Enabling event notifications for toolchains

As an administrator of IBM Cloud® Continuous Delivery toolchains, you might want to send notifications of events in a toolchain or a tool integration to other users, or human destinations, by using email, SMS, Slack, PagerDuty, or other supported delivery channels. Also, you might want to send these notifications of events to other applications to build logic by using event-driven programming using webhooks, for example. This approach is made possible by the integration between toolchains and IBM Cloud® Event Notifications.

To send information to Event Notifications, you must add an Event Notifications tool integration to your toolchain. For more information about working with Event Notifications, see Getting started with Event Notifications.

You can now distribute event notifications by using the Event Notifications tool integration. Event Notifications is the preferred method for distributing notifications to Slack and other communication channels such as PagerDuty, email, SMS, push notifications, webhook, Microsoft® Teams, ServiceNow, and IBM Cloud Functions.

How events are collected and sent by toolchains

When an event of interest takes place in a toolchain or one of the supported tool integrations, the toolchain communicates with a connected Event Notifications instance to forward a notification to a supported destination.

Toolchains support two kinds of events:

Built-in events are generated automatically within a toolchain. For example, built-in events are sent when tool integrations are added to or removed from a toolchain, when pipeline runs start, and when pipeline runs finish. The payload of a built-in event consists of data determined by the toolchain.
Client bespoke events are generated by a toolchain at the request of a client using the POST /toolchains/{toolchain_id}/events API. The payload of a client bespoke event consists of data determined by the toolchain, and data provided to the API by the client.

Tekton pipeline steps can take advantage of the client bespoke POST /toolchains/{toolchain_id}/events API to send custom events to Event Notifications destinations carrying information that is relevant and meaningful to the steps.

Events for Continuous Delivery

The following table lists the toolchain events.

The :1 characters that are appended to each subtype represent major version numbers.

Table 1. Actions that generate event notifications
Event Name	Event Type	Subtype	Description
`Client event`	`com.ibm.cloud.toolchain.client`	`event:1`	This client bespoke event is sent when a client invokes the POST /toolchains/{toolchain_id}/events API.
`Tool created`	`com.ibm.cloud.toolchain.toolchain`	`toolchain_bind:1`	This built-in event is sent when a tool integration is created and added to a toolchain.
`Tool deleted`	`com.ibm.cloud.toolchain.toolchain`	`toolchain_unbind:1`	This built-in event is sent when a tool integration is deleted and removed from a toolchain.
`Pipeline run started`	`com.ibm.cloud.toolchain.pipeline`	`pipeline_start:1`	This built-in event is sent when either a Tekton pipeline run or a Classic pipeline stage starts.
`Pipeline run succeeded`	`com.ibm.cloud.toolchain.pipeline`	`pipeline_success:1`	This built-in event is sent when either a Tekton pipeline run or a Classic pipeline stage completes successfully.
`Pipeline run failed`	`com.ibm.cloud.toolchain.pipeline`	`pipeline_fail:1`	This built-in event is sent when either a Tekton pipeline run or a Classic pipeline stage completes with a failure status. For example, this event is sent when a deployment is attempted, but fails to complete successfully.
`Pipeline run cancelled`	`com.ibm.cloud.toolchain.pipeline`	`pipeline_cancel:1`	This built-in event is sent when either a Tekton pipeline run or a Classic pipeline stage is cancelled.
`Pipeline run error`	`com.ibm.cloud.toolchain.pipeline`	`pipeline_error:1`	This built-in event is sent when a Tekton pipeline run encounters an error and probably did not complete successfully. This event is primarily used for infrastructure and configuration issues, such as when malformed Tekton prevents the pipeline run from starting.

Enabling notifications

Built-in and client bespoke events that are generated by a toolchain or an associated tool integration can be forwarded to an Event Notifications service instance that is available in the same account.

Make sure that the selected Event Notifications service instance has an IAM authorization policy that allows the toolchain to send events to this service instance. For more information about granting authorization with the Event Notifications service instance, see Why am I denied permission to integrate an Event Notifications instance?.

