Example configuration files

Examples of various configuration possibilities to help you get started. The source scripts are available too.

Projects configuration

This file includes the configration of which hooks are available.

example1:
  app_key: c202217f7bba73a73cce17794f79be6672d89450a3b7895d
  triggers:
    trigger1:
      trigger_key: c633c360800fb7e0126fd123ecaed1500c125d29625e5896
      repo: git@codeberg.org:diginaut/webhaak.git
      command: sudo supervisorctl restart webhaak
    trigger2:
      trigger_key: 33b3506bc8496bdcd1b155756b7e9a01acc76f6e83e3c60f
      repo: ...
      command: bash /home/myuser/bin/update_all_the_things.sh

aquariusoft.org:
  app_key: c202217f7bba73a73cce17794f79be6672d89450a3b7895d
  triggers:
    trigger1:
      trigger_key: c633c360800fb7e0126fd123ecaed1500c125d29625e5896
      repo: git@codeberg.org:diginaut/aquariusoft.org.git
      command: update_aquariusoft.sh
    trigger2:
      trigger_key: 33b3506bc8496bdcd1b155756b7e9a01acc76f6e83e3c60f
      repo: git@codeberg.org:diginaut/paragoo.git
      branch: develop
      command: |
          bash /home/myuser/bin/update_all_the_things.sh REPOVERSION
    sentry:
      trigger_key: 7c6bd635948eea920fc15df87400a45b056c9779f4305bf0
      notify: false
      command: /srv/scripts/sentry_to_telegram.sh "PROJECT_NAME" "CULPRIT" "URL" "TITLE" "STACKTRACE"

endpoints:
  app_key: 1deb727726c2ab010013d2413d628f5ba9b6218ff5fd23df
  triggers:
    do_get:
      trigger_key: 1dce67412c4af2d5fdee102ed3d81914fa62c089fb021263
      call_url:
        url: http://localhost:9876/trigger/some/other/thing
        json: false
        post: false
    do_post_with_json:
      trigger_key: f4e29fa1e22ca0dc239570094c001e41b35cf614ac0d97c8
      call_url:
        url: http://localhost:8080/skill/mybotwebhook/echo
        json: true
        post: true
    freshping:
      trigger_key: 39873014da49af42458bc850d442f52096b0cbf1d6aa19d8
      notify: false
      call_url:
        url: http://localhost:8080/skill/mybotwebhook/echo
        json: true
        post: true

flask_webapp:
  app_key: 175cc847f608840815d741070d114f3aac35243b4f7e501c
  triggers:
    update:
      trigger_key: bde96f31cf248fd980ce3878942e8df66ae775a9da378c6d
      repo: git@codeberg.org:YOU/yourflaskwebapp.git
      repo_parent: /srv/www/flaskwebapp.example.com
      command: /srv/www/hook.example.com/scripts/update_flask.sh flaskwebapp REPODIR

paragoo:
  app_key: 6fa726e09524c41e5ff0751a811d34f5dac81cf23d6b5fb4
  triggers:
    update:
      trigger_key: 613b285e72f654b7b7957e5562f5728fbb9049b3d7c58d7d
      repo: git@codeberg.org:diginaut/paragoo.git
      command: |
          bash /home/myuser/bin/update_all_the_things.sh
    update_theme:
      trigger_key: 67a729b6cbfaa78075925631552f4eec29938f7a5a19f908
      repo: git@codeberg.org:diginaut/paragoo-theme-material.git
      command: python REPODIR/generate_variants.py
    flake8:
      trigger_key: 181bd69f610e8544ffa4092b487658636388f7444cb4238f
      command: /srv/www/hook.example.com/scripts/flake8diff.sh /srv/www/hook.example.com/venvtests/bin/activate paragoo "REPODIR" "EMAIL" COMMIT_BEFORE COMMIT_AFTER "COMPARE_URL"

webhaak:
  app_key: bdbff089697cb6d07f12498a905a76454ba5467f8b2d5197
  triggers:
    update:
      trigger_key: 9bc193c48b8927d97e35ed7f85181c8305f2f5bb3011c3a8
      repo: git@codeberg.org:diginaut/webhaak.git
      repo_parent: /srv/www/hook.example.com
      command: /srv/www/hook.example.com/scripts/update_webapp.sh webhaak REPODIR /srv/www/hook.example.com/venvs/webhaak
    flake8:
      trigger_key: 92a78e26514dc3089b95b49bcc0865fefb7d14dd43c51542
      notify: false
      command: /srv/www/hook.example.com/scripts/flake8diff.sh /srv/www/hook.example.com/venvtests/bin/activate webhaak /srv/www/hook.example.com/webhaak "EMAIL" COMMIT_BEFORE COMMIT_AFTER "COMPARE_URL"
    bitbucket:
      trigger_key: 0865fefb7d14dd43c515420865fefb7d14dd43c51542bdea
      notify: false
      repo: git@bitbucket.org:aquatix/webhaak.git
      repo_parent: /srv/www/_tests
      command: /srv/www/hook.example.com/scripts/flake8diff.sh /srv/www/hook.example.com/venvtests/bin/activate webhaak "REPODIR" "EMAIL" COMMIT_BEFORE COMMIT_AFTER "COMPARE_URL"
      authors:
        aquatix: itsme@example.com
        another: mario@example.com

