Pull request triggers currently support GitHub and GitLab only. Bitbucket support is not available at this time.
What are pull request triggers
Pull request triggers execute automations based on pull request activity in your repositories. The automation runs when specific events happen, such as opening a PR, updating code, or merging changes. Use pull request triggers for:- Automated code reviews and analysis
- Security scanning on new code
- Documentation updates when APIs change
- Compliance checks before merge
Configure pull request triggers
When creating an automation with a pull request trigger, configure the target scope and events:Target scope
Choose where the automation runs: Target projects:- Select Projects as the target type
- Choose one or more projects from the list
- The automation monitors all repositories within those projects
- Select Repositories as the target type
- Select an environment class for the automation to use
- Enter a search query to filter repositories (see Manual Triggers for search examples)
Select events
Choose which pull request events trigger the automation. You can select one or multiple events:- Opened - When a new pull request is created
- Updated - When new commits are pushed to the pull request
- Ready for review - When a draft pull request is marked ready for review
- Approved - When a reviewer approves the pull request
- Merged - When the pull request is merged into the target branch
- Closed - When the pull request is closed without merging
- Opened + Updated - Run checks on every code change
- Ready for review - Run comprehensive analysis before human review
- Approved - Run final validation before merge
Set up webhook configuration
After saving your automation, configure webhooks in GitHub or GitLab to send events to Ona. Note: Webhook configuration is only available after saving the automation. This is a current limitation.Access webhook details
- Save your automation
- Open the automation details page
- Navigate to the Configuration section
- Payload URL - The endpoint to send webhook events
- Secret - Authentication token for webhook requests
- Content type - Set to
application/json
Configure webhook in GitHub
- Go to your repository settings
- Navigate to Webhooks > Add webhook
- Enter the Payload URL from Ona
- Set Content type to
application/json - Enter the Secret from Ona
- Select Let me select individual events
- Check Pull requests
- Click Add webhook
Configure webhook in GitLab
- Go to your repository settings
- Navigate to Webhooks
- Enter the URL from Ona
- Enter the Secret token from Ona
- Under Trigger, check Merge request events
- Click Add webhook
Authentication & security
Webhooks use the secret token to authenticate requests:- GitHub and GitLab sign webhook payloads with the secret
- Ona verifies the signature before processing events
- Invalid signatures are rejected
Use cases
Automated security scanning
Scan for vulnerabilities when code changes: Configuration:- Events: Opened, Updated
- Target: All repositories in “org:ona”
- Steps: Run security scanner, comment findings on PR
Documentation validation
Ensure documentation stays current with code changes: Configuration:- Events: Ready for review
- Target: Repositories with “public-api” tag
- Steps: Check API changes, update docs, commit changes
Next steps
- Run an Automation
- Review Results
- Learn about Manual Triggers for on-demand execution
- Learn about Time-based Triggers for scheduled automation