Manage webhooks

Available in Classic and VPC

Using webhooks, you can perform post-processing for various events that occur in SourceCommit repositories. By integrating with the Cloud Functions service of the NAVER Cloud Platform or connecting a specific URL to a webhook, you can receive event data and process business logic as needed.

You can use webhooks in various ways as described below:

Detect changes in code and integrate CI/CD workflows with SourceBuild, SourceDeploy, and SourcePipeline.
Perform post-processing logic for repository events without managing a proxy server by integrating with Cloud Functions triggers.
Reduce code review time through commit pushes or notifications for pull request creation.
Receive FileSafer malware scan results immediately.
Receive file lock and unlock events via LFS immediately.

Manage webhooks

To use webhooks, you must first create a webhook by specifying a destination to which events will be delivered when the webhook is called.

Create webhook

To create a webhook:

Note

You can create up to 10 webhooks within a single repository.

From the NAVER Cloud Platform console, navigate to > Services > Developer Tools > SourceCommit.
Select a repository on the SourceCommit interface and click [Go to code].
- You can also click the repository name on the repository list.
Click the [Hooks] tab on the repository's detailed features page.
Click [Create].
Enter the name and description for the webhook to be created.
- The webhook name can be up to 50 characters long and may include letters, numbers, and special characters (-, _), and it must not duplicate the name of an existing webhook.
- You can enter the description within 300 characters.
Select the event types that call the webhook.
- When the selected events occur within the repository, the webhook is called.
- For detailed descriptions of event types, see Webhook event list.
Add a destination to be connected to the webhook. When an event occurs and the webhook is called, data is delivered to the destination.
The method for adding a destination differs depending on the destination type. See the following guides:
- Add Cloud Functions destination
- Add URL destination

Add Cloud Functions destination

Note

To use Cloud Functions as a destination, you must subscribe to the paid Cloud Functions service. For more information about Cloud Functions, see Cloud Functions user guide.
Cloud Functions triggers for SourceCommit are supported only in the Korea region and on the VPC platform.
You can enable up to 10 triggers per webhook.

Select Cloud Functions as the destination type.
Click [Create trigger] to create a new trigger.
- For more information about how to create triggers, see SourceCommit Trigger user guide.
- If you have already created a SourceCommit trigger using Cloud Functions, you can skip this step.
From the trigger list in the Create webhook window, select the triggers to connect to the webhook.
Choose whether to enable each selected trigger.
- When a repository event occurs and the webhook is called, only triggers enabled (set to ON) are executed.
Click [Create] in the Create webhook window to create the webhook.

Add URL destination

Note

You can enable up to 10 URLs per webhook.

Select URL as the destination type.
Enter the URL, Content Type, and Secret to connect.
- URL: You can enter up to 2,000 characters, and the URL must be accessible from external networks (required).
Caution
- Redirection is not supported if the URL destination returns an HTTP 3XX status code.
- Content Type: Select either application/json or application/x-www-form-urlencoded (required).
Note
- application/json: Transfer the JSON payload directly in the request body data.
- application/x-www-form-urlencoded: Transfer the JSON payload as the value of the "payload" key.
- Secret (optional)
  - Used to ensure that the webhook is called by the SourceCommit service and to prevent data from being tampered with during transmission.
  - When a webhook is called, an Hmac SHA256–encrypted value of the request body generated using the Secret key is transferred via the "x-ncp-sourcecommit-signature-v1" header (example).
  - Up to 200 characters are allowed.
Set whether to enable the URL and click [Add] to create the URL.
- When a repository event occurs and the webhook is called, data is delivered only to URLs that are enabled (set to ON).
Click [Create] in the Create webhook window to create the webhook.

Change webhook settings

If needed, you can modify the description, event types, and destination information entered during webhook creation.

To change webhook settings:

From the NAVER Cloud Platform console, navigate to > Services > Developer Tools > SourceCommit.
Select a repository on the SourceCommit interface and click [Go to code].
- You can also click the repository name on the repository list.
Click the [Hooks] tab on the repository's detailed features page.
Click [Edit].
After updating the webhook settings, click [Apply].
- For more information about each field of webhook wettings, see Create webhook.