systemd unit file for webhaak webservice

[Unit]
Description=Gunicorn Daemon for webhaak FastAPI
After=network.target

[Service]
User=change_into_the_correct_username
Group=change_into_the_correct_username
WorkingDirectory=/srv/www/hook.example.com/webhaak/src

Environment="SECRETKEY=ABCDEFG"
Environment="LOG_DIR=/var/log/webhaak"
Environment="EVENTLOG_DIR=/var/log/webhaak/events"
Environment="PROJECTS_FILE=/srv/www/hook.example.com/projects.yaml"
#Environment="REPOS_CACHE_DIR=/srv/www/hook.example.com/_cache"
# Like in the supervisord config, but make sure it's writable for the user webhaak is running as:
Environment="REPOS_CACHE_DIR=/var/cache/webhaak"
Environment="PUSHOVER_USERKEY=your_user_key_here"
Environment="PUSHOVER_APPTOKEN=your_app_token_here"

ExecStart=/srv/www/hook.example.com/venv/bin/gunicorn -c /srv/www/hook.example.com/gunicorn_webhaak_conf.py webhaak.main:app

[Install]
WantedBy=multi-user.target

This uses a Gunicorn configuration file:

# gunicorn_conf.py
from multiprocessing import cpu_count

bind = "127.0.0.1:8888"

# Worker Options
workers = cpu_count() + 1
worker_class = 'uvicorn.workers.UvicornWorker'

# Logging Options
loglevel = 'debug'
accesslog = '/var/log/webhaak/access_log'
errorlog = '/var/log/webhaak/error_log'

Supervisord for RQ worker

[program:webhaak_rq_worker]
environment=SECRETKEY="ABCDEFG",LOG_DIR="/var/log/webhaak",EVENTLOG_DIR="/var/log/webhaak/events",PROJECTS_FILE="/srv/www/hook.example.com/projects.yaml"REPOS_CACHE_DIR="/var/cache/webhaak",PUSHOVER_USERKEY="your_userkey",PUSHOVER_APPTOKEN="your_apptoken"
command = /srv/www/hook.example.com/venv/bin/rq worker --url redis://localhost:6379/0 webhaak --with-scheduler
user = change_into_the_correct_username
autostart = true
autorestart = true
stdout_logfile = /var/log/supervisor/webhaak_rq_worker.log
redirect_stderr = true
#environment = LANG=en_US.UTF-8,LC_ALL=en_US.UTF-8

; process_num is required if you specify >1 numprocs
; process_name=%(program_name)s-%(process_num)s

; If you want to run more than one worker instance, increase this
numprocs=1

; This is the directory from which RQ is ran. Be sure to point this to the
; directory where your source code is importable from
directory=/srv/www/hook.example.com/webhaak/src

; RQ requires the TERM signal to perform a warm shutdown. If RQ does not die
; within 10 seconds, supervisor will forcefully kill it
stopsignal=TERM

nginx vhost

nxing configuration to serve the web application with; the application itself runs under systemd for example

server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;
    server_name hook.example.com;

    real_ip_header      X-Forwarded-For;

    access_log  /var/log/nginx/access_hook.example.com.log;
    error_log  /var/log/nginx/error_hook.example.com.log  warn;

    location / {
        proxy_pass             http://127.0.0.1:8888;
        proxy_read_timeout     60;
        proxy_connect_timeout  60;
        proxy_redirect         off;

        # Allow the use of websockets
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location /ui/ {
        alias /srv/www/hook.example.com/webhaak-ui/webhaak-ui/;
        try_files $uri /index.html =404;
        index index.html;
    }

    ssl_certificate /etc/letsencrypt/live/hook.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/hook.example.com/privkey.pem; # managed by Certbot
}

Environment file

The various environment variables have to be put in the supervisord config and systemd unit file like described above; they can also be put in a .env file.

