhook install. So this addition would be great indeed ! Thank you for all your great work so far.

we will have a short sync session next week for an upcoming release. And this is definitely something on our feature wishlist.