Initialisation depot

arti-api/auth-service/pipeline/GIT-WEBHOOK-CONFIG.md

@@ -0,0 +1,132 @@
+# Git Hosting Service Configuration for Drone CI Webhooks
+
+## For Gitea
+
+Add to your Gitea configuration (`app.ini`):
+
+```ini
+[webhook]
+# Allow webhooks to internal/private networks
+ALLOWED_HOST_LIST = private
+
+# Or specifically allow your Drone server
+ALLOWED_HOST_LIST = 192.168.100.214,drone.aipice.local,*.aipice.local
+
+# Skip TLS verification for internal services
+SKIP_TLS_VERIFY = true
+```
+
+Restart Gitea after configuration changes:
+```bash
+sudo systemctl restart gitea
+# or if using Docker:
+docker restart gitea
+```
+
+## For GitLab
+
+Add to your GitLab configuration (`gitlab.rb`):
+
+```ruby
+# Allow outbound requests to private networks
+gitlab_rails['outbound_requests_whitelist'] = [
+  '192.168.100.0/24',
+  '10.0.0.0/8',
+  '172.16.0.0/12'
+]
+
+# Or specifically allow your Drone server
+gitlab_rails['outbound_requests_whitelist'] = ['192.168.100.214']
+
+# Webhook timeout settings
+gitlab_rails['webhook_timeout'] = 30
+```
+
+Apply configuration:
+```bash
+sudo gitlab-ctl reconfigure
+```
+
+## For GitHub Enterprise
+
+In the GitHub Enterprise admin settings:
+
+1. Go to **Management Console** → **Privacy**
+2. Under **Private Mode**, configure:
+   - Allow webhook delivery to private networks: ✅
+   - Exempt domains: `*.aipice.local`
+
+## Alternative: Use Public Domain
+
+If you can't modify the Git hosting service configuration, make your Drone CI accessible via a public domain:
+
+1. **Setup external access** to Drone CI
+2. **Use public domain** like `drone-public.yourdomain.com`
+3. **Update webhook URL** in Git repository settings
+
+## Testing Webhook Connectivity
+
+Test if your Git service can reach Drone:
+
+```bash
+# From your Git hosting server, test connection:
+curl -I https://drone.aipice.local/healthz --insecure
+
+# Expected response:
+HTTP/1.1 200 OK
+```
+
+## Manual Webhook Configuration
+
+If automatic webhook setup fails, configure manually:
+
+1. **Go to repository settings** in your Git service
+2. **Add webhook** with:
+   - URL: `https://drone.aipice.local/hook?secret=YOUR_SECRET`
+   - Content Type: `application/json`
+   - Events: `Push`, `Tag push`, `Pull requests`
+   - SSL verification: Disabled (for self-signed certs)
+
+## Firewall Configuration
+
+Ensure firewall allows Git service to reach Drone:
+
+```bash
+# Allow Git server to reach Drone CI
+sudo ufw allow from GIT_SERVER_IP to any port 443
+sudo ufw allow from 192.168.100.0/24 to any port 443
+```
+
+## Troubleshooting
+
+### Check Git Service Logs
+
+**Gitea:**
+```bash
+sudo journalctl -u gitea -f
+# Look for webhook delivery attempts
+```
+
+**GitLab:**
+```bash
+sudo gitlab-ctl tail gitlab-rails
+# Look for outbound request blocks
+```
+
+### Check Drone Logs
+
+```bash
+# Check if Drone receives webhook calls
+kubectl logs -n drone deployment/drone-server | grep webhook
+```
+
+### Test Manual Webhook
+
+```bash
+# Simulate webhook call from Git service
+curl -X POST https://drone.aipice.local/hook?secret=YOUR_SECRET \
+  -H "Content-Type: application/json" \
+  -H "X-GitHub-Event: push" \
+  -d '{"ref":"refs/heads/main"}' \
+  --insecure
+```