Allura supports one type of webhooks for the moment - repo-push
, triggered when repository receives new commits. It is supported for Git, Mercurial and SVN repositories.
{
"after": "a72ab8566ed1a81e485a8451868ee9364069ea6b",
"before": "27bc571ceb56beeda796e0069bfba84581f55770",
"size": 1,
"commits": [
{
"id": "a72ab8566ed1a81e485a8451868ee9364069ea6b",
"message": "Update README",
"added": [],
"copied": [],
"removed": [],
"modified": [
"README.md"
],
"author": {
"email": "jetmind@example.com",
"name": "Igor Bondarenko",
"username": "jetmind"
},
"committer": {
"email": "jetmind@example.com",
"name": "Igor Bondarenko",
"username": "jetmind"
},
"timestamp": "2015-02-23T14:30:42Z",
"url": "http://sourceforge.net/p/test/git/ci/a72ab8566ed1a81e485a8451868ee9364069ea6b/"
}
],
"ref": "refs/heads/master",
"repository": {
"full_name": "/p/test/git/",
"name": "Git",
"url": "sourceforge.net/p/test/git/"
}
}
.
{
"after": "3f36d4136f4c7151066135335a70d812f7d9251b",
"before": "715226c07bcfd410bb655e9290adeb770eb36b1f",
"size": 1
"commits": [
{
"id": "3f36d4136f4c7151066135335a70d812f7d9251b",
"message": "Update README",
"added": [],
"copied": [],
"removed": [],
"modified": [
"README.markdown"
],
"author": {
"email": "jetmind",
"name": "jetmind",
"username": ""
},
"committer": {
"email": "jetmind",
"name": "jetmind",
"username": ""
},
"timestamp": "2015-02-23T14:32:01Z",
"url": "http://sourceforge.net/p/test/mercurial/ci/3f36d4136f4c7151066135335a70d812f7d9251b/"
}
],
"ref": "refs/tags/tip",
"repository": {
"full_name": "/p/test/mercurial/",
"name": "Mercurial",
"url": "http://sourceforge.net/p/test/mercurial/"
}
}
.
{
"after": "r10",
"before": "r9",
"size": 1
"commits": [
{
"id": "r10",
"message": "Update README",
"added": [],
"copied": [],
"removed": [],
"modified": [
"/trunk/README"
],
"author": {
"email": "",
"name": "jetmind",
"username": ""
},
"committer": {
"email": "",
"name": "jetmind",
"username": ""
},
"timestamp": "2015-02-23T14:33:40Z",
"url": "http://sourceforge.net/p/test/svn/10/"
}
],
"repository": {
"full_name": "/p/test/svn/",
"name": "SVN",
"url": "http://sourceforge.net/p/test/svn/"
}
}
If your want to make sure that requests coming Allura and not from someone else you need to:
secret
when configuring webhook (you can leave it blank and Allura will automatically generate one for you).X-Allura-Signature
header.Note: DO NOT ever expose your secret
!
Signature is obtained by hashing webhook payload with secret
using HMAC algorithm. You can do something like this to verify it:
def verify(payload, signature, secret)
actual_signature = hmac.new(secret.encode('utf-8'), payload.encode('utf-8'), hashlib.sha1)
actual_signature = 'sha1=' + actual_signature.hexdigest()
return hmac.compare_digest(actual_signature, signature)
verify(request.body, request.headers.get('X-Allura-Signature'), secret)