Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/stakater/GitWebhookProxy
A proxy to let webhooks reach running services behind a firewall – [✩Star] if you're using it!
https://github.com/stakater/GitWebhookProxy
firewall githook github gitlab gitops hacktoberfest jenkins jenkins-proxy k8s kubernetes openshift proxy webhook
Last synced: 3 months ago
JSON representation
A proxy to let webhooks reach running services behind a firewall – [✩Star] if you're using it!
- Host: GitHub
- URL: https://github.com/stakater/GitWebhookProxy
- Owner: stakater
- License: apache-2.0
- Created: 2018-03-27T16:09:05.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2024-06-05T08:31:06.000Z (5 months ago)
- Last Synced: 2024-06-20T05:21:54.875Z (5 months ago)
- Topics: firewall, githook, github, gitlab, gitops, hacktoberfest, jenkins, jenkins-proxy, k8s, kubernetes, openshift, proxy, webhook
- Language: Go
- Homepage: https://stakater.com
- Size: 2.66 MB
- Stars: 187
- Watchers: 7
- Forks: 53
- Open Issues: 18
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
#  GitWebhookProxy
[](https://goreportcard.com/report/github.com/stakater/GitWebhookProxy)
[](http://godoc.org/github.com/stakater/GitWebhookProxy)
[](https://github.com/stakater/GitWebhookProxy/releases/latest)
[](https://github.com/stakater/GitWebhookProxy/releases/latest)
[](https://hub.docker.com/r/stakater/GitWebhookProxy/)
[](https://hub.docker.com/r/stakater/GitWebhookProxy/)
[](https://microbadger.com/images/stakater/GitWebhookProxy)
[](https://microbadger.com/images/stakater/GitWebhookProxy)
[](LICENSE)
A proxy to let webhooks to reach a Jenkins instance running behind a firewall
## PROBLEM
Jenkins is awesome and matchless tool for both CI & CD; but unfortunately its a gold mine if left in wild with wide open access; so, we always want to put it behind a firewall. But when we put it behind firewall then webhooks don't work anymore and no one wants the pull based polling but rather prefer the build to start as soon as there is a commit!
## SOLUTION
This little proxy makes webhooks start working again!
### Supported Providers
Currently we support the following git providers out of the box:
* Github
* Gitlab
### Configuration
GitWebhookProxy can be configured by providing the following arguments either via command line or via environment variables:
| Parameter | Description | Default | Example |
|---------------|-----------------------------------------------------------------------------------|----------|--------------------------------------------|
| listenAddress | Address on which the proxy listens. | `:8080` | `127.0.0.1:80` |
| upstreamURL | URL to which the proxy requests will be forwarded (required) | | `https://someci-instance-url.com/webhook/` |
| secret | Secret of the Webhook API. If not set validation is not made. | | `iamasecret` |
| provider | Git Provider which generates the Webhook | `github` | `github` or `gitlab` |
| allowedPaths | Comma-Separated String List of allowed paths on the proxy | | `/project` or `github-webhook/,project/` |
| ignoredUsers | Comma-Separated String List of users to ignore while proxying Webhook request | | `someuser` |
| allowedUsers | Comma-Separated String List of users to allow while proxying Webhook request | | `someuser` |
## DEPLOYING TO KUBERNETES
The GitWebhookProxy can be deployed with vanilla manifests or Helm Charts.
### Vanilla Manifests
For Vanilla manifests, you can either first clone the respository or download the `deployments/kubernetes/gitwebhookproxy.yaml` file only.
#### Configuring
Below mentioned attributes in `gitwebhookproxy.yaml` have been hard coded to run in our cluster. Please make sure to update values of these according to your own configuration.
1. Change below mentioned attribute's values in `Ingress` in `gitwebhookproxy.yaml`
```yaml
rules:
- host: gitwebhookproxy.example.com
```
```yaml
tls:
- hosts:
- gitwebhookproxy.example.com
```
2. Change below mentioned attribute's values in `Secret` in `gitwebhookproxy.yaml`
```yaml
data:
secret: example
```
3. Change below mentioned attribute's values in `ConfigMap` in `gitwebhookproxy.yaml`
```yaml
data:
provider: github
upstreamURL: https://jenkins.example.com
allowedPaths: /github-webhook,/project
ignoredUsers: stakater-user
```
#### Deploying
Then you can deploy GitwebhookProxy by running the following kubectl commands:
```bash
kubectl apply -f gitwebhookproxy.yaml -n
```
*Note:* Make sure to update the `port` in deployment.yaml as well as service.yaml if you change the default `listenAddress` port.
### Helm Charts
Alternatively if you have configured helm on your cluster, you can add gitwebhookproxy to helm from our public chart repository and deploy it via helm using below mentioned commands
1. Add the chart repo:
i. `helm repo add stakater https://stakater.github.io/stakater-charts/`
ii. `helm repo update`
2. Set configuration as discussed in the `Configuring` section
i. `helm fetch --untar stakater/gitwebhookproxy`
ii. Open and edit `gitwebhookproxy/values.yaml` in a text editor and update the values mentioned in `Configuring` section.
3. Install the chart
* `helm install stakater/gitwebhookproxy -f gitwebhookproxy/values.yaml -n gitwebhookproxy`
## Running outside Kubernetes
### Run with Docker
To run the docker container outside of Kubernetes, you can pass the configuration as the Container Entrypoint arguments.
The docker image is available on docker hub. Example below:
`docker run stakater/gitwebhookproxy:v0.2.63 -listen :8080 -upstreamURL google.com -provider github -secret "test"`
### Run with Docker compose
For docker compose, the syntax is a bit different
```yaml
jenkinswebhookproxy:
image: 'stakater/gitwebhookproxy:latest'
command: ["-listen", ":8080", "-secret", "test", "-upstreamURL", "jenkins.example.com, "-allowedPaths", "/github-webhook,/ghprbhook"]
restart: on-failure
```
## Troubleshooting
### 405 Method Not Allowed with Jenkins & github plugin
If you get the following error when setting up webhooks for your jobs in Jenkins, make sure you have the trailing `/` in the webhook configured in Jenkins.
```
Error Redirecting '/github-webhook' to upstream', Upstream Redirect Status: 405 Method Not Allowed
```
## Help
**Got a question?**
File a GitHub [issue](https://github.com/stakater/GitWebhookProxy/issues), or send us an [email](mailto:[email protected]).
### Talk to us on Slack
Join and talk to us on the #tools-gwp channel for discussing about GitWebhookProxy
[](https://slack.stakater.com/)
[](https://stakater-community.slack.com/messages/CAQ5A4HGD)
## Contributing
### Bug Reports & Feature Requests
Please use the [issue tracker](https://github.com/stakater/GitWebhookProxy/issues) to report any bugs or file feature requests.
### Developing
PRs are welcome. In general, we follow the "fork-and-pull" Git workflow.
1. **Fork** the repo on GitHub
2. **Clone** the project to your own machine
3. **Commit** changes to your own branch
4. **Push** your work back up to your fork
5. Submit a **Pull request** so that we can review your changes
NOTE: Be sure to merge the latest from "upstream" before making a pull request!
## Changelog
View our closed [Pull Requests](https://github.com/stakater/GitWebhookProxy/pulls?q=is%3Apr+is%3Aclosed).
## License
Apache2 © [Stakater](http://stakater.com)
## About
`GitWebhookProxy` is maintained by [Stakater][website]. Like it? Please let us know at
See [our other projects][community]
or contact us in case of professional services and queries on
[website]: http://stakater.com/
[community]: https://github.com/stakater/