Cluster behind VPN and Webhook

[cmoulliard]

Issue

The Gihub Webhook created here https://github.com/parodos-dev/workflow-software-templates/blob/main/scaffolder-templates/basic-workflow/template.yaml#L218 will not work if the cluster used to deploy the resources is behind a VPN.

In this case, it is needed that we offer alternatives:

Proposition A

Add a new field within the template to let the user to pass their smee.io - URL which can forward the traffic from the github webhook to the internal cluster

Proposition B

As Gitea is supported since backstage 1.23 as action, we can let the user to create the git repositories running on gitea deployed on an internal cluster. Such a use case works pretty well as documented here using Tekton Trigger + gitea interceptor and webhook

Remark: We could even suggest to the developer/user to use the idpbuilder project as it bootstraps a kind cluster with ingress, argocd and gitea by default and could be easily extended with serverless workflow stuffs using custom packages !

[dmartinol]

@cmoulliard this is a known limitation of the proposed solution, thanks for remarking it and proposing these valuable alternatives 👍 @pkliczewski we can track this as an issue in our project and then, once we understand the exact configuration of the customer, we can propose a validated option to workaround this issue. (they should be working with Bitbucket instead of GitHub, so probably option 2 above is not appropriate; and I'm not sure about their network configuration, whether they are under the VPN or not

[pkliczewski]

I agree, it is known issue at the moment but we should have an issue tracking it and have a way to workaround it. Different users may use different version control systems so let's think about what we can support