# Git Hosting Service Configuration for Drone CI Webhooks

## For Gitea

Add to your Gitea configuration (`app.ini`):

```ini
[webhook]
# Allow webhooks to internal/private networks
ALLOWED_HOST_LIST = private

# Or specifically allow your Drone server
ALLOWED_HOST_LIST = 192.168.100.214,drone.aipice.local,*.aipice.local

# Skip TLS verification for internal services
SKIP_TLS_VERIFY = true
```

Restart Gitea after configuration changes:
```bash
sudo systemctl restart gitea
# or if using Docker:
docker restart gitea
```

## For GitLab

Add to your GitLab configuration (`gitlab.rb`):

```ruby
# Allow outbound requests to private networks
gitlab_rails['outbound_requests_whitelist'] = [
  '192.168.100.0/24',
  '10.0.0.0/8',
  '172.16.0.0/12'
]

# Or specifically allow your Drone server
gitlab_rails['outbound_requests_whitelist'] = ['192.168.100.214']

# Webhook timeout settings
gitlab_rails['webhook_timeout'] = 30
```

Apply configuration:
```bash
sudo gitlab-ctl reconfigure
```

## For GitHub Enterprise

In the GitHub Enterprise admin settings:

1. Go to **Management Console** → **Privacy**
2. Under **Private Mode**, configure:
   - Allow webhook delivery to private networks: ✅
   - Exempt domains: `*.aipice.local`

## Alternative: Use Public Domain

If you can't modify the Git hosting service configuration, make your Drone CI accessible via a public domain:

1. **Setup external access** to Drone CI
2. **Use public domain** like `drone-public.yourdomain.com`
3. **Update webhook URL** in Git repository settings

## Testing Webhook Connectivity

Test if your Git service can reach Drone:

```bash
# From your Git hosting server, test connection:
curl -I https://drone.aipice.local/healthz --insecure

# Expected response:
HTTP/1.1 200 OK
```

## Manual Webhook Configuration

If automatic webhook setup fails, configure manually:

1. **Go to repository settings** in your Git service
2. **Add webhook** with:
   - URL: `https://drone.aipice.local/hook?secret=YOUR_SECRET`
   - Content Type: `application/json`
   - Events: `Push`, `Tag push`, `Pull requests`
   - SSL verification: Disabled (for self-signed certs)

## Firewall Configuration

Ensure firewall allows Git service to reach Drone:

```bash
# Allow Git server to reach Drone CI
sudo ufw allow from GIT_SERVER_IP to any port 443
sudo ufw allow from 192.168.100.0/24 to any port 443
```

## Troubleshooting

### Check Git Service Logs

**Gitea:**
```bash
sudo journalctl -u gitea -f
# Look for webhook delivery attempts
```

**GitLab:**
```bash
sudo gitlab-ctl tail gitlab-rails
# Look for outbound request blocks
```

### Check Drone Logs

```bash
# Check if Drone receives webhook calls
kubectl logs -n drone deployment/drone-server | grep webhook
```

### Test Manual Webhook

```bash
# Simulate webhook call from Git service
curl -X POST https://drone.aipice.local/hook?secret=YOUR_SECRET \
  -H "Content-Type: application/json" \
  -H "X-GitHub-Event: push" \
  -d '{"ref":"refs/heads/main"}' \
  --insecure
```