4
0

onwebhook.adoc 7.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320
  1. [#exec-webhook]
  2. = Execute on webhook
  3. Webhooks allow external services to trigger OliveTin actions by sending HTTP POST requests. This is useful for integrating OliveTin with CI/CD pipelines, monitoring systems, IoT devices, or any service that can send HTTP requests.
  4. OliveTin provides a dedicated webhook endpoint at `/webhooks` that can receive webhook payloads and match them to configured actions.
  5. == Basic Configuration
  6. To configure an action to run on a webhook, add the `execOnWebhook` property to your action:
  7. [source,yaml]
  8. .`config.yaml`
  9. ----
  10. actions:
  11. - title: Deploy Application
  12. id: deploy
  13. shell: /opt/scripts/deploy.sh
  14. execOnWebhook:
  15. - matchHeaders:
  16. X-Event-Type: deploy
  17. ----
  18. This action will be triggered when a POST request is sent to `/webhooks` with the header `X-Event-Type: deploy`.
  19. == Webhook Endpoint
  20. All webhooks are received at:
  21. ----
  22. http://your-olivetin-server:1337/webhooks
  23. ----
  24. or
  25. ----
  26. http://your-olivetin-server:1337/webhooks/
  27. ----
  28. Both paths work identically. All webhook requests must use the HTTP POST method.
  29. == Matching Webhooks
  30. OliveTin can match incoming webhooks based on several criteria:
  31. === Match by Headers
  32. Match webhooks based on HTTP header values:
  33. [source,yaml]
  34. ----
  35. actions:
  36. - title: Process Event
  37. shell: echo "Processing event"
  38. execOnWebhook:
  39. - matchHeaders:
  40. X-Event-Type: my-event
  41. X-Source: my-service
  42. ----
  43. All specified headers must match for the webhook to trigger the action.
  44. === Match by Query Parameters
  45. Match webhooks based on URL query parameters:
  46. [source,yaml]
  47. ----
  48. actions:
  49. - title: Process Request
  50. shell: echo "Processing request for {{ service }}"
  51. arguments:
  52. - name: service
  53. type: ascii
  54. execOnWebhook:
  55. - matchQuery:
  56. action: deploy
  57. env: production
  58. ----
  59. A request to `/webhooks?action=deploy&env=production` would match this action.
  60. === Match by JSON Body Path
  61. Match webhooks based on values in the JSON request body using JSONPath expressions:
  62. [source,yaml]
  63. ----
  64. actions:
  65. - title: Handle Push Event
  66. shell: echo "Push to {{ branch }}"
  67. arguments:
  68. - name: branch
  69. type: ascii
  70. execOnWebhook:
  71. - matchPath: "$.event_type=push"
  72. ----
  73. The `matchPath` format is `jsonpath=value`. You can also just specify a JSONPath without a value to match if the path exists:
  74. [source,yaml]
  75. ----
  76. execOnWebhook:
  77. - matchPath: "$.repository.name" # Matches if this path exists in the JSON
  78. ----
  79. === Using Regex for Matching
  80. Header and query parameter values can use regex patterns by prefixing with `regex:`:
  81. [source,yaml]
  82. ----
  83. actions:
  84. - title: Handle Multiple Events
  85. shell: echo "Handling event"
  86. execOnWebhook:
  87. - matchHeaders:
  88. X-Event-Type: "regex:^(push|pull_request|release)$"
  89. ----
  90. === Combining Match Criteria
  91. You can combine multiple match criteria. All criteria must match for the webhook to trigger:
  92. [source,yaml]
  93. ----
  94. actions:
  95. - title: Production Deploy
  96. shell: /opt/scripts/deploy.sh production
  97. execOnWebhook:
  98. - matchHeaders:
  99. X-Event-Type: deploy
  100. matchQuery:
  101. environment: production
  102. matchPath: "$.status=approved"
  103. ----
  104. == Extracting Arguments from Webhooks
  105. You can extract values from the webhook payload and pass them as arguments to your action using JSONPath expressions:
  106. [source,yaml]
  107. ----
  108. actions:
  109. - title: Deploy Version
  110. shell: |
  111. echo "Deploying version {{ version }} to {{ environment }}"
  112. /opt/scripts/deploy.sh "{{ version }}" "{{ environment }}"
  113. arguments:
  114. - name: version
  115. type: ascii
  116. - name: environment
  117. type: ascii
  118. execOnWebhook:
  119. - matchHeaders:
  120. X-Event-Type: deploy
  121. extract:
  122. version: "$.release.tag_name"
  123. environment: "$.target.environment"
  124. ----
  125. The `extract` map defines which action arguments to populate from the webhook payload. The key is the argument name, and the value is the JSONPath expression to extract the value.
