diff --git a/README.md b/README.md index cb236cb..cf24f17 100644 --- a/README.md +++ b/README.md @@ -1,159 +1,159 @@ -# Hookdoo -hookdoo - -If you don't have time to waste configuring, hosting, debugging and maintaining your webhook instance, we offer a __SaaS__ solution that has all of the capabilities webhook provides, plus a lot more, and all that packaged in a nice friendly web interface. If you are interested, find out more at [hookdoo website](https://www.hookdoo.com/?ref=github-webhook-readme). If you have any questions, you can contact us at info@hookdoo.com - -# What is webhook? -[webhook](https://github.com/adnanh/webhook/) is a lightweight configurable tool written in Go, that allows you to easily create HTTP endpoints (hooks) on your server, which you can use to execute configured commands. You can also pass data from the HTTP request (such as headers, payload or query variables) to your commands. [webhook](https://github.com/adnanh/webhook/) also allows you to specify rules which have to be satisfied in order for the hook to be triggered. - -For example, if you're using Github or Bitbucket, you can use [webhook](https://github.com/adnanh/webhook/) to set up a hook that runs a redeploy script for your project on your staging server, whenever you push changes to the master branch of your project. - -If you use Mattermost or Slack, you can set up an "Outgoing webhook integration" or "Slash command" to run various commands on your server, which can then report back directly to you or your channels using the "Incoming webhook integrations", or the appropriate response body. - -[webhook](https://github.com/adnanh/webhook/) aims to do nothing more than it should do, and that is: - 1. receive the request, - 2. parse the headers, payload and query variables, - 3. check if the specified rules for the hook are satisfied, - 3. and finally, pass the specified arguments to the specified command via - command line arguments or via environment variables. - -Everything else is the responsibility of the command's author. - -# Getting started -## Installation -### Building from source -To get started, first make sure you've properly set up your [Golang](http://golang.org/doc/install) environment and then run the -```bash -$ go get github.com/adnanh/webhook -``` -to get the latest version of the [webhook](https://github.com/adnanh/webhook/). - -### Using package manager -#### Debian -If you are using Debian linux ("stretch" or later), you can install webhook using `apt-get install webhook` which will install community packaged version (thanks [@freeekanayaka](https://github.com/freeekanayaka)) from https://packages.debian.org/sid/webhook - -### Download prebuilt binaries -Prebuilt binaries for different architectures are available at [GitHub Releases](https://github.com/adnanh/webhook/releases). - -## Configuration -Next step is to define some hooks you want [webhook](https://github.com/adnanh/webhook/) to serve. Begin by creating an empty file named `hooks.json`. This file will contain an array of hooks the [webhook](https://github.com/adnanh/webhook/) will serve. Check [Hook definition page](https://github.com/adnanh/webhook/wiki/Hook-Definition) to see the detailed description of what properties a hook can contain, and how to use them. - -Let's define a simple hook named `redeploy-webhook` that will run a redeploy script located in `/var/scripts/redeploy.sh`. - -Our `hooks.json` file will now look like this: -```json -[ - { - "id": "redeploy-webhook", - "execute-command": "/var/scripts/redeploy.sh", - "command-working-directory": "/var/webhook" - } -] -``` - -You can now run [webhook](https://github.com/adnanh/webhook/) using -```bash -$ /path/to/webhook -hooks hooks.json -verbose -``` - -It will start up on default port 9000 and will provide you with one HTTP endpoint -```http -http://yourserver:9000/hooks/redeploy-webhook -``` - -Check [webhook parameters page](https://github.com/adnanh/webhook/wiki/Webhook-Parameters) to see how to override the ip, port and other settings such as hook hotreload, verbose output, etc, when starting the [webhook](https://github.com/adnanh/webhook/). - -By performing a simple HTTP GET or POST request to that endpoint, your specified redeploy script would be executed. Neat! - -However, hook defined like that could pose a security threat to your system, because anyone who knows your endpoint, can send a request and execute your command. To prevent that, you can use the `"trigger-rule"` property for your hook, to specify the exact circumstances under which the hook would be triggered. For example, you can use them to add a secret that you must supply as a parameter in order to successfully trigger the hook. Please check out the [Hook rules page](https://github.com/adnanh/webhook/wiki/Hook-Rules) for detailed list of available rules and their usage. - -## Using HTTPS -[webhook](https://github.com/adnanh/webhook/) by default serves hooks using http. If you want [webhook](https://github.com/adnanh/webhook/) to serve secure content using https, you can use the `-secure` flag while starting [webhook](https://github.com/adnanh/webhook/). Files containing a certificate and matching private key for the server must be provided using the `-cert /path/to/cert.pem` and `-key /path/to/key.pem` flags. If the certificate is signed by a certificate authority, the cert file should be the concatenation of the server's certificate followed by the CA's certificate. - -## CORS Headers -If you want to set CORS headers, you can use the `-header name=value` flag while starting [webhook](https://github.com/adnanh/webhook/) to set the appropriate CORS headers that will be returned with each response. - -## Interested in running webhook inside of a Docker container? -You can use [almir/webhook](https://hub.docker.com/r/almir/webhook/) docker image, or create your own (please read [this discussion](https://github.com/adnanh/webhook/issues/63)). - -## Examples -Check out [Hook examples page](https://github.com/adnanh/webhook/wiki/Hook-Examples) for more complex examples of hooks. - -### Guides featuring webhook - - [Webhook & JIRA](https://sites.google.com/site/mrxpalmeiras/notes/jira-webhooks) by [@perfecto25](https://github.com/perfecto25) - - [Trigger Ansible AWX job runs on SCM (e.g. git) commit](http://jpmens.net/2017/10/23/trigger-awx-job-runs-on-scm-commit/) by [@jpmens](http://mens.de/) - -## Community Contributions -See the [webhook-contrib][wc] repository for a collections of tools and helpers related to [webhook][w] that have been contributed by the [webhook][w] community. - -## Need help? -Check out [existing issues](https://github.com/adnanh/webhook/issues) to see if someone else also had the same problem, or [open a new one](https://github.com/adnanh/webhook/issues/new). - -# Support active development - -## Sponsors -## BrowserStack -[BrowserStack](https://www.browserstack.com/?ref=webhook) is a cloud-based cross-browser testing tool that enables developers to test their websites across various browsers on different operating systems and mobile devices, without requiring users to install virtual machines, devices or emulators. - ---- - -Support this project by becoming a sponsor. Your logo will show up here with a link to your website. - - - - - - - - - - - - -## By contributing - -This project exists thanks to all the people who contribute. [Contribute!](CONTRIBUTING.md). - - -## By giving money - - - [OpenCollective Backer](https://opencollective.com/webhook#backer) - - [OpenCollective Sponsor](https://opencollective.com/webhook#sponsor) - - [PayPal](https://paypal.me/hookdoo) - - [Patreon](https://www.patreon.com/webhook) - - [Faircode](https://faircode.io/product/webhook?utm_source=badge&utm_medium=badgelarge&utm_campaign=webhook) - - [Flattr](https://flattr.com/submit/auto?user_id=adnanh&url=https%3A%2F%2Fwww.github.com%2Fadnanh%2Fwebhook) - ---- - -Thank you to all our backers! - - - -# License - -The MIT License (MIT) - -Copyright (c) 2015 Adnan Hajdarevic - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. - - -[w]: https://github.com/adnanh/webhook -[wc]: https://github.com/adnanh/webhook-contrib +# Hookdoo +hookdoo + +If you don't have time to waste configuring, hosting, debugging and maintaining your webhook instance, we offer a __SaaS__ solution that