Add DRONE_WEBHOOK_SECRET for GitHub webhook authentication
Fixes webhook signature validation failures causing 400 errors.
This commit is contained in:
parent
da4cf18d6d
commit
9ef4d38d51
3 changed files with 9 additions and 0 deletions
2
main.tf
2
main.tf
|
|
@ -37,6 +37,7 @@ variable "dbaas_pgadmin_password" {}
|
||||||
variable "drone_github_client_id" {}
|
variable "drone_github_client_id" {}
|
||||||
variable "drone_github_client_secret" {}
|
variable "drone_github_client_secret" {}
|
||||||
variable "drone_rpc_secret" {}
|
variable "drone_rpc_secret" {}
|
||||||
|
variable "drone_webhook_secret" {}
|
||||||
variable "dockerhub_registry_password" {}
|
variable "dockerhub_registry_password" {}
|
||||||
variable "oauth2_proxy_client_id" {}
|
variable "oauth2_proxy_client_id" {}
|
||||||
variable "oauth2_proxy_client_secret" {}
|
variable "oauth2_proxy_client_secret" {}
|
||||||
|
|
@ -442,6 +443,7 @@ module "kubernetes_cluster" {
|
||||||
drone_github_client_id = var.drone_github_client_id
|
drone_github_client_id = var.drone_github_client_id
|
||||||
drone_github_client_secret = var.drone_github_client_secret
|
drone_github_client_secret = var.drone_github_client_secret
|
||||||
drone_rpc_secret = var.drone_rpc_secret
|
drone_rpc_secret = var.drone_rpc_secret
|
||||||
|
drone_webhook_secret = var.drone_webhook_secret
|
||||||
|
|
||||||
# Oauth proxy
|
# Oauth proxy
|
||||||
oauth2_proxy_client_id = var.oauth2_proxy_client_id
|
oauth2_proxy_client_id = var.oauth2_proxy_client_id
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@ variable "tier" { type = string }
|
||||||
variable "github_client_id" {}
|
variable "github_client_id" {}
|
||||||
variable "github_client_secret" {}
|
variable "github_client_secret" {}
|
||||||
variable "rpc_secret" {}
|
variable "rpc_secret" {}
|
||||||
|
variable "webhook_secret" {}
|
||||||
variable "server_host" {}
|
variable "server_host" {}
|
||||||
variable "server_proto" {}
|
variable "server_proto" {}
|
||||||
variable "rpc_host" {
|
variable "rpc_host" {
|
||||||
|
|
@ -98,6 +99,10 @@ resource "kubernetes_deployment" "drone_server" {
|
||||||
name = "DRONE_RPC_SECRET"
|
name = "DRONE_RPC_SECRET"
|
||||||
value = var.rpc_secret
|
value = var.rpc_secret
|
||||||
}
|
}
|
||||||
|
env {
|
||||||
|
name = "DRONE_WEBHOOK_SECRET"
|
||||||
|
value = var.webhook_secret
|
||||||
|
}
|
||||||
env {
|
env {
|
||||||
name = "DRONE_SERVER_HOST"
|
name = "DRONE_SERVER_HOST"
|
||||||
value = var.server_host
|
value = var.server_host
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@ variable "dbaas_pgadmin_password" {}
|
||||||
variable "drone_github_client_id" {}
|
variable "drone_github_client_id" {}
|
||||||
variable "drone_github_client_secret" {}
|
variable "drone_github_client_secret" {}
|
||||||
variable "drone_rpc_secret" {}
|
variable "drone_rpc_secret" {}
|
||||||
|
variable "drone_webhook_secret" {}
|
||||||
variable "oauth2_proxy_client_id" {}
|
variable "oauth2_proxy_client_id" {}
|
||||||
variable "oauth2_proxy_client_secret" {}
|
variable "oauth2_proxy_client_secret" {}
|
||||||
variable "oauth2_proxy_authenticated_emails" {}
|
variable "oauth2_proxy_authenticated_emails" {}
|
||||||
|
|
@ -220,6 +221,7 @@ module "drone" {
|
||||||
github_client_id = var.drone_github_client_id
|
github_client_id = var.drone_github_client_id
|
||||||
github_client_secret = var.drone_github_client_secret
|
github_client_secret = var.drone_github_client_secret
|
||||||
rpc_secret = var.drone_rpc_secret
|
rpc_secret = var.drone_rpc_secret
|
||||||
|
webhook_secret = var.drone_webhook_secret
|
||||||
server_host = "drone.viktorbarzin.me"
|
server_host = "drone.viktorbarzin.me"
|
||||||
server_proto = "https"
|
server_proto = "https"
|
||||||
tier = local.tiers.edge
|
tier = local.tiers.edge
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue