Skip to content

openziti/ziti-gitlab-webhook

Repository files navigation

ziti-gitlab-webhook

A Docker image usable within GitLab CI Pipelines to facilitate sending webhooks over a Ziti Network to a secure server that is "dark" on the internet (e.g. a self-hosted instance of Mattermost).

Learn about Ziti at ziti.dev

Build Issues License LOC PRs Welcome Contributor Covenant

This GitLab CI Pipeline image uses the Ziti NodeJS SDK to post an arbitrary JSON payload over a Ziti Network to a protected service. Here, an example of a protected service could be a self-hosted instance of Mattermost that is only accessible over Ziti.

Example usage in a .gitlab-ci.yml pipeline:

notify-job:
  image: ghcr.io/openziti/ziti-gitlab-webhook:latest

  stage: .pre

  rules:

    # Run this job based on whatever events you are interested in. 
    # Here we run whenever updates are pushed into the repo.
    - if: '$CI_PIPELINE_SOURCE == "push"'
      when: always

  variables:

    # WEBHOOK_URL specifies the URL to post the event payload.
    # Note that the Ziti service name must match the hostname
    # in the URL (e.g. "your-mattermost.ziti"). Also note that
    # "xxx-generatedkey-xxx" in this URL example should be replaced
    # with the generated key associated with the incoming webhook
    # you established on your Mattermost instance.
    WEBHOOK_URL: 'https://your-mattermost.ziti/hooks/xxx-generatedkey-xxx'

    # Identity JSON containing key to access a Ziti network.
    # We suggest specifying it in a variable controlled through
    # the GitLab UI.
    ZITI_IDENTITY: '${ZITI_IDENTITY}'
  
  script:
  
    # The WEBHOOK_PAYLOAD env var should be set to an arbitrary
    # JSON salvo that will be POST'ed to the Ziti service.
    # For example, if you are using Mattermost as the target,
    # you can use the JSON format described at: 
    #     https://developers.mattermost.com/integrate/incoming-webhooks/
    #
    # GitLab exposes lots of information via pre-defined env vars,
    # and you can extract information from them and craft a payload
    # that provides value to you.
    - export WEBHOOK_PAYLOAD='{"channel":"my-channel-name", "text":"whatever text your script want to set"}'

    # Transmit the webhook to the service over Ziti
    - ziti-webhook

Ziti Identity

The ZITI_IDENTITY referenced above is the JSON formatted string of an identity enrolled in a Ziti network.

The identity can be created by enrolling via the ziti edge enroll path/to/jwt [flags] command. The ziti executable can be obtained here.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages