当我使用控制台设置钩子时,它可以工作,但是当我尝试使用云形成来做到这一点时,它永远不会起作用。如果我使用 AWS CLI 版本,它甚至不起作用:
aws codepipeline register-webhook-with-third-party --webhook-name AppPipelineWebhook-aOnbonyFrNZu
这就是我的 webhook 的样子(输出自"aws codepipeline list-webhooks"(:
{
"webhooks": [
{
"definition": {
"name": "AppPipelineWebhook-aOnbonyFrNZu",
"targetPipeline": "ftp-proxy-cf",
"targetAction": "GitHubAction",
"filters": [
{
"jsonPath": "$.ref",
"matchEquals": "refs/heads/{Branch}"
}
],
"authentication": "GITHUB_HMAC",
"authenticationConfiguration": {
"SecretToken": "<REDACTED>"
}
},
"url": "https://eu-west-1.webhooks.aws/trigger?t=eyJ<ALSO REDACTED>F9&v=1",
"arn": "arn:aws:codepipeline:eu-west-1:<our account ID>:webhook:AppPipelineWebhook-aOnbonyFrNZu",
"tags": []
}
]
}
我得到的错误是:
An error occurred (ValidationException) when calling the RegisterWebhookWithThirdParty operation: Webhook could not be registered with GitHub. Error cause: Not found [StatusCode: 404, Body: {"message":"Not Found","documentation_url":"https://developer.github.com/v3/repos/hooks/#create-a-hook"}]
这是我的 cloudformation 文件中的两个相关部分:
Resources:
AppPipelineWebhook:
Type: AWS::CodePipeline::Webhook
Properties:
Authentication: GITHUB_HMAC
AuthenticationConfiguration:
SecretToken: '{{resolve:secretsmanager:my/secretpath/github:SecretString:token}}'
Filters:
- JsonPath: $.ref
MatchEquals: 'refs/heads/{Branch}'
TargetPipeline: !Ref CodePipeline
TargetAction: GitHubAction
TargetPipelineVersion: !GetAtt CodePipeline.Version
# RegisterWithThirdParty: true
CodePipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
Name:
Ref: PipelineName
RoleArn: !GetAtt CodePipelineServiceRole.Arn
Stages:
- Name: Source
Actions:
- Name: GitHubAction
ActionTypeId:
Category: Source
Owner: ThirdParty
Version: 1
Provider: GitHub
OutputArtifacts:
- Name: SourceOutput
Configuration:
Owner: myorganisationnameongithub
Repo: ftp-proxy
Branch: master
OAuthToken: '{{resolve:secretsmanager:my/secretpath/github:SecretString:token}}'
PollForSourceChanges: false
它可以轮询更改。因此,如果我从 AWS 控制台手动订购 GitHubAction 阶段的执行,则会下载最新的提交。如果我设置PollForSourceChanges: true,这种轮询也可以工作,但唉不是 webhook 工作流程(因为钩子无法在 GitHub 注册(
由于 (2( 可能的原因而观察到错误:
-
个人访问令牌 (PAT( 未配置为具有以下 GitHub 作用域:admin:repo_hook 和 admin:org_hook 1
您可以在"用户"(热门(>"设置">"开发人员设置">"个人访问令牌"下验证这些权限
-
CloudFormation 模板中的"所有者"和/或"存储库"名称不正确:
对于 CloudFormation 中的管道配置,请确保"GitHubOwner"是"组织名称",存储库名称只是存储库名称,并且其中没有"org/repo_name",例如,在您的情况下:
Configuration:
Owner: !Ref GitHubOwner <========== Github org name
Repo: !Ref RepositoryName
Branch: !Ref BranchName
OAuthToken: !Ref GitHubOAuthToken <========== <Personal Access Token>