You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _docs/promotions/promotion-hooks.md
+77-69Lines changed: 77 additions & 69 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,10 +8,10 @@ toc: true
8
8
9
9
##What are promotion hooks?
10
10
11
-
Promotion hooks in Codefresh GitOps are specialized workflows that run at key points during apromotion release. Apromotion release is created when a Promotion Flow is manually or automatically triggered.
11
+
Promotion hooks in Codefresh GitOps are specialized workflows that run at key points during aproduct release. Aproduct release is created when a Promotion Flow is manually or automatically triggered.
12
12
13
13
Promotion hooks are implemented using the same underlying mechanism as standard Promotion Workflows, but run with additional context and scope on releases and environments.
14
-
Unlike Pre- and Post-Action Promotion Workflows, which run in specific environments and target individual applications, promotion hooks run at the release or environment level. They are not tied to a particular deployment or application, and enable real-time alerts, custom logic and actions without requiring users to monitor the promotion directly in the UI. Teams can stay informed and take action instantly as promotions progress.
14
+
Unlike Pre- and Post-Action Promotion Workflows, which run in specific environments and target individual applications, promotion hooks run at the release or environment level.They are not tied to a particular deployment or application, and enable real-time alerts, custom logic and actions without requiring users to monitor the promotion directly in the UI. Teams can stay informed and take action instantly as promotions progress.
15
15
16
16
DIAGRAM
17
17
@@ -35,20 +35,25 @@ Promotion hooks can run at different stages of a release:
35
35
* Integration with external tools
36
36
Automate updates to ticketing systems such as Jira, or observability platforms.
37
37
38
-
#####Requirements for promotion hooks
38
+
For examples, check out[Codefresh Hub for Argo](https://codefresh.io/argohub/){:target="\_blank"}.
39
+
40
+
#####Components for promotion hooks
41
+
42
+
For promotion hooks to work in Promotion Workflows:
43
+
* Service account, service account role and role binding
44
+
A default service account, service account role, and role binding are automatically added to all Workflow Templates when you install the GitOps Runtime. The provided defaults are sufficent to implement promotion hooks. To use your own service accounts, see[Service accounts & service account roles for promotion hooks](#service-accounts--service-account-roles-for-promotion-hooks).
39
45
40
-
* Service account
41
-
* Service account role and role binding
42
46
* Promotion context
47
+
To make internal or custom parameters available to
43
48
44
49
##Promotion hooks vs. Pre- and Post-Action Promotion Workflows
45
50
46
51
The table lists key differences between Promotion Workflows containing hooks and Promotion (Pre- and Post-Action) Workflows.
|**Purpose**|Provide information on the release|Provide information on promoted changes in applications within an environment|
51
-
|**Execution**| Runsrunat release start, end (success, failure), or per environment (start, success, failure)| Runs for each application in an environment before and after promotion|
55
+
|**Purpose**|Provides information on the release|Provides information on promoted changes in applications within an environment|
56
+
|**Execution**| Runs at release start, end (success, failure), or per environment (start, success, failure)| Runs for each application in an environment before and after promotion|
52
57
|**Scope**| Runs on cluster at release or environment level| Runs per application in the environment|
53
58
|**Effect on promotion**| Notifies on promotion status| Blocks a promotion if conditions fail|
54
59
@@ -58,42 +63,48 @@ The table lists key differences between Promotion Workflows containing hooks and
58
63
Promotion Workflows with hooks are saved in the Shared Configuration Repository of the Runtime designated as the Configuration Runtime.
59
64
If you have multiple Configuration Runtimes, the hooks are saved in the first Configuration Runtime in the list
60
65
66
+
The hooks are configure in isc for all runtimes (I would mention here the path)
67
+
Then when submitting and running the workflow, it will run on the configuration runtime ns, but if there are multiple configuration runtimes then it will run on the first one that will act (we are planning to change it to the first one that was installed)
68
+
69
+
61
70
TBD - SHOW EXAMPLE OF SETTINGS
62
71
63
-
##Service accounts & service account roles for Promotion Hook Workflows
64
-
When a GitOps Runtime is installed, to support promotion hooks, Codefresh GitOps creates the following resources:
72
+
##Service accounts & service account roles for promotion hooks
73
+
When a GitOps Runtime is installed, to support promotion hooks, Codefresh GitOps creates the service account, service account role and binding. If you need a new role with custom permissions, or a new service account with
74
+
75
+
###Default service account and service role
65
76
66
77
***Service account**
67
-
*`cf-default-promotion-workflows-sa` service account with the required role and role binding.
68
-
* Workflow template manifests in Codefresh reference this service account.
78
+
`cf-default-promotion-workflows-sa` with the required role and role binding.
79
+
* Workflow template manifests in Codefresh reference this service account.
80
+
* When you create a Promotion Workflow from the UI, the service account is added automatically to the YAML.
81
+
* If you're creating the Promotion Workflow in Git, you must add the service account manually.
