Skip to content

Toolchain Creation Page Parameters

Jump to bottom
Maire Kehoe edited this page Mar 14, 2022 · 70 revisions

The "Create a toolchain page" (also called the toolchain creation page) is hosted at https://cloud.ibm.com/devops/setup/deploy.

The page allows users to provide certain parameters that drive toolchain creation. The parameters are documented here.

As an example, you could navigate to the Toolchain Setup page with these parameters:

Notice: End of support for Cloud Foundry Org-based Continuous Delivery Toolchains
Toolchains are created in resource groups. The option to create toolchains in Cloud Foundry Orgs and Spaces has been removed. The orgGuid and spaceGuid parameters are no longer accepted.
For more information, see the announcement dated 13 Dec 2021, entitled "End of support for Cloud Foundry Org-based Continuous Delivery Toolchains", on https://cloud.ibm.com/status/announcement?query=continuous+delivery .
Attempting to provide a orgGuid parameter will give the error message:
"Param orgGuid is no longer supported. Please provide a resourceGroupId parameter to create this toolchain. Details in the IBM cloud documentation: Migrating toolchains to a resource group."

Headless Toolchain Creation/Update using POST

A toolchain can also be created directly through a POST request (without going to the toolchain creation page) with the parameters autocreate, repository, resourceGroupId, and env_id. In addition, an existing toolchain can be updated by passing the parameter toolchainId along with these parameters. Update means adding services to an existing toolchain; it does not modify existing servces.

Parameters can usually be provided to the toolchain creation page in the query (?repository=…) or in the POST body as application/x-www-form-urlencoded data, except for the env_id parameter which is used in network request routing; it should be supplied in the query (?env_id=) to avoid problems in some edge-case behaviors.

The steps explaining how to determine the IAM token are explained below

Tip: To list your available resource groups and their ids from the command line, login to IBM Cloud using ibmcloud login, then run ibmcloud resource groups. To list your resource groups and ids from the browser, login to https://cloud.ibm.com, click Manage in the menu bar, then click Account, then click Resource groups in the sidebar.

The request header Accept: application/json is needed to allow any JSON errors to be returned, instead of a generic HTML error page.

The following curl command uses an IAM token to create a toolchain in US South (Dallas) and in the resource group with id "0123456789abcdef0123456789abcdef", and redirects to the created toolchain page (as if the user clicked Create on the toolchain creation page). It can also redirect to the URI mentioned in the &redirect_uri query parameter. Note, the Location response header contains the URL to the toolchain that was created.

curl -v -X POST -H "Authorization: Bearer $IAM_TOKEN" \
-H "Accept: application/json" \
-d 'repository=https%3A%2F%2Fgithub.com%2Fopen-toolchain%2Fempty-toolchain' \
-d '&autocreate=true' \
-d '&resourceGroupId=0123456789abcdef0123456789abcdef' \
  https://cloud.ibm.com/devops/setup/deploy?env_id=ibm:yp:us-south

The following curl command uses the &toolchainId parameter to add the services listed in the template repository to an existing toolchain with guid "01234567-89ab-cdef-0123-456789abcdef". Note when updating a toolchain, it adds new service instances / tool integration instances to the toolchain; so e.g. if you have a template with a pipeline named "ci-pipeline" and you run the update curl 3 times, then it would add 3 pipelines named "ci-pipeline" to the toolchain. It does not modify the existing tool integrations. For the other parameters shown here, they are specific to that template, so see the simple-toolchain-hosted section below.

curl -v -X POST -H "Authorization: Bearer $IAM_TOKEN" \
  -H "Accept: application/json" \
  -d "autocreate=true" \
  -d "&resourceGroupId=0123456789abcdef0123456789abcdef" \
  -d "&toolchainId=01234567-89ab-cdef-0123-456789abcdef" \
  -d "&repository=https://github.com/open-toolchain/simple-toolchain-hosted" \
  -d "&apiKey=${api_key}&prodRegion=${prod_region}&prodOrganization=${org_name}&prodSpace=${space_name}" \
  "https://cloud.ibm.com/devops/setup/deploy?env_id=ibm:yp:us-south"

Below are the detailed steps for using the above command:

  1. Install the IBM Cloud CLI. The IBM Cloud CLI provides the command line interface to manage applications, containers, infrastructure, services, and other resources in IBM Cloud.

  2. From a terminal or command shell, use ibmcloud login to login to the IBM Cloud

    Example: ibmcloud login -a cloud.ibm.com --sso
    (The --sso option may not be needed, depending on how your account is configured.)

  3. Retrieve your IAM bearer token

    Example: export IAM_TOKEN=$(ibmcloud iam oauth-tokens | awk '$0 ~ "^IAM token" {print $4}')

The following curl command will create the toolchain using an IAM bearer token:

curl -v -X POST -H "Authorization: Bearer $IAM_TOKEN" \
-H "Accept: application/json" \
-d "repository=$TEMPLATE_REPO" \
-d "&autocreate=true" \
-d "&resourceGroupId=$RG_ID" \
  https://cloud.ibm.com/devops/setup/deploy?env_id=$ENV_ID

Example of creating toolchain inside a resource group from a template which is empty / has no tool integrations:

curl -v -X POST -H "Authorization: Bearer $IAM_TOKEN" \
-H "Accept: application/json" \
-d "repository=https://github.com/open-toolchain/empty-toolchain" \
-d "&autocreate=true" \
-d "&resourceGroupId=0123456789abcdef0123456789abcdef" \
  https://cloud.ibm.com/devops/setup/deploy?env_id=ibm:yp:us-south

See also the below Other parameters section on providing extra parameters for specific toolchain templates. Also to create some sample toolchains containing pipelines, see the below Sample Headless Creation scripts and output

Get toolchain json using GET

curl -v -X GET -H "Authorization: Bearer $IAM_TOKEN" -H "Accept: application/json" \
  https://cloud.ibm.com/devops/toolchains/$TOOLCHAIN_GUID?env_id=$ENV_ID§

Example:

curl -v -X GET -H "Authorization: Bearer $IAM_TOKEN" -H "Accept: application/json" \
  https://cloud.ibm.com/devops/toolchains/01234567-89ab-cdef-0123-456789abcdef?env_id=ibm:yp:us-south

Parameters

Template, application, Headless Creation and page display details are set using a variety of parameters. You can also create custom parameters.

Setting the template

A few parameters provide the Toolchain Template that the page uses to render itself. If none of these parameters are provided, the page will not load (you will be redirected to a "welcome" page instead).

Setting the CF application information

The following parameters allow the toolchain to be associated with a Cloud Foundry app immediately upon creation. They are mainly used to implement the workflow of the IBM Cloud app dashboard overview page "Enable Continuous Delivery" button.

At present, setting these parameters will cause the repository and zip_url parameterss to be ignored; instead, the template will be fetched from add-toolchain. (Note that this is kind of surprising, so it might change in the future.)

  • application_guid: The GUID of the Cloud Foundry application that the created toolchain will be associated with.
  • region_id: The IBM Cloud region ID that the CF app is running in. Examples: ibm:yp:us-south, ibm:yp:eu-gb. It should not be confused with env_id which is where the toolchain will be created.
  • zip_location: The URL of a compressed (.zip) file containing the boilerplate code for the app. Some templates use this URL to configure tools. For example, add-toolchain uses the boilerplate URL to configure the GitHub service such that created repos are initialized with the contents of the boilerplate compressed (.zip) file.

Headless Toolchain Creation and Update

The following parameters provide the API https://cloud.ibm.com/devops/setup/deploy information to create or update a toolchain from the command line, without going to the Toolchain Creation page in a browser. The request must be a POST, and the parameter autocreate must be true for headless creation or update to work, otherwise it will just load the Toolchain Creation page. You must specify resourceGroupId, and env_id for the headless toolchain creation or update. To update an existing toolchain the parameter toolchainId is required; otherwise, a new toolchain will be created.

