I was using email hook for Jenkins to build the release build of WCE Triage UI but I wanted to “modernize” it by using webhook.
For cold Sunday morning with a cup of coffee, I started poking around.
I have a local Jenkins instance. First order is to expose this to wild through https.
Step 1 Jenkins with nginx https
Not going into super details here about running Jenkins behind https. As you know, Jenkins runs with http only. In order to use https, you need a reverse proxy. Since this is a common practice, there is a template for running Jenkins behind nginx.
Making this to work is a task of itself.
First and foremost, I had to change the /etc/default/jenkins.
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT
to
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --prefix=$PREFIX"
Create a reverse proxy with nginx. This is my current nginx site file.
You need to replace jenkinshost.cleanwinner.com with your machine. Put this file as /etc/nginx/site-available, and symblic link from /etc/nginx/site-enabled Then reload/restart nginx.
Step 2 Punching a hole through firewall
Now, my Jenkins is inside, and github.com is outside. Webhook needs to go through it. I took a look at ngrok.com, and it works great but I will risk my home server for $5/month. 😛
How you punch through the firewall is up to you/your firewall. In my case, it’s a pfSense, so you go into NAT and set it up. With pfSense, you should use the source IP range to be for github.com.
The github IP address range is posted here but you should know that there is an API to get this automagically.
Since I don’t know how to set up the IP range for pfSense from the API, for now, I will use the available setting for now.
Step 3 Configure GitHub Webhook
Go to the project’s settings.
For here, I need a token string. I used uuidgen to create a random string. Let’s call it “MY_SECRET_TOKEN”.
Webhook / Manage webhook
Payload URL
https://jenkinshost.cleanwinner.com/jenkins/generic-webhook-triger/invoke?token=MY_SECRET_TOKEN
Content type
application/x-www-from-urlencoded
Secret:
Empty here. I’m not sure what I can do with this.
Event:
* Just the push event
Active checked.
Making it go and you should see an 404 error as Jenkins is not configured yet.
Step 4 Configure Jenkins webhook
Go into the Build Triggers.
Check Generic Webhook Trigger
Now, you want to make sure the right item is triggered. I know the repo ID (it’s like 123456789).
Add “Post content parameters”:
Variable is “$.repository.id” and Expression is “123456789”. Pick JSONPath. Here “$” is the root element. .repository is the first level of JSON, and .id is the second level. The matching JSON looks like
{ "repository": { "id": "1234567898" } }
This is enough to ID the repo but I’m a kind of person when the bridge is not broken, just bang it again to make sure it’s not broken.
Add another “Post content parameters”:
This time, variable is “$.repository.html_url” and value is “https://github/mygithubaccount/project-name”
Now, really, you don’t have to do this, but I did:
Header parameters:
* Request Header: x_github_event
* Value filter: ping
Then the most important part:
Token: YOUR_SECRET_TOKEN
Cause: Github Webhook push
Step 5
Okay. Once this is done, it’s time to test this. If you did step 3, and push a trigger and fail, you can see that the github project page shows the failed push. In it, you can see the header and payload. My Github webhook’s set up is done by looking at the header and payload. WIthout it, I had no clue as to how I can set it up. The reason why setting up Github first gives you this clue.
I can report that this is working happily. Hope this helps someone.
Possible Step 6
If you don’t mind paying $5/month, you can use ngrok.com so that you can do this without punching a hole through firewall.