CircleCI Docker Webhook

Script to autodeploy new versions of a repo after the docker image has been built in Quay, with optional slack notifications.

Successful CircleCI tests -> triggers Quay Builds

Successful Quay builds -> triggers Deploy Webhook

Successful Deployments -> (optionally) notifies via slack

This repo contains:

• sample CircleCI config
• CircleCI trigger Quay build script
• sample Quay webhook payloads ./test-master-payload.json ./test-tag-payload.json
• Deploy Webhook source
• Deploy Webhook ./example.hcl

Requirements

• go to compile webhook
• your deployment server must have docker installed and running

Setup Overview

1. Webhook Setup
2. Quay Setup
3. Copy the Trigger URL
4. CircleCI Setup
5. Run Webhook

Webhook Setup

Webhook Configuration

see ./example.hcl

cp example.hcl config.hcl
$EDITOR config.hcl

Set Quay Webhook Path

This is used so no one can spam the webhook endpoint without knowing this path. Consider it secret.

this should go without saying, always use TLS

Quick and Simple generate a random path

sh -c 'sed -i -e "s/webhookPath = .*/webhookPath = \"`head \/dev\/urandom | shasum -a 512256 | base64 -w 0`\"/" config.hcl'

Slack Notifications>

(Optional)

If you want slack notifications, update the slack block in config.hcl

otherwise, delete the slack block

Install

On Server

if go is installed on your server

go install github.com/theremix/circleci-docker-webhook

Or Compile Locally and upload

Compile the webhook with make (or make linux64 if you are not compiling on linux)

scp ./bin/webhook and ./config.hcl up to your server.

Quay Setup

New Quay Repo

• Create new Container Image Repository
• Link to Custom Git Repository Push
  • see https://docs.quay.io/guides/custom-trigger.html

Existing Quay Repo>

• add Build Trigger
  • see https://docs.quay.io/guides/custom-trigger.html

Copy the webhook url with token

it will look something like this

https://$token:T79QKPYYN7BEEFQ2EAXKLLURGEDEADC0F10KAIPINCBTJQV015DSME4787I7OOXK@quay.io/webhooks/push/trigger/17771773-1f33-4f33-a7ee-be870d11d1d1

Create Repository Notification

Go to repo settings

Create Notification

Set : "Dockerfile Build Successfully Completed"

Leave "matching refs" blank

Then issue a notification : "Webhook POST"

Set the Webhook URL to your deployment server with the webhookPath from Webhook Setup configuration

Optional Slack Notifications

Create Slack Notifications for other events too.

CircleCI Setup

Create or Edit the Job

Under Job Settings, edit Environment Variables under Build Settings

Add TRIGGER_URL

Set the value to the webhook url from quay, escape the $ with \$

https://\$token:T79QKPYYN7BEEFQ2EAXKLLURGEDEADC0F10KAIPINCBTJQV015DSME4787I7OOXK@quay.io/webhooks/push/trigger/17771773-1f33-4f33-a7ee-be870d11d1d1

Run webhook

ssh into your server

Quick and Dirty

nohup ./webhook config.hcl >> webhook.log 2>&1 &

will start listening for webhook requests on port 2000

set the port

PORT=2121 nohup ./webhook config.hcl >> webhook.log 2>&1 &

enable extra debug messages

DEBUG=1 nohup ./webhook config.hcl >> webhook.log 2>&1 &

Or Systemd

see webhook.service for an example

Test trigger

update the following three fields in ./test-tag-payload.json to real values (all others are ignored)

• repository
• name
• trigger_metadata.ref

curl -X POST --data-binary "@./test-tag-payload.json" https://webhook.yourdomain.com/