has all of the capabilities webhook provides, plus a lot more, and all that packaged in a nice friendly web interface. If you are interested, find out more at [hookdoo website](https://www.hookdoo.com/?ref=github-webhook-readme). If you have any questions, you can contact us at info@hookdoo.com + +# What is webhook? +[webhook](https://github.com/adnanh/webhook/) is a lightweight configurable tool written in Go, that allows you to easily create HTTP endpoints (hooks) on your server, which you can use to execute configured commands. You can also pass data from the HTTP request (such as headers, payload or query variables) to your commands. [webhook](https://github.com/adnanh/webhook/) also allows you to specify rules which have to be satisfied in order for the hook to be triggered. + +For example, if you're using Github or Bitbucket, you can use [webhook](https://github.com/adnanh/webhook/) to set up a hook that runs a redeploy script for your project on your staging server, whenever you push changes to the master branch of your project. + +If you use Mattermost or Slack, you can set up an "Outgoing webhook integration" or "Slash command" to run various commands on your server, which can then report back directly to you or your channels using the "Incoming webhook integrations", or the appropriate response body. + +[webhook](https://github.com/adnanh/webhook/) aims to do nothing more than it should do, and that is: + 1. receive the request, + 2. parse the headers, payload and query variables, + 3. check if the specified rules for the hook are satisfied, + 3. and finally, pass the specified arguments to the specified command via + command line arguments or via environment variables. + +Everything else is the responsibility of the command's author. + +# Getting started +## Installation +### Building from source +To get started, first make sure you've properly set up your [Golang](http://golang.org/doc/install) environment and then run the +```bash +$ go get github.com/adnanh/webhook +``` +to get the latest version of the [webhook](https://github.com/adnanh/webhook/). + +### Using package manager +#### Debian +If you are using Debian linux ("stretch" or later), you can install webhook using `apt-get install webhook` which will install community packaged version (thanks [@freeekanayaka](https://github.com/freeekanayaka)) from https://packages.debian.org/sid/webhook + +### Download prebuilt binaries +Prebuilt binaries for different architectures are available at [GitHub Releases](https://github.com/adnanh/webhook/releases). + +## Configuration +Next step is to define some hooks you want [webhook](https://github.com/adnanh/webhook/) to serve. Begin by creating an empty file named `hooks.json`. This file will contain an array of hooks the [webhook](https://github.com/adnanh/webhook/) will serve. Check [Hook definition page](docs/Hook-Definition.md) to see the detailed description of what properties a hook can contain, and how to use them. + +Let's define a simple hook named `redeploy-webhook` that will run a redeploy script located in `/var/scripts/redeploy.sh`. + +Our `hooks.json` file will now look like this: +```json +[ + { + "id": "redeploy-webhook", + "execute-command": "/var/scripts/redeploy.sh", + "command-working-directory": "/var/webhook" + } +] +``` + +You can now run [webhook](https://github.com/adnanh/webhook/) using +```bash +$ /path/to/webhook -hooks hooks.json -verbose +``` + +It will start up on default port 9000 and will provide you with one HTTP endpoint +```http +http://yourserver:9000/hooks/redeploy-webhook +``` + +Check [webhook parameters page](docs/Webhook-Parameters.md) to see how to override the ip, port and other settings such as hook hotreload, verbose output, etc, when starting the [webhook](https://github.com/adnanh/webhook/). + +By performing a simple HTTP GET or POST request to that endpoint, your specified redeploy script would be executed. Neat! + +However, hook defined like that could pose a security threat to your system, because anyone who knows your endpoint, can send a request and execute your command. To prevent that, you can use the `"trigger-rule"` property for your hook, to specify the exact circumstances under which the hook would be triggered. For example, you can use them to add a secret that you must supply as a parameter in order to successfully trigger the hook. Please check out the [Hook rules page](docs/Hook-Rules.md) for detailed list of available rules and their usage. + +## Using HTTPS +[webhook](https://github.com/adnanh/webhook/) by default serves hooks using http. If you want [webhook](https://github.com/adnanh/webhook/) to serve secure content using https, you can use the `-secure` flag while starting [webhook](https://github.com/adnanh/webhook/). Files containing a certificate and matching private key for the server must be provided using the `-cert /path/to/cert.pem` and `-key /path/to/key.pem` flags. If the certificate is signed by a certificate authority, the cert file should be the concatenation of the server's certificate followed by the CA's certificate. + +## CORS Headers +If you want to set CORS headers, you can use the `-header name=value` flag while starting [webhook](https://github.com/adnanh/webhook/) to set the appropriate CORS headers that will be returned with each response. + +## Interested in running webhook inside of a Docker container? +You can use [almir/webhook](https://hub.docker.com/r/almir/webhook/) docker image, or create your own (please read [this discussion](https://github.com/adnanh/webhook/issues/63)). + +## Examples +Check out [Hook examples page](docs/Hook-Examples.md) for more complex examples of hooks. + +### Guides featuring webhook + - [Webhook & JIRA](https://sites.google.com/site/mrxpalmeiras/notes/jira-webhooks) by [@perfecto25](https://github.com/perfecto25) + - [Trigger Ansible AWX job runs on SCM (e.g. git) commit](http://jpmens.net/2017/10/23/trigger-awx-job-runs-on-scm-commit/) by [@jpmens](http://mens.de/) + +## Community Contributions +See the [webhook-contrib][wc] repository for a collections of tools and helpers related to [webhook][w] that have been contributed by the [webhook][w] community. + +## Need help? +Check out [existing issues](https://github.com/adnanh/webhook/issues) to see if someone else also had the same problem, or [open a new one](https://github.com/adnanh/webhook/issues/new). + +# Support active development + +## Sponsors +## BrowserStack +[BrowserStack](https://www.browserstack.com/?ref=webhook) is a cloud-based cross-browser testing tool that enables developers to test their websites across various browsers on different operating systems and mobile devices, without requiring users to install virtual machines, devices or emulators. + +--- + +Support this project by becoming a sponsor. Your logo will show up here with a link to your website. + + + + + + + + + + + + +## By contributing + +This project exists thanks to all the people who contribute. [Contribute!](CONTRIBUTING.md). + + +## By giving money + + - [OpenCollective Backer](https://opencollective.com/webhook#backer) + - [OpenCollective Sponsor](https://opencollective.com/webhook#sponsor) + - [PayPal](https://paypal.me/hookdoo) + - [Patreon](https://www.patreon.com/webhook) + - [Faircode](https://faircode.io/product/webhook?utm_source=badge&utm_medium=badgelarge&utm_campaign=webhook) + - [Flattr](https://flattr.com/submit/auto?user_id=adnanh&url=https%3A%2F%2Fwww.github.com%2Fadnanh%2Fwebhook) + +--- + +Thank you to all our backers! + + + +# License + +The MIT License (MIT) + +Copyright (c) 2015 Adnan Hajdarevic + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + + +[w]: https://github.com/adnanh/webhook +[wc]: https://github.com/adnanh/webhook-contrib diff --git a/docs/Hook-Definition.md b/docs/Hook-Definition.md new file mode 100644 index 0000000..a15baa2 --- /dev/null +++ b/docs/Hook-Definition.md @@ -0,0 +1,22 @@ +# Hook definition +Hooks are defined as JSON objects. Please note that in order to be considered valid, a hook object must contain the `id` and `execute-command` properties. All other properties are considered optional. + +## Properties (keys) + + * `id` - specifies the ID of your hook. This value is used to create the HTTP endpoint (http://yourserver:port/hooks/your-hook-id) + * `execute-command` - specifies the command that should be executed when the hook is triggered + * `command-working-directory` - specifies the working directory that will be used for the script when it's executed + * `response-message` - specifies the string that will be returned to the hook initiator + * `response-headers` - specifies the list of headers in format `{"name": "X-Example-Header", "value": "it works"}` that will be returned in HTTP response for the hook + * `include-command-output-in-response` - boolean whether webhook should wait for the command to finish and return the raw output as a response to the hook initiator. If the command fails to execute or encounters any errors while executing the response will result in 500 Internal Server Error HTTP status code, otherwise the 200 OK status code will be returned. + * `parse-parameters-as-json` - specifies the list of arguments that contain JSON strings. These parameters will be decoded by webhook and you can access them like regular objects in rules and `pass-arguments-to-command`. + * `pass-arguments-to-command` - specifies the list of arguments that will be passed to the command. Check [Referencing request values page](Referencing-Request-Values) to see how to reference the values from the request. If you want to pass a static string value to your command you can specify it as +`{ "source": "string", "name": "argumentvalue" }` + * `pass-environment-to-command` - specifies the list of arguments that will be passed to the command as environment variables. If you do not specify the `"envname"` field in the referenced value, the hook will be in format "HOOK_argumentname", otherwise "envname" field will be used as it's name. Check [Referencing request values page](Referencing-Request-Values) to see how to reference the values from the request. If you want to pass a static string value to your command you can specify it as +`{ "source": "string", "envname": "SOMETHING", "name": "argumentvalue" }` +* `pass-file-to-command` - specifies a list of entries that will be serialized as a file. Incoming [data](Referencing-Request-Values.md) will be serialized in a request-temporary-file (otherwise parallel calls of the hook would lead to concurrent overwritings of the file). The filename to be addressed within the subsequent script is provided via an environment variable. Use `envname` to specify the name of the environment variable. If `envname` is not provided `HOOK_` and the name used to reference the request value are used. Defining `command-working-directory` will store the file relative to this location, if not provided, the systems temporary file directory will be used. If `base64decode` is true, the incoming binary data will be base 64 decoded prior to storing it into the file. By default the corresponding file will be removed after the webhook exited. + * `trigger-rule` - specifies the rule that will be evaluated in order to determine should the hook be triggered. Check [Hook rules page](Hook-Rules) to see the list of valid rules and their usage + * `trigger-rule-mismatch-http-response-code` - specifies the HTTP status code to be returned when the trigger rule is not satisfied + +## Examples +Check out [Hook examples page](Hook-Examples.md) for more complex examples of hooks. diff --git a/docs/Hook-Examples.md b/docs/Hook-Examples.md new file mode 100644 index 0000000..308c8e3 --- /dev/null +++ b/docs/Hook-Examples.md @@ -0,0 +1,283 @@ +# Hook examples +This page is still work in progress. Feel free to contribute! + +## Incoming Github webhook +```json +[ + { + "id": "webhook", + "execute-command": "/home/adnan/redeploy-go-webhook.sh", + "command-working-directory": "/home/adnan/go", + "pass-arguments-to-command": + [ + { + "source": "payload", + "name": "head_commit.id" + }, + { + "source": "payload", + "name": "pusher.name" + }, + { + "source": "payload", + "name": "pusher.email" + } + ], + "trigger-rule": + { + "and": + [ + { + "match": + { + "type": "payload-hash-sha1", + "secret": "mysecret", + "parameter": + { + "source": "header", + "name": "X-Hub-Signature" + } + } + }, + { + "match": + { + "type": "value", + "value": "refs/heads/master", + "parameter": + { + "source": "payload", + "name": "ref" + } + } + } + ] + } + } +] +``` + +## Incoming Bitbucket webhook + +Bitbucket does not pass any secrets back to the webhook. [Per their documentation](https://confluence.atlassian.com/bitbucket/manage-webhooks-735643732.html#Managewebhooks-trigger_webhookTriggeringwebhooks), in order to verify that the webhook came from Bitbucket you must whitelist the IP range `104.192.143.0/24`: + +```json +[ + { + "id": "webhook", + "execute-command": "/home/adnan/redeploy-go-webhook.sh", + "command-working-directory": "/home/adnan/go", + "pass-arguments-to-command": + [ + { + "source": "payload", + "name": "actor.username" + } + ], + "trigger-rule": + { + "match": + { + "type": "ip-whitelist", + "ip-range": "104.192.143.0/24" + } + } + } +] +``` + +## Incoming Gitlab Webhook +Gitlab provides webhooks for many kinds of events. +Refer to this URL for example request body content: [gitlab-ce/integrations/webhooks](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/user/project/integrations/webhooks.md) +Values in the request body can be accessed in the command or to the match rule by referencing 'payload' as the source: +```json +[ + { + "id": "redeploy-webhook", + "execute-command": "/home/adnan/redeploy-go-webhook.sh", + "command-working-directory": "/home/adnan/go", + "pass-arguments-to-command": + [ + { + "source": "payload", + "name": "user_name" + } + ], + "response-message": "Executing redeploy script", + "trigger-rule": + { + "match": + { + "type": "value", + "value": "", + "parameter": + { + "source": "header", + "name": "X-Gitlab-Token" + } + } + } + } +] +``` + +## Incoming Gogs webhook +```json +[ + { + "id": "webhook", + "execute-command": "/home/adnan/redeploy-go-webhook.sh", + "command-working-directory": "/home/adnan/go", + "pass-arguments-to-command": + [ + { + "source": "payload", + "name": "head_commit.id" + }, + { + "source": "payload", + "name": "pusher.name" + }, + { + "source": "payload", + "name": "pusher.email" + } + ], + "trigger-rule": + { + "and": + [ + { + "match": + { + "type": "payload-hash-sha256", + "secret": "mysecret", + "parameter": + { + "source": "header", + "name": "X-Gogs-Signature" + } + } + }, + { + "match": + { + "type": "value", + "value": "refs/heads/master", + "parameter": + { + "source": "payload", + "name": "ref" + } + } + } + ] + } + } +] +``` + +## Slack slash command +```json +[ + { + "id": "redeploy-webhook", + "execute-command": "/home/adnan/redeploy-go-webhook.sh", + "command-working-directory": "/home/adnan/go", + "response-message": "Executing redeploy script", + "trigger-rule": + { + "match": + { + "type": "value", + "value": "", + "parameter": + { + "source": "payload", + "name": "token" + } + } + } + } +] +``` + +## A simple webhook with a secret key in GET query + +__Not recommended in production due to low security__ + +`example.com:9000/hooks/simple-one` - won't work +`example.com:9000/hooks/simple-one?token=42` - will work + +```json +[ + { + "id": "simple-one", + "execute-command": "/path/to/command.sh", + "response-message": "Executing simple webhook...", + "trigger-rule": + { + "match": + { + "type": "value", + "value": "42", + "parameter": + { + "source": "url", + "name": "token" + } + } + } + } +] +``` + +# JIRA Webhooks +[Guide by @perfecto25](https://sites.google.com/site/mrxpalmeiras/notes/jira-webhooks) + +# Pass File-to-command sample + +## Webhook configuration + +
+[
+  {
+    "id": "test-file-webhook",
+    "execute-command": "/bin/ls",
+    "command-working-directory": "/tmp",
+    "pass-file-to-command":
+    [
+      {
+      	"source": "payload",
+ 	"name": "binary",
+      	"envname": "ENV_VARIABLE", // to use $ENV_VARIABLE in execute-command
+                                   // if not defined, $HOOK_BINARY will be provided
+      	"base64decode": true,      // defaults to false
+      }
+    ],
+    "include-command-output-in-response": true
+  }
+]
+
+ +## Sample client usage + +Store the following file as `testRequest.json`. + +
+{"binary":"iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA2lpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMC1jMDYwIDYxLjEzNDc3NywgMjAxMC8wMi8xMi0xNzozMjowMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wUmlnaHRzPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvcmlnaHRzLyIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcFJpZ2h0czpNYXJrZWQ9IkZhbHNlIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOjEzMTA4RDI0QzMxQjExRTBCMzYzRjY1QUQ1Njc4QzFBIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOjEzMTA4RDIzQzMxQjExRTBCMzYzRjY1QUQ1Njc4QzFBIiB4bXA6Q3JlYXRvclRvb2w9IkFkb2JlIFBob3Rvc2hvcCBDUzMgV2luZG93cyI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ1dWlkOkFDMUYyRTgzMzI0QURGMTFBQUI4QzUzOTBEODVCNUIzIiBzdFJlZjpkb2N1bWVudElEPSJ1dWlkOkM5RDM0OTY2NEEzQ0REMTFCMDhBQkJCQ0ZGMTcyMTU2Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+IBFgEwAAAmJJREFUeNqkk89rE1EQx2d/NNq0xcYYayPYJDWC9ODBsKIgAREjBmvEg2cvHnr05KHQ9iB49SL+/BMEfxBQKHgwCEbTNNIYaqgaoanFJi+rcXezye4689jYkIMIDnx47837zrx583YFx3Hgf0xA6/dJyAkkgUy4vgryAnmNWH9L4EVmotFoKplMHgoGg6PkrFarjXQ6/bFcLj/G5W1E+3NaX4KZeDx+dX5+7kg4HBlmrC6JoiDFYrGhROLM/mp1Y6JSqdCd3/SW0GUqEAjkl5ZyHTSHKBQKnO6a9khD2m5cr91IJBJ1VVWdiM/n6LruNJtNDs3JR3ukIW03SHTHi8iVsbG9I51OG1bW16HVasHQZopDc/JZVgdIQ1o3BmTkEnJXURS/KIpgGAYPkCQJPi0u8uzDKQN0XQPbtgE1MmrHs9nsfSqAEjxCNtHxZHLy4G4smUQgyzL4LzOegDGGp1ucVqsNqKVrpJCM7F4hg6iaZvhqtZrg8XjA4xnAU3XeKLqWaRImoIZeQXVjQO5pYp4xNVirsR1erxer2O4yfa227WCwhtWoJmn7m0h270NxmemFW4706zMm8GCgxBGEASCfhnukIW03iFdQnOPz0LNKp3362JqQzSw4u2LXBe+Bs3xD+/oc1NxN55RiC9fOme0LEQiRf2rBzaKEeJJ37ZWTVunBeGN2WmQjg/DeLTVP89nzAive2dMwlo9bpFVC2xWMZr+A720FVn88fAUb3wDMOjyN7YNc6TvUSHQ4AH6TOUdLL7em68UtWPsJqxgTpgeiLu1EBt1R+Me/mF7CQPTfAgwAGxY2vOTrR3oAAAAASUVORK5CYII="}
+
+ +use then the curl tool to execute a request to the webhook. + +
+#!/bin/bash
+curl -H "Content-Type:application/json" -X POST -d @testRequest.json \
+http://localhost:9000/hooks/test-file-webhook
+
+ +or in a single line, using https://github.com/jpmens/jo to generate the JSON code +
+jo binary=%filename.zip | curl -H "Content-Type:application/json" -X POST -d @- \
+http://localhost:9000/hooks/test-file-webhook
+
diff --git a/docs/Hook-Rules.md b/docs/Hook-Rules.md new file mode 100644 index 0000000..32d35d3 --- /dev/null +++ b/docs/Hook-Rules.md @@ -0,0 +1,201 @@ +# Hook rules + +## And +*And rule* will evaluate to _true_, if and only if all of the sub rules evaluate to _true_. +```json +{ +"and": + [ + { + "match": + { + "type": "value", + "value": "refs/heads/master", + "parameter": + { + "source": "payload", + "name": "ref" + } + } + }, + { + "match": + { + "type": "regex", + "regex": ".*", + "parameter": + { + "source": "payload", + "name": "repository.owner.name" + } + } + } + ] +} +``` +## Or +*Or rule* will evaluate to _true_, if any of the sub rules evaluate to _true_. +```json +{ +"or": + [ + { + "match": + { + "type": "value", + "value": "refs/heads/master", + "parameter": + { + "source": "payload", + "name": "ref" + } + } + }, + { + "match": + { + "type": "value", + "value": "refs/heads/development", + "parameter": + { + "source": "payload", + "name": "ref" + } + } + } + ] +} +``` +## Not +*Not rule* will evaluate to _true_, if and only if the sub rule evaluates to _false_. +```json +{ +"not": + { + "match": + { + "type": "value", + "value": "refs/heads/development", + "parameter": + { + "source": "payload", + "name": "ref" + } + } + } +} +``` +## Multi-level +```json +{ + "and": [ + { + "match": { + "parameter": { + "source": "header", + "name": "X-Hub-Signature" + }, + "type": "payload-hash-sha1", + "secret": "mysecret" + } + }, + { + "or": [ + { + "match": + { + "parameter": + { + "source": "payload", + "name": "ref" + }, + "type": "value", + "value": "refs/heads/master" + } + }, + { + "match": + { + "parameter": + { + "source": "header", + "name": "X-GitHub-Event" + }, + "type": "value", + "value": "ping" + } + } + ] + } + ] +} +``` +## Match +*Match rule* will evaluate to _true_, if and only if the referenced value in the `parameter` field satisfies the `type`-specific rule. + +*Please note:* Due to technical reasons, _number_ and _boolean_ values in the _match rule_ must be wrapped around with a pair of quotes. + +There are three different match rules: + +### 1. Match value +```json +{ + "match": + { + "type": "value", + "value": "refs/heads/development", + "parameter": + { + "source": "payload", + "name": "ref" + } + } +} +``` + +### 2. Match regex +For the regex syntax, check out +```json +{ + "match": + { + "type": "regex", + "regex": ".