Managing webhook

Available in Classic and VPC

Webhooks provide post-processing of multiple events that occur in the SourceCommit repository. By connecting to the Cloud Functions service in NAVER Cloud Platform or by connecting a specific URL to your webhook, you can receive event data to process business logics.

You can utilize webhooks in various ways as follows:

• Connect CI/CD to SourceBuild, SourceDeploy, and SourcePipeline by detecting changes that occur in codes
• Run post-processing logics for repository events without managing a Proxy Server by connecting to Cloud Functions service triggers
• Reduce code review time through notifications of commit push or pull request creation
• Instantly receive File Safer malware scan results
• Instantly receive file lock/unlock status through LFS

Managing webhook

To use a webhook, first create a webhook by specifying a connection target to deliver an event to when the webhook is called.

Creating webhook

The following describes how to create a webhook.

1. Access the NAVER Cloud Platform console.
2. Click the Services > Developer Tools > SourceCommit menus.
3. Select the relevant repository from the SourceCommit page, and click the [Go to code] button.
   • You can also click the repository name from the repository list.
4. From the repository's detailed functions page, click the [Hooks] tab.
   
5. Click the [Create] button.
   
6. Enter the name and description for the webhook you want to create.
   • For webhook names, enter up to 50 characters including alphabets, numbers, and special characters (-, _). You can’t enter the same name as a webhook that has already been created.
   • You can enter a description up to 300 characters.
7. Select the type of event your webhook will be called on.
   • If the event occurs in the repository to which the webhook belongs, the webhook is called.
   • For more information about the event types, see the Webhook event list.
8. Add a target to connect to the webhook. If called in case of an event, the webhook passes data through the connection target.
   The methods to add targets can vary depending on the target type. See the following guides.
   • Adding Cloud Functions connection target
   • Adding URL connection target

Adding Cloud Functions connection target

1. Select Cloud Functions for the target type.
2. Click the [Create trigger] button to create a new trigger.
   
   • For more details on trigger creation, see the SourceCommit Trigger user guide.
   • If you’ve already created a SourceCommit trigger through the Cloud Functions service, you can skip this step.
3. Select a trigger to connect to the webhook from the trigger list in the Creating webhook window.
4. Select whether to activate the selected trigger.
   • If an event occurs in the repository and the webhook is called, only the selected triggers whose activation status is ON are run.
     
5. Click the [Create] button in the Creating webhook window to create a webhook.

Adding URL connection target

1. Select URL for the target type.
   
2. Enter the URL , Content Type , and Secret to connect.
   • URL: you can enter up to 2000 characters, and the addresses must allow external access (Required)
   Caution

   If the URL target returns HTTP status 3XX, redirection is not supported.

   • Content Type: select between application/json , application/x-www-form-urlencode (Required)
   Note

   • application/json : send JSON payload directly to request body data
   • application/x-www-form-urlencoded : send JSON payload as the value for 'payload' key
   • Secret (optional)
     • To ensure that your webhook call is from the SourceCommit service and to prevent data forgery on the way
     • When you call your webhook, the value of the request body encrypted with Hmac SHA256 into a secret key is sent via the 'x-ncp-sourcecommit-signature-v1’ (Example)
     • Enter up to 200 characters
3. Decide whether to activate the URL, and click the [Add] button to create it.
   • If an event occurs in the repository and the webhook is called, the data is delivered only to the selected URLs whose activation status is ON.
4. Click the [Create] button in the Creating webhook window to create a webhook.

Changing webhook settings

If necessary, you can change the descriptions, event type, and connection target information entered when creating the webhook.

The following describes how to change your webhook settings.

1. Access the NAVER Cloud Platform console.
2. Click the Services > Developer Tools > SourceCommit menus.
3. Select the relevant repository from the SourceCommit page, and click the [Go to code] button.
   • You can also click the repository name from the repository list.
4. From the repository's detailed functions page, click the [Hooks] tab.
5. Click the [Edit] button.
6. Change the webhook settings, and click the [Apply] button.
   • For more information about what to enter in the webhook settings, see Creating webhook.

Delete webhook

If you don’t want to call your webhook anymore, you can delete it. The following describes how to delete a webhook.

1. Access the NAVER Cloud Platform console.
2. Click the Services > Developer Tools > SourceCommit menus.
3. Select the relevant repository from the SourceCommit page, and click the [Go to code] button.
   • You can also click the repository name from the repository list.
4. From the repository's detailed functions page, click the [Hooks] tab.
5. From your webhook list, select a webhook to delete and click the [Delete] button.
6. When the Confirm deletion window appears, click the [Delete] button.