Delete webhook

If you no longer need the webhook to be called, you can delete it.
To delete a webhook:

From the NAVER Cloud Platform console, navigate to > Services > Developer Tools > SourceCommit.
Select a repository on the SourceCommit interface and click [Go to code].
- You can also click the repository name on the repository list.
Click the [Hooks] tab on the repository's detailed features page.
From the webhook list, select the webhook to delete and click [Delete].
In the confirmation dialog, click [Delete] to finalize the deletion.

View webhook call results

You can view call results for each webhook destination.

View Cloud Functions destination call results

For webhooks connected to Cloud Functions, you can check call results in the Cloud Functions service console.

From the NAVER Cloud Platform console, navigate to > Services > Developer Tools > SourceCommit.
Select a repository on the SourceCommit interface and click [Go to code].
- You can also click the repository name on the repository list.
Click the [Hooks] tab on the repository's detailed features page.
Click the trigger name in the [Destination information] column of the target webhook to open the Cloud Functions service console.
- For more information about call results, see Trigger monitoring guide.

View URL destination call results

For webhooks with a URL destination, click [Call results] on the webhook list interface to view the results.

From the NAVER Cloud Platform console, navigate to > Services > Developer Tools > SourceCommit.
Select a repository on the SourceCommit interface and click [Go to code].
- You can also click the repository name on the repository list.
Click the [Hooks] tab on the repository's detailed features page.
Select the URL-type webhook you want to review, then click [Call results].
- Destination type: Type of webhook destination (currently only URL is supported)
- Endpoint: Webhook destination URL
- Call time: Time when the webhook is called
- Status: Whether the call is successful or failed
Click [View] to see detailed call results.
- Request information
  - Request headers: URL, method, and header information used for the webhook call
  - Request body: Body data sent during the webhook call
- Response information
  - Response status code: HTTP status code returned after the webhook call
  - Response header: Headers returned after the webhook call
  - Response body: Body returned after the webhook call

Receive webhook data with a URL destination

This section provides an example of verifying data integrity using the secret value and the "x-ncp-sourcecommit-signature-v1" header after receiving webhook data with a URL destination.

See Create webhook and Add URL destination, and create a webhook with the settings below:
Note
- Webhook with a URL destination use the POST HTTP method for data transfer.
- When a webhook is called, an Hmac SHA256–encrypted value of the request body generated with the secret key is transferred via the "x-ncp-sourcecommit-signature-v1" header.
- If the Secret value is empty, the "x-ncp-sourcecommit-signature-v1" header is not provided.
Prepare your web server to receive webhook data.
Caution
- Store the secret value securely to prevent exposure. The code below is provided for reference only:

Spring boot

@RestController
public class SampleController {

    @PostMapping("/test")
    public String test(
            @RequestHeader("x-ncp-sourcecommit-signature-v1") String signature,
            @RequestBody String data
    ) throws NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException, JsonProcessingException {

        String secret = "my-secret-key";

        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(secret.getBytes("UTF-8"), "HmacSHA256"));

        String expectedSignature = Base64.encodeBase64String(mac.doFinal(data.getBytes("UTF-8")));

        if(!expectedSignature.equals(signature)){
            System.out.println("this request failed validation");
        }

        ObjectMapper mapper = new ObjectMapper();
        Map<String, Object> map = mapper.readValue(data, new TypeReference<Map<String, Object>>() {});

        System.out.println("--- received payload ---");
        System.out.println(mapper.writerWithDefaultPrettyPrinter().writeValueAsString(map));

        return "test";
    }
}

Node.js - express

router.post('/test', (req, res, next) => {

  const secret = 'my-secret-key';

  const signature = req.get('x-ncp-sourcecommit-signature-v1');
  const data = JSON.stringify(req.body);

  const expectedSignature = createHmac('sha256', secret).update(data).digest('base64');

  if(expectedSignature !== signature){
    console.log('this request failed validation');
  }

  console.log('--- received payload ---');
  console.log(JSON.stringify(req.body, null, 2));

  res.send('test');
});

Trigger one of the selected event types.
- The example below demonstrates a push event:
Check the webhook reception logs in your web server console.