Skip to main content
Version: main

PullRequests generator enterprise

The pullRequests generator will query a repository for open pull requests and emit a set of parameters for each pull request.

Example

apiVersion: templates.weave.works/v1alpha1
kind: GitOpsSet
metadata:
name: pull-requests-sample
spec:
generators:
- pullRequests:
interval: 5m
driver: github
repo: bigkevmcd/go-demo
secretRef:
name: github-secret
templates:
- content:
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: GitRepository
metadata:
name: "pr-{{ .Element.Number }}-gitrepository"
namespace: default
spec:
interval: 5m0s
url: "{{ .Element.CloneURL }}"
ref:
branch: "{{ .Element.Branch }}"
- content:
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: "pr-{{ .Element.Number }}-demo"
namespace: default
spec:
interval: 5m
path: "./examples/kustomize/environments/dev"
prune: true
targetNamespace: "{{ .Element.Branch }}-ns"
sourceRef:
kind: GitRepository
name: "pr-{{ .Element.Number }}-gitrepository"

This example will poll "github.com/bigkevmcd/go-demo" for open pull requests and trigger the deployment of these by creating a Flux GitRepository and a Kustomization to deploy.

As the generator only queries open pull requests, when a PR is closed, the generated resources will be removed.

For non-public installations, you can configure the serverURL field and point it to your own installation.

The driver field can be github or gitlab or bitbucketserver, other options can be supported from go-scm.

Additionally labels can be provided for querying pull requests with matching labels e.g.

- pullRequests:
interval: 5m
driver: github
repo: bigkevmcd/go-demo
secretRef:
name: github-secret
labels:
- deploy

The fields emitted by the pull-request are as follows:

  • number this is generated as a string representation
  • branch this is the source branch
  • head_sha this is the SHA of the commit in the merge branch
  • clone_url this is the HTTPS clone URL for this repository
  • clone_ssh_url this is the SSH clone URL for this repository

You will need an API key that can query the GitHub API.

$ kubectl create secret generic github-secret \
--from-literal password=<insert access token here>

You can limit the scope of this token to read only access to your repositories.

caution

To run this example you will need extra RBAC

This particular example creates kustomizations, so you will need to add the below RBAC to the gitopssets-controller-manager service account to allow it to create kustomizations.

Check out the Security section for more information.

However this will change in the next release with impersonation. Instead you can choose a service account for each GitOpsSet that has the required permissions for creating the rendered resources in the templates section.

Additional RBAC for the gitopssets-controller-manager service account:

Expand to see SA resources
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: demo-role
rules:
- apiGroups:
- kustomize.toolkit.fluxcd.io
resources:
- kustomizations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: demo-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: demo-role
subjects:
- kind: ServiceAccount
name: gitopssets-controller-manager
namespace: flux-system