argocd-bot
argocd-bot copied to clipboard
argoproj-labs
One bot per repo?
We are running Github Enterprise and we have all of our k8s repos within a single Github organization. From the looks of the config file argo-bot is configured one bot per repo? Is there currently support to have argo-bot be available to support all repos within an org?
I too would like to see this. I don't see why the repo can't be grabbed from the webhook message. Additionally, I would allow for a file mounted to the container as a ConfigMap that has the whitelist of repos to listen to. If no file exists accept all repos. I'd make a PR, but I can't say I know typescript.
I have enough repos in my org where I need this. I've already made the changes to pull the repo url from the webhook. I'm going to fix the locking function up so its locks on a per repo basis then change the GITHUB_REPO parameter to GITHUB_ORG so repos outside of the org for the bot wont process as a whitelist of sorts.
So if we set GITHUB_REPO parameter to our github org then our bot will not work ? and argo diff in PR cannot work correct ?
Currently the bot uses GITHUB_REPO to process diffs from PRs so your limited to one repo per bot. The change I'm working on would allow it to work for for then one repo. if you set GITHUB_REPO to just your org it wont work in its current form. But to not lose the ability to whitelist the bot I was going to add a new option called GITHUB_ORG which allows you to whitelist only a certain organization. You can interchange GITHUB_ORG with a username if you want to lock it to a specific user as organizations and users are interchangeable in this regard.
@mr-sour So right now if we install argocd-bot app for whole org in github..it does not work correct ? We are better to install it for one repo specific ? The instruction does not say where we should install the bot for repo or for whole org ...it is confusing.
Another quick question what do you use for GHE_HOST in .env file ? is it GHE_HOST=github.com ? is ok
because we hitting 404 to access GET /app/installations endpoint. So maybe we need admin permission for github app ?
argocd-bot 00:37:14.830Z DEBUG github: GitHub request: GET /app/installations - 404 Not Found (installation=undefined)
I dont use GHE_HOST sorry. I'm currently testing my the bot updates for a multi repo bot. The only snag is that I don't know is Automation tokens from argo are going to allow the bot to operate. The docs make it sound like tokens can only work for projects they are generated for.
@mr-sour yes that looks like the limited too.. while JWT token is only per project...someone said in v1.5 "This is what is being added in v1.5, the ability to create local accounts (user or service), and generate JWTs for them" so you may try it in 1.5 to allow system-wide jwt thought
@mr-sour:I followed your suggestion to remove GHE_HOST. And our argocd-bot does not show an issue any more. Thank you ! But when I opened a PR and type "argo diff" nothing happens. Do you know how to troubleshoot it ? I don't see any log in argocd-bot also even tracing mode is enabled. Any ideas to pin point ?
Okay So I thought I was crazy! but after reading though the code I think theres somthing missing in the docs. https://github.com/argoproj-labs/argocd-bot/tree/master/src/sh these are the commands being run by bot to get things like diff status. I dont see how these commands are authenticated. the JWT token is used within the code to pull stuff programmatically but there no place where it gets passed to to these commands. I also dont see anything that would suggest that when the container starts up it authorizes the cli tool. When I remote into the pod and run those commands verbatim it doesn't work because its not authorized.
above is the issue I was running into but I'm running a custom version of the bot now so maybe I screwed something up there. when you made the github app @CH-anhngo in addition to adding the permissions for it did you also subscribe to the events in the github app. Its not mentioned in the docs but if you don't subscribe to any events it wont send any webhooks to the bot.
I found my mystery auth issue. the cli supports tokens with environment variables and I broke that
ARGOCD_TOKEN=<token> <ARGOCD_SERVER>=<hostname> argocd app list
I'm going to have to make a new option called API_URL. my deployment of argocd uses nginx which requires me to have 2 separate endpoints one for http and the other grpc. right now its trying to use my http endpoint for grpc calls which isn't going to work.
