From 3f96b2fd66c2ae3a31f10e94393b8d382354e39d Mon Sep 17 00:00:00 2001 From: Paul Harkink Date: Sun, 1 Mar 2026 00:40:59 +0100 Subject: [PATCH] docs(ex04): add optional git webhook trigger flow --- docs/04-tekton-pipeline.md | 189 +++++++++++++++++++++++++++++++++++++ 1 file changed, 189 insertions(+) diff --git a/docs/04-tekton-pipeline.md b/docs/04-tekton-pipeline.md index 31215f0..7905430 100644 --- a/docs/04-tekton-pipeline.md +++ b/docs/04-tekton-pipeline.md @@ -362,6 +362,194 @@ De naam van een PipelineRun moet uniek zijn: --- +## Bonus: triggeren via Git webhook (optioneel) + +Wil je dat Tekton automatisch runt bij een `git push`? +Dan gebruik je **Tekton Triggers** met een webhook endpoint. + +Als je **GitHub** gebruikt, kun je onderstaande manifests direct volgen. +Gebruik je GitLab/Gitea/Bitbucket, dan blijft het patroon hetzelfde maar de interceptor/payload-mapping kan verschillen. + +### 1. Triggers resources toevoegen + +**`manifests/ci/triggers/kustomization.yaml`** + +```yaml +resources: + - https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml + - https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml + - triggerbinding.yaml + - triggertemplate.yaml + - eventlistener.yaml + - ingress.yaml +``` + +**`manifests/ci/triggers/triggerbinding.yaml`** + +```yaml +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerBinding +metadata: + name: github-push-binding + namespace: tekton-pipelines +spec: + params: + - name: repo-url + value: $(body.repository.clone_url) +``` + +**`manifests/ci/triggers/triggertemplate.yaml`** + +```yaml +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerTemplate +metadata: + name: github-push-template + namespace: tekton-pipelines +spec: + params: + - name: repo-url + default: https://github.com/JOUW_USERNAME/JOUW_REPO.git + resourcetemplates: + - apiVersion: tekton.dev/v1 + kind: PipelineRun + metadata: + generateName: webhook-bump- + namespace: tekton-pipelines + spec: + pipelineRef: + name: gitops-image-bump + taskRunTemplate: + serviceAccountName: pipeline-runner + params: + - name: repo-url + value: $(tt.params.repo-url) + - name: new-tag + value: "6.7.0" + - name: git-user-name + value: "Workshop Pipeline" + - name: git-user-email + value: "pipeline@workshop.local" + workspaces: + - name: source + volumeClaimTemplate: + spec: + accessModes: [ReadWriteOnce] + resources: + requests: + storage: 1Gi + - name: git-credentials + secret: + secretName: git-credentials +``` + +**`manifests/ci/triggers/eventlistener.yaml`** + +```yaml +apiVersion: triggers.tekton.dev/v1beta1 +kind: EventListener +metadata: + name: github-push-listener + namespace: tekton-pipelines +spec: + serviceAccountName: pipeline-runner + triggers: + - name: on-push + interceptors: + - ref: + name: github + params: + - name: secretRef + value: + secretName: github-webhook-secret + secretKey: secretToken + - name: eventTypes + value: + - push + bindings: + - ref: github-push-binding + template: + ref: github-push-template +``` + +**`manifests/ci/triggers/ingress.yaml`** + +```yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: tekton-triggers + namespace: tekton-pipelines +spec: + ingressClassName: nginx + rules: + - host: tekton-webhook.192.168.56.200.nip.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: el-github-push-listener + port: + number: 8080 +``` + +**`apps/ci/tekton-triggers.yaml`** + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tekton-triggers + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "8" +spec: + project: workshop + source: + repoURL: JOUW_FORK_URL + targetRevision: HEAD + path: manifests/ci/triggers + destination: + server: https://kubernetes.default.svc + namespace: tekton-pipelines + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true +``` + +> **HOST** +> ```bash +> git add apps/ci/tekton-triggers.yaml manifests/ci/triggers/ +> git commit -m "feat: voeg Tekton Triggers webhook flow toe" +> git push +> ``` + +### 2. Webhook secret zetten + +> **VM** +> ```bash +> kubectl -n tekton-pipelines create secret generic github-webhook-secret \ +> --from-literal=secretToken='kies-een-sterke-random-string' \ +> --dry-run=client -o yaml | kubectl apply -f - +> ``` + +### 3. GitHub webhook registreren + +- In GitHub: **Settings → Webhooks → Add webhook** +- Payload URL: `http://tekton-webhook.192.168.56.200.nip.io` +- Content type: `application/json` +- Secret: dezelfde waarde als `secretToken` +- Event: **Just the push event** + +Daarna maakt elke push een nieuwe `PipelineRun` aan. + +--- + ## Probleemoplossing | Symptoom | Oplossing | @@ -372,6 +560,7 @@ De naam van een PipelineRun moet uniek zijn: | ArgoCD synchroniseert niet | Klik **Refresh** in de UI | | `root` blijft OutOfSync op app `tekton` | Verwijder de lege `kustomize: {}` uit `apps/ci/tekton.yaml` (Argo normaliseert deze weg in live state) | | Tekton Dashboard toont standaard Nginx/404 | Controleer `apps/ci/tekton-dashboard.yaml` en `manifests/ci/dashboard/ingress.yaml` host/service/poort | +| Webhook maakt geen PipelineRun aan | Check `kubectl get eventlistener -n tekton-pipelines` en controleer GitHub webhook URL/secret/eventtype | ---