Documentation

22. Working with Webhooks

A Webhook provides the ability to execute specified commands between apps over the web. Ansible Tower currently provides webhook integration with GitHub and GitLab. This section describes the procedure for setting up a webhook in Tower through their respective services.

The webhook post-status-back functionality for GitHub and GitLab is designed for work only under certain CI events. Receiving another kind of event will result in messages like the one below in the Tower log:

awx.main.models.mixins Webhook event did not have a status API endpoint associated, skipping.

22.1. GitHub webhook setup

Tower has the ability to run jobs based on a triggered webhook event coming in. Job status information (pending, error, success) can be sent back only for pull request events. If you determine you do not want Tower to post job statuses back to the webhook service, skip steps 1-2, and go directly to step 3.

  1. Optionally generate a personal access token (PAT) for use with Tower.

    1. In the profile settings of your GitHub account, click Settings.

    2. Below the Personal settings, click Developer Settings.

      _images/webhooks-create-webhook-github-settings.png
    3. In the Developer settings, click Personal access tokens.

    4. From the Personal access tokens screen, click Generate new token.

    5. When prompted, enter your GitHub account password to continue.

    6. In the Note field, enter a brief description about what this PAT will be used for.

    7. In the Scope fields, Tower automation webhook only needs repo scope access, with the exception of invites. For information about other scopes, click the link right above the table to access the docs.

    _images/webhooks-create-webhook-github-scope.png
    1. Click the Generate Token button.

    2. Once the token is generated, make sure you copy the PAT, as it will be used by Tower in a later step. You will not be able to access this token again in GitHub.

  2. Use the PAT to optionally create a GitHub credential in Tower:

    1. Go to your Tower instance, and create a new credential for the GitHub PAT using the above generated token.

    2. Make note of the name of this credential, as it will be used in the job template that posts back to GitHub.

    _images/webhooks-create-credential-github-PAT-token.png
    1. Go to the job template with which you want to enable webhooks, and select the webhook service and credential you created in the previous step.

    _images/webhooks-job-template-gh-webhook-credential.png

    1. Click Save. Now your job template is set up to be able to post back to GitHub. An example of one may look like this:

    _images/webhooks-tower-to-github-status.png
  1. Go to a specific GitHub repo you want to configure webhooks and click Settings.

_images/webhooks-github-repo-settings.png
  1. Under Options, click Webhooks.

_images/webhooks-github-repo-settings-options.png
  1. On the Webhooks page, click Add webhook.

  2. To complete the Add Webhook page, you need to enable webhooks in a job template in Tower (or in a workflow job template), which will provide you with the following information:

    1. Copy the contents of the Webhook URL from the Tower job template, and paste it in the Payload URL field. GitHub uses this address to send results to.

    2. Set the Content type to application/json.

    3. Copy the contents of the Webhook Key from the Tower job template above and paste it in the Secret field.

    4. Leave Enable SSL verification selected.

    _images/webhooks-github-repo-add-webhook.png

    1. Next, you must select the types of events you want to trigger a webhook. Any such event will trigger the Job or Workflow. In order to have job status (pending, error, success) sent back to GitHub, you must select Pull requests in the individual events section.

    _images/webhooks-github-repo-choose-events.png
    1. Leave Active checked and click Add Webhook.

    _images/webhooks-github-repo-add-webhook-actve.png
  3. After your webhook is configured, it displays in the list of webhooks active for your repo, along with the ability to edit or delete it. Click on a webhook, and it brings you to the Manage webhook screen. Scroll to the very bottom of the screen to view all the delivery attempts made to your webhook and whether they succeeded or failed.

_images/webhooks-github-repo-webhooks-deliveries.png

For more information, refer to the GitHub Webhooks developer documentation.

22.2. GitLab webhook setup

Tower has the ability to run jobs based on a triggered webhook event coming in. Job status information (pending, error, success) can be sent back only for merge request events. If you determine you do not want Tower to post job statuses back to the webhook service, skip steps 1-2, and go directly to step 3.

  1. Optionally, generate a personal access token (PAT) for use with Tower. This token gives Tower the ability to post statuses back when we run jobs based on a webhook coming in.

    1. In the profile settings of your GitLab account, click Settings.

    2. On the sidebar, under User Settings, click Access Tokens.

      _images/webhooks-create-webhook-gitlab-settings.png
    3. In the Name field, enter a brief description about what this PAT will be used for.

    4. Skip the Expires at field unless you want to set an expiration date for your webhook.

    5. In the Scopes fields, select the ones applicable to your integration. For Tower, API is the only selection necessary.

    _images/webhooks-create-webhook-gitlab-scope.png
    1. Click the Create personal access token button.

    2. Once the token is generated, make sure you copy the PAT, as it will be used by Tower in a later step. You will not be able to access this token again in GitLab.

  2. Use the PAT to optionally create a GitLab credential in Tower:

    1. Go to your Tower instance, and create a new credential for the GitLab PAT using the above generated token.

    2. Make note of the name of this credential, as it will be used in the job template that posts back to GitHub.

    _images/webhooks-create-credential-gitlab-PAT-token.png
    1. Go to the job template with which you want to enable webhooks, and select the webhook service and credential you created in the previous step.

    _images/webhooks-job-template-gl-webhook-credential.png

    1. Click Save. Now your job template is set up to be able to post back to GitLab. An example of one may look like this:

    _images/webhooks-tower-to-gitlab-status.png
  1. Go to a specific GitLab repo you want to configure webhooks and click Settings > Integrations.

_images/webhooks-gitlab-repo-settings.png
  1. To complete the Integrations page, you need to enable webhooks in a job template in Tower (or in a workflow job template), which will provide you with the following information:

    1. Copy the contents of the Webhook URL from the Tower job template above, and paste it in the URL field. GitLab uses this address to send results to.

    2. Copy the contents of the Webhook Key from the Tower job template above and paste it in the Secret Token field.

    3. Next, you must select the types of events you want to trigger a webhook. Any such event will trigger the Job or Workflow. In order to have job status (pending, error, success) sent back to GitLab, you must select Merge request events in the Trigger section.

    4. Leave Enable SSL verification selected.

    5. Click Add webhook.

_images/webhooks-gitlab-repo-add-webhook.png
  1. After your webhook is configured, it displays in the list of Project Webhooks for your repo, along with the ability to test events, edit or delete the webhook. Testing a webhook event displays the results at the top of the page whether it succeeded or failed.

For more information, refer to the GitLab webhooks integrations documentation.

22.3. Payload output

The entire payload is exposed as an extra variable from Tower. To view the payload information, go to the Jobs Detail view of the job template that ran with the webhook enabled. In the Extra Variables field of the Details pane, view the payload output from the tower_webhook_payload variable, as shown in the example below.

_images/webhooks-jobs-extra-vars-payload.png _images/webhooks-jobs-extra-vars-payload-expanded.png