  • repository: The URL of the Git repository containing the template of the toolchain. When updating an existing toolchain, the template specifies the services which will be added to the toolchain. The repository parameter is mutually exclusive with the zip_url parameter. Example: https://github.com/open-toolchain/simple-toolchain-hosted
  • branch: The Git branch name that the template will be read from. Optional. If not set, detects the repository's default branch using REST APIs; often branch main or master.
  • zip_url: The URL of a compressed file containing the template. The zip_url parameter is mutually exclusive with the repository parameter.
  • env_id: The region in which the toolchain will be created or updated. The value is expressed as ibm:yp:<region> where <region> is the id of any multi-zone region that supports toolchains, e.g.: us-south, us-east, ca-tor, br-sao, eu-gb, eu-de, au-syd, jp-tok, jp-osa.
  • apiKey: An IAM API Key is often required, if the template includes pipeline integrations with deploy tasks, it enables the tasks to login to Cloud Foundry and Kubernetes environments.
  • resourceGroupId: The GUID of the resource group where the toolchain will be created.
  • autocreate: true. If this param is not provided, then the request to update or create a toolchain will be ignored, and a HTML page will be returned.
  • toolchainId: The GUID of an existing toolchain to update / add services to, based upon the template. If omitted, a new toolchain will be created.
  • redirect_uri: The URL where the page should be redirected upon successful creation of a toolchain. A toolchain_url query parameter will be added to the redirect_uri parameter to allow further introspection of the toolchain. If not provided, it will redirect to the toolchain page.

Page display options

You can control page display options by using the following query settings:

  • auth: Loading the page with auth=false in the query allows it to render for users who have not logged in. (Note that this is currently an implementation detail, not part of the API, and it is subject to change.)
  • nocreate: Loading the page with nocreate in the query will disable the Create button. Instead of creating the toolchain, the page will log the POST body to the browser's JavaScript console. this parameter is useful for debugging.

Other parameters

For the template to be useful, usually some other parameters will be needed. For example, if the toolchain template contains a pipeline to deploy an application, it needs parameters to specify where the application should be deployed. Or if a pipeline will interact with some server, it would need credentials to contact that server, e.g. when running unit tests on a Sauce Labs server.

So for example, in the simple-toolchain-hosted toolchain template, the form pipeline section has:
https://github.com/open-toolchain/simple-toolchain-hosted
https://github.com/open-toolchain/simple-toolchain-hosted/blob/22f16d29fbd54c144ca38821e2bf003e50e544c9/.bluemix/toolchain.yml#L249

form:
  pipeline:
    parameters:
      prod-space: "{{prodSpace}}"
      prod-organization: "{{prodOrganization}}"
      prod-region: "{{prodRegion}}"
      api-key: "{{apiKey}}"

where it defines that it needs parameters prodSpace, prodOrganization, prodRegion, and apiKey.

The mustache expressions will be resolved during the toolchain creation. Those single-part mustache expressions (like {{prodSpace}}) usually refer to parameters that must be passed to the toolchain creation REST api at /devops/setup/deploy. You will occasionally see references to parameters like {{repository}} that are present both when the setup/deploy page is loaded in the web browser, and in the headless/browser-less use-case when using the REST API.

For mustache expressions with multiple parts separated by a '.' dot character, like {{form.pipeline.parameters.prod-app-name}}, those are not headless parameters, but instead are references to other parts of the template.yml file, so you do not need to explicitly pass those as headless parameters to the REST API.

