Axify supports natively webhooks events orignating from GitLab, Github and Azure DevOps. For other provider, Axify provide a way to use a custom webhook to track deployments.
In app guide
To do so, an in-app usage guide is being offered:
- During configuration
- When listing webhooks:
This usage guide displays a modal with instructions on how to register deployments.
More explication on how to register deployments
To be able to track deployments for providers that are not supported natively by Axify (e.g. Jenkins, Travis CI, Bamboo, GoCD, etc..), a HTTP request need to be send to Axify using the generated webhook endpoint URL, having the following format:
https://api.axify.io/webhooks/deployments/custom/{webhook_id}
The request body to register a deployment needs to include those required fields:
deployed_at
: The moment when the deployment has successfully occurredenvironment
: The environment of the deploymentcommit_sha
: The associated repository commit SHArepository_id
: The target repository ID for your projectrepository_url
: The repository URL
For security reasons, Axify need to authenticate and authorize any deployment event originating from those "custom" webhooks, therefore the request have to include a signature in the request headers. The header have the following format:
X-Axify-Deployment-Event-Signature: sha256={SIGNATURE}
There are a few important things to keep in mind when generating webhook payloads signature:
- Axify uses a HMAC hex digest to compute the hash using the webhook secret and the request body
- The hash signature header must have the name
X-Axify-Deployment-Event-Signature
- The hash signature always starts with
sha256=
Please bare in mind that the signature sent in the request needs to be the same that Axify will compute using the request body and the webhook secret. Hence, extra care is needed to make sure that after generating the signature, the payload sent is not modified (a common mistake is extra extrac spaces or tab characters added to the payload when sending the request).
Example using OpenSSL and cURL
Let's suppose that the generated webhook secret is secret
and the generated webhook endpoint URL is https://api.axify.io/webhooks/deployments/custom/123
:
- Let's generate the signature using OpenSSL
echo -n '{ "deployed_at": "2023-10-27T00:00:00Z", "environment": "production", "commit_sha": "56e05fced214c44a37759efa2dfc25a65d8ae98d", "repository_id": "123", "repository_url": "https://git.scm-provider.ca/my-project/my-repo" }' | openssl sha256 -hex -mac HMAC -macopt key:"secret"
- The previous command will generate the following signature hash:
94849743b7c6c5772dcd0abb37b37e9834062b0639ca1fcd69678bd7526816d7
- Send the request to register a deployment using cURL
curl --location 'https://api.axify.io/webhooks/deployments/custom/123' --header 'X-Axify-Deployment-Event-Signature: sha256=94849743b7c6c5772dcd0abb37b37e9834062b0639ca1fcd69678bd7526816d7' --header 'Content-Type: application/json' --data '{ "deployed_at": "2023-10-27T00:00:00Z", "environment": "production", "commit_sha": "56e05fced214c44a37759efa2dfc25a65d8ae98d", "repository_id": "123", "repository_url": "https://git.scm-provider.ca/my-project/my-repo" }'