Infrastructure/infra-docs-fpo
1
0
Fork 0
Code Issues 100 Pull requests 6 Projects Releases Packages Wiki Activity Actions
infra-docs-fpo/modules/sysadmin_guide/pages/github2fedmsg.adoc
Kevin Fenzi cc6d4b0750 Drop IRC and replace with matrix is all our docs. 
Since we are moving to matrix, lets drop reference to irc.
I may have missed a few of these and I left the Zodbot SOP alone for now
until we replace it with the new matrix one.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2023-12-20 11:15:46 -08:00

51 lines
1.9 KiB
Text
Raw Blame History

= github2fedmsg SOP
Bridge github events onto our fedmsg bus.
App: https://apps.fedoraproject.org/github2fedmsg/
Source: https://github.com/fedora-infra/github2fedmsg/
== Contact Information
Owner::
Fedora Infrastructure Team
Contact::
#fedora-apps, #fedora-admin, #fedora-noc
Servers::
github2fedmsg01
Purpose::
Bridge github events onto our fedmsg bus.
== Description
github2fedmsg is a small Python Pyramid app that bridges github events
onto our fedmsg bus by way of github's "webhooks" feature. It is what
allows us to have notifications of github activity via fedmsg. It
has two phases of operation:
* Infrequently, a user will log in to github2fedmsg via Fedora OpenID.
They then push a button to also log in to github.com. They are then
logged in to github2fedmsg with _both_ their FAS account and their
github account.
+
They are then presented with a list of their github repositories. They
can toggle each one: "on" or "off". When they turn a repo on, our webapp
makes a request to github.com to install a "webhook" for that repo with
a callback URL to our app.
* When events happen to that repo on github.com, github looks up our
callback URL and makes an http POST request to us, informing us of the
event. Our github2fedmsg app receives that, validates it, and then
republishes the content to our fedmsg bus.
== What could go wrong?
* Restarting the app or rebooting the host shouldn't cause a problem. It
should come right back up.
* Our database could die. We have a db with a list of all the repos we
have turned on and off. We would want to restore that from backup.
* If github gets compromised, they might have to revoke all of their
application credentials. In that case, our app would fail to work. There
are _lots_ of private secrets set in our private repo that allow our app
to talk to github.com. There are inline comments there with instructions
about how to generate new keys and secrets.
Reference in a new issue View git blame Copy permalink