Environment:
BitBucket
Concourse 3.14.0
Wondering is it possible to configure Concourse pipeline with Git webhook which will check if new commit has happened and it would trigger a pipeline build based on that trigger? I looked at https://concourse-ci.org/resources.html#resource-webhook-token, but it does not tell me how to get a webhook token from Concourse and if it does support what I am asking.
Any feedback is very much appreciated.
Concourse resources usually pull any new versions every minute or so. Whenever this frequency doesn't suit your needs, you can modify it with the check_every resource property. But values lower that 1m (one minute) are typically considered aggressive. Github implements quotas for API calls and when you have many pipelines, you don't want them to fail because you've hit some quota limits.
In case you want Concourse to immediately react on published new versions for the pipeline resources, you need to reverse the pattern. Instead of Concourse pulling any new versions at some defined frequency, you start pushing the information to Concourse that some new versions are to be pulled. This reversed “push” pattern involves triggering “resource checks” whenever new versions are created on the resource.
Trigger immediate resource checks
Every Concourse resource can enable a resource-check triggering URL with the webhook_token resource property. This URL includes the webhook_token secret in its query string, and is supposed to receive a mere POST HTTP request.
With Github repositories, you can POST to this URL with a Github workflow, relying on a standard Github action from the marketplace (recommended, first choice), or a Github webhook (second choice).
Using a Github workflow
You need to commit and push a YAML file in the .github/workflows folder of your Github repository, in order to define your workflow. Refer to the documentation of the “Trigger Concourse resource-check” action for detailed examples. It's very easy, as only five simple inputs need to be configured.
Using a Github webhook
With this alternative, you can manually setup a Github webhook in your repository. The URL depends on the resource for which an immediate check is to be triggered, so you can't set it up at your Github organization level. The webhook_token secret in appended in clear-text to the URL set up for the webhook, and can't be stored as a Github secret. Github webhook don't support fetching any Github secret.
And in case you're bored of manually set up webhooks, automated setup is possible with the github-webhook resource. You can even trigger the webhook recreation whenever the webhook_token secret changes in Credhub, with the help of the Credhub resource. I've done some working code implementing this idea, see those example jobs and those example resource definitions.
But I definitely recommend using a Github workflow with the “Trigger Concourse resource-check” action as a first choice.
I think you are looking for this resource - https://github.com/concourse/git-resource
It automatically checks for any new commit in your git repository and you can run other jobs based on that.
Example pipeline.yml:
resources:
- name: git-repo
type: git
source:
uri: git#github.com:concourse/git-resource.git
branch: master
private_key: {{GIT_KEY}}
jobs:
- name: run-on-new-commit
- get: git-repo
trigger: true
- task: do-something-else
Related
I have been reading the Azure Devops docs and I am completely confused by them. All I want to is something very simple (simple with Github Actions in Github anyway) where
A developer creates a PR.
As the PR is created Azure runs all the associated Cypress tests
If any fail then the notes at the top of the PR indicate this. For example just next to the bit where it says 'there are merge conflicts'
We had this working in Github, but I can't figure it out here.
Thanks
There is no extension like "Cypress GitHub app" in azure devops, so it is impossible to achieve exactly the same function as in github pull request.
As a workaround , you can try to add status policy.
Using status alone, details from an external service can be provided
to users within the PR experience. Sometimes, sharing information
about a PR is all that is necessary, but in other cases PRs should be
blocked from merging until requirements are met. Like the in-box
policies, the Status policy provides a way for external services to
block PR completion until requirements are met. If the policy is
required, it must pass in order to complete the pull request. If the
policy is optional, it is informational only, and a status of
succeeded is not required in order to complete the pull request.
External services can use the PR Status API to post detailed status to your PRs. The branch policy for external services brings the ability for those 3rd party services to participate in the PR workflow and establish policy requirements. This article guides you through the process of configuring a branch policy for a service that is posting PR status.
In addition, here is a ticket about how to create required pull request status check, you can refer to it.
I have a public GitHub repo with some Azure Pipelines yml template files. I want to create a pipeline that uses these templates. I don't want to use an OAuth based service connection, because the whole concept of an OAuth Service Connection is simply ridiculous for a CI/CD environment since the tokens expire and need to be tied to a specific user. I also don't want to use a GitHub PAT because it seems ridiculous to have a PAT (again tied to a specific user) to access a public GitHub repo.
How can I create my pipeline so it is not tied to a specific user?
I would like to have something like this
resources:
repositories:
- repository: templates
type: github
name: APublicGitHubOrg/APublicGitHubRepo
ref: ref/heads/master
extends:
template: TheTemplate.yml
but that doesn't work because endpoint is a required property.
Ok...so how can I create an endpoint for GitHub without tying it to a user or having an expiration?
Unfortunately, Repository templates requires an endpoint, and GitHub repos require a GitHub service connection for authorization, which requires either Grant authorization or Personal access token.
If you really want to this feature, please submit a suggestion at website below, product team will evaluate it carefully:
https://developercommunity.visualstudio.com/content/idea/post.html?space=21
When reading the documentation, it says that when doing a pull request, the "source" azure pipelines file is read when doing the PR check.
How is this in any way secure? Any developer that executes a pull request can now use the service connections the build might use and do whatever they want with it.
In other systems, it always uses the target branch CI configuration for pull requests. Is there any way to configure Azure Devops for this behavior?
What's the best practice here?
I have created a single job in Jenkins to be triggered by commit on any branches in the GitHub using Webhook.
I want to create a custom workspace for each job trigger with respective to the branch commit.
I Tried following options and could not achieve it. Appreciate for any help.
Job Name : Test_Clone
Used advance options in general section and tried below options to name the workspace dynamically.
Test_Clone_${GIT_BRANCH} - always gives the branch name from previous build.
Test_Clone_${ref} - tried to use ref as defined in GitHub webhook payload, with no result.
To achieve: Ex: Commit from GitHub branch release-2.13.0, Jenkins should create workspace with name Test_Clone_release-2.13.0.
You might try and setup
first a payload variable in your Jenkins build, as described in "How to process a github webhook payload in Jenkins?"
then a webhook url (on GitHub side) of:
http://<<yourserver>>/job/<<yourjob>>/buildWithParameters?token=<<yourtoken>>
Then your Jenkins job would have the xml webhook payload in it, which you can analyze (with jq) and extract the 'ref' which includes the branch name.
From there, I would call (chain) a second job with a "branch" parameter (unless you can write a pipeline DSL with Jenkins 2) with that branch name, in order for the second job to use a custom workspace name based on that parameter
I am familiar with Jenkins Pull Request Builder and I had set up a freestyle job with it to build my project based on the comment that authorized user put. (For example test in prod) in the past.
Now I am trying to use a Jenkins 2.0 with github organization plugin for one of my project.
this is the scenario:
A User is making a PR to master(or some other sensitive branch)
A test is going to get run automatically.
After the test past, an authorized user needs to go to the PR and put a comment Deploy to test environment and then a jenkinsfile that was waiting for this input needs to get trigger.
I just dont know how to do the step 3. how do I make jenkins pipeline job listen for comments in github repo pull requests? the Jenkins documentation is not really clear about the input from user part.
I read this thread answer but the documentation about the Gates approval is really limited.
I know this is super late, but here's some info for future Googlers:
I have a Github webhook that sends the event to a Lambda function that will parse the event for a specific comment string, then create an HTTP POST request for the Jenkins job, which is configured to allow builds to be triggered remotely.
So: open PR > comment on PR 'Deploy to test environment' > webhook sends to AWS APIGateway > AWS SNS topic > AWS Lambda > parse the event for comment > If comment matches, create HTTP POST > Jenkins receives request and runs job
There's a lot of documentation on this, but none of it together, so here are the resources that I used:
Regarding allowing jobs to be triggered remotely:
https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API
Using Github to trigger Lambda function:
https://aws.amazon.com/blogs/compute/dynamic-github-actions-with-aws-lambda/
Github API. You will want to pay particular attention to the Issues API:
https://developer.github.com/webhooks/