easylinux/Maison
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
758f73bc0ebe43a4e29b303106029d4a2e400362
Maison/arti-api/auth-service/pipeline/GIT-WEBHOOK-CONFIG.md
Serge NOEL c3176e8d79 Initialisation depot
2026-02-10 12:12:11 +01:00

2.9 KiB
Raw Blame History

Git Hosting Service Configuration for Drone CI Webhooks

For Gitea

Add to your Gitea configuration (app.ini):

[webhook]
# Allow webhooks to internal/private networks
ALLOWED_HOST_LIST = private

# Or specifically allow your Drone server
ALLOWED_HOST_LIST = 192.168.100.214,drone.aipice.local,*.aipice.local

# Skip TLS verification for internal services
SKIP_TLS_VERIFY = true

Restart Gitea after configuration changes:

sudo systemctl restart gitea
# or if using Docker:
docker restart gitea

For GitLab

Add to your GitLab configuration (gitlab.rb):

# Allow outbound requests to private networks
gitlab_rails['outbound_requests_whitelist'] = [
  '192.168.100.0/24',
  '10.0.0.0/8',
  '172.16.0.0/12'
]

# Or specifically allow your Drone server
gitlab_rails['outbound_requests_whitelist'] = ['192.168.100.214']

# Webhook timeout settings
gitlab_rails['webhook_timeout'] = 30

Apply configuration:

sudo gitlab-ctl reconfigure

For GitHub Enterprise

In the GitHub Enterprise admin settings:

  1. Go to Management ConsolePrivacy
  2. Under Private Mode, configure:
    • Allow webhook delivery to private networks:
    • Exempt domains: *.aipice.local

Alternative: Use Public Domain

If you can't modify the Git hosting service configuration, make your Drone CI accessible via a public domain:

  1. Setup external access to Drone CI
  2. Use public domain like drone-public.yourdomain.com
  3. Update webhook URL in Git repository settings

Testing Webhook Connectivity

Test if your Git service can reach Drone:

# From your Git hosting server, test connection:
curl -I https://drone.aipice.local/healthz --insecure

# Expected response:
HTTP/1.1 200 OK

Manual Webhook Configuration

If automatic webhook setup fails, configure manually:

  1. Go to repository settings in your Git service
  2. Add webhook with:
    • URL: https://drone.aipice.local/hook?secret=YOUR_SECRET
    • Content Type: application/json
    • Events: Push, Tag push, Pull requests
    • SSL verification: Disabled (for self-signed certs)

Firewall Configuration

Ensure firewall allows Git service to reach Drone:

# Allow Git server to reach Drone CI
sudo ufw allow from GIT_SERVER_IP to any port 443
sudo ufw allow from 192.168.100.0/24 to any port 443

Troubleshooting

Check Git Service Logs

Gitea:

sudo journalctl -u gitea -f
# Look for webhook delivery attempts

GitLab:

sudo gitlab-ctl tail gitlab-rails
# Look for outbound request blocks

Check Drone Logs

# Check if Drone receives webhook calls
kubectl logs -n drone deployment/drone-server | grep webhook

Test Manual Webhook

# Simulate webhook call from Git service
curl -X POST https://drone.aipice.local/hook?secret=YOUR_SECRET \
  -H "Content-Type: application/json" \
  -H "X-GitHub-Event: push" \
  -d '{"ref":"refs/heads/main"}' \
  --insecure
Reference in New Issue View Git Blame Copy Permalink