Sample Webhook Providers and Functions
This page contains examples of provider match and function scripts for some common providers.Â
GitHub
Provider Match Script- Hmac Secret
This provider match script for GitHub validates based on the secret configured on your GitHub webhook. This script is largely based around GitHub's Hmac encryption.Â
GitHub Provider Match Script
// perform checks and functions to ensure an incoming message is valid and matches this provider
LOG.fine("Evaluating GitHub for incoming message");
def match = false;
def gitHubSecret = 'REPLACE_ME';
// validating based on GitHub secret
if (HTTP_HEADERS['user-agent'] && HTTP_HEADERS['user-agent'].toLowerCase().contains('github-hookshot'))
{
//generate hmac string, be sure to replace with your github secret
def HMAC_RESULT = HMAC.generateHmacSHA1(FLX_PRISTINE_PAYLOAD, gitHubSecret);
def RECEIVED_HMAC = HTTP_HEADERS['x-hub-signature'];
match = RECEIVED_HMAC && RECEIVED_HMAC.contains(HMAC_RESULT);
}
LOG.fine("GitHub provider is a match: ${match}");
return match;
Function Script - Manage Streams
GitHub offers the flexibility to manage branch events either separately or along with a push event. The following implementation assumes a GitHub webhook is created for branch events, managed separately from push events. This script manages FlexDeploy streams based on GitHub branch events (i.e. delete, create).
GitHub Manage FlexDeploy Streams
// get necessary information from GitHub headers, payload, and query parameters
def event = HTTP_HEADERS["x-github-event"];
LOG.info("Webhook triggered by ${event} event");
def projectId = QUERY_PARAMS.projectId;
def repoName = PAYLOAD.repository.name;
def branch = PAYLOAD.ref;
LOG.info("Running GitHub function for: ${repoName}, ${branch}");
// if projectId was passed, assume event is only associated with this project
if (projectId)
{
//the query param received is a string, we need a long
def lProjectId = new Long(projectId);
if (event.equals("create"))
{
LOG.fine("Creating stream ${branch} for project ${projectId}");
def stream = FLEXDEPLOY.createStream(lProjectId, branch);
LOG.setMessage("Successfully created stream ${branch} for project ${projectId}");
}
else if (event.equals("delete"))
{
LOG.fine("Inactivating stream ${branch} for project ${projectId}");
FLEXDEPLOY.inactivateStream(lProjectId, branch);
LOG.setMessage("Successfully inactivated stream ${branch} for project ${projectId}");
}
}
// get all project ids for projects affected by this SCM change
else
{
def projects = FLEXDEPLOY.findProjectsForNewBranch(repoName);
if (event.equals("create"))
{
LOG.fine("Creating streams with name ${branch} for projects ${projects}");
for (def project in projects)
{
def stream = FLEXDEPLOY.createStream(project, branch);
LOG.fine("Successfully created stream ${stream}");
}
LOG.setMessage("Successfully created stream ${branch} for projects ${projects}");
}
else if (event.equals("delete"))
{
LOG.fine("Inactivating stream ${branch} for projects ${projects}");
for (def project in projects)
{
FLEXDEPLOY.inactivateStream(project, branch);
}
LOG.setMessage("Successfully inactivated stream ${branch} for projects ${projects}");
}
}
LOG.info("Successfully ran GitHub function for: ${repoName}, ${branch}");
Function Script - Build Projects
This sample GitHub function script manages FlexDeploy builds with the assumption it will be triggered only from a GitHub push event. The script contains only one important line, the GITHUB.buildProjects function call which accepts the GitHub payload, query params and a boolean to indicate if missing streams should be created.