Connecting to Event Notifications in the console

Configure Event Notifications to send critical events from toolchains and tool integration instances:

If you have a toolchain and are adding this tool integration to it, from the IBM Cloud console, click the menu icon and select DevOps. On the Toolchains page, click the toolchain to open its Overview page. Alternatively, on your app's Overview page, on the Continuous delivery card, click View toolchain. Then, click Overview.

a. Click Add tool.

b. In the Tool Integrations section, click Event Notifications.
Type the name that you want to display for this tool integration on the Event Notifications card in your toolchain. This name is used to identify the tool integration in your toolchain.
Select the Event Notifications instance to connect the toolchain to.
Click Create Integration to add the Event Notifications tool integration to your toolchain.
On your Toolchain's Overview page, on the IBM Cloud tools card, click Event Notifications.

Connecting to Event Notifications with the API

You can add the Event Notifications tool integration to your toolchain by using the API.

Obtain an IAM bearer token. Alternatively, if you are using an SDK, obtain an IAM API key and set the client options by using environment variables.
```
export CD_TOOLCHAIN_AUTH_TYPE=iam && \
export CD_TOOLCHAIN_APIKEY={iam_api_key} && \
export CD_TOOLCHAIN_URL={base_url}
```
Look up the ID of the toolchain in which you want to create your tool integration.
Specify eventnotifications as the tool_type_id.
Specify the following tool_parameters that are required by the tool integration:
- name: The name that is used to identify the Event Notifications tool integration.
- instance-crn: The Cloud Resource Name (CRN) of the Event Notifications service instance.

Add the tool integration within the targeted toolchain.

curl -X POST --location --header "Authorization: Bearer {iam_token}" \
  --header "Accept: application/json" \
  --header "Content-Type: application/json" \
  --data '{ "name": "{tool_name}", "tool_type_id": "eventnotifications", "parameters": { "name": {event_notifications_tool_integration_name}, "instance-crn": {event_notifications_service_crn} } }' \
  "{base_url}/toolchains/{toolchain_id}/tools"

const CdToolchainV2 = require('@ibm-cloud/continuous-delivery/cd-toolchain/v2');
const toolchainService = CdToolchainV2.newInstance();
...
(async() => {
   const toolParameters = {
      "name": {event_notifications_tool_integration_name},
      "instance-crn": {event_notifications_service_crn}
   }
   const toolPrototypeModel = {
      toolchainId: {toolchain_id},
      toolTypeId: "eventnotifications",
      name: {tool_name},
      parameters: toolParameters
   };
   const response = await toolchainService.createTool(toolPrototypeModel);
})();

import (
    "github.com/IBM/continuous-delivery-go-sdk/cdtoolchainv2"
)
...
toolchainClientOptions := &cdtoolchainv2.CdToolchainV2Options{}
toolchainClient, err := cdtoolchainv2.NewCdToolchainV2UsingExternalConfig(toolchainClientOptions)
toolParameters := map[string]interface{}{
   "name": {event_notifications_tool_integration_name},
   "instance-crn": {event_notifications_service_crn},
}
createToolOptions := toolchainClient.NewCreateToolOptions({toolchain_id}, "eventnotifications")
createToolOptions.SetName({tool_name})
createToolOptions.SetParameters(toolParameters)
tool, response, err := toolchainClient.CreateTool(createToolOptions)

from ibm_continuous_delivery.cd_toolchain_v2 import CdToolchainV2
...
toolchain_service = CdToolchainV2.new_instance()
tool_parameters = {}
tool_parameters["name"] = {event_notifications_tool_integration_name}
tool_parameters["instance-crn"] = {event_notifications_service_crn}
tool = toolchain_service.create_tool(
   name = {tool_name},
   toolchain_id = {toolchain_id},
   tool_type_id = "eventnotifications",
   parameters = tool_parameters
)

import com.ibm.cloud.continuous_delivery.cd_toolchain.v2.CdToolchain;
import com.ibm.cloud.continuous_delivery.cd_toolchain.v2.model.*;
...
CdToolchain toolchainService = CdToolchain.newInstance();
HashMap<String, Object> toolParameters = new HashMap<>();
toolParameters.put("name", {event_notifications_tool_integration_name});
toolParameters.put("instance-crn", {event_notifications_service_crn});
CreateToolOptions createToolOptions = new CreateToolOptions.Builder()
   .name({tool_name})
   .parameters(toolParameters)
   .toolchainId({toolchain_id})
   .toolTypeId("eventnotifications")
   .build();
Response<ToolchainToolPost> response = toolchainService.createTool(createToolOptions).execute();
ToolchainToolPost tool = response.getResult();

The following table lists and describes each of the variables that are used in the previous steps.