69
82
70
83
***Service account role**
71
-
`cf-default-promotion-workflows-role`, the default role forPromotion Workflows, bound to the service account`cf-default-promotion-workflows-sa`.
84
+
`cf-default-promotion-workflows-role`, the default role forpromotion hooks, automatically bound to the service account`cf-default-promotion-workflows-sa`.
72
85
73
-
If you already have service accounts or want to create your own service accounts, make sure that the system-provided service account is not compromised.
86
+
***RBAC permissions for service account role**
87
+
The following Role-Based Access Control (RBAC) permissions are required to allow hooks to retrieve and update release and promotion details securely:
88
+
*`GET`
89
+
*`WATCH`
90
+
*`PATCH`
74
91
75
92
76
-
###RBAC permissions for service account role
77
-
The following Role-Based Access Control (RBAC) permissions are required:
78
-
*`GET`
79
-
*`WATCH`
80
-
*`PATCH`
93
+
###Custom options for service accounts and service role
81
94
82
-
These permissions allow hooks to retrieve and update release and promotion details securely.
95
+
If you need a service role with additional permissions or a new service account, do one of the following:
83
96
84
-
###Using an existing service account
85
-
For existing service accounts:
86
-
* Create a new role with the required RBAC permissions.
87
-
* Add a role binding to associate the new role with the service account.
97
+
***Use a custom role**
98
+
Create a new service role with the required permissions and bind it to the default service account,`cf-default-promotion-workflows-sa`.
88
99
100
+
***Use a custom service account**
101
+
Use your own service account and bind it to the default service role,`cf-default-promotion-workflows-role`.
89
102
90
-
###Creating a new service account.
91
-
* Bind the`cf-default-promotion-workflows-role` to the new service account.
92
103
93
104
94
105
##Promotion contexts for promotion hooks
95
106
All promotion hooks receive a standard set of[default arguments](#default-arguments-in-promotion-hook-workflows) such as the release ID, product, commit SHA.
96
-
To expose custom data such as Jira ticket IDs, approver names, or Slack channels, and make this data available to additional promotion hooks in the same Promotion Flow, you must define a**promotion context**.
107
+
To expose custom data such as Jira ticket IDs, approver names, or Slack channels, and make this data available to additional promotion hooks in the same Promotion Flow, you must defineand exporta**promotion context**.
97
108
A promotion context is a user-defined JSON object passed between hooks in the same Promotion Flow. It enables sharing values that the promotion mechanism cannot access by default.
98
109
99
110
Unlike standard Promotion Workflows which have built-in access to internal context, promotion hooks run within GitOps Runtimes in your own clusters. These hooks do not automatically receive custom values unless you define them in a promotion context.
@@ -109,21 +120,25 @@ Examples:
109
120
110
121
###Creating and exporting a promotion context
111
122
112
-
To create a promotion context in the Promotion Flow:
113
-
* Create the JSON object including the custom parameters, and the file to which to export or save the promotion context
114
-
* Export the promotion context an output parameter to pass to subsequent hooks
123
+
124
+
* Create the promotion context as a JSON object
125
+
Use any method to create your promotion context.
126
+
including the custom parameters, and the file to which to export or save the promotion context
127
+
* Export the promotion context
128
+
What is crucial is to export the promotion context as an output parameter to pass to subsequent hooks
129
+
Expose the file with the promotion context as an output parameter to make it available to the promotion mechanism.
130
+
* Add`PROMOTION_CONTEXT` as the`name` to`outputs.parameters`._The name must not be changed_.
131
+
* Add the`globalName` attribute to make it available globally. The value must be identical to the name of the promotion context.
132
+
* Add the`valueFrom` attribute to reference the file path.
133
+
115
134
116
135
117
-
1.**Create the promotion context**
118
-
* Create the promotion context as a JSON object containing the:
119
-
* Input parameters as variables
120
-
* File to which to save the promotion context. The file is referenced as the promotion context source.
136
+
###Example of Promotion Workflow with promotin context *
137
+
The example creates a promotion context`PROMOTION_CONTEXT` as a JSON object and exports it as output parameter.
138
+
* The promotion context defines`JIRA_ISSUE_SOURCE_FIELD` and`JIRA_BASE_URL`
139
+
* Writes the context to a file`/tmp/promotion-context.txt`
140
+
* Adds`PROMOTION_CONTEXT` to`outputs.parameters.name`, defines`globalName` as the name of the promotion context, and in`valueFrom.path` specifies the file path where the promotion context JSON was saved for GitOps Cloud to retrieve and pass on to subsequent Promotion Workflows.
121
141
122
-
**Example:**
123
-
The example creates a promotion context`PROMOTION_CONTEXT` as a JSON object passed to subsequent promotion hooks in the same Promotion Flow.
124
-
The promotion context:
125
-
* Defines`JIRA_ISSUE_SOURCE_FIELD` and makes it available an input parameter to subsequent hooks.
126
-
* Writes the context to a file`/tmp/promotion-context.txt`
Expose the file with the promotion context as an output parameter to make it available to the promotion mechanism.
