An Alpine Linux based image that can clone a Git repository and execute a custom setup script upon receiving webhooks.
In order to keep the image small and as close to the base image as possible, no system-wide package is installed; Git and SSH clients are compiled, statically linked, and placed in their own directories.
The following environment variables must be set before starting the container
SSH_PRIVATE_KEY
: a string containing the private key (in OpenSSH format) to access the Git repositoryGIT_REPO_URL
: Git repository URLGIT_REPO_BRANCH
: Git branch to checkout before running the setup script
In order to prevent unauthorized clients from triggering the webhook handler,
one can set WEBHOOK_AUTH_TOKEN
environment variable. The webhook receiver
server will only accept URL paths that end in WEBHOOK_AUTH_TOKEN
.
Webhook receiver server listens on port 8000 and does the following upon receiving webhooks:
- Clones the specified Git repository
- Checks out the specified branch
- Looks for .webhook/setup script within the cloned repository and executes it
- Only SSH protocol is supported for cloning Git repositories
- .webhook/setup script must have a shebang line (ex.
#!/bin/sh
) - Webhook receiver server will clone the repository to a temporary directory and removes it after setup script is finished
- Setup script will be executed relative to the repository directory
- Nothing should be executed directly from the setup script's working directory
- It's up to the setup script to compile/process and copy required files to their correct location before the cloned repository directory gets removed
- It's up to the setup script to start and track the state of services within the container
- Setup script should not start any blocking foreground processes
- It's highly recommended to use
nohup
to start background processes in setup script
(Take a look at example directory for a working setup)