github.com/argoproj/argo-cd/v2@v2.10.9/docs/operator-manual/webhook.md (about)

     1  # Git Webhook Configuration
     2  
     3  ## Overview
     4  
     5  Argo CD polls Git repositories every three minutes to detect changes to the manifests. To eliminate
     6  this delay from polling, the API server can be configured to receive webhook events. Argo CD supports
     7  Git webhook notifications from GitHub, GitLab, Bitbucket, Bitbucket Server, Azure DevOps and Gogs. The following explains how to configure
     8  a Git webhook for GitHub, but the same process should be applicable to other providers.
     9  
    10  !!! note
    11      The webhook handler does not differentiate between branch events and tag events where the branch and tag names are
    12      the same. A hook event for a push to branch `x` will trigger a refresh for an app pointing at the same repo with
    13      `targetRevision: refs/tags/x`.
    14  
    15  ## 1. Create The WebHook In The Git Provider
    16  
    17  In your Git provider, navigate to the settings page where webhooks can be configured. The payload
    18  URL configured in the Git provider should use the `/api/webhook` endpoint of your Argo CD instance
    19  (e.g. `https://argocd.example.com/api/webhook`). If you wish to use a shared secret, input an
    20  arbitrary value in the secret. This value will be used when configuring the webhook in the next step.
    21  
    22  ## Github
    23  
    24  ![Add Webhook](../assets/webhook-config.png "Add Webhook")
    25  
    26  !!! note
    27      When creating the webhook in GitHub, the "Content type" needs to be set to "application/json". The default value "application/x-www-form-urlencoded" is not supported by the library used to handle the hooks
    28  
    29  ## Azure DevOps
    30  
    31  ![Add Webhook](../assets/azure-devops-webhook-config.png "Add Webhook")
    32  
    33  Azure DevOps optionally supports securing the webhook using basic authentication. To use it, specify the username and password in the webhook configuration and configure the same username/password in `argocd-secret` Kubernetes secret in
    34  `webhook.azuredevops.username` and `webhook.azuredevops.password` keys.
    35  
    36  ## 2. Configure Argo CD With The WebHook Secret (Optional)
    37  
    38  Configuring a webhook shared secret is optional, since Argo CD will still refresh applications
    39  related to the Git repository, even with unauthenticated webhook events. This is safe to do since
    40  the contents of webhook payloads are considered untrusted, and will only result in a refresh of the
    41  application (a process which already occurs at three-minute intervals). If Argo CD is publicly
    42  accessible, then configuring a webhook secret is recommended to prevent a DDoS attack.
    43  
    44  In the `argocd-secret` Kubernetes secret, configure one of the following keys with the Git
    45  provider's webhook secret configured in step 1.
    46  
    47  | Provider        | K8s Secret Key                   |
    48  |-----------------|----------------------------------|
    49  | GitHub          | `webhook.github.secret`          |
    50  | GitLab          | `webhook.gitlab.secret`          |
    51  | BitBucket       | `webhook.bitbucket.uuid`         |
    52  | BitBucketServer | `webhook.bitbucketserver.secret` |
    53  | Gogs            | `webhook.gogs.secret`            |
    54  | Azure DevOps    | `webhook.azuredevops.username`   |
    55  |                 | `webhook.azuredevops.password`   |
    56  
    57  Edit the Argo CD Kubernetes secret:
    58  
    59  ```bash
    60  kubectl edit secret argocd-secret -n argocd
    61  ```
    62  
    63  TIP: for ease of entering secrets, Kubernetes supports inputting secrets in the `stringData` field,
    64  which saves you the trouble of base64 encoding the values and copying it to the `data` field.
    65  Simply copy the shared webhook secret created in step 1, to the corresponding
    66  GitHub/GitLab/BitBucket key under the `stringData` field:
    67  
    68  ```yaml
    69  apiVersion: v1
    70  kind: Secret
    71  metadata:
    72    name: argocd-secret
    73    namespace: argocd
    74  type: Opaque
    75  data:
    76  ...
    77  
    78  stringData:
    79    # github webhook secret
    80    webhook.github.secret: shhhh! it's a GitHub secret
    81  
    82    # gitlab webhook secret
    83    webhook.gitlab.secret: shhhh! it's a GitLab secret
    84  
    85    # bitbucket webhook secret
    86    webhook.bitbucket.uuid: your-bitbucket-uuid
    87  
    88    # bitbucket server webhook secret
    89    webhook.bitbucketserver.secret: shhhh! it's a Bitbucket server secret
    90  
    91    # gogs server webhook secret
    92    webhook.gogs.secret: shhhh! it's a gogs server secret
    93  
    94    # azuredevops username and password
    95    webhook.azuredevops.username: admin
    96    webhook.azuredevops.password: secret-password
    97  ```
    98  
    99  After saving, the changes should take effect automatically.