system-config/doc/source/github.rst
Jeremy Stanley 2d57c7cfd9 Add a zuul01.openstack.org
In preparation for replacing the zuulv3.openstack.org host with a
larger instance, set up the necessary support in
Puppet/Hiera/Ansible. While we're here, remove or replace old
references to the since-deleted zuul.openstack.org instance, and
where possible update documentation and configuration to refer to
the new zuul.openstack.org CNAME instead of the zuulv3.openstack.org
FQDN so as to smooth the future transition.

Change-Id: Ie51e133afb238dcfdbeff09747cbd2e53093ef84
2018-01-15 20:32:54 +00:00

3.4 KiB

title

GitHub

GitHub

GitHub is a code-hosting platform that, while not used for OpenStack development, is nonetheless frequently enough used by non-OpenStack projects that OpenStack has tooling interactions with it.

At a Glance

Hosts
  • review.openstack.org
Puppet
Projects
Chat
  • #openstack-infra on freenode

Overview

There are currently three different forms of interaction with GitHub.

  • Gerrit Replication
  • Pull Request Closer
  • OpenStack Zuul App

Gerrit Replication

Each project in gerrit is replicated on merge to a corresponding repository in GitHub. More information on this can be found in the gerrit document at gerrit_github_integration.

Pull Request Closer

A cronjob is run that looks for Pull Requests that have been erroneously submitted and closes them with a helpful message pointing people to the documentation on Contributing to OpenStack. More information on this can be found in the jeepyb document at closing_pull_requests.

OpenStack Zuul App

Zuul v3 is integrated with GitHub by way of a GitHub App. This is done to enable OpenStack to test integration with external projects that use GitHub for development. Information on onfiguring projects to use the OpenStack Zuul App can be found in the zuul page at zuul_github_projects.

The OpenStack Zuul App is managed OpenStack Zuul Settings Page which is available to admins of the openstack-infra Organization.

The OpenStack Zuul App has an ID, a Private key, a Webhook secret and a set of OAuth Credentials which are all stored in hiera.

The ID is a numerical identifier found on the App settings page labeled ID. The ID is placed into the app_id field in the github entry in zuul_connection_secrets for the zuul-scheduler group.

The Private key can only be retrieved when it is generated, so in the case it is lost a new one must be generated and the resulting value put into hiera. The Private key content is stored as zuul_github_app_key in private hiera and is written to /etc/zuul/github.key. That path is placed into app_key field in the github entry in zuul_connections for the zuul-scheduler group.

GitHub sends JSON payloads via HTTP POST to the URL configured in the Webhook URL setting. The current value of this setting for Zuul v3 is: https://zuul.openstack.org/connection/github/payload. It includes the configured "Webhook Secret" so that Zuul can verify that the payload actually did come from GitHub. The "Webhook Secret" is placed into the webhook_token field in the github entry in zuul_connection_secrets for the zuul-scheduler group.

The OAuth credentials for the OpenStack Zuul App are currently unused.