Table 2. Variables for provisioning the tool integration with the API
Variable	Description
`{base_url}`	The Toolchain API endpoint URL. For more information about supported values, see Endpoint URL.
`{iam_api_key}`	Your IAM API key.
`{iam_token}`	A valid IAM bearer token.
`{tool_name}`	The name of the tool integration.
`{event_notifications_tool_integration_name}`	The name of the Event Notifications service instance.
`{event_notifications_service_crn}`	The Cloud Resource Name (CRN) of the Event Notifications service instance.
`{toolchain_id}`	The toolchain in which to create the tool integration.

Adding a tool integration with Terraform

You can add the Event Notifications tool integration to your toolchain by using Terraform.

IBM Cloud Terraform provider version 1.53.0 or later is required to add a tool integration by using Terraform.

To install the Terraform command-line interface (CLI) and configure the IBM Cloud provider plug-in for Terraform, follow the tutorial for Getting started with Terraform on IBM Cloud®.
Create a Terraform configuration file that is named main.tf. In this file, add the configuration to create resource instances by using the HashiCorp Configuration Language (HCL). For more information about using this configuration language, see the Terraform documentation.

The following example creates a Delivery Pipeline tool integration by using the ibm_cd_toolchain_tool_pipeline resource, where toolchain_id is a GUID that represents the toolchain in which to create the tool integration.
```
data "ibm_cd_toolchain" "cd_toolchain" {
  toolchain_id = {toolchain_id}
}

resource "ibm_cd_toolchain_tool_eventnotifications" "en_instance" {
  toolchain_id = data.ibm_cd_toolchain.cd_toolchain.id
  parameters {
    name = "{event_notifications_tool_integration_name}"
    instance_crn = "{event_notifications_service_crn}"
  }
}
```
For more information about tool integration resources, see the full list of supported tool integration resources in the IBM Cloud Terraform Registry.
Initialize the Terraform CLI.
```
terraform init
```
Create a Terraform execution plan. This plan summarizes the actions that must run to create the tool integration.
```
terraform plan
```
Apply the Terraform execution plan. Terraform takes the required actions to create the tool integration.
```
terraform apply
```

The following table lists and describes each of the variables that are used in the previous steps.

Table 3. Variables for provisioning the tool integration with the API
Variable	Description
`{event_notifications_tool_integration_name}`	The name of the Event Notifications service instance.
`{event_notifications_service_crn}`	The CRN of the Event Notifications service instance.
`{toolchain_id}`	The toolchain in which to create the tool integration.

Delivering notifications to select destinations

After you enable event notifications for a toolchain, create topics, destinations, and subscriptions in Event Notifications so that alerts can be forwarded and delivered to your selected destinations.

For a complete list of supported destinations, see the Event Notifications documentation.

Notification payload details

Events that are generated by toolchains and their associated tool integration instances contain various fields that help you to identify the source and details of an event.

The POST /toolchains/{toolchain_id}/events API will return a 200 status code to indicate that the request was processed. This does not necessarily mean that the events were successfully sent to the corresponding Event Notifications service instances.

Built-in event notifications from toolchains and tool integration instances contain only metadata properties, such as names or identifiers of resources. Sensitive data, such as API keys or passwords, is not included in generated events.

Client bespoke event notifications contain the data provided by the client to the POST /toolchains/{toolchain_id}/events API. Do not include credentials, personal identifying information, or other sensitive information in calls to the API.

The properties that are sent to Event Notifications vary depending on the event type. For example, if a com.ibm.cloud.toolchain.pipeline:pipeline_start:1 event takes place, the toolchain sends a notification payload to Event Notifications that is similar to the following example.

