-
Notifications
You must be signed in to change notification settings - Fork 2
/
createWebhook.sh
executable file
·64 lines (44 loc) · 2.03 KB
/
createWebhook.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# TODO: enable secret manager: secretmanager.googleapis.com
## REQUIRED VARS
# PROJECT_ID
# APP_ID
# INSTANCE_GIT_REPO_TOKEN
# INSTANCE_GIT_REPO_OWNER
# API_KEY
## CONSTRUCTED VARS
export GIT_TOKEN=${GIT_TOKEN}
export GIT_USER=${GIT_USER}
export GIT_USERNAME=${GIT_USER}
export API_KEY_VALUE=${API_KEY}
export WORK_DIR=${PWD}
export GIT_CMD=${WORK_DIR}/utils/git/gh.sh
export GIT_BASE_URL=https://${GIT_USER}@github.com/${GIT_USER}
export APP_INSTANCE_REPO_LOCATION=https://github.com/${GIT_USERNAME}/${APP_ID}
export IMAGE_REPO=gcr.io/${PROJECT_ID}
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format='value(projectNumber)')
export SECRET_NAME=${APP_ID}-webhook-trigger-secret
#TODO - Fix value # this didn't work in cloud build run
#SECRET_VALUE=$(sed "s/[^a-zA-Z0-9]//g" <<< $(openssl rand -base64 15))
SECRET_VALUE=foobar
SECRET_PATH=projects/${PROJECT_NUMBER}/secrets/${SECRET_NAME}/versions/1
printf ${SECRET_VALUE} | gcloud secrets create ${SECRET_NAME} --data-file=-
gcloud secrets add-iam-policy-binding ${SECRET_NAME} \
--member=serviceAccount:service-${PROJECT_NUMBER}@gcp-sa-cloudbuild.iam.gserviceaccount.com \
--role='roles/secretmanager.secretAccessor'
## Create CloudBuild Webhook Endpoint
echo Create CloudBuild Webhook Endpoint
TRIGGER_NAME=${APP_ID}-webhook-trigger
BUILD_YAML_PATH=$WORK_DIR/${TEMPLATE_FOLDER}/build/cloudbuild.yaml
## Setup Trigger & Webhook
gcloud alpha builds triggers create webhook \
--name=${TRIGGER_NAME} \
--inline-config=$BUILD_YAML_PATH \
--secret=${SECRET_PATH} \
--substitutions="_APP_ID=${APP_ID},_REGION=${REGION}"',_APP_REPO=$(body.repository.html_url),_REF=$(body.ref),_SHA=$(body.after)' \
--subscription-filter="_REF != '\$(body.ref)'"
## Retrieve the URL
WEBHOOK_URL="https://cloudbuild.googleapis.com/v1/projects/${PROJECT_ID}/triggers/${TRIGGER_NAME}:webhook?key=${API_KEY_VALUE}&secret=${SECRET_VALUE}"
echo WEBHOOK_URL=${WEBHOOK_URL}
## Configure Github Repo Webhook
echo Configure Github Repo Webhook
${GIT_CMD} create_webhook ${APP_ID} $WEBHOOK_URL