Automatically deploys with SaltStack and Webhooks
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Map a Github Webhook to a SaltStack Reactor

Salt has a powerful reactor system that we can take advantage of for automatically deploying via Github Webhook. We could use one of the netapi modules, but to keep thing simple, we will use the basing webhook engine.

Salt Master Configuration

First we need to clone our module on our Salt Master

git clone /srv/salt-deployhook

Then we configure our Master settings

# Ensure that our custom state tree can be found in addition
# to our default salt states
    - /srv/salt
    - /srv/salt-deployhook

# For our example, enable the webhook engine with default values
  - webhook: {}

# A post to our salt master ( )
# Will map to our reactor ( salt://_reactor/autodeploy.sls) 
  - 'salt/engines/hook/github':
    - salt://_reactor/autodeploy.sls

We configure the webhook engine with default settings which will map our webhook endpoint ( ) to the salt event salt/engines/hook/github. Our reactor will then map our salt event to our autodeploy state

Lastly we want to ensure our modules are loaded properly

# Systemd example
# Reload salt-master to pick up our new file_roots
systemctl restart salt-master
# Sync our modules to the salt master
salt-run saltutil.sync_all
# Restart our salt-master once more to ensure our modules are loaded
systemctl restart salt-master

Salt Reactor State

# Our example autodeploy.sls
# Here we map a repository: example/salt
# and a reference: refs/heads/master
# to a state that we want to deploy: salt.repo
        - tgt: role:salt-master
        - tgt_type: grain
        - args:
            - mods: salt.repo

# We can setup other deployment targets as well
        - tgt: role:webserver
        - tgt_type: grain
        - args:
            - mods: mywebapp

How It Works

For specific details, please check the source

Github webhooks contain amongst other things, a repository name and a reference. With these in mind, we create our own renderer module, that will loop through and return the commands that are applicable to our webhook.

Example, if we push a new commit to master on example/salt, our yaml|github renderer pipeline will filter our salt://_reactor/autodeploy.sls state, returning our correct deployment reactor

# End result of filtering
    - tgt: role:salt-master
    - tgt_type: grain
    - args:
        - mods: salt.repo