System webhooks can be used to send an http request to a designated endpoint every time a system event occurs. Example system events:
- User is created
- User is deleted
- Repository is activated
- Repository is de-activated
- Build is created
- Build is updated or completed
Create a shared secret used to sign the http request. This shared secret is to be provided to both the Drone server and your webhook receiver.
$ openssl rand -hex 16 bea26a2221fd8090ea38720fc445eca6
Update your Drone server configuration to include the webhook endpoint and the shared secret.
Example webhook request headers:
Example webhook request body:
The http request is signed per the http signatures draft specification use the shared secret. The receiver should use the signature to verify the authenticity and integrity of the webhook.
Third party libraries for http signature verification:
The http request includes a header variable to determine he type of event. The following is a list of event types:
X-Drone-Event: user X-Drone-Event: repo X-Drone-Event: build
The payload includes an action field, which can be used to determine the type of action that was taken against the object. In the below example we see the user object was created.