I not sure exactly how this will work, but I am looking to run a bash script that updates master every time something merges into master through Github. Is there a GitHub webhook that could be triggered on a PR merge? Also, I am not sure how would I update master through this web hook? Or any other suggestions how this could be done? I don't know if I am heading in the right direction.
By updating master, I meant, pull everything from master. Run a bash script that makes few changes and push new changes back to master.
The GitHub webhook push event would be useful in this case. You would need an server/application to listen for the hook, e.g. a node.js/php server, or CI services.
In your server, check the webhook payload for ref === refs/head/master i.e.master branch, or other conditions you see fit. Then to modify the repo's master branch, run a local git command or call GitHub API with proper credentials.
P.S. Updating the master branch with this service would also trigger a webhook event, so maybe you want to check for pusher too in this case.
Related
I have created a custom PR status check to validate my PR follows a conventional commit like pattern. This is in Azure Devops Git, not Github. To do this, I created an Azure Function App and setup a status check in Azure Devops. Here is the configuration:
I enabled the PR status check for my branch. Here is the config for that:
The PR status check appears and actually works....when I invoke the call manually. I can use postman to invoke my function (with a PAT I generated for my account) and it will update the status on the PR. But if I commit to the branch, the step sits there on the validation step even though I have the checkbox checked to "Reset status when there are new changes".
This is what it looks like after I invoke the function manually through postman
I would expect the system (AZDO in this case) to invoke my function every time a new iteration was created (i.e. when a new commit is pushed to the branch). Can someone point out what I'm missing? Thanks!
Ended up coming up with solution. I don't have privs to add a an authenticate an application to run the pipeline because of the way our org is setup. So I created a node script to accomplish what the function app is supposed to do.
We are using Azure Pipelines to spin up pull request environments, but we are looking for the best way to delete the environments when the PR is closed (completed/abandoned).
Currently, we use a service hook that fires when the PR status is changed, hitting a custom Azure Function API, which then determines whether to delete the environment and, if so, deletes it.
This seems like it would be a common scenario, so wondering if there are better alternatives?
This seems like it would be a common scenario, so wondering if there are better alternatives?
Agree with Shayki. What you are doing is the best way, and this is what we are currently using.
That because azure devops does not have the feature to trigger the pipeline after the PR completed. Pull request trigger and Build Validation both trigger the pipeline when the PR starts.
So, we need create a service hook to monitor PR status. If the PR status changes, the pipeline is triggered through API or Application.
I have set up a GitHub workflow to send a POST request every 3 hours. What happens when somebody forks my repository on GitHub? Now there would be two repositories with the same workflow. Is GitHub going to send 2 requests every 3 hours? How can I prevent this?
To my knowledge, this should not disturb your scheduled build.
Even though they have your workflow file, they will not have access key to send the request if you have maintained the key outside the workflow file.
Some references:
https://github.community/t5/GitHub-Actions/Stop-github-actions-running-on-a-fork/td-p/51499
https://github.community/t5/GitHub-Actions/Protecting-github-workflows/td-p/30290
https://help.github.com/en/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository
https://help.github.com/en/github/getting-started-with-github/fork-a-repo
Environment:
BitBucket
Concourse 3.14.0
Wondering is it possible to configure Concourse pipeline with Git webhook which will check if new commit has happened and it would trigger a pipeline build based on that trigger? I looked at https://concourse-ci.org/resources.html#resource-webhook-token, but it does not tell me how to get a webhook token from Concourse and if it does support what I am asking.
Any feedback is very much appreciated.
Concourse resources usually pull any new versions every minute or so. Whenever this frequency doesn't suit your needs, you can modify it with the check_every resource property. But values lower that 1m (one minute) are typically considered aggressive. Github implements quotas for API calls and when you have many pipelines, you don't want them to fail because you've hit some quota limits.
In case you want Concourse to immediately react on published new versions for the pipeline resources, you need to reverse the pattern. Instead of Concourse pulling any new versions at some defined frequency, you start pushing the information to Concourse that some new versions are to be pulled. This reversed “push” pattern involves triggering “resource checks” whenever new versions are created on the resource.
Trigger immediate resource checks
Every Concourse resource can enable a resource-check triggering URL with the webhook_token resource property. This URL includes the webhook_token secret in its query string, and is supposed to receive a mere POST HTTP request.
With Github repositories, you can POST to this URL with a Github workflow, relying on a standard Github action from the marketplace (recommended, first choice), or a Github webhook (second choice).