SECRETKEY=abc123
LOG_DIR=/var/log/webhaak
EVENTLOG_DIR=/var/log/webhaak/events
PROJECTS_FILE=/srv/www/hook.example.com/projects.yaml

REPOS_CACHE_DIR=/srv/www/hook.example.com/_cache

PUSHOVER_USERKEY=your_user_key_here
PUSHOVER_APPTOKEN=your_app_token_here

Helper scripts

Updating a webapp project (like a FastAPI one):

#!/bin/bash
set -e
# Any subsequent(*) commands which fail will cause the shell script to exit immediately

if [ "$#" -ne 3 ]; then
    echo "USAGE: update_webapp.sh [projectname] [repodir] [venvdir]"
    exit 1
fi

PROJECTNAME="${1}"
REPODIR="${2}"
VENVDIR="${3}"

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"

# Assume update_virtualenv.sh lives in the same directory as this one
$DIR/update_virtualenv.sh "${VENVDIR}" "${REPODIR}/requirements-server.txt"

# Restart the project
sudo /usr/bin/systemctl restart "${PROJECTNAME}.service"
sudo /usr/bin/supervisorctl restart "${PROJECTNAME}_rq_worker"

Updating a Flask project:

#!/bin/bash
set -e
# Any subsequent(*) commands which fail will cause the shell script to exit immediately

if [ "$#" -ne 2 ]; then
    echo "USAGE: update_flask.sh [projectname] [repodir]"
    exit 1
fi

PROJECTNAME="${1}"
REPODIR="${2}"
# Convention of having the virtualenv under the same parent dir as the project
VENVDIR="${2}/../venv/"

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"

# Assume update_virtualenv.sh lives in the same directory as this one
$DIR/update_virtualenv.sh "${VENVDIR}" "${REPODIR}/requirements.txt"

# Restart the project
sudo /usr/bin/supervisorctl restart "${PROJECTNAME}"

Updating a Python virtualenv (also used by the Flask update script):

#!/bin/bash
set -e
# Any subsequent(*) commands which fail will cause the shell script to exit immediately

if [ "$#" -ne 2 ]; then
    echo "USAGE: update_virtualenv.sh [virtualenv_path] [requirements_file]"
    exit 1
fi

if [ ! -f "$2" ]; then
    echo "requirements file '$2' not found"
    exit 2
fi

VIRTUALENVDIR="${1}"
REQUIREMENTSFILE="${2}"

if [ ! -d "${VIRTUALENVDIR}" ]; then
    echo "Creating virtualenv $1"
    mkdir -p "${VIRTUALENVDIR}"
    cd "${VIRTUALENVDIR}"
    virtualenv -p python3 .
    # python3 -m venv .
fi

if [[ -z ${VIRTUAL_ENV} ]]; then
    # Only activate the virtualenv if we aren't in one already
    source ${VIRTUALENVDIR}/bin/activate
    REQUIREMENTSDIR=$(dirname "${REQUIREMENTSFILE}")

    cd "$REQUIREMENTSDIR"

    # Make sure to run the latest pip and pip-tools
    pip install pip --upgrade
    pip install pip-tools --upgrade

    pip-sync "${REQUIREMENTSFILE}"
else
    echo "A virtualenv is already activated: $VIRTUAL_ENV"
    exit 3
fi

Running flake8 linter and isort checker over a directory with Python files:

#!/bin/bash

MAIL_FROM="CHANGEME@example.com"

VENVDIR="${1}"
PROJECTNAME="${2}"
REPODIR="${3}"
EMAIL="${4}"
COMMIT="${5}"

source "${VENVDIR}"

cd "${REPODIR}"

echo
echo "== flake8 ======"
echo "Checking changes for ${PROJECTNAME}"
echo "Changes by ${EMAIL}"
echo "${COMMIT}"
echo

FLAKE8RESULT=$(git -c advice.detachedHead=false checkout "${COMMIT}" && flake8 --config tox.ini)

echo "${FLAKE8RESULT}"

ISORTRESULT=$(isort -c . | grep -v Skipped)

if [ ! -z "${FLAKE8RESULT}${ISORTRESULT}" ]; then
    echo "Sending email"
    TEXT="Changes by ${EMAIL}\nDetails: ${COMMIT}\n\nflake8:\n\n${FLAKE8RESULT}\n\nisort:\n\n${ISORTRESULT}"
    echo -e "${TEXT}" | /usr/bin/mail -s "flake8 and isort results for ${PROJECTNAME}" -a "From: ${MAIL_FROM}" ${EMAIL}
else
    echo "Nothing to mail"
fi
echo "== Done with flake8 ======"

Apache

Not officially supported anymore since the rewrite with FastAPI.

uWSGI

Not officially supported anymore since the rewrite with FastAPI.