Connect GitHub as an Artifact Source in Spinnaker
Configure a GitHub trigger in Spinnaker
SpinnakerTM pipelines can be configured to trigger when a change is committed to a GitHub repository. This doesn’t require any configuration of Spinnaker other than adding a GitHub trigger but does require administration of the GitHub repositories to configure the webhook.
The open source Spinnaker documentation has concise instructions for configuring GitHub webhooks.
Configure GitHub as an artifact source
If you actually want to use a file from the GitHub commit in your pipeline, you’ll need to configure GitHub as an artifact source in Spinnaker.
Many of the commands below have additional options that may be useful (or possibly required). If you need more detailed help, take a look at the Halyard command reference if you’re deploying Spinnaker with Halyard.
Enable GitHub artifacts
If you haven’t done this yet (for example, if you’ve just installed Armory Spinnaker fresh), you’ll need to enable GitHub as an artifact source:
Add the following snippet to SpinnakerService
manifest:
apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
name: spinnaker
spec:
spinnakerConfig:
config:
features:
artifacts: true
artifacts:
github:
enabled: true
hal config features edit --artifacts true
hal config artifact github enable
Add a GitHub credential
To access private GitHub repositories, you need a GitHub “Personal Access
Token”. This can be generated by going to the “Settings” page in GitHub, then
clicking on “Developer Settings” and then “Personal Access Token”. The token
will need the repo
scope.
Once you have a token, you should provide that token for Spinnaker’s Igor service as a credential to use to access GitHub. This can be done with a command like this:
Replace the account name github_user
with the string you want to use to identify this GitHub credential.
Add the following snippet to SpinnakerService
manifest:
apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
name: spinnaker
spec:
spinnakerConfig:
config:
features:
artifacts: true
artifacts:
github:
enabled: true
accounts:
- name: github_user
token: abc # GitHub's personal access token. This fields supports `encrypted` references to secrets.
# username: abc # GitHub username
# password: abc # GitHub password. This fields supports `encryptedreferences` to secrets.
# usernamePasswordFile: creds.txt # File containing "username:password" to use for GitHub authentication. This fields supports `encryptedFilereferences` to secrets.
# tokenFile: token.txt # File containing a GitHub authentication token. This fields supports `encryptedFile` references to secrets.
If you have a GitHub personal access token, you only need that to authenticate against GitHub, but there are other authentication options like username/password, or specifying credentials in a file
entry.
Don’t forget to apply your changes:
kubectl -n >spinnaker namespace> apply -f <SpinnakerService manifest>
GITHUB_ACCOUNT_NAME=github_user
hal config artifact github account add ${GITHUB_ACCOUNT_NAME} \
--token # you'll be prompted for this interactively
Detailed information on all command line options can be found here.
Don’t forget to run hal deploy apply
to apply your changes.
Using the GitHub credential
You may note that the above GitHub “account” doesn’t actually have a endpoint for your GitHub; this account is basically just the credential used by Spinnaker artifacts to access GitHub. The actual GitHub API endpoint is specified in the artifact reference. There are a couple ways to use this credential, one example of which is detailed here:
Troubleshooting credentials and URIs
To verify that your token and URI are correct, you can run a curl
command to
test authentication (the user
field doesn’t matter):
curl https://api.github.com/repos/armory/demo/contents/manifests/deployment.yml \
-u nobody:abcdef0123456789abcdef0123456789abcdef01
If you receive metadata about your file, the credential and URI are correct.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.