Checking webhook call result

You can check the results of your webhook calls for each connection target.

• Checking call results for Cloud Functions connection target
• Checking call results for URL connection target

Checking call results for Cloud Functions connection target

If your webhook’s connection target is Cloud Functions , you can check the call result in the Cloud Functions service console.

1. Access the NAVER Cloud Platform console.
2. Click the Services > Developer Tools > SourceCommit menus.
3. Select the relevant repository from the SourceCommit page, and click the [Go to code] button.
   • You can also click the repository name from the repository list.
4. From the repository's detailed functions page, click the [Hooks] tab.
5. Click the trigger name in the [Target information] column of the webhook you want to check, and move to the Cloud Functions service console.
   
   • For more information about trigger call results, see the Trigger monitoring guide.

Checking call results for URL connection target

If your webhook’s connection target is URL, you can click the [Call result] button from the webhook list page to check the results.

1. Access the NAVER Cloud Platform console.
2. Click the Services > Developer Tools > SourceCommit menus.
3. Select the relevant repository from the SourceCommit page, and click the [Go to code] button.
   • You can also click the repository name from the repository list.
4. From the repository's detailed functions page, click the [Hooks] tab.
5. Click the URL webhook to check the call result of, and click the [Call result] button.
   
   • Target type: webhook target type (now only supports URL)
   • Endpoint: webhook target URL
   • Call time: webhook call time
   • Status: call success/failure
6. To check the detailed call result, click the [View] button.
   
   • Request information
     • Request header: URL, Method, and Headers information at webhook call
     • Request body: body information delivered at webhook call
   • Response information
     • Response status code: HTTP Status Code received in response to webhook call
     • Response header: Headers received in response to webhook call
     • Response body: Body received in response to webhook call

Receiving URL target webhook data

The following is an example of proving forgery and outputting the result using the secret value and the 'x-ncp-sourcecommit-signature-v1' header after receiving URL target webhook data.

1. By referring to Creating webhook and Adding URL connection target, create a webhook as follows:
   

   Note

   • When you send your URL webhook data, the HTTP Method is POST.
   • When you call your webhook, the value of the request body encrypted with Hmac SHA256 into a secret key is sent via the 'x-ncp-sourcecommit-signature-v1' header.
   • If the Secret value is blank, the 'x-ncp-sourcecommit-signature-v1' header is not provided.

2. Be prepared to receive the webhook data from your web server.

   Caution

   The secret value needs to be stored carefully to prevent leakage. The following code is only for reference.

• Spring boot

  @RestController
  public class SampleController {
  
      @PostMapping("/test")
      public String test(
              @RequestHeader("x-ncp-sourcecommit-signature-v1") String signature,
              @RequestBody String data
      ) throws NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException, JsonProcessingException {
  
          String secret = "my-secret-key";
  
          Mac mac = Mac.getInstance("HmacSHA256");
          mac.init(new SecretKeySpec(secret.getBytes("UTF-8"), "HmacSHA256"));
  
          String expectedSignature = Base64.encodeBase64String(mac.doFinal(data.getBytes("UTF-8")));
  
          if(!expectedSignature.equals(signature)){
              System.out.println("this request failed validation");
          }
  
          ObjectMapper mapper = new ObjectMapper();
          Map<String, Object> map = mapper.readValue(data, new TypeReference<Map<String, Object>>() {});
  
          System.out.println("--- received payload ---");
          System.out.println(mapper.writerWithDefaultPrettyPrinter().writeValueAsString(map));
  
          return "test";
      }
  }
  

• Node.js - express

  router.post('/test', (req, res, next) => {
  
    const secret = 'my-secret-key';
  
    const signature = req.get('x-ncp-sourcecommit-signature-v1');
    const data = JSON.stringify(req.body);
  
    const expectedSignature = createHmac('sha256', secret).update(data).digest('base64');
  
    if(expectedSignature !== signature){
      console.log('this request failed validation');
    }
  
    console.log('--- received payload ---');
    console.log(JSON.stringify(req.body, null, 2));
  
    res.send('test');
  });
  

3. Run one of the event types you’ve selected.
   • The following is an example of a push event.
     
4. Check the webhook receipt log in your web server console.