The diagram above shows the initial configuration required prior to using the webhooks extension. The process consists of:
-
Installing the necessary parts of Tekton
-
Installing the
TriggerTemplatefor yourPipelineinto the same namespace as the Tekton installation. YourTriggerTemplatemust currently be named<pipeline-name>-template. -
Installing the
TriggerBindingsfor your pipeline into the same namespace as the Tekton installation. You need to install twoTriggerBindingsperPipeline, one for pull request events and one for push events. It is believed that this is likely to be changed in a future release. YourTriggerBindingsmust currently be named<pipeline-name>-push-bindingand<pipeline-name>-pullrequest-binding. -
Creating secrets for accessing GitHub/Gitlab and Docker and patching them onto the service account under which you want your
PipelineRunto execute. These secrets need creating in the target namespace where you want yourPipelineto run. -
Installing the
Pipelineinto the target namespace where you want thePipelineto run.
Note: On installation of the webhooks extension a number of Tasks and Deployments are installed that are used by the webhooks extension - these are omitted from the diagram above as they are installed automatically as a consequence of installing the webhooks extension.
The diagram above shows the events that take place when webhooks are created via the UI. The process consists of:
-
Creating or updating the
EventListenerfrom a dashboard webhook request. For each webhook, two triggers are created. These triggers are for push and pull request webhook payloads from GitHub/Gitlab, where each payload is structured differently (highly likely you will need different bindings for the payload). A third trigger is created for webhooks on a distinct GitHub/Gitlab repository (no such webhook exists yet). This trigger is for the monitor taskrun that is created when a pull request event occurs on the repository. For each trigger, an extraTriggerBindingis created to contain settings used during webhook creation. -
Creation of a ingress/route which exposes the
EventListenerto the world outside of the cluster. -
Creation of the actual webhook in GitHub/Gitlab (if one does not already exist).
The diagram above shows what occurs at runtime when webhooks are triggered. The process consists of:
-
All webhooks communicate with a single ingress/route as an access point to the cluster.
-
The ingress/route is backed by the
EventListenerservice. TheEventListeneriterates over all of the triggers defined in theEventListenercustom resource (labeled 3) and sends a request for each trigger to the interceptor service (labeled 4). -
The interceptor section for each trigger within the
EventListenercontains conditions under which that trigger should operate. For example, the event is from git repository X and the event is a pull_request. -
The interceptor service's response to each request determines whether or not the trigger is valid for the incoming webhook event. The interceptor checks:
-
Valid secret token in request header - secret token defined at webhook creation matches the secret token on the incoming webhook.
-
Repository URL matches - so we only activate a trigger for a selected repository.
-
Webhook event matches - so we only activate a trigger for a selected event type, a push or pull request event.
-
-
The Tekton Triggers code creates the necessary
PipelineResources,PipelineRunsetc... as defined in theTriggerTemplate- substituting parameters as defined in the user suppliedTriggerBindingor from theTriggerBindingcreated automatically during webhook creation.
In the case that the event type is a pull request, a monitor taskrun will be created to monitor the PipelineRuns and report status onto the pull request in GitHub/Gitlab.