Git Webhook Receiver

Automatically update a local git repository when changes are pushed to origin.

This is useful for addressing gitfs issues with saltstack, as well as always having an up-to-date local copy of head. As this makes a system call, anything can really be done.

Ports

Git Webhook Receiver Ports

Port

Protocol

Type

Purpose

8666

TCP

EXPOSED

Listen port for webhook

Updated: None

Ports

Git Webhook Receiver Files

Location

Purpose

/etc/systemd/system/git-webhook-receiver.service

systemd service

/srv/sync

Base sync location

Updated: None

Setup Upstream Git Webhook

Assumes gitea but any git service with webhooks should work. Ensure that you adjust settings in git-webhook-receiver.py if needed.

Create User for Pulling Repository

Add Webhook User

Site Administration › User Accounts › Create User Account

Authentication Source

LOCAL

Username

USER

Email Address

EMAIL

Password

PASS

☐

Require user to change password

Updated: None

Edit New User

Site Administration › User Accounts › Edit

☐

may create organizations

Updated: None

Setup webhook for Each Desired Repository

Project › Settings › Collaborators › Add Collaborators

USER

Read-Only

Updated: None

Add webhook

Project › Settings › Collaborators › Webhooks

Target URL

http://{RECEIVER}:8666

Post

application/json

Secret

TOKEN

☑

Push Events

☑

ACTIVE

Updated: None

Clone webhook Receiver and Setup Service

Using a simple git webhook receiver.

Clone webhook receiver.

cd /srv/sync
git clone https://github.com/r-pufky/git-webhook-receiver
cp git-webhook-receiver/examples/git-webhook-receiver.service /etc/systemd/service
cp git-webhook-receiver/git-webhook-receiver.py /srv/sync/git-webhook-receiver.py
cp git-webhook-receiver/config.yaml /srv/sync/

Note

Update the service with appropriate restricted user.

Add configuration for each repository with a webhook.

0600 user user /srv/sync/config.yaml

http://{GIT SERVER}:{PORT}/{USER}/{REPO}:
  command: /srv/sync/repo-sync
  secret: {AUTH TOKEN FOR WEBHOOK}
  background: True

Note

If running git service from a docker container, the URI will most likely be localhost instead of DNS name.

Setup Saved git Credentials

Save the user credentials locally remote repository can be sync’ed automatically.

For each respository:

1. Ensure logged in as sync user.

2. Clone repository to desired location.

3. Setup saved credentials:

   cd {CLONED REPO}
   git config credential.helper store
   git pull
   

Note

This will prompt for {USER} and {PASS}; they will be stored locally in ~/.git-credentials.

Setup pull Scripts

These scripts can really do anything. In this case, we are going to pull head to the local repository.

0700 user user /srv/sync/repo-sync

#!/bin/bash
cd /srv/{REPO}
git pull

Starting the Server

Enable webhook service and start.

systemctl enable git-webhook-receiver.service
systemctl start git-webhook-receiver

Testing

Create a CL and push it to origin. Check the local repository to see update.