Configure webhook triggers

5 minute readExtensibility

The SCM repository sends a post call to CloudBees CD/RO at a preconfigured endpoint, which processes the payload to run the target object.

In summary, here is what you need in order to trigger on webhooks:

  • One-time setup:

  • For each event trigger:

    1. Configure a webhook trigger: In the CloudBees CD/RO server, configure the event trigger on the desired object.

    2. Create a repository webhook: If not automatically configured when the trigger was created, explicitly configure the corresponding webhook in the GitHub or Bitbucket repository.

Create a service account

Service accounts are for webhook triggers only. You must have access rights to create a service account. Contact your CloudBees CD/RO site administrator for assistance.

Service accounts broker all webhook interactions between the GitHub and Bitbucket repositories and the CloudBees CD/RO webhook trigger. Access tokens are used by the service account to link webhook triggers to third-party systems.

Objects created when a service account runs a webhook trigger have the service account set as the object owner, and the owner name is serviceAccount:<serviceAccountName>. Because the service account does not inherit privileges from the Everyone group, all privileges for a service account must be specified explicitly. For example, to send email notifications when a pipeline has a service account as an owner, the service account must have the execute privilege configured for the related email configuration.

To create a service account:

  1. From the CloudBees navigation, select CloudBees CD/RO.

  2. From the CloudBees CD/RO main menu, navigate to Administration  Configurations  Service accounts. The Service Accounts dashboard displays.

  3. Select Add service account. The New Service Account dialog displays.

  4. Enter the service account Name and an optional Description. The best practice is to choose a name that represents the connection, such as GitHub. Select OK to save the new account.

  5. Continue configuring service account settings. Refer to Modify service account attributes.

Modify service account attributes

Select the three-dots three-dots menu to continue configuring the service account.

  • Modify service account name and description by selecting Details.

  • Select DSL Export to download the service account in a DSL file.

  • Modify associated properties and property sheets by selecting Properties. For more information, refer to Configure properties or property sheets.

  • Configure authentication credentials by selecting Access tokens.

  • Specify explicit permissions for service account by selecting Access Control.

  • Remove the service account by selecting Delete.

Configure a webhook trigger

You can configure a webhook trigger from the Triggers page or at the time you run an object. Once the trigger is configured, it is armed and ready for the specified event.

To configure a webhook trigger:

  1. Create the trigger. There are two options:

    • Option 1: From the CloudBees CD/RO main menu, select DevOps Essentials  Triggers. Select Add trigger at the top right of the screen.

    • Option 2: Navigate to the object on which you want to set the trigger, select Run, and then select Triggers. The object’s trigger list displays. Select Add + to add a new trigger or select Edit to edit an existing trigger.

  2. Enter the following information:

    Field name

    Description

    Trigger Name

    A user-defined name for this trigger object.

    Project

    Name of project to be associated with the trigger object.

    Description

    Details about the trigger object.

    Object

    Select one of the following an object types: Release, Pipeline, Procedure, or Source code synchronization.

    Object Name

    Select the name of the release, pipeline, procedure, or source code synchronization.

    Plugin

    Select EC-GitHub or EC-Bitbucket corresponding to the SCM tool you use for source control.

    Trigger Type

    Select Webhook.

    Credential type

    • Use Secret token (GitHub triggers, only) A token which is used when creating the webhook in the source repository.

    • Use credential reference A unique Credential Project and Credential Name used when creating the webhook in the source repository.

    Repositories

    A newline-separated list of repositories in the form organizationName/repositoryName or username/repositoryName. Examples: myorg/testrepo, myorg/testrepo1, `myorg/testrepo2.

    Include Branches

    A comma-separated list of branch names or patterns. Incoming events are discarded if they do not relate to one of the specified branches. Leave empty to process events for all branches except ones specified in the Exclude Branches parameter.

    Exclude Branches

    A comma-separated list of branch names or patterns. Incoming events are discarded when they relate to one of the specified branches. Leave empty to process events for all branches or the ones specified in the Include Branches parameter.

    Process Push Events

    Select this to run the trigger when the new commit appears in one of the monitored branches.

    Process Pull Request Events

    Select this to run the trigger when the pull request event occurs. Provide a list of comma-separated values. Run the trigger when one of the following actions has occurred: opened, edited, closed_merged, closed_discarded, assigned, unassigned, review_requested, review_request_removed, ready_for_review, labeled, unlabeled, synchronize, locked, unlocked, reopened.

    Process Commit Status Events

    (GitHub triggers, only) Select this to run the trigger when the commit status has been changed in one of the specified branches. Provide a comma-separated list of status names from the following: pending, success, failure, error.

    Run Schedule even if another instance is running

    Select as appropriate for your needs.

    Quiet Time Minutes

    The number of minutes check-in-activity must be quiescent before launching the object.

  3. Select Next. The Select Service Account dialog displays.

  4. Select a previously-created service account.

  5. Select Next. A summary of run-time details for the object displays.

  6. Select OK. The Webhook Trigger Successfully Created dialog displays.

  7. To create the webhook automatically in the repository, select Use the plugin procedure to automatically set up this webhook.

    1. Select the configuration to use:

      • Use a pre-configured repository configuration from the Configuration dropdown list.

      • Create a new configuration. Refer to Create a plugin configuration.

      • Supply credentials manually.

    2. Select whether to Bypass SSL Validation. If selected, the repository API does not check the SSL endpoint when sending an event payload.

  8. If creating the repository webhook explicitly, note the secret URL on this page: you use it when you Create a repository webhook.

  9. Select OK to finish.

Create a repository webhook

Once you have set up the service account and configured a webhook trigger, you must create a repository webhook in the SCM.

You must configure the webhook in your source code repository and you must have write privileges for the repository. Before you start, ensure that you have the CloudBees CD/RO webhook endpoint that you created configuring a webhook trigger.

  1. Go to the settings page of your repository or organization.

  2. Follow the steps for your SCM provider:

Create a plugin configuration

Once you have created a repository webhook, you must create a plugin configuration.

For more information, refer to: