Page MenuHomePhabricator
Create Task
Maniphest T157577

Create webhook to deploy new content
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

Create webhook in github (https://github.com/wmde/fundraising-frontend-content) that invokes polling in Jenkins (T167096) and hence runs the deployment job to the respective instance(s) when a branch is changed.

AC:

  • Jenkins has necessary permission (keys) to deploy to fundraising_frontend_test, fundraising_frontend_production
  • webhook endpoint uses key/token AC removed as event merely causes polling which can do little harm even when from fake actor
  • content gets deployed to fundraising_frontend_test (test branch), fundraising_frontend_production (production branch) respectively
  • email notification is sent - Receiver list will be looked at during "Editing content" meeting on July 04

Related Objects
Search...

Event Timeline

gabriel-wmde created this task.Feb 8 2017, 3:28 PM
gabriel-wmde edited parent tasks, added: T157575: Create deployment of the content repository; removed: T157560: Use GitHub Repository for Fundraising Frontend contents.Feb 8 2017, 3:34 PM
gabriel-wmde moved this task from Backlog to Sprint ready on the WMDE-Fundraising-Tech board.Apr 7 2017, 11:31 AM
gabriel-wmde mentioned this in T157575: Create deployment of the content repository.
gabriel-wmde added projects: Epic, Story, WMDE-Fundraising-Sprint-3.May 10 2017, 2:21 PM
gabriel-wmde changed the point value for this task from 5 to 8.
gabriel-wmde created subtask T164943: Outline needed changes to github-webhook.May 10 2017, 3:01 PM
gabriel-wmde removed a project: WMDE-Fundraising-Sprint-3.May 10 2017, 3:11 PM
Pablo-WMDE closed subtask T164943: Outline needed changes to github-webhook as Resolved.May 31 2017, 1:54 PM
Pablo-WMDE removed projects: Story, Epic.Jun 6 2017, 10:16 AM
Pablo-WMDE updated the task description. (Show Details)
Pablo-WMDE updated the task description. (Show Details)Jun 6 2017, 10:21 AM
Pablo-WMDE mentioned this in T164946: Create deployment playbook for wmde/github-webhook.Jun 6 2017, 10:28 AM
gabriel-wmde added a project: WMDE-Fundraising-Sprint-6.Jun 21 2017, 1:19 PM
gabriel-wmde changed the point value for this task from 8 to 3.
Pablo-WMDE claimed this task.Jun 23 2017, 8:02 AM
Pablo-WMDE moved this task from Todo to Doing on the WMDE-Fundraising-Sprint-6 board.
Pablo-WMDE added a comment.EditedJun 23 2017, 8:50 AM

https://wiki.jenkins.io/display/JENKINS/Github+Plugin#GitHubPlugin-GitHubhooktriggerforGITScmpolling

Github does not like our SSL setup -> T168710

Pablo-WMDE added a comment.Jun 23 2017, 2:50 PM

Github webhook now uses SSL Verification against our Endpoint

Pablo-WMDE added a subscriber: kai.nissen.Jun 23 2017, 2:58 PM

@gabriel-wmde @kai.nissen Two questions:

  • there is the AC "webhook endpoint uses key/token", but given how the plugin works I think this can be skipped. The ping will only cause a polling (git ls-remote) - if no change is detected this is it. Do you share the opinion that this is not a sufficient attack vector to warrant creation of another secret that has to be managed?
  • looks like we can start to get serious about this - what would be the correct receiver list for our deployment emails (incl non-tech people)?
Pablo-WMDE mentioned this in T162802: Give introduction to editing content to fundraising team.Jun 23 2017, 4:05 PM
gabriel-wmde added a comment.Jun 26 2017, 8:10 AM
  • For the time being, I'd be ok with not using a token. Would it be possible to ignore requests from non-github-IPs?
  • So far, we don't have a mailing list for that. Let's find that who wants to be on it at the introduction for the FR team.
Pablo-WMDE added a comment.Jun 26 2017, 9:05 AM

@gabriel-wmde

  • In my eyes, using IPs for auth purposes in this day and age is a Bad Idea™. If you do think there is an attack vector we should address, then let's do it by actual security, using a secret - I just don't think it's necessary
  • ok. Is this story done despite the incomplete receiver list?
Pablo-WMDE closed this task as Resolved.Jun 26 2017, 10:55 AM
Pablo-WMDE updated the task description. (Show Details)
Pablo-WMDE moved this task from Doing to Done on the WMDE-Fundraising-Sprint-6 board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL