Git Webhook Receiver

Automatically update a local git repository when changes are pushed to origin.

This is useful for addressing gitfs issues with saltstack, as well as always having an up-to-date local copy of head. As this makes a system call, anything can really be done.



Setup Upstream Git Webhook

Assumes gitea but any git service with webhooks should work. Ensure that you adjust settings in if needed.

Create User for Pulling Repository

Clone webhook Receiver and Setup Service

Using a simple git webhook receiver.

Clone webhook receiver.
cd /srv/sync
git clone
cp git-webhook-receiver/examples/git-webhook-receiver.service /etc/systemd/service
cp git-webhook-receiver/ /srv/sync/
cp git-webhook-receiver/config.yaml /srv/sync/


Update the service with appropriate restricted user.

Add configuration for each repository with a webhook.

0600 user user /srv/sync/config.yaml
  command: /srv/sync/repo-sync
  background: True


If running git service from a docker container, the URI will most likely be localhost instead of DNS name.

Setup Saved git Credentials

Save the user credentials locally remote repository can be sync’ed automatically.

For each respository:

  1. Ensure logged in as sync user.

  2. Clone repository to desired location.

  3. Setup saved credentials:

    cd {CLONED REPO}
    git config credential.helper store
    git pull


This will prompt for {USER} and {PASS}; they will be stored locally in ~/.git-credentials.

Setup pull Scripts

These scripts can really do anything. In this case, we are going to pull head to the local repository.

0700 user user /srv/sync/repo-sync
cd /srv/{REPO}
git pull

Starting the Server

Enable webhook service and start.
systemctl enable git-webhook-receiver.service
systemctl start git-webhook-receiver


Create a CL and push it to origin. Check the local repository to see update.