npearce/CaC-Github_Webhook_Server

Automate the creation of GitHub Enterprise eval server

npearce opened this issue · 4 comments

npearce commented

Document the process to spin up a new GitHub Enterprise eval service, license it (45-day eval license), and provision it with:

  • webhook configration
  • user account for webhook server callback to deployment repo
  • creation of service template examples
webdog commented

@npearce

👋

Some thoughts:

Document the process to spin up a new GitHub Enterprise eval service, license it (45-day eval license), and provision it with:

The licensing is approved manually and issued, so this could be a chokepoint in full automation. However, once you have the license, the upload is available via the API:

https://developer.github.com/enterprise/v3/enterprise-admin/management_console/#upload-a-license-for-the-first-time

webhook configration

Are there specific events you're looking to configure for webhook events?

user account for webhook server callback to deployment repo

We don't have a POST endpoint to the api for user creation, however here's a dirty workaround using curl to send a post to the first user creation screen:

$EC2_IP correlates to the hostname of GitHub Enterprise
$1 = github username you wish to define
$2 = email address for user
$3 = password

  echo "Creating first GitHub Enterprise administrator account"
  TEMPDIR=`mktemp -d /tmp/XXXXXXXXXXXXX`
  echo $TEMPDIR
  # Check if the join endpoint is up and running
  curl -iskL https://$EC2_IP/join | grep 'Status: 200 OK'
  curl -k -v -L -c $TEMPDIR/cookies https://$EC2_IP/login > $TEMPDIR/github-curl.out
    authenticity_token=$(grep 'name="authenticity_token"' $TEMPDIR/github-curl.out | head -1 | sed -e 's/.*value="\([^"]*\)".*/\1/')
    curl -X POST -k -v -b $TEMPDIR/cookies -c -L $TEMPDIR/cookies \
    -F "authenticity_token=$authenticity_token" \
    -F "user[login]=$1" \
    -F "user[email]=$2" \
    -F "user[password]=$3" \
    -F "user[password_confirmation]=$3" \
    -F "source_label=Detail Form" \
    https://$EC2_IP/join >$TEMPDIR/github-curl.out 2>&1
    cat $TEMPDIR/github-curl.out
    grep "< Set-Cookie: logged_in=yes;" $TEMPDIR/github-curl.out
    rm -rf $TEMPDIR

creation of service template examples

Assuming this is a big-ip thing?

  • 👍1
npearce commented

@webdog
That cover bullet 2 nicely! Thanks.

#3 (BIG-IP Service Definition templates) I can cover by sharing a repo on github.com, which an administrator can download and then change the remote to their GitHub Enterprise, like with these instructions: https://help.github.com/articles/changing-a-remote-s-url/

Hmmm, feels like we're getting there...

webdog commented

@npearce Sounds great!

What are your thoughts around a Service Template being around only as long as a Pull Request is opened?

User opens PR -> Webhook to BIG IP, create service template for architecture and rules
User updates PR with new commits -> BIG IP examines the commit object for any necessary changes to the template (Maybe a port being updated in an application?
User closes/merges PR -> The environment is shut down

npearce commented

Ok!!! This is exactly where my head is at! I’m looking at ephemeral entry points, or entry template representations of such, so long as I’m solid with the source of truth being in the GitHub repo.

The first rule of IaC club is, never look at the “I” to understand the truth.