In that simple-toolchain-hosted template, those single-part mustache expressions are marked as required in the deploy.json file, so if we do not pass these headless parameters, or if they have an empty-string "" as the value the POST body parameters:
-d "&apiKey=&prodRegion=&prodOrganization=&prodSpace=" \
then it cannot resolve the required pipeline parameters, and the POST request will give a HTTP 400 Bad Request error code with response body:
{"status":"error","description":"Failed Schema Validation at prod-region,prod-organization,prod-space,api-key for pipeline","details":""}
You will need to pass non-empty values for each of the required pipeline parameters, and you can check the template.yml file to find the corresponding headless REST parameter name; e.g. pipeline schema name prod-space relates to headless parameter prodSpace.

In general, any parameters not documented earlier in this document can be provided via URL query parameters or POST body parameters and referenced as the target of a {{mustache}} expression within a toolchain template.

For example, loading the page using the URL /devops/setup/deploy?repository=/devops/setup/deploy?repository=https://github.com/me/myrepo&fizz=buzz (query parameter fizz) will allow the toolchain template hosted at https://github.com/me/myrepo to contain mustache templates {{fizz}}, which evaluate to the value "buzz" at creation time.

Query parameters are parsed into typed values, for example a URL parameter &foo=true will be injected into the template as a Boolean value true, not the string "true".

Similarly, URL parameter &foo=false evaluates to the Boolean value false, not the string "false"

URL parameter &foo=null evaluates to null, not the string "null"

More details related to the toolchain.yml file can be found in the document Template File Format.

Sample Headless Creation scripts and output

Here are some samples of scripts for creating toolchains from some specific templates, and example output.

Sample script and output for simple-helm-toolchain Kubernetes Helm template

One of the sample toolchain templates provided by the IBM Cloud is the simple-helm-toolchain template.

That template has required parameters needed by the sample pipeline to deploy the sample app to a cluster, and storing the app container images in a container registry namespace. So if you try to create a toolchain from that template with only the autocreate/repository/resourceGroupId/env_id parameters, there's a HTTP 400 Bad Request response with error:
{"status":"error","description":"Failed Schema Validation at api-key,registry-region,registry-namespace,prod-region,prod-resource-group,prod-cluster-name for pipeline","details":""}
and by consulting the toolchain.yml file in the simple-helm-toolchain template we see that the corresponding mustache expressions with the headless parameter names are:
{{apiKey}},{{registryRegion}},{{registryNamespace}},{{prodRegion}},{{prodResourceGroup}},{{prodClusterName}}
and there's an optional {{prodClusterNamespace}} (defaulting to cluster namespace 'prod').

As shown in the example output below, this sample script assumes that the user has the 'ibmcloud' tool installed, that the user has logged-in, configured the ibmcloud target region to the region where the toolchain will be created, configured the ibmcloud target resource group to where the toolchain will be created, and configured the ibmcloud cr region to the container registry region where the app images will be created. It assumes the user has already created a cluster, and will use the first cluster in the clusters list, and assumes the user has created a container registry namespace and will use the first registry namespace in the list. It will also create and use a new api-key; if the user has hit the limit for number of api keys that may be created, that may fail and you may need to delete some old/unused api keys at https://cloud.ibm.com/iam/apikeys.

simple-helm-toolchain.sh

#!/bin/bash

echo "Starting..."

token=$(ibmcloud iam oauth-tokens | head -1 | sed 's/.*:[ \t]*//')
resource_group_id=$(ibmcloud target --output json | grep -A 5 '"resource_group":' | grep '"guid":' | sed -E 's/.+: .(.+).,/\1/g')
api_key=$(ibmcloud iam api-key-create "api-key created on $(date)" --output json | grep '"apikey":' | sed -E 's/.+: .(.+).,/\1/g' )
registry_region=$(ibmcloud cr region | grep region | sed -E "s/.+targeting region '([^']+)'.+/\1/g" | sed -E 's/(.+)/ibm:yp:\1/g')
registry_namespace=$(ibmcloud cr namespaces | grep -A 1 Namespace | grep -v Namespace | sed -E 's/([^ ]+).*/\1/g')
prod_cluster_name=$(ibmcloud ks clusters --json | grep '"name":' | head -1 | sed -E 's/.+: .(.+).,/\1/g')
prod_region=$(ibmcloud ks cluster get --cluster="${prod_cluster_name}" --output json | grep '"region":' | sed -E 's/.+: .(.+).,/ibm:yp:\1/g')
prod_resource_group=$(ibmcloud ks cluster get --cluster="${prod_cluster_name}" --output json | grep '"resourceGroupName":' | sed -E 's/.+: .(.+).,/\1/g')

