Webhooks & Forgejo

Posted on Feb 9, 2024

Just another short note to Future Me(tm) – this time on a valid configuration for receiving webhooks from Forgejo.

I’m using adnanh/webhook for this, as it’s packaged in Debian by default so it offered the path of least resistance :-)

First, setup a webhook in Forgejo like normal. I’m using a repository webhook, just for push events on my main branch.

Then, save the following to /etc/webhook.conf on the relevant system:

[
  {
    "id": "unique-hook-name-goes-here",
    "execute-command": "/path/to/deploy.sh",
    "command-working-directory": "/path/to/",
    "pass-arguments-to-command":
    [
      {
        "source": "payload",
        "name": "head_commit.id"
      },
      {
        "source": "payload",
        "name": "pusher.name"
      },
      {
        "source": "payload",
        "name": "pusher.email"
      }
    ],
    "trigger-rule":
    {
      "and":
      [
        {
          "match":
          {
            "type": "payload-hash-sha256",
            "secret": "your-secret-goes-here",
            "parameter":
            {
              "source": "header",
              "name": "X-Forgejo-Signature"
            }
          }
        },
        {
          "match":
          {
            "type": "value",
            "value": "refs/heads/main",
            "parameter":
            {
              "source": "payload",
              "name": "ref"
            }
          }
        }
      ]
    }
  }
]

If you use Gitea or Gogs, you might want to change that header name (X-Forgejo-Signature) as it’s Forgejo specific. If you use another branch name than main, change refs/heads/main to whatever you use.