Check out what's in the latest release of Kabanero Learn More

Connecting Kabanero to GitHub with Tekton Webhooks

A webhook is an outbound HTTP request that helps you create a relationship between your GitHub repository and a particular URL, in this case a Tekton pipeline. After you configure the webhook, changes you make in your GitHub repository will trigger the Tekton pipeline and its associated tasks.

Prerequisites

Create a persistent volume

Tekton pipelines need a persistent volume. If there is no network storage available, create a hostPath pv. For more information, see Creating a persistent volume.

Generate a GitHub access token.

You need to generate a GitHub personal access token to use for creating the webhook and for accessing the repository source code during PipelineRuns. To generate the token:

  1. Go to github.com/settings/tokens and click Generate new token.

  2. Check the admin:repo_hook option and click Generate token. If you are working in a private repository, more options might be required. Check with your administrator for details. Make sure to save the token to a file since you can’t see it after you leave this page.

Create secrets.

If you are working with a private or enterprise GitHub repository, you need to store your access token in a Kubernetes secret. If you are working with a public GitHub repository, you do not need to create a secret for your Tekton dashboard webhook.

  1. From your Tekton Dashboard, select Secrets from the sidebar menu and click Add Secret.

  2. Give your secret a unique name.

  3. For the Namespace, select kabanero from the drop-down list.

  4. For Access To:, select Git Server from the drop-down list.

  5. Enter your GitHub username and the personal access token you generated in the previous section.

  6. Select the service account that is used by the pipeline you want to trigger.

If you want to push the image to Docker Hub, you need to create a separate secret to connect to Docker Hub. Follow the same procedure but use your Docker Hub username and password. For Access To:, select Docker Registry from the drop-down list.

Create a webhook.

  1. From your Tekton Dashboard, select webhooks from the sidebar menu and click Add Webhook.

  2. Enter your information in the Create Webhook window.

    Name

    Give your webhook a distinctive name.

    Repository URL

    The URL of the GitHub repository that you want to connect to Kabanero.

    Access token

    Use this field to create a secret to store your GitHub personal access token. Even if you already created a token-based Git secret from your Tekton Dashboard, you must also store your GitHub personal access token in this field. Click the green plus icon beside the field to open the Create Access Token Secret window.

    Give your access token secret a descriptive name. In the Access token field, enter the GitHub personal access token that you previously generated in the Generate a GitHub access token step.

    Namespace

    Select the Kubernetes namespace in which you want to run your pipeline. In this case, choose kabanero.

    Pipeline

    Select the Pipeline in your target Namespace. PipelineRuns (and their accompanying PipelineResources) are created in this namespace. For more information, see Kabanero Pipelines.

    Service Account

    Select a service account to be used by the PipelineRun. There are two default service account options. Either of these accounts can be used as a template to create your own customized service accounts that fit your pipeline requirements.

    • If you are deploying pipelines in a single namespace, OpenShift provides the pipeline service account, which has permissions to build and push an image. This service account can be used with simple pipelines. However, it has limited access to the current namespace and does not work for cross-namespace operations and deployments.

    • If you need to deploy pipelines across multiple namespaces, the Kabanero operator provides the kabanero-pipeline service account with this capability. If you are running a custom pipeline that requires more or less access than the kabanero-pipline service account is configured to provide, do not edit this account . Instead, create a new service account, such as custom-kabanero-pipeline-sa, and configure it according to your needs. For example service accounts, see the Kabanero pipelines repo.

    Docker registry

    Select the Docker registry where any built images are pushed. Use the same Docker registry that you created a secret for previously. For Docker Hub, use index.docker.io/<docker_id>. For an internal registry, use docker-registry.default.svc:5000/kabanero. If the namespace that is associated with your internal registry is not kabanero, use docker-registry.default.svc:5000/your-namespace.

  3. After you complete the necessary information, click Create.

Confirm your webhook.

  1. Look for the webhook in your GitHub Repository.

    • From your GitHub repository, go to the settings tab and select Webhooks from the sidebar menu. Look for the webhook you created. Sometimes the webhook initially shows a 504 error icon but after the webhook is used it changes to a green check mark.

  2. Update code and merge a PR.

    • Make any update to your code, create a PR, and merge it. This change kicks off a PipelineRun.

  3. Check the PipelineRun from your Tekton Dashboard.

    • From your Tekton Dashboard, select PipelineRuns from the sidebar menu. Look for the PipelineRun you just kicked off.

Your GitHub repo is connected to Kabanero with a webhook. Changes in your code can now automatically trigger tasks that are specified by the pipeline.