Mark: Since this was done before my recent tenure, I need to revisit BuildConfig GitHub Trigger <https://docs.openshift.com/container-platform/3.11/dev_guide/builds/triggering_builds.html#github-webhooks> versus what we've done. Have you looked at this?
Regards, Andy On Mon, Nov 26, 2018 at 9:39 AM Marc Boorshtein <[email protected]> wrote: > >> >> If you're referring to using a GitHub webhook, we ended up having to >> create a simple application that would receive GitHub webhook events, >> verify the request against the webhook secret, and trigger the desired >> OpenShift build or Jenkins job. This is primarily because GitHub webhooks >> don't really support authentication mechanisms other than the webhook >> secret. >> >> >> > Thanks Andy, we went a somewhat different (but similar) route. We created > a reverse proxy that only accepts requests to the build url and injects the > oauth2 service account token in the call to our jenkins. I like the idea > of verifying the token first but don't think its necessary. It could cut > down if there was a vulnerability found in jenkins but i can also cut that > down in other ways too (i might clear all content from the request). > > Thanks > Marc > > -- [image: BandwidthMaroon.png] Andy Feller • Sr DevOps Engineer 900 Main Campus Drive, Suite 500, Raleigh, NC 27606 e: [email protected]
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
