DEV Community

Cover image for Tekton Triggers with GitHub
mkdev profile image mkdev.me
mkdev.me for mkdev

Posted on • Edited on • Originally published at mkdev.me

Tekton Triggers with GitHub

#tekton #ci #cd #github

Tekton Triggers allow us to automate the instantiation of pipelines based on external events. This means, for instance, we can start a pipeline every time a new pull request is created in our GitHub repository. This is the power of CI/CD in action!

Before we can create a trigger we need to install tekton, triggers and interceptors

 kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml
Enter fullscreen mode Exit fullscreen mode

First we need to create the service account and the permissions:

apiVersion: v1 kind: ServiceAccount metadata: name: tekton-service-account --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: tekton-triggers-minimal rules: # EventListeners need to be able to fetch all namespaced resources - apiGroups: ["triggers.tekton.dev"] resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers", "interceptors"] verbs: ["get", "list", "watch"] - apiGroups: [""] # configmaps is needed for updating logging config resources: ["configmaps"] verbs: ["get", "list", "watch"] # Permissions to create resources in associated TriggerTemplates - apiGroups: ["tekton.dev"] resources: ["pipelineruns", "pipelineresources", "taskruns"] verbs: ["create"] - apiGroups: [""] resources: ["serviceaccounts"] verbs: ["impersonate"] - apiGroups: ["policy"] resources: ["podsecuritypolicies"] resourceNames: ["tekton-triggers"] verbs: ["use"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tekton-triggers-binding subjects: - kind: ServiceAccount name: tekton-service-account roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: tekton-triggers-minimal --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-triggers-clusterrole rules: # EventListeners need to be able to fetch any clustertriggerbindings - apiGroups: ["triggers.tekton.dev"] resources: ["clustertriggerbindings", "clusterinterceptors", "interceptors"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tekton-triggers-clusterbinding subjects: - kind: ServiceAccount name: tekton-service-account namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: tekton-triggers-clusterrole
Enter fullscreen mode Exit fullscreen mode

That we apply with

kubectl apply -f rbac.yaml
Enter fullscreen mode Exit fullscreen mode

After that we are going to create the pipeline that we will use later when we trigger the event.

apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: github-echo-pipeline spec: tasks: - name: echo-message taskSpec: steps: - name: echo image: ubuntu script: | #!/bin/bash echo "Pipeline triggered by a GitHub pull request!"
Enter fullscreen mode Exit fullscreen mode

Let’s execute with

kubectl apply -f pipelines.yaml
Enter fullscreen mode Exit fullscreen mode

Now we check the pipeline with

tkn pipeline list
Enter fullscreen mode Exit fullscreen mode

Triggers in Tekton mainly consist of three components:

  1. TriggerBinding: Extracts data from the event payload.

  2. TriggerTemplate: Uses the data to create Tekton resources.

  3. EventListener: Listens for the external events."

Our EventListener will listen for GitHub webhook events and use the TriggerBinding and TriggerTemplate to execute our pipeline.

apiVersion: triggers.tekton.dev/v1beta1 kind: EventListener metadata: name: github-pr spec: serviceAccountName: tekton-service-account triggers: - name: pr-trigger bindings: - ref: github-pr-trigger-binding template: ref: github-pr-trigger-template resources: kubernetesResource: serviceType: LoadBalancer
Enter fullscreen mode Exit fullscreen mode

Now we execute

kubectl apply -f evenlistener.yaml
Enter fullscreen mode Exit fullscreen mode

We can check with

tkn eventlistener list
Enter fullscreen mode Exit fullscreen mode

Now we get the service with

kubectl get svc
Enter fullscreen mode Exit fullscreen mode

And we check the pod created with

kubectl get pods
Enter fullscreen mode Exit fullscreen mode

Let's define our TriggerBinding to extract the necessary information from GitHub's webhook payload

apiVersion: triggers.tekton.dev/v1beta1 kind: TriggerBinding metadata: name: github-pr-trigger-binding spec: params: - name: revision value: $(body.pull_request.head.sha) - name: repo-url value: $(body.repository.clone_url)
Enter fullscreen mode Exit fullscreen mode

This binding extracts the git revision and repository URL from the event

kubectl apply -f trigerbinding.yaml
Enter fullscreen mode Exit fullscreen mode

Now we check the pipeline with

tkn triggerbinding list
Enter fullscreen mode Exit fullscreen mode

Now, let's define how the extracted data will be used to instantiate our pipeline

apiVersion: triggers.tekton.dev/v1beta1 kind: TriggerTemplate metadata: name: github-pr-trigger-template spec: params: - name: revision default: main - name: repo-url resourcetemplates: - apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: generateName: my-pipeline- spec: pipelineRef: name: github-echo-pipeline params: - name: repo-url value: $(tt.params.repo-url) - name: revision value: $(tt.params.revision)
Enter fullscreen mode Exit fullscreen mode

This template will create a unique PipelineRun for each event using the $(uid) variable.

kubectl apply -f trigger.yaml
Enter fullscreen mode Exit fullscreen mode

And now we can check the event trigger with

tkn triggertemplate list
Enter fullscreen mode Exit fullscreen mode

Now we are going to need to know how connect to this trigger and to do that we are going to use the Load Balancer service that was created when the eventlistener was created.

curl -vvv http://IP:8080
Enter fullscreen mode Exit fullscreen mode

Next step is setup GitHub with this IP to the event listener

Go to your GitHub repository:

  1. Navigate to Settings > Webhooks > Add webhook.

  2. Paste the ngrok URL into the Payload URL field.

  3. Set the Content type to application/json.

  4. For events, select Pull requests.

  5. Save the webhook.

Let's test our setup. Create a new pull request in your GitHub repository. This should automatically trigger

When the PR is create if we execute

tkn pipeline list
Enter fullscreen mode Exit fullscreen mode

We can see that the pipeline has started and it is running and after a few seconds if we check again pipeline is done and Succeeded. Now we can see the logs with

tkn pipeline logs
Enter fullscreen mode Exit fullscreen mode

And as you can see our echo in the pipeline has been executed!

We hope you found this tutorial insightful. Until next time, happy coding!

Here' the same article in video form for your convenience:

.

Top comments (0)