5.8 KiB
Configure Webhook Notifications
If you are a project administrator, you can configure a connection from a project in Harbor to a webhook endpoint. If you configure webhooks, Harbor notifies the webhook endpoint of certain events that occur in the project. Webhooks allow you to integrate Harbor with other tools to streamline continuous integration and development processes.
The action that is taken upon receiving a notification from a Harbor project depends on your continuous integration and development processes. For example, by configuring Harbor to send a POST
request to a webhook listener at an endpoint of your choice, you can trigger a build and deployment of an application whenever there is a change to an image in the repository.
Supported Events
You can define one webhook endpoint per project. Webhook notifications provide information about events in JSON format and are delivered by HTTP
or HTTPS POST
to an existing webhhook endpoint URL that you provide. The following table describes the events that trigger notifications and the contents of each notification.
Event | Webhook Event Type | Contents of Notification |
---|---|---|
Push image to registry | IMAGE PUSH |
Repository namespace name, repository name, resource URL, tags, manifest digest, image name, push time timestamp, username of user who pushed image |
Pull manifest from registry | IMAGE PULL |
Repository namespace name, repository name, manifest digest, image name, pull time timestamp, username of user who pulled image |
Delete manifest from registry | IMAGE DELETE |
Repository namespace name, repository name, manifest digest, image name, image size, delete time timestamp, username of user who deleted image |
Upload Helm chart to registry | CHART PUSH |
Repository name, chart name, chart type, chart version, chart size, tag, timestamp of push, username of user who uploaded chart |
Download Helm chart from registry | CHART PULL |
Repository name, chart name, chart type, chart version, chart size, tag, timestamp of push, username of user who pulled chart |
Delete Helm chart from registry | CHART DELETE |
Repository name, chart name, chart type, chart version, chart size, tag, timestamp of delete, username of user who deleted chart |
Image scan completed | IMAGE SCAN COMPLETED |
Repository namespace name, repository name, tag scanned, image name, number of critical issues, number of major issues, number of minor issues, last scan status, scan completion time timestamp, vulnerability information (CVE ID, description, link to CVE, criticality, URL for any fix), username of user who performed scan |
Image scan failed | IMAGE SCAN FAILED |
Repository namespace name, repository name, tag scanned, image name, error that occurred, username of user who performed scan |
Project quota exceeded | PROJECT QUOTA EXCEED |
Repository namespace name, repository name, tags, manifest digest, image name, push time timestamp, username of user who pushed image |
JSON Payload Format
The webhook notification is delivered in JSON format. The following example shows the JSON notification for a push image event:
{
"event_type": "pushImage"
"events": [
{
"project": "prj",
"repo_name": "repo1",
"tag": "latest",
"full_name": "prj/repo1",
"trigger_time": 158322233213,
"image_id": "9e2c9d5f44efbb6ee83aecd17a120c513047d289d142ec5738c9f02f9b24ad07",
"project_type": "Private"
}
]
}
Webhook Endpoint Recommendations
The endpoint that receives the webhook should ideally have a webhook listener that is capable of interpreting the payload and acting upon the information it contains. For example, running a shell script.
Example Use Cases
You can configure your continuous integration and development infrastructure so that it performs the following types of operations when it receives a webhook notification from Harbor.
- Image push:
- Trigger a new build immediately following a push on selected repositories or tags.
- Notify services or applications that use the image that a new image is available and pull it.
- Scan the image using Clair.
- Replicate the image to remote registries.
- Image scanning:
- If a vulnerability is found, rescan the image or replicate it to another registry.
- If the scan passes, deploy the image.
Configure Webhooks
-
Log in to the Harbor interface with an account that has at least project administrator privileges.
-
Go to Projects, select a project, and select Webhooks.
-
Enter the URL for your webhook endpoint listener.
-
If your webhook listener implements authentication, enter the authentication header.
-
To implement
HTTPS POST
instead ofHTTP POST
, select the Verifiy Remote Certficate check box. -
Click Test Endpoint to make sure that Harbor can connect to the listener.
-
Click Continue to create the webhook.
When you have created the webhook, you see the status of the different notifications and the timestamp of the last time each notification was triggered. You can click Disable to disable notifications.
NOTE: You can only disable and reenable all notifications. You cannot disable and enable selected notifications.
If a webhook notification fails to send, or if it receives an HTTP error response with a code other than 2xx
, the notification is re-sent based on the configuration that you set in harbor.yml
.
Globally Enable and Disable Webhooks
As a Harbor system administrator, you can enable and disable webhook notifications for all projects.