A handler written in Go that demonstrates interacting with GitHub through a webhook.
- A Kubernetes cluster with Knative installed. Follow the installation instructions if you need to create one.
- Docker installed and running on your local machine, and a Docker Hub account configured (we'll use it for a container registry).
- An account on GitHub with read/write access to a repository.
- Use Docker to build a container image for this service. Replace
{username}with your Docker Hub username in the following commands.
export DOCKER_HUB_USERNAME=username
# Build the container, run from the project folder
docker build -t ${DOCKER_HUB_USERNAME}/gitwebhook-go .
# Push the container to the registry
docker push ${DOCKER_HUB_USERNAME}/gitwebhook-go-
Create a secret that holds two values from GitHub, a personal access token used to make API requests to GitHub, and a webhook secret, used to validate incoming requests.
-
Follow the GitHub instructions to create a personal access token. Ensure to grant the
repopermission to give read/write access to the personal access token. -
Base64 encode the access token:
$ echo -n "45d382d4a9a93c453fb7c8adc109121e7c29fa3ca" | base64 NDVkMzgyZDRhOWE5M2M0NTNmYjdjOGFkYzEwOTEyMWU3YzI5ZmEzY2E=
-
Copy the encoded access token into
github-secret.yamlnext topersonalAccessToken:. -
Create a webhook secert value unique to this sample, base64 encode it, and copy it into
github-secret.yamlnext towebhookSecret::$ echo -n "mygithubwebhooksecret" | base64 bXlnaXRodWJ3ZWJob29rc2VjcmV0
-
Apply the secret to your cluster:
kubectl apply -f github-secret.yaml
-
-
Next, update the
service.yamlfile in the project to reference the tagged image from step 1.
apiVersion: serving.knative.dev/v1alpha1
kind: Service
metadata:
name: gitwebhook
namespace: default
spec:
runLatest:
configuration:
revisionTemplate:
spec:
container:
# Replace {DOCKER_HUB_USERNAME} with your actual docker hub username
image: docker.io/{DOCKER_HUB_USERNAME}/gitwebhook-go
env:
- name: SECRET_TOKEN
valueFrom:
secretKeyRef:
name: githubsecret
key: secretToken
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: githubsecret
key: accessToken- Use
kubectlto apply theservice.yamlfile.
$ kubectl apply -f service.yaml
service "gitwebhook" created-
Finally, once the service is running, create the webhook from your GitHub repo to the URL for this service. For this to work properly you will need to configure a custom domain and assign a static IP address.
-
Retrieve the hostname for this service, using the following command:
$ kubectl get services.serving.knative.dev gitwebhook \ -o=custom-columns=NAME:.metadata.name,DOMAIN:.status.domain NAME DOMAIN gitwebhook gitwebhook.default.example.com
-
Browse on GitHub to the repository where you want to create a webhook.
-
Click Settings, then Webhooks, then Add webhook.
-
Enter the Payload URL as
http://{DOMAIN}, with the value of DOMAIN listed above. -
Set the Content type to
application/json. -
Enter the Secret value to be the same as the original base used for
webhookSecretabove (the original value, not the base64 encoded value). -
Select Disable under SSL Validation, unless you've enabled SSL.
-
Click Add webhook to create the webhook.
-
Once deployed, you can inspect the created resources with kubectl commands:
# This will show the Knative service that we created:
kubectl get service.serving.knative.dev -o yaml
# This will show the Route, created by the service:
kubectl get route -o yaml
# This will show the Configuration, created by the service:
kubectl get configurations -o yaml
# This will show the Revision, created by the Configuration:
kubectl get revisions -o yamlNow that you have the service running and the webhook created, send a Pull
Request to the same GitHub repo where you added the webhook. If all is working
right, you'll see the title of the PR will be modified, with the text
(looks pretty legit) appended the end of the title.
To clean up the sample service:
kubectl delete -f service.yaml