Attempting to add further SCM types to app_services

[istairbn]

#1104
Trying to add an app service with GitHub SCM, it keeps failing out. Not entirely sure if this is the whole fix, but I think this is where it is validating against available SCMs?

[katbyte]

Hi @istairbn,

Thank you for opening this PR 🙂

This looks mostly good to me but could we update the website documentation with the new SCM type?

The file is here and once that has been updated I can see about getting this merged for you.

[metacpp]

@istairbn thanks for the contribution. Expose deployment integration with 3rd party like GitHub, Bitbucket, will require 3 things:

1. Create OAuth token(repo->public_repo, org->read::org) and set it through web management API, since for continuous deployment, Azure Web App require authorization to create WebHook on that repo. Details please visit: https://github.com/projectkudu/kudu/wiki/Investigating-continuous-deployment
2. Set SCMType to predefined type.
3. Set repo and branch info in source control properties.

It's already planned in our TODO list for the next few weeks, do you mind if I close this PR ?

[tombuildsstuff]

@metacpp

1. Create OAuth token and set it through web management API, since for continuous deployment, Azure Web App require authorization to create WebHook on that repo. Details please visit: https://github.com/projectkudu/kudu/wiki/Investigating-continuous-deployment

So I believe that's just an Azure Portal limitation - it should be possible to achieve the same thing in Terraform by using the github_repository_webhook resource to create the webhook and a Github deployment key for pulling the code from the repository - which can be specified as part of the clone URI (which is all the Portal's going to be doing internally), e.g.

git clone https://username:password@github.com/tombuildsstuff/example.git

It's worth noting that for Public repositories the Username and Password shouldn't be needed, so this would support both use-cases. (Internally Github supports using a Deployment Key as the password rather than an actual username and password) - as does Bitbucket afaik (since it's part of Git).

As such - I believe once the broken (set credentials) API endpoint is fixed it should be possible to implement these:

2. Set SCMType to predefined type.
3. Set repo and branch info in source control properties.

[metacpp]

@tombuildsstuff thanks for the sharing, I was not aware of the resources provided by GitHub provider.

I did a quick glance on GitHub provider usage, it will require:

1. Personal access token with appropriate permission granted.
2. Organization name. It seems that personal repositories are not be supported.

For web-hook resource, personal repositories are not supported, which will miss some of user scenarios. And if you take a look at the format web-hook URL set by Azure:
https://$siteName:site-level-credential@siteName.scm.azurewebsites.net/deploy?scmType=GitHub
This URL will need attributes(site_credential and source_control) of provisioned app-service resource. If we decide to build this web-hook manually, we actually bring hard dependency on Auzre implementation, none can guarantee whether Azure will make any change on the format of web-hook. And since the web-hook is triggered by event(push), which means that you need to make a push to trigger the deployment, that's my understanding, needs some experimentation to prove this.

For public repo under organization, with small change in validation logic, we should be able to enable GitHub deployment pipeline simply(no idea about how 1st deployment is trigged, needs to do some experimentation).

For repo with limited access, we need to figure out a way to authenticate Azure web app to pull the code. deploy-key is a good thing but might not be valid for app service, need to check with service team.

Or a simpler way for end user: set the personal access token to Microsoft.Web provider, then Azure will install web hooks for both public and private repos. Needs to take a look at the API and SDK support.

Let me do some more investigation and share with you later.

[metacpp]

@istairbn I am going to close this PR, please refer to #1121 for further work.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!