  126. === Automatic Webhook Metadata
  127. OliveTin automatically adds several metadata arguments from each webhook request:
  128. * `webhook_method` - The HTTP method (always POST for webhooks)
  129. * `webhook_path` - The request URL path
  130. * `webhook_query` - The raw query string
  131. * `webhook_header_<name>` - Each HTTP header (lowercase name)
  132. For example, to access the `X-Request-Id` header in your action:
  133. [source,yaml]
  134. ----
  135. actions:
  136. - title: Log Request
  137. shell: echo "Request ID: {{ webhook_header_x-request-id }}"
  138. arguments:
  139. - name: webhook_header_x-request-id
  140. type: ascii
  141. execOnWebhook:
  142. - matchHeaders:
  143. X-Event-Type: log
  144. ----
  145. == Webhook Authentication
  146. OliveTin supports several authentication methods to verify webhook requests:
  147. === No Authentication
  148. By default, webhooks have no authentication. Any request matching the criteria will trigger the action:
  149. [source,yaml]
  150. ----
  151. execOnWebhook:
  152. - authType: none
  153. matchHeaders:
  154. X-Event-Type: my-event
  155. ----
  156. === HMAC-SHA256 Signature
  157. Verify webhooks using HMAC-SHA256 signatures (commonly used by GitHub, GitLab, etc.):
  158. [source,yaml]
  159. ----
  160. execOnWebhook:
  161. - authType: hmac-sha256
  162. authHeader: X-Hub-Signature-256
  163. secret: your-webhook-secret
  164. matchHeaders:
  165. X-Event-Type: push
  166. ----
  167. The `authHeader` specifies which header contains the signature. The signature should be in the format `sha256=<hex-encoded-signature>`.
  168. === HMAC-SHA1 Signature
  169. For services using HMAC-SHA1 (legacy GitHub webhooks):
  170. [source,yaml]
  171. ----
  172. execOnWebhook:
  173. - authType: hmac-sha1
  174. authHeader: X-Hub-Signature
  175. secret: your-webhook-secret
  176. matchHeaders:
  177. X-Event-Type: push
  178. ----
  179. === Bearer Token
  180. Verify webhooks using a Bearer token in the Authorization header:
  181. [source,yaml]
  182. ----
  183. execOnWebhook:
  184. - authType: bearer
  185. secret: your-bearer-token
  186. matchHeaders:
  187. X-Event-Type: deploy
  188. ----
  189. The webhook sender must include `Authorization: Bearer your-bearer-token` in the request.
  190. === Basic Authentication
  191. Verify webhooks using HTTP Basic authentication:
  192. [source,yaml]
  193. ----
  194. execOnWebhook:
  195. - authType: basic
  196. secret: "username:password"
  197. matchHeaders:
  198. X-Event-Type: deploy
  199. ----
  200. Or with password only:
  201. [source,yaml]
  202. ----
  203. execOnWebhook:
  204. - authType: basic
  205. secret: "mypassword"
  206. matchHeaders:
  207. X-Event-Type: deploy
  208. ----
  209. == Multiple Webhook Triggers
  210. An action can have multiple webhook configurations. The action will be triggered if any of them match:
  211. [source,yaml]
  212. ----
  213. actions:
  214. - title: Deploy
  215. shell: /opt/scripts/deploy.sh
  216. execOnWebhook:
  217. - matchHeaders:
  218. X-Event-Type: deploy-manual
  219. - matchHeaders:
  220. X-Event-Type: deploy-auto
  221. matchPath: "$.status=success"
  222. ----
  223. == Testing Webhooks
  224. You can test your webhook configuration using `curl`:
  225. [source,bash]
  226. ----
  227. # Simple webhook with headers
  228. curl -X POST \
  229. -H "Content-Type: application/json" \
  230. -H "X-Event-Type: deploy" \
  231. -d '{"version": "1.2.3"}' \
  232. http://localhost:1337/webhooks
  233. # Webhook with HMAC-SHA256 authentication
  234. SECRET="your-secret"
  235. PAYLOAD='{"event": "push", "branch": "main"}'
  236. SIGNATURE=$(echo -n "$PAYLOAD" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)
  237. curl -X POST \
  238. -H "Content-Type: application/json" \
  239. -H "X-Event-Type: push" \
  240. -H "X-Hub-Signature-256: sha256=$SIGNATURE" \
  241. -d "$PAYLOAD" \
  242. http://localhost:1337/webhooks
  243. ----
  244. == See Also
  245. * xref:action_execution/onwebhook_github.adoc[GitHub Webhooks] - Specific configuration for GitHub webhook events
  246. * xref:solutions/on-git-push/index.adoc[GitOps Solution] - Running actions on Git push using hooks
  247. * xref:api/start_action.adoc[Start Action API] - Alternative method for triggering actions via API