host="https://cloud.ibm.com"
env_id="ibm:yp:us-south"
# env_id="ibm:yp:eu-de"
# env_id="ibm:yp:us-east"

template="https://us-south.git.cloud.ibm.com/open-toolchain/simple-helm-toolchain"
# template="https://eu-de.git.cloud.ibm.com/open-toolchain/simple-helm-toolchain"
# template="https://github.com/open-toolchain/simple-helm-toolchain"

body="autocreate=true"
body="${body}&repository=${template}"
body="${body}&resourceGroupId=${resource_group_id}"
body="${body}&apiKey=${api_key}"
body="${body}&registryRegion=${registry_region}"
body="${body}&registryNamespace=${registry_namespace}"
body="${body}&prodRegion=${prod_region}"
body="${body}&prodResourceGroup=${prod_resource_group}"
body="${body}&prodClusterName=${prod_cluster_name}"
body="${body}&prodClusterNamespace=prod"

url="${host}/devops/setup/deploy?env_id=${env_id}"

echo "POST url is: $url"
echo "POST body is: $body"
echo "date is: "
date

curl -v -k -X POST \
  "${url}" \
  -H "Authorization: ${token}" \
  -H "Accept: application/json" \
  -d "${body}"

The output is like so when configuring the ibmcloud tool and running the script, except that some secret values have been manually replaced by REDACTED here:

output for simple-helm-toolchain.sh

Maires-MacBook-Pro:scripts mkehoe$ ibmcloud login
API endpoint: https://cloud.ibm.com
Region: us-south

Email> [email protected]

Password>
Authenticating...
OK

Select an account:
1. Maire Kehoe's Account (e30116882e609f593debe7d18de9751e)
[...]
Enter a number> 1
Targeted account Maire Kehoe's Account (e30116882e609f593debe7d18de9751e)

API endpoint:      https://cloud.ibm.com
Region:            us-south
User:              mkehoe @ ie.ibm.com
Account:           Maire Kehoe's Account (e30116882e609f593debe7d18de9751e)
Resource group:    No resource group targeted, use 'ibmcloud target -g RESOURCE_GROUP'
CF API endpoint:
Org:
Space:
Maires-MacBook-Pro:scripts mkehoe$
Maires-MacBook-Pro:scripts mkehoe$ ibmcloud resource groups
Retrieving all resource groups under account e30116882e609f593debe7d18de9751e as [email protected]...
ibmclouOK
Name      ID                                 Default Group   State
default   d33103e0d7da45cb8000aa79eeecb75b   true            ACTIVE
Maires-MacBook-Pro:scripts mkehoe$ ibmcloud target -g default
Targeted resource group default

API endpoint:      https://cloud.ibm.com
Region:            us-south
User:              mkehoe @ ie.ibm.com
Account:           Maire Kehoe's Account (e30116882e609f593debe7d18de9751e)
Resource group:    default
CF API endpoint:
Org:
Space:
Maires-MacBook-Pro:scripts mkehoe$
Maires-MacBook-Pro:scripts mkehoe$ ibmcloud cr region-set
Choose a region
1. ap-north ('jp.icr.io')
2. ap-south ('au.icr.io')
3. br-sao ('br.icr.io')
4. ca-tor ('ca.icr.io')
5. eu-central ('de.icr.io')
6. eu-fr2 ('fr2.icr.io')
7. global ('icr.io')
8. jp-osa ('jp2.icr.io')
9. uk-south ('uk.icr.io')
10. us-south ('us.icr.io')
Enter a number ()> 10
The region is set to 'us-south', the registry is 'us.icr.io'.

