Skip to main content

Triggering Statis builds via GitLab Webhook

This blog post might be outdated!
This blog post was published more than one year ago and might be outdated!
· 2 min read
Stephan Hochdörfer

In our "old" Jenkins set-up things were simple: The Jenkins master and Satis were running on the same host thus Jenkins could easily invoke Satis via a command-line call. Unfortunately GitLab does not allow that. The only option which is currently available in GitLab is to trigger Satis via a webhook. Neither Satis itself or Satisfy which we actually use provide support for webhooks. Thus we extended Satisfy with a simple controller which invokes the Satis cli command. Definitely not the best solution but it works for us.

To make things a bit more secure we added a check for the secret token that Gitlab can send along when calling a webhook. Additionally the server does only accept connections from our internal network:

if ($request->headers->get('X-Gitlab-Token') !== 
$app['gitlab.secure.token']) {
return new JsonResponse([
'message' => 'Not authenticated, X-Gitlab-Token is invalid.'
], Response::HTTP_UNAUTHORIZED);
}

Since GitLab sends multiple requests during a build - we currently only listen for build events - we need to check the status field in the request for a value of "success". Whenever a build fails we do not want to trigger a Satis rebuild:

if ($request->request->get('build_status') !== 'success') { 
return new JsonResponse([ 'message' => 'Invalid build status.' ]);
}