PullRequests generator enterprise
The pullRequests
generator will query a repository for open pull requests and emit a set of parameters for each pull request.
Example
apiVersion: templates.weave.works/v1alpha1
kind: GitOpsSet
metadata:
name: pull-requests-sample
spec:
generators:
- pullRequests:
interval: 5m
driver: github
repo: bigkevmcd/go-demo
secretRef:
name: github-secret
templates:
- content:
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: GitRepository
metadata:
name: "pr-{{ .Element.Number }}-gitrepository"
namespace: default
spec:
interval: 5m0s
url: "{{ .Element.CloneURL }}"
ref:
branch: "{{ .Element.Branch }}"
- content:
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: "pr-{{ .Element.Number }}-demo"
namespace: default
spec:
interval: 5m
path: "./examples/kustomize/environments/dev"
prune: true
targetNamespace: "{{ .Element.Branch }}-ns"
sourceRef:
kind: GitRepository
name: "pr-{{ .Element.Number }}-gitrepository"
This example will poll "github.com/bigkevmcd/go-demo" for open pull requests and trigger the deployment of these by creating a Flux GitRepository
and a Kustomization
to deploy.
As the generator only queries open pull requests, when a PR is closed, the generated resources will be removed.
For non-public installations, you can configure the serverURL
field and point it to your own installation.
The driver
field can be github
or gitlab
or bitbucketserver
, other options can be supported from go-scm.
Additionally labels can be provided for querying pull requests with matching labels e.g.
- pullRequests:
interval: 5m
driver: github
repo: bigkevmcd/go-demo
secretRef:
name: github-secret
labels:
- deploy
The fields emitted by the pull-request are as follows:
number
this is generated as a string representationbranch
this is the source branchhead_sha
this is the SHA of the commit in the merge branchclone_url
this is the HTTPS clone URL for this repositoryclone_ssh_url
this is the SSH clone URL for this repository
You will need an API key that can query the GitHub API.
$ kubectl create secret generic github-secret \
--from-literal password=<insert access token here>
You can limit the scope of this token to read only access to your repositories.
To run this example you will need extra RBAC
This particular example creates kustomizations, so you will need to add the below RBAC
to the gitopssets-controller-manager
service account to allow it to create kustomizations.
Check out the Security section for more information.
However this will change in the next release with impersonation. Instead you can choose a service account
for each GitOpsSet
that has the required permissions for creating the rendered resources in the
templates
section.
Additional RBAC for the gitopssets-controller-manager
service account:
Expand to see SA resources
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: demo-role
rules:
- apiGroups:
- kustomize.toolkit.fluxcd.io
resources:
- kustomizations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: demo-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: demo-role
subjects:
- kind: ServiceAccount
name: gitopssets-controller-manager
namespace: flux-system