OK
Maires-MacBook-Pro:scripts mkehoe$
Maires-MacBook-Pro:scripts mkehoe$ ./simple-helm-toolchain.sh
Starting...
POST url is: https://cloud.ibm.com/devops/setup/deploy?env_id=ibm:yp:us-south
POST body is: autocreate=true&repository=https://us-south.git.cloud.ibm.com/open-toolchain/simple-helm-toolchain&resourceGroupId=d33103e0d7da45cb8000aa79eeecb75b&apiKey=REDACTED&registryRegion=ibm:yp:us-south&registryNamespace=reg-ns-03&prodRegion=ibm:yp:us-south&prodResourceGroup=default&prodClusterName=mycluster-07-free&prodClusterNamespace=prod
date is:
Wed 16 Feb 2022 09:10:07 GMT
Note: Unnecessary use of -X or --request, POST is already inferred.
[...]
> POST /devops/setup/deploy?env_id=ibm:yp:us-south HTTP/2
> Host: cloud.ibm.com
> User-Agent: curl/7.64.1
> Authorization: Bearer REDACTED
> Accept: application/json
> Content-Length: 371
> Content-Type: application/x-www-form-urlencoded
>
* We are completely uploaded and fine
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 302
< content-length: 0
< location: https://cloud.ibm.com/devops/toolchains/e5bce6c5-4cac-4b77-a2e3-84ba0e9da199?env_id=ibm:yp:us-south
< cf-ray: 6de5a4200f746749-DFW
< strict-transport-security: max-age=31536000; includeSubDomains
< cf-cache-status: DYNAMIC
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< referrer-policy: no-referrer-when-downgrade
< x-content-type-options: nosniff
< x-envoy-upstream-service-time: 5928
< x-xss-protection: 1; mode=block
< server: undefined
< x-frame-options: SAMEORIGIN
< expires: Wed, 16 Feb 2022 09:10:14 GMT
< cache-control: max-age=0, no-cache, no-store
< pragma: no-cache
< date: Wed, 16 Feb 2022 09:10:14 GMT
< server-timing: cdn-cache; desc=MISS
< server-timing: edge; dur=25
< server-timing: origin; dur=5932
< akamai-grn: 0.3436d517.1645002608.19ee09ce
< set-cookie: REDACTED
<
* Connection #0 to host cloud.ibm.com left intact
* Closing connection 0
Maires-MacBook-Pro:scripts mkehoe$

Note the response is a HTTP 302 Found/Redirect, with an associated location header like:
location: https://cloud.ibm.com/devops/toolchains/e5bce6c5-4cac-4b77-a2e3-84ba0e9da199?env_id=ibm:yp:us-south
which gives the URL to the created toolchain.

If you open that toolchain, you should see that it has created a git tool integration, and a pipeline. If you wait for the pipeline to finish running, and click into the logs for the Deploy job, at the end you should see a link to the running app that has been deployed in your cluster, like:

VIEW THE APPLICATION AT: http://169.57.85.51:32310

and you can click on the link to see your deployed hello world sample app.

Sample script and output for simple-toolchain-hosted Cloud Foundry template

One of the sample toolchain templates provided by the IBM Cloud is the simple-toolchain-hosted template.

That template has required parameters needed by the sample pipeline to deploy the test app to a Cloud Foundry (CF) app. So if you try to create a toolchain from that template with only the autocreate/repository/resourceGroupId/env_id parameters, there's a HTTP 400 Bad Request response with error:
{"status":"error","description":"Failed Schema Validation at prod-region,prod-organization,prod-space,api-key for pipeline","details":""}
and by consulting the toolchain.yml file in the simple-toolchain-hosted template we see that the corresponding mustache expressions with the headless parameter names are:
{{apiKey}},{{prodRegion}},{{prodOrganization}},{{prodSpace}}.