*", + "parameter": + { + "source": "payload", + "name": "ref" + } + } +} +``` + +### 3. Match payload-hash-sha1 +```json +{ + "match": + { + "type": "payload-hash-sha1", + "secret": "yoursecret", + "parameter": + { + "source": "header", + "name": "X-Hub-Signature" + } + } +} +``` + +### 4. Match Whitelisted IP range + +The IP can be IPv4- or IPv6-formatted, using [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_blocks). To match a single IP address only, use `/32`. + +```json +{ + "match": + { + "type": "ip-whitelist", + "ip-range": "192.168.0.1/24" + } +} +``` \ No newline at end of file diff --git a/docs/Referencing-Request-Values.md b/docs/Referencing-Request-Values.md new file mode 100644 index 0000000..6e05566 --- /dev/null +++ b/docs/Referencing-Request-Values.md @@ -0,0 +1,90 @@ +# Referencing request values +There are three types of request values: + +1. HTTP Request Header values + + ```json + { + "source": "header", + "name": "Header-Name" + } + ``` + +2. HTTP Query parameters + + ```json + { + "source": "url", + "name": "parameter-name" + } + ``` + +3. Payload (JSON or form-value encoded) + ```json + { + "source": "payload", + "name": "parameter-name" + } + ``` + + *Note:* For JSON encoded payload, you can reference nested values using the dot-notation. + For example, if you have following JSON payload + + ```json + { + "commits": [ + { + "commit": { + "id": 1 + } + }, { + "commit": { + "id": 2 + } + } + ] + } + ``` + + You can reference the first commit id as + + ```json + { + "source": "payload", + "name": "commits.0.commit.id" + } + ``` + + If the payload contains a key with the specified name "commits.0.commit.id", then the value of that key has priority over the dot-notation referencing. + +If you are referencing values for environment, you can use `envname` property to set the name of the environment variable like so +```json +{ + "source": "url", + "name": "q", + "envname": "QUERY" +} +``` +to get the QUERY environment variable set to the `q` parameter passed in the query string. + +# Special cases +If you want to pass the entire payload as JSON string to your command you can use +```json +{ + "source": "entire-payload" +} +``` + +for headers you can use +```json +{ + "source": "entire-headers" +} +``` + +and for query variables you can use +```json +{ + "source": "entire-query" +} +``` \ No newline at end of file diff --git a/docs/Webhook-Parameters.md b/docs/Webhook-Parameters.md new file mode 100644 index 0000000..ab51bea --- /dev/null +++ b/docs/Webhook-Parameters.md @@ -0,0 +1,38 @@ +# Webhook parameters +``` +Usage of webhook: + -cert string + path to the HTTPS certificate pem file (default "cert.pem") + -header value + response header to return, specified in format name=value, use multiple times to set multiple headers + -hooks value + path to the json file containing defined hooks the webhook should serve, use multiple times to load from different files + -hotreload + watch hooks file for changes and reload them automatically + -ip string + ip the webhook should serve hooks on (default "0.0.0.0") + -key string + path to the HTTPS certificate private key pem file (default "key.pem") + -nopanic + do not panic if hooks cannot be loaded when webhook is not running in verbose mode + -port int + port the webhook should serve hooks on (default 9000) + -secure + use HTTPS instead of HTTP + -template + parse hooks file as a Go template + -urlprefix string + url prefix to use for served hooks (protocol://yourserver:port/PREFIX/:hook-id) (default "hooks") + -verbose + show verbose output + -version + display webhook version and quit +``` + +Use any of the above specified flags to override their default behavior. + +# Live reloading hooks +If you are running an OS that supports USR1 signal, you can use it to trigger hooks reload from hooks file, without restarting the webhook instance. +```bash +kill -USR1 webhookpid +``` \ No newline at end of file