1

当我使用控制台设置挂钩时,它可以工作,但是当我尝试使用 cloudformation 进行设置时,它永远不会工作。如果我使用 AWS CLI 版本,它甚至都不起作用:

aws codepipeline register-webhook-with-third-party --webhook-name AppPipelineWebhook-aOnbonyFrNZu

这就是我的 webhook 的样子(“aws codepipeline list-webhooks”的输出):

    {
        "webhooks": [
            {
                "definition": {
                    "name": "AppPipelineWebhook-aOnbonyFrNZu",
                    "targetPipeline": "ftp-proxy-cf",
                    "targetAction": "GitHubAction",
                    "filters": [
                        {
                            "jsonPath": "$.ref",
                            "matchEquals": "refs/heads/{Branch}"
                        }
                    ],
                    "authentication": "GITHUB_HMAC",
                    "authenticationConfiguration": {
                        "SecretToken": "<REDACTED>"
                    }
                },
                "url": "https://eu-west-1.webhooks.aws/trigger?t=eyJ<ALSO REDACTED>F9&v=1",
                "arn": "arn:aws:codepipeline:eu-west-1:<our account ID>:webhook:AppPipelineWebhook-aOnbonyFrNZu",
                "tags": []
            }
        ]
    }

我得到的错误是:

An error occurred (ValidationException) when calling the RegisterWebhookWithThirdParty operation: Webhook could not be registered with GitHub. Error cause: Not found [StatusCode: 404, Body: {"message":"Not Found","documentation_url":"https://developer.github.com/v3/repos/hooks/#create-a-hook"}]

这些是我的 cloudformation 文件中的两个相关部分:

Resources:
  AppPipelineWebhook:
    Type: AWS::CodePipeline::Webhook
    Properties:
      Authentication: GITHUB_HMAC
      AuthenticationConfiguration:
        SecretToken: '{{resolve:secretsmanager:my/secretpath/github:SecretString:token}}'
      Filters:
        - JsonPath: $.ref
          MatchEquals: 'refs/heads/{Branch}'
      TargetPipeline: !Ref CodePipeline
      TargetAction: GitHubAction
      TargetPipelineVersion: !GetAtt CodePipeline.Version
      # RegisterWithThirdParty: true

  CodePipeline:
    Type: AWS::CodePipeline::Pipeline
    Properties: 
      Name: 
        Ref: PipelineName
      RoleArn: !GetAtt CodePipelineServiceRole.Arn
      Stages:
        - Name: Source
          Actions: 
          - Name: GitHubAction
            ActionTypeId:
              Category: Source 
              Owner: ThirdParty 
              Version: 1 
              Provider: GitHub
            OutputArtifacts:
              - Name: SourceOutput
            Configuration:
              Owner: myorganisationnameongithub
              Repo: ftp-proxy
              Branch: master
              OAuthToken: '{{resolve:secretsmanager:my/secretpath/github:SecretString:token}}'
              PollForSourceChanges: false

它可以轮询变化。因此,如果我从 AWS 控制台手动命令执行 GitHubAction 阶段,则会下载最新的提交。如果我设置PollForSourceChanges: true,这种轮询也可以,但是 webhook 工作流不行(因为钩子不能在 GitHub 上注册)

4

1 回答 1

2

由于 (2) 可能的原因,观察到错误:

  1. 个人访问令牌 (PAT) 未配置为具有以下 GitHub 范围:admin:repo_hook 和 admin:org_hook 1

    您可以在“用户”(右上角)>“设置”>“开发者设置”>“个人访问令牌”下验证这些权限

  2. CloudFormation 模板中的“所有者”和/或“存储库”名称不正确:

    对于 CloudFormation 中的管道配置,请确保“GitHubOwner”是“组织名称”并且存储库名称只是存储库名称并且其中没有“org/repo_name”,例如在您的情况下:

例子: 
Configuration:
    Owner: !Ref GitHubOwner                <========== Github org name
    Repo: !Ref RepositoryName                
    Branch: !Ref BranchName                
    OAuthToken: !Ref GitHubOAuthToken       <========== <Personal Access Token>
于 2020-06-18T10:23:01.297 回答