Hey, when setting up webhooks on the OSS Broker, is there any way to protect Credentials that need to be passe in the URL, like the Pipeline Trigger Token for GitLab Pipelines?

Hi! I want to migrate to use

contract_requiring_verification_published

in the Pact-Broker's webhooks as I am working on multiple environments (main branch, integration, stage, prod). I am using Gitlab trigger tokens which trigger a pipeline only running the

pactVerify

job (which is a Gradle talk of my project executing the Java PactProviderTest). As Gitlab only accepts branches and tags as reference (

ref

), I don't know how I can pass the right revision to the

ref

as my

pactbroker.providerVersionNumber

returns a combination of my Gradle project version + the respective Git short SHA (e.g. 1.0.0-a6d33b7a). My tags in Gitlab are named in format v1.0.0. I was thinking about parsing the version and do string manipulation to reach my desired format, but this seems not be possible within a webhook. Alternatively I thought about setting the

providerVersionsTags

and use them to pass to the

ref

. But this seems to be a complex (and probably dirty) workaround which I am not even sure about if it would work as expected. Do you have any idea?

Hi community! Anyone is handling secrets in open-source version? If so, could you share your experience and how you do it? thanks in advance!

Hello, we have been experiencing this error with our broker for a few days: _“Failed to load pact from ‘https://pact-broker.**.com’: Error with the content of a HAL resource - Expected either a “_” or path identifier in path expression “$.query.$” at index 8"* We have tried to understand what it means, but we haven’t found a solution. 2025/01/30 112536 [INFO] package libpact_ffi found 2025/01/30 112536 [INFO] checking version 0.4.26 of libpact_ffi against semver constraint >= 0.4.0, < 1.0.0 2025/01/30 112536 [INFO] package libpact_ffi is correctly installed Thank you for your help.

Hi, I am searching for a way to get all versions of a pacticipant that are currently in an environment, e.g.

production

. I did not find anything in the pact-broker CLI or in the Pact-broker API. Is there a way?

Hi there, are there any infos how much resources needed when self hosting the Pact Broker? What resources does it need? How much space should I plan for the database? thanks!

hey folks how are you? I would like to know when running the CI if an application is a consumer or a provider. Is there any endpoint that given a pacticipant we get its interactions such as the one that offers Pactflow? GET https://myorg-xxxx.pactflow.io/pacticipant/myapp/network Thanks in advance 💃

See /integrations endpoint

The Pactflow API docs are a superset of these. See https://smartbear.portal.swaggerhub.com/pactflow/default/getting-started for more

Hi there, does the self hosted broker supports SSO?

Hello, is it correct that the OSS Broker does not fire the

contract_requiring_verification_published

event when no provider has ever verified a contract from this consumer? So if I want to trigger the pipeline for a brand new interface I also need to add the

contract_content_changed

event to the webhook configuration?

I think that’s right. I can’t remember why it doesn’t fire it - probably because it doesn’t have any provider version to say “this version needs to verify the pact”

but I wouldn’t add the second webhook for triggering the provider exactly once

Yeah, that absolutely makes sense. Just realized that those would need to be separate webhooks anyway, because the contract_content_changed doesn't seem to have access to the variables that the other does, which confirms your guess.

> but I wouldn’t add the second webhook for triggering the provider exactly once Oh yeah right, especially because whatever this pipeline runs will likely fail anyway because it's impractical for the provider to setup their contract tests before the consumer did (and published their first contract)

Hm. Strange. The contract was verified (not on the main branch though), pushed a modified version and the webhook still isn't triggered (not failed to trigger, but just not trigged, also reportely like that by broker UI).

Hello. Is there a way to get an error from the broker when a pact or swagger gets published to a non-existent pacticipant?

