In this post I discuss build on push to GitHub and build on push to Git. This was originally posted to reddit.
Build on push to GitHub
For GitHub webhooks,
Prerequisites you need
- A service account in GitHub with a personal access token that has
- The service account must be an admin on the intended repository for the multibranch pipeline. This is necessary so Jenkins can automatically configure webhooks.
- Inbound connectivity or delivering payloads from GitHub to your internal Jenkins. You can achieve this three ways that I know of off hand.
- A proxy which receives webhook payloads and passes them on to Jenkins without exposing Jenkins to GitHub.
- Allow GitHub to directly communicate with your Jenkins instance. If you do this, GitHub publishes their network addresses so you should limit access only to GitHub webhook IP addresses.
- Using a webhook relay service like https://webhookrelay.com/
- Configure a String credential and note the credential you create. Set the scope to system so that it is not widely available to users.
- Configure the GitHub plugin in Jenkins to enable manage Hooks (link to script console script). Set credential ID to your token credential.
- Use GitHub branch source configuration (link to Job DSL script) on multibranch pipelines.
- If you’re configuring the multibranch job manually, then it will register webhooks when you save the job.
- If you’re configuring it with Job DSL scripts, then you’ll need a post-job system groovy script to run after Job DSL creates the jobs.
Build on push to Git
If you configure your jobs with the Git plugin, then you can
utilize the Git plugin feature
notifyCommit where you make a GET
/git/notifyCommit?url=<url encoded git repository>. This will
trigger all multibranch pipelines which use the encoded
git clone URL to
perform a multibranch Scan.
Let’s say you configure a multibranch pipeline job to clone source code from https://gitlab.gnome.org/GNOME/gimp. Then you would configure a hook in GitLab to call the following URL.
It is an okay practice to allow webhooks and periodic scans to ensure that you don’t miss any calls for scanning.
You can also configure post-receive hooks on classic Git repositories for push events.