As shown in the example output below, this sample script assumes that the user has the 'ibmcloud' tool installed, that the user has logged-in, configured the ibmcloud target region to the region where the toolchain will be created and where the CF app will be created, configured the ibmcloud target resource group to where the toolchain will be created, and has done the ibmcloud target --cf command to target a Cloud Foundry organization and space where the CF app will be created. It will also create and use a new api-key; if the user has hit the limit for number of api keys that may be created, that may fail and you may need to delete some old/unused api keys at https://cloud.ibm.com/iam/apikeys.

simple-toolchain-hosted.sh

#!/bin/bash

echo "Starting..."

token=$(ibmcloud iam oauth-tokens | head -1 | sed 's/.*:[ \t]*//')
resource_group_id=$(ibmcloud target --output json | grep -A 5 '"resource_group":' | grep '"guid":' | sed -E 's/.+: .(.+).,/\1/g')
api_key=$(ibmcloud iam api-key-create "api-key created on $(date)" --output json | grep '"apikey":' | sed -E 's/.+: .(.+).,/\1/g' )
org_name=$(ibmcloud cf t | grep org | sed 's/org\:[ ]*//g')
space_name=$(ibmcloud cf t | grep space | sed 's/space\:[ ]*//g')
prod_region=$(ibmcloud target | grep Region | sed -E 's/.+:[ ]*([^ ]*)[ ]*/ibm:yp:\1/g')

host="https://cloud.ibm.com"
env_id="ibm:yp:us-south"
# env_id="ibm:yp:us-east"
# env_id="ibm:yp:eu-de"

template="https://us-south.git.cloud.ibm.com/open-toolchain/simple-toolchain-hosted"
# template="https://github.com/open-toolchain/simple-toolchain-hosted"

body="autocreate=true"
body="${body}&resourceGroupId=${resource_group_id}"
body="${body}&repository=${template}"
body="${body}&apiKey=${api_key}"
body="${body}&prodRegion=${prod_region}"
body="${body}&prodSpace=${space_name}"
body="${body}&prodOrganization=${org_name}"

url="${host}/devops/setup/deploy?env_id=${env_id}"

echo "POST url is: $url"
echo "POST body is: $body"

curl -v -k -X POST \
  -H "Authorization: ${token}" \
  -H "Accept: application/json" \
  -d "${body}" \
  "${url}"

The output is like so when configuring the ibmcloud tool and running the script, except that some secret values have been manually replaced by REDACTED here:

output for simple-toolchain-hosted.sh

Maires-MacBook-Pro:scripts mkehoe$
Maires-MacBook-Pro:scripts mkehoe$ ibmcloud login
API endpoint: https://cloud.ibm.com
Region: us-south

Email> [email protected]

Password>
Authenticating...
OK

Select an account:
1. Maire Kehoe's Account (e30116882e609f593debe7d18de9751e)
[...]
Enter a number> 1
Targeted account Maire Kehoe's Account (e30116882e609f593debe7d18de9751e)


API endpoint:      https://cloud.ibm.com
Region:            us-south
User:              [email protected]
Account:           Maire Kehoe's Account (e30116882e609f593debe7d18de9751e)
Resource group:    No resource group targeted, use 'ibmcloud target -g RESOURCE_GROUP'
CF API endpoint:
Org:
Space:
Maires-MacBook-Pro:scripts mkehoe$
Maires-MacBook-Pro:scripts mkehoe$ ibmcloud resource groups
Retrieving all resource groups under account e30116882e609f593debe7d18de9751e as [email protected]...
OK
Name      ID                                 Default Group   State
default   d33103e0d7da45cb8000aa79eeecb75b   true            ACTIVE
Maires-MacBook-Pro:scripts mkehoe$
Maires-MacBook-Pro:scripts mkehoe$ ibmcloud target -g default
Targeted resource group default