@Spencer has left the channel

Release - Version 2.113.0 New release published by github-actions[bot] Features • aggregated provider state endpoint (#734) (</pact-foundation/pact_broker/commit/108d11a7|108d11a7>) • add more logging to data migrations (</pact-foundation/pact_broker/commit/9482d44d|9482d44d>) Bug Fixes • make sure last_action_date always returns a DateTime object (</pact-foundation/pact_broker/commit/d60c264e|d60c264e>) pact-foundation/pact_broker

Release - Version 2.113.1 New release published by github-actions[bot] Bug Fixes • Update openapi_first and use it's coverage thing (#783) (</pact-foundation/pact_broker/commit/b3da850b|b3da850b>) • incorrect ProviderStates policy name. (#782) (</pact-foundation/pact_broker/commit/bddfd2d0|bddfd2d0>) pact-foundation/pact_broker

Release - Version 2.113.2 New release published by github-actions[bot] #### Bug Fixes • downcase Content-Type header (</pact-foundation/pact_broker/commit/6eebfbdf|6eebfbdf>) • downcase X-Pact-Broker-Version header (</pact-foundation/pact_broker/commit/8dfb3ac2|8dfb3ac2>) • downcase Cache-Control header (</pact-foundation/pact_broker/commit/6ceae489|6ceae489>) • downcase Vary header (</pact-foundation/pact_broker/commit/a43416a3|a43416a3>) • add webmachine monkey patch to exclude webrick default load (</pact-foundation/pact_broker/commit/ef674d37|ef674d37>) pact-foundation/pact_broker

Release - Version 2.114.0 New release published by github-actions[bot] #### Features • support extended verification results (#778) (</pact-foundation/pact_broker/commit/18f571c8|18f571c8>) pact-foundation/pact_broker

Good afternoon. How do I get the list of released consumer versions from a self-hosted pact broker? I.e. the list of versions marked by

pact-broker record-release

? Also, how do we bulk

record-support-ended

them?

Tags are generally considered deprecated. But are there any plans to delete them? I am building workflow where I promote artifacts (docker images) to specific environments. I use commit id for pact version (as recommended) but I do not have an easy way to get commit id from docker tag (semver). I planned to tag contracts and verifications with semver version and use api to get version from tag and then run can I deploy against it. But if I lose tags in near future it will all fall apart. Is there any reasonable way to do it any other way instead of having external system tracking matching between semver and pact version?

👋 Hello, team! someone can help to clarify how can I publish an example-consumer into pact-broker?

Hi team, I’m looking for some advice on our current Provider's CI/CD setup with Pact Broker. We have two separate branches:

staging

and

production

, which may contain different code as features are tested in staging before being rolled out to production. 1. Would it make sense to maintain separate sets of Pact stages for each branch? 2. I've observed that when a webhook is triggered, the verification always runs against the main branch (staging), regardless of which branch initiated the process. This could potentially cause issues when the branches diverge. Any suggestions on how we can improve this setup or handle branch-specific verification more effectively? Thanks!

Would it make sense to maintain separate sets of Pact stages for each branch?

I’m not sure I entirely follow. The concept of “branches” are there to map changes for a given branch. Are you using

pact-broker record-deployment

when you deploy to each environment?

I’ve observed that when a webhook is triggered, the verification always runs against the main branch (staging), regardless of which branch initiated the process. This could potentially cause issues when the branches diverge.

When a webhook fires, it specifies in the payload which version (and branch/environment) that it needs to check against. Your webhook target should read the value of that body, and checkout the correct code accordingly. See also https://docs.pact.io/pact_broker/webhooks#using-webhooks-with-the-contract_requiring_verification_published-event

Release - Version 2.115.0 New release published by github-actions[bot] #### Features • group provider states by consumers (</pact-foundation/pact_broker/commit/e39860a9|e39860a9>) #### Bug Fixes • dedupe non unique provider states #789 (</pact-foundation/pact_broker/commit/3cf22169|3cf22169>) • explicitly order labels by name (</pact-foundation/pact_broker/commit/d25746c1|d25746c1>) pact-foundation/pact_broker

According to https://docs.pact.io/getting_started/versioning_in_the_pact_broker the commit SHA should be used as version. I understand the reasoning behind that, but what I don't understand how this plays together later with can-i-deploy. When deploying, I do not use a commit SHA, but a real version (e.g. 1.1.10). I would need to know the commit SHA when doing the can-i-deploy. I guess I could look it up from Git, but then need Git access at that moment (which I currently don't have).