Using a Github workflow
You need to commit and push a YAML file in the .github/workflows folder of your Github repository, in order to define your workflow. Refer to the documentation of the “Trigger Concourse resource-check” action for detailed examples. It's very easy, as only five simple inputs need to be configured.
Using a Github webhook
With this alternative, you can manually setup a Github webhook in your repository. The URL depends on the resource for which an immediate check is to be triggered, so you can't set it up at your Github organization level. The webhook_token secret in appended in clear-text to the URL set up for the webhook, and can't be stored as a Github secret. Github webhook don't support fetching any Github secret.
And in case you're bored of manually set up webhooks, automated setup is possible with the github-webhook resource. You can even trigger the webhook recreation whenever the webhook_token secret changes in Credhub, with the help of the Credhub resource. I've done some working code implementing this idea, see those example jobs and those example resource definitions.
But I definitely recommend using a Github workflow with the “Trigger Concourse resource-check” action as a first choice.
I think you are looking for this resource - https://github.com/concourse/git-resource
It automatically checks for any new commit in your git repository and you can run other jobs based on that.
Example pipeline.yml:
resources:
- name: git-repo
type: git
source:
uri: git#github.com:concourse/git-resource.git
branch: master
private_key: {{GIT_KEY}}
jobs:
- name: run-on-new-commit
- get: git-repo
trigger: true
- task: do-something-else
I'm trying to set up an automated CI process GitHub and Jenkins. The goal is to have developers create feature branches and generate pull requests that are automatically merged (if they pass build, of course) using Jenkins Github Pull Request Merger.
It is a further goal to require that pull requests be against an open GitHub issue. For us, that means that either the pull request title or at least one of the pull request commit messages must contain a substring like "fixes #NN" where #NN must reference an open GitHub issue. This 'issue_opened' check is also automated - our 'issue_opened' GitHub App queries the GitHub issues and examines commit messages and the PR title, then it POSTs the pull request with a status (for testing purposes I'm always posting 'failure').
The process envisioned is as follows:
1. Feature branch pushes are automatically built by Jenkins.
2. When a feature branch is ready and passes Jenkins testing, a developer will generate a pull request; this automatically triggers steps 3 & 4, each running independently:
3. Our 'issue_opened' GitHub App very quickly POSTs a status to the pull request.
4. Jenkins performs the build - it takes much longer than step 3. If the build passes, Jenkins applies that status. If all statuses are 'success', the pull request is automatically merged.
What I observe:
Currently, my pull requests are merging feature branches to master. Master is protected (GitHub master branch: Settings>Branches>Protect this branch>Require status checks to pass before merging and the 'issue_opened' status check is set to Required.) Everything works as planned, except that the Github Pull Request Merger breaks GitHub convention and only respects its own status, not the other statuses.
So the PR merge depends only on Jenkins:
After step 3 POSTs a 'failure' status but before step 4 completes, GitHub reports that "Required statuses must pass before merging" and indicates that the 'issue_opened' status is 'failure'. But when the Jenkins build succeeds, the merge takes place anyway.
FWIW, the merge also happens if the feature branch already has a bad status at the time the pull request is created.
Any way I can get this to do what I want?
After more desperate fiddling I tried enabling the GH master branch protection setting Settings>Branches>Protected Branches>master>Protect this branch>Include administrators and 'voila': it pretty much works for me, more or less:
Jenkins Github Pull Request Merger still tries to do the merge, but GitHub returns this:
HTTP response code: 405, message: 'Method Not Allowed'.
As a result of the rc 405, Jenkins generates a java.io.IOException and regurgitates this json message from GH:
{"message":"2 of 2 required status checks have not succeeded: 1 failing and 1 pending.","documentation_url":"https://help.github.com/enterprise/2.10/user/articles/about-protected-branches"}
Jenkins then POSTS a 'failure' status (which one might quibble over because the build itself didn't fail).
This makes sense, since I am an admin for this repo, but I didn't anticipate that the Jenkins Github Pull Request Merger would not check the statuses. But I'm very pleased that this will get the job done for me, though from my point of view it would be cleaner if Jenkins first posted the build status, then POSTed the merge. Even better, if it checked the statuses it could simply skip the attempt to POST, and I wouldn't have had to enable the Include administrators protection. As it stands, I don't see a way to clear the Jenkins-posted failure status on the pull request. So we'll have to close such failed pull requests and create new ones.
Additional Info
Since posting initial answer I have discovered that one must not set/enable the GitHub Branch protections status check that comes from the Jenkins build. If it is not enabled, one can close the failed pull request, correct whatever problems caused other status checks or the Jenkins build to fail, and then start the pull request process over again by opening a new pull request.