GitHub Build Project(s) on Push
//Execute FLEXDEPLOY functions on an incoming webhook message
def functionName = "BuildGitHub";
LOG.info("Running function: ${functionName}");
//Find and build projects from the payload
//If the QUERY_PARAMS include a projectId that single project will be built instead
//Lastly, the 3rd argument, when true, will create streams on the projects when the branch does not exist
GITHUB.buildProjects(PAYLOAD, QUERY_PARAMS, true);
Function Script - Create SCM Instance and Project
This sample GitHub function script creates a FlexDeploy SCM instance and project with the assumption it will be triggered only from a GitHub create repo event. The function will first use the repository name to create an SCM Instance with the given name and git url. Next the function creates and configures the project to use the newly created SCM Instance. Finally the function will update the necessary properties on the project. In this example we are creating an EBS project. You will need to replace certain values in the function with specific Ids from your FlexDeploy environment.
GitHub Create SCM and Projects on Repo Created
Bitbucket
Provider Match Script- Token
This sample provider match script for Bitbucket validates based on a token passed in the query parameters. Bitbucket server offers hmac encryption similar to Github but Bitbucket Cloud does not at the time of this writing.
Bitbucket Provider Match Script
Function Script - Build Projects and Manage Streams
This sample Bitbucket function script manages FlexDeploy builds and project streams with the assumption it will be triggered from a Bitbucket push event.Â
Bitbucket does not send changed files in the push event, but that information is available via the diffstat API. The getChangeLogs function will use that API and as such requires a valid user/password to make the api call. It is recommended that BITBUCKET_USER and BITBUCKET_PASSWORD provider properties are created for passing to this function.
Bitbucket Push Function Script
Azure
Provider Match Script- Token
This provider match script for Azure validates based on a token sent as a query parameter.
Azure Provider Match Script
Function Script - Build Projects
This function finds projects affected by a push from Azure Repos, gets the change logs, and builds relevant projects. The Azure push event includes branch created/deleted events, but Azure allows filtering webhooks to send by branch. In this case, webhooks will be received from Azure only for push events from main branches.
Azure Repos does not send changed files in the push event, but that information is available via their commits API. The getChangeLogs function will use that API and as such requires a valid user/personal access token to make the API call. It is recommended that provider properties are created for passing to this function.
AZURE.buildProjects
the AZURE object also includes a simplified buildProjects method like the other providers above which can be used in replacement of the below sample.
Azure Function Script
Jira
Provider Match Script- Token
This example provider match script for Jira validates based on a secret token passed as a query parameter. This token is purely convention and has no strict enforcing in Jira.
Jira Provider Match Script
Function Script - Create Package
This Jira function creates a project package from the issue key and description. The particular function assumes the Jira project name is the same as the FlexDeploy project name, although an issue could be mapped to a FlexDeploy project in a number of ways. You may want to trigger this package creation whenever a Jira issue is created, or when an issue goes into development.
Create Package on Issue Started
Slack
Provider Match Script - Hmac Secret
This sample provider match script for Slack validates based on the Slack Secret, which is an hmac encryption of version, timestamp, and payload concatenated together.
Microsoft Teams
See the Teams plugin configuration pages for information on how to set up FlexDeploy and Microsoft Teams.Â
Configuring FlexDeploy for Teams Webhook Operations
and
Configuring FlexDeploy for Teams Operations using User Credentials
This page only shows how to set up the Webhooks, not how to set up the integration itself.
Provider Match Script - Expected Teams Headers
This provider match script for Microsoft Teams validates that it is a message from a card that FlexDeploy created.
Security checks are performed after match and before completing processing of approval tasks.
Function Script - Update Tasks from Teams Messages
Microsoft Teams Incoming Webhooks are validated and processed Synchronously. Behind the scenes, the JWT token is validated and the message is checked for unauthorized modification. The user that clicked the button is matched to a FlexDeploy user account behind the scenes using the JWT Token found in the HTTP Headers. If the matched user is authorized to approve/reject the linked FlexDeploy task, the task is approved or rejected and the card is updated to indicate that the task was processed.Â
Sonarqube
Provider Match Script- Hmac Secret
This sample provider match script for Sonarqube validates based on the Sonarqube Secret, which is an hmac encryption of payload.
Sonarqube Provider Match Script
Function Script - Update ScanResult
This sample Sonarqube function script manages FlexDeploy update ScanResult with the assumption it will be triggered from a Sonarqube complete event.Â
Update ScanResult on Scan Completed
- style