API endpoint:      https://cloud.ibm.com
Region:            us-south
User:              [email protected]
Account:           Maire Kehoe's Account (e30116882e609f593debe7d18de9751e)
Resource group:    default
CF API endpoint:
Org:
Space:
Maires-MacBook-Pro:scripts mkehoe$
Maires-MacBook-Pro:scripts mkehoe$ ibmcloud target --cf
Targeted Cloud Foundry (https://api.us-south.cf.cloud.ibm.com)

Targeted org [email protected]

Targeted space dev-us-prod

API endpoint:      https://cloud.ibm.com
Region:            us-south
User:              [email protected]
Account:           Maire Kehoe's Account (e30116882e609f593debe7d18de9751e)
Resource group:    default
CF API endpoint:   https://api.us-south.cf.cloud.ibm.com (API version: 2.172.0)
Org:               [email protected]
Space:             dev-us-prod
Maires-MacBook-Pro:scripts mkehoe$
Maires-MacBook-Pro:scripts mkehoe$ ./simple-toolchain-hosted.sh
Starting...
POST url is: https://cloud.ibm.com/devops/setup/deploy?env_id=ibm:yp:us-south
POST body is: autocreate=true&resourceGroupId=d33103e0d7da45cb8000aa79eeecb75b&repository=https://us-south.git.cloud.ibm.com/open-toolchain/simple-toolchain-hosted&apiKey=REDACTED&prodRegion=ibm:yp:us-south&prodSpace=dev-us-prod&[email protected]
Note: Unnecessary use of -X or --request, POST is already inferred.
[...]
> POST /devops/setup/deploy?env_id=ibm:yp:us-south HTTP/2
> Host: cloud.ibm.com
> User-Agent: curl/7.64.1
> Authorization: Bearer REDACTED
> Accept: application/json
> Content-Length: 285
> Content-Type: application/x-www-form-urlencoded
>
* We are completely uploaded and fine
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 302
< content-length: 0
< location: https://cloud.ibm.com/devops/toolchains/dd7dc84b-ee45-4d10-a071-ebdd8bfd11cc?env_id=ibm:yp:us-south
< cf-ray: 6de63d1c5dc7283f-DFW
< strict-transport-security: max-age=31536000; includeSubDomains
< cf-cache-status: DYNAMIC
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< referrer-policy: no-referrer-when-downgrade
< x-content-type-options: nosniff
< x-envoy-upstream-service-time: 8258
< x-xss-protection: 1; mode=block
< server: undefined
< x-frame-options: SAMEORIGIN
< expires: Wed, 16 Feb 2022 10:54:43 GMT
< cache-control: max-age=0, no-cache, no-store
< pragma: no-cache
< date: Wed, 16 Feb 2022 10:54:43 GMT
< server-timing: cdn-cache; desc=MISS
< server-timing: edge; dur=20
< server-timing: origin; dur=8262
< akamai-grn: 0.2e36d517.1645008874.1726e92b
< set-cookie: REDACTED
<
* Connection #0 to host cloud.ibm.com left intact
* Closing connection 0
Maires-MacBook-Pro:scripts mkehoe$

Note the response is a HTTP 302 Found/Redirect, with an associated location header like:
location: https://cloud.ibm.com/devops/toolchains/dd7dc84b-ee45-4d10-a071-ebdd8bfd11cc?env_id=ibm:yp:us-south
which gives the URL to the created toolchain.

If you open that toolchain, you should see that it has created a git tool integration, and a pipeline. If you wait for the pipeline to finish running, then reload the toolchain page, at the top of the toolchain page beside the "Details" link action, there appears a new "Visit App URL" link; in my case it links to the url:
https://simple-toolchain-20220216105440013.mybluemix.net/
You can click on the link to see your deployed hello world sample app.

Before using information from this site, please see the information on the Home page.

Home

Getting Started

Reference

Clone this wiki locally