GitHub webhook sample - Go

A handler written in Go that demonstrates interacting with GitHub through a webhook.

Before you begin

You must meet the following requirements to run this sample:

• Own a public domain. For example, you can create a domain with Google Domains.
• A Kubernetes cluster running with the following:
• Knative Serving must be installed. For details about setting up a Knative cluster, see the installation guides.
• Your Knative cluster must be configured to use your custom domain.
• You must ensure that your Knative cluster uses a static IP address:
  • For Google Kubernetes Engine, see assigning a static IP address.
  • For other cloud providers, refer to your provider's documentation.
• An installed version of Docker.
• A Docker Hub account to which you are able to upload your sample's container image.

Build the sample code

1. Download a copy of the code:

git clone -b "v0.23.0" https://github.com/knative/docs knative-docs
cd knative-docs/docs/serving/samples/gitwebhook-go

1. Use Docker to build a container image for this service. Replace {DOCKER_HUB_USERNAME} with your Docker Hub username in the following commands.

export DOCKER_HUB_USERNAME=username

# Build the container, run from the project folder
docker build -t ${DOCKER_HUB_USERNAME}/gitwebhook-go .

# Push the container to the registry
docker push ${DOCKER_HUB_USERNAME}/gitwebhook-go

1. Create a secret that holds two values from GitHub:

2. A personal access token that you will use to make API requests to GitHub.

3. Ensure that you grant read/write permission in the repo for that personal access token.

4. Follow the GitHub instructions to

5. A webhook secret that you will use to validate requests.

6. Base64 encode the access token:

   $ echo -n "45d382d4a9a93c453fb7c8adc109121e7c29fa3ca" | base64
   NDVkMzgyZDRhOWE5M2M0NTNmYjdjOGFkYzEwOTEyMWU3YzI5ZmEzY2E=
   

7. Copy the encoded access token into github-secret.yaml next to personalAccessToken:.

8. Create a webhook secret value unique to this sample, base64 encode it, and copy it into github-secret.yaml next to webhookSecret::

   $ echo -n "mygithubwebhooksecret" | base64
   bXlnaXRodWJ3ZWJob29rc2VjcmV0
   

9. Apply the secret to your cluster:

   kubectl apply --filename github-secret.yaml
   

10. Next, update the service.yaml file in the project to reference the tagged image from step 1.

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: gitwebhook
  namespace: default
spec:
  template:
    spec:
      containers:
        - # Replace {DOCKER_HUB_USERNAME} with your actual docker hub username
          image: docker.io/{DOCKER_HUB_USERNAME}/gitwebhook-go:latest
          env:
            - name: GITHUB_PERSONAL_TOKEN
              valueFrom:
                secretKeyRef:
                  name: githubsecret
                  key: personalAccessToken
            - name: WEBHOOK_SECRET
              valueFrom:
                secretKeyRef:
                  name: githubsecret
                  key: webhookSecret

1. Use kubectl to apply the service.yaml file.

$ kubectl apply --filename service.yaml

Response:

service "gitwebhook" created

1. Create a webhook in your GitHub repo using the URL for your gitwebhook service:

2. Retrieve the hostname for this service, using the following command:

   $ kubectl get ksvc gitwebhook \
      --output=custom-columns=NAME:.metadata.name,DOMAIN:.status.domain
   

   Example response:

   NAME                DOMAIN
   gitwebhook          gitwebhook.default.MYCUSTOMDOMAIN.com
   

   where MYCUSTOMDOMAIN is the domain that you set as your custom domain.

3. Go to the GitHub repository for which you have privileges to create a webhook.

4. Click Settings > Webhooks > Add webhook to open the Webhooks page.

5. Enter the Payload URL as http://{DOMAIN}, where {DOMAIN} is the address from the kubectl get ksvc gitwebhook command. For example: http://gitwebhook.default.MYCUSTOMDOMAIN.com

6. Set the Content type to application/json.

7. Enter your webhook secret in Secret using the original base value that you set in webhookSecret (not the base64 encoded value). For example: mygithubwebhooksecret

8. If you did not enabled TLS certificates, click Disable under SSL Validation.

9. Click Add webhook to create the webhook.

Exploring

Once deployed, you can inspect the created resources with kubectl commands:

# This will show the Knative service that we created:
kubectl get ksvc --output yaml

# This will show the Route, created by the service:
kubectl get route --output yaml

# This will show the Configuration, created by the service:
kubectl get configurations --output yaml

# This will show the Revision, created by the Configuration:
kubectl get revisions --output yaml

Testing the service

Now that you have the service running and the webhook created, send a Pull Request to the same GitHub repo where you added the webhook. If all is working right, you'll see the title of the PR will be modified, with the text (looks pretty legit) appended the end of the title.

Cleaning up

To clean up the sample service:

kubectl delete --filename service.yaml