Integrating Container Registry with your toolchain
A modern container registry must do more than just store images; it must serve as a hub that integrates seamlessly into the broader DevOps and security toolchain. STACKIT Container Registry is designed for extensibility, offering a flexible webhook system for event-driven automation. This feature enables deep integration with CI/CD systems, monitoring platforms, and other essential tools.
By leveraging webhooks, you can transform STACKIT Container Registry from a passive artifact store into an active participant in your automated workflows. This guide details how to react to events in real time.
Automating responses with webhooks
Section titled “Automating responses with webhooks”Webhooks are a powerful tool for reacting to events within the registry. They enable STACKIT CR to send real-time notifications to external systems whenever specific events occur within a project. This event-driven approach is perfect for triggering downstream automations.
Project administrators can configure webhooks to send an HTTP POST request to a specified URL (the “webhook endpoint”) when an event is triggered. The payload of this request contains a JSON object with detailed information about the event.
- Supported Endpoints: Webhooks can be configured to send notifications to a generic HTTP endpoint or a Slack incoming webhook URL for direct integration with Slack channels.
- Payload Formats: For HTTP endpoints, two JSON payload formats are supported:
- Default: The legacy format used in older versions of Harbor.
- CloudEvents: A standardized, specification-compliant format that provides richer metadata and better interoperability across systems. This is the recommended format for new integrations.
Webhook event triggers
Section titled “Webhook event triggers”The following table summarizes the key events that can trigger a webhook, the essential data included in the payload, and common use cases for each. This serves as a quick reference for developers building integrations.
| Event | Webhook Event Type | Key Payload Contents | Common Use Case |
|---|---|---|---|
| Push Artifact | PUSH_ARTIFACT | repository.name.example.com, resources.tag, operator | Trigger a new build in a CI/CD pipeline, send a notification to a chat application. |
| Pull Artifact | PULL_ARTIFACT | repository.name.example.com, resources.tag, operator | Log deployment events for auditing purposes. |
| Delete Artifact | DELETE_ARTIFACT | repository.name.example.com, resources.digest | Trigger cleanup tasks in related systems. |
| Scan Completed | SCANNING_COMPLETED | resources.scan_overview.summary | Parse vulnerability results; create a ticket in a system like Jira if critical vulnerabilities are found. |
| Scan Failed | SCANNING_FAILED | repository.name.example.com, resources.tag, error | Alert the security or operations team about a failure in the scanning process. |
| Quota Exceeded | QUOTA_EXCEED | repository.name.example.com, custom_attributes.details | Notify project administrators that storage limits have been reached and a push has been blocked. |
| Replication Finished | REPLICATION | job_status, src_resource, dest_resource | Confirm that artifacts have been successfully replicated to a disaster recovery site or production registry. |
| Tag Retention Finished | TAG_RETENTION | total, retained, deleted_artifact | Log automated cleanup activities for audit and review. |
Ecosystem integrations
Section titled “Ecosystem integrations”Webhook capabilities enable a rich ecosystem of integrations. For example:
- GitLab CI/CD: GitLab can be easily integrated with STACKIT CR. By configuring the Harbor integration in GitLab, CI/CD pipelines gain access to predefined environment variables (e.g.,
$HARBOR_URL,$HARBOR_PROJECT,$HARBOR_PASSWORD) that simplify the process of logging in, pushing, and pulling images within pipeline jobs.