Merge "Make github ssl verification configurable" into feature/zuulv3
diff --git a/doc/source/admin/drivers/github.rst b/doc/source/admin/drivers/github.rst
index ed577a5..cbbc5cc 100644
--- a/doc/source/admin/drivers/github.rst
+++ b/doc/source/admin/drivers/github.rst
@@ -75,6 +75,12 @@
job's working directory, they appear under this directory name.
``canonical_hostname=git.example.com``
+**verify_ssl**
+ Optional: Enable or disable ssl verification for GitHub Enterprise. This is
+ useful for a connection to a test installation. If not specified, defaults
+ to ``true``.
+ ``verify_ssl=true``
+
Trigger Configuration
---------------------
GitHub webhook events can be configured as triggers.
diff --git a/zuul/driver/github/githubconnection.py b/zuul/driver/github/githubconnection.py
index b095215..48603a0 100644
--- a/zuul/driver/github/githubconnection.py
+++ b/zuul/driver/github/githubconnection.py
@@ -363,6 +363,12 @@
'canonical_hostname', self.server)
self.source = driver.getSource(self)
+ # ssl verification must default to true
+ verify_ssl = self.connection_config.get('verify_ssl', 'true')
+ self.verify_ssl = True
+ if verify_ssl.lower() == 'false':
+ self.verify_ssl = False
+
self._github = None
self.app_id = None
self.app_key = None
@@ -395,7 +401,11 @@
def _createGithubClient(self):
if self.server != 'github.com':
url = 'https://%s/' % self.server
- github = github3.GitHubEnterprise(url)
+ if not self.verify_ssl:
+ # disabling ssl verification is evil so emit a warning
+ self.log.warning("SSL verification disabled for "
+ "GitHub Enterprise")
+ github = github3.GitHubEnterprise(url, verify=self.verify_ssl)
else:
github = github3.GitHub()