{
   "subject": {
      "name": "<user>",
      "email": "<user_email>",
      "iam_id": "<iam_id>"
   },
   "toolchain.instance": {
      "crn": "crn:v1:bluemix:public:toolchain:<region>:a/<account_id>:<toolchain_id>::",
      "href": "https://api.<region>.devops.cloud.ibm.com/toolchain/v2/toolchains/<toolchain_id>",
      "id": "357d4432-964a-46ae-83d4-df91eb539d1a",
      "name": "EventNotifications-toolchain",
      "resource_group_id": "<resource_group_id>",
      "ui_href": "https://cloud.ibm.com/devops/toolchains/<toolchain_id>?env_id=ibm:yp:us-south"
   },
   "toolchain.tool-instance": {
      "href": "https://api.<region>.devops.cloud.ibm.com/toolchain/v2/toolchains/<toolchain_id>/tools/<tool_id>",
      "id": "<tool_id>",
      "name": "ci-pipeline",
      "tool_type_id": "pipeline",
      "referent": {
         "ui_href": "https://cloud.ibm.com/devops/pipelines/<tool_id>?env_id=ibm:yp:us-south"
      }
   },
   "toolchain.pipeline-run": {
      "id": "<run_id>",
      "run_number": 11,
      "start_time": "2023-04-17T16:48:36.928Z",
      "ui_href": "https://cloud.ibm.com/devops/pipelines/<tool_id>/<stage_id>/<run_id>?env_id=<region_id>",
      "trigger": {
         "href": "https://api.<region>.devops.cloud.ibm.com/pipeline/v2/tekton_pipelines/<tool_id>/triggers/<trigger_id>",
         "id": "<trigger_id>",
         "name": "my-trigger",
         "type": "manual"
      }
   }
}

The following table provides detailed information about each event notification property.

Table 4. Properties in an event notification payload
Property	Description
`subject`	Optional. The object that represents the subject that initiated the event. This object might contain the following fields: `name`: The name of the subject. `email`: The email of the subject. `iam_id`: The IAM ID of the subject.
`toolchain.instance`	The object that represents the toolchain where the event originated. This object contains the following fields: `crn`: The CRN of the toolchain. `id`: The ID of the toolchain. `resource_group_id`: The ID of the toolchain's resource group. `name`: The name of the toolchain. `href`: The public API endpoint for the toolchain. `ui_href`: The UI endpoint for the toolchain.
`toolchain.tool-instance`	Optional. The object that represents the toolchain instance that participates in the event. This object is present and applicable only to events that are specific to a tool or tool integration. For the `toolchain_bind` and `toolchain_unbind` subtypes, this object is the tool integration instance that is being bound or unbound. For pipeline events, this object is the pipeline tool integration instance where the event originated. This object contains the following fields: `id`: The ID of the tool integration instance. `tool_type_id`: The ID of the tool type. `href`: The public API endpoint for the tool integration instance. `state`: The state of the tool integration instance. `referent`: An object that contains information about the tool that is represented by the tool integration instance. For example, `ui_href` which is the UI endpoint for the tool integration that is represented by the tool integration instance. `name`: Optional. The name of the tool integration instance.
`toolchain.pipeline-run`	Optional. The object that represents the Tekton pipeline run or Classic pipeline stage run where the event originated. This object is present and applicable only to pipeline events, and contains the following fields: `id`: The ID of the Tekton pipeline run or Classic pipeline stage. `ui_href`: The UI endpoint of the Tekton pipeline run or Classic pipeline stage. `run_number`: Optional. The run number of the Tekton pipeline run or the Classic pipeline stage. `start_time`: Optional. The time that the run started, in ISO 8601 format. `finish_time`: Optional. The time that the run finished, in ISO 8601 format. `duration`: Optional. The duration of the run, in ISO 8601 format. `trigger`: Optional. An object that contains information about the trigger that ran the Tekton pipeline. For example, `name`, which is the name of the Tekton pipeline trigger.
`toolchain.external-event`	Optional. Beta (subject to change). The object that contains the details of a client bespoke event resulting from invocation of the POST /toolchains/{toolchain_id}/events API. This object is present and applicable only to client bespoke events. This object contains the following fields: `id`: The ID of the client bespoke event produced by the POST /toolchains/{toolchain_id}/events API. `title`: The value of the `title` field in the request payload to the POST /toolchains/{toolchain_id}/events API. `description`: The value of the `description` field in the request payload to the POST /toolchains/{toolchain_id}/events API. `data`: Optional. The presence and value of this field depends upon the request payload submitted to the POST /toolchains/{toolchain_id}/events API. If the request to the API specifies a `content_type` of `text/plain`, then the `data` field is present with the value of the `data.text_plain` field from the request payload. If the request to the API specifies a `content_type` of `application/json`, then the `data` field is present with the value of the `data.application_json` field from the request payload. If the request to the API specifies a `content_type` of `none`, then the `data` field is omitted.