152
-
* Add`PROMOTION_CONTEXT` as the`name` to`outputs.parameters`._The name must not be changed_.
153
-
* Add the`globalName` attribute to make it available globally. The value must be identical to the name of the promotion context.
154
-
* Add the`valueFrom` attribute to reference the file path.
155
-
156
-
**Example:** The example adds`PROMOTION_CONTEXT` to`outputs.parameters.name`, defines`globalName` as the name of the promotion context, and in`valueFrom.path` specifies the file path where the promotion context JSON was saved for GitOps Cloud to retrieve and pass on to subsequent Promotion Hook Workflows.
157
-
158
-
```yaml
159
-
...
160
-
spec:
161
-
...
162
162
outputs:
163
163
parameters:
164
164
-name:PROMOTION_CONTEXT# cannot be changed
@@ -173,18 +173,18 @@ spec:
173
173
174
174
175
175
176
-
##Examples ofPromotion Hook Workflows
176
+
##Examples ofhooks in Promotion Workflows
177
177
The following are examples of Promotion Workflows with hooks
178
178
They show that even though the hooks runs in the context of a promotion, they do not rely on implicit promotion behavior. Instead, they define their own logic for what to do and how (which plugin to use, which parameters to pass).
179
179
This makes the hook reusable in different workflows, or even outside promotion flows, as long as the required parameters are provided.
180
180
181
181
182
-
###On-start hookPromotion Workflow
182
+
###On-startpromotionhookexample
183
183
The example below shows a Promotion Workflow configured as an on-start hook. This workflow can run when a new release starts or when a promotion begins in any environment. It sends a Slack notification with the required parameters defined explicitly as input parameters and not as part of a promotion context.
184
184
185
185
186
186
#####Default parameters in on-start hook
187
-
These are passed automatically as workflow arguments and are typically used to build contextual messages or logs.
187
+
These are passed automatically as workflow arguments and are typically used to build contextual messages or logs.
188
188
189
189
`RELEASE_URL`
190
190
`PRODUCT_NAME`
@@ -376,8 +376,11 @@ spec:
376
376
duration: "5s"
377
377
inputs:
378
378
parameters:
379
-
- name: JIRA_API_KEY
380
-
value: 1234
379
+
- name: SLACK_TOKEN
380
+
valueFrom:
381
+
secretKeyRef:
382
+
name: promotions-secrets
383
+
key: slack-token
381
384
- name: JIRA_BASE_URL
382
385
value: https://testjira273.atlassian.net
383
386
- name: JIRA_USERNAME
@@ -472,23 +475,28 @@ SCREENSHOT TBD
472
475
473
476
## How promotion hooks work during execution
474
477
475
-
Once you assign Promotion Workflows with promotion hooks in a Promotion Flow,Codefresh GitOps executes them automaticallyat the relevant stages of the Promotion Flow:
478
+
When you assign Promotion Workflows with promotion hooks in a Promotion Flow,the promotion mechanism runs the hooksat the relevant stages of the Promotion Flow.
476
479
477
-
**Triggering the first hook**
478
-
When the Promotion Flow is triggered, the promotion mechanism:
* Initializes the promotion context, if defined andvalid, with any custom values
480
+
#####Triggering the firstpromotionhook
481
+
When the Promotion Flow is triggered and a product release is created, the promotion mechanism:
482
+
* Passes the default promotion metadata (e.g., release ID, commit SHA) to the first hook
483
+
* Initializes the promotion context, if defined andexported, with any custom values
481
484
482
-
**Triggering subsequent hooks**
485
+
#####Triggering subsequent promotion hooks**
483
486
As the Flow progresses, the promotion mechanism:
484
-
* Retrieves the promotion contextwith the custom variables stored in the previous hook
487
+
* Retrieves the promotion contextfrom the previous hook
485
488
* Passes the context automatically to the next hook as input parameters:
486
-
* New custom parameters are added to thenext hook's promotion context
487
-
* If the same custom parameter exists inboththeprevious and next hooks, theparameter in thenext hookoverrides the one inthe previoushook.
489
+
* New custom parameters are added to theinput parameters of the next hook.
490
+
* If the same custom parameter existsalsoin thecurrent hook, thevalue in thecurrent hookalways takes precedence and overridesthe previousone.
488
491
489
-
User-defined custom parameters and their values are consistently available across the entire flow, regardless of environment or cluster
492
+
##### Promotion context sharing across all promotion hooks
493
+
If a hook includes a promotion context and exports it, the promotion mechanism passes those context parameters to all subsequent hooks, regardless of whether the hooks include promotion contexts.
494
+
495
+
This ensures:
496
+
* Consistent access to custom data (e.g., Jira ticket ID, build number) throughout the Promotion Flow.
497
+
* Parameters remain available even across hooks running in different environments or clusters.
498
+
490
499
491
-
For example, if a Jira ticket ID is defined in the context when the release starts, it’s accessible later when another promotion hook runs in a different environment or cluster.