Incoming webhook #
Pipelines as Code support the concept of incoming webhook URL. Which let you start a PipelineRun in a Repository by a URL and a shared secret rather than having to generate a new code iteration.
Incoming Webhook URL #
You need to set your incoming match your Repository CRD, in your match you specify a reference Secret which will be used as a shared secret and the branches targetted by the incoming webhook.
If you are not using the github app provider (ie: webhook based provider) you will need to have a
git_provider
spec to specify a token.Additionally since we are not able to detect automatically the type of provider on URL. You will need to add it to the
git_provider.type
spec. Supported values are:
- github
- gitlab
- bitbucket-cloud
Whereas for
github-apps
this doesn’t need to be added.
Webhook #
Here is an example of a Repository CRD matching the target branch main:
---
apiVersion: "pipelinesascode.tekton.dev/v1alpha1"
kind: Repository
metadata:
name: repo
namespace: ns
spec:
url: "https://github.com/owner/repo"
git_provider:
type: github
secret:
name: "owner-token"
incoming:
- targets:
- main
secret:
name: repo-incoming-secret
type: webhook-url
GithubApp #
Here is an example of a Repository CRD matching the target branch main:
---
apiVersion: "pipelinesascode.tekton.dev/v1alpha1"
kind: Repository
metadata:
name: repo
namespace: ns
spec:
url: "https://github.com/owner/repo"
incoming:
- targets:
- main
secret:
name: repo-incoming-secret
type: webhook-url
a secret named repo-incoming-secret
for both webhook and github-apps will have this value:
apiVersion: v1
kind: Secret
metadata:
name: repo-incoming-secret
namespace: ns
type: Opaque
stringData:
secret: very-secure-shared-secret
after setting this up, you will be able to trigger a PipelineRun called
pipelinerun1
which will be located in the .tekton
directory of the Git repo
https://github.com/owner/repo
. As an example here is the full curl snippet:
curl -X POST 'https://control.pac.url/incoming?secret=very-secure-shared-secret&repository=repo&branch=main&pipelinerun=target_pipelinerun'
note two things the "/incoming"
path to the controller URL and the "POST"
method to the URL rather than a simple "GET"
.
Pipelines as Code when matched with act as this was a "push"
, we will not have
anywhere to report the status of the PipelineRuns
In this case the best way to get a report or a notification is to add it directly
with a finally task to your Pipeline or by inspecting the Repo CRD with the tkn pac
CLI. See the statuses documentation which has a few
tips on how to do that.