Lightweight webhook server to listen to GitLab and GitHub webhooks and execute configured commands. Perfect for automated deployments, CI/CD pipelines, and custom automation tasks.
- Multi-Provider Support: Works with both GitLab and GitHub webhooks
- Secure: Token-based authentication for GitLab, HMAC-SHA256 signature verification for GitHub
- Automated Git Operations: Automatically clones and updates repositories
- Custom Commands: Execute any shell commands in response to webhook events
- Environment Variables: Pass custom environment variables to commands
- Testing Endpoint: Manual trigger endpoint for testing deployments
- Structured Logging: JSON-formatted logs for easy parsing and monitoring
- GitLab: Merge requests merged to main branch
- GitHub: Pull requests merged to main branch
curl -s https://api.github.com/repos/geoffjay/shook/releases/latest \
| jq '.assets[] | select(.name|test("^shook.*linux-musl.zip$")) | .browser_download_url' \
| tr -d \" \
| wget -qi -
unzip $(find . -iname "shook_*.zip")
sudo mv shook /usr/local/bin/Check the setup documentation for systemd configuration.
curl -s https://api.github.com/repos/geoffjay/shook/releases/latest \
| jq '.assets[] | select(.name|test("^shook.*aarch64-apple-darwin.zip$")) | .browser_download_url' \
| tr -d \" \
| wget -qi -
unzip $(find . -iname "shook_*_aarch64-apple-darwin.zip")
sudo mv shook /usr/local/bin/
sudo chmod +x /usr/local/bin/shookCheck the macOS setup documentation for launchd configuration.
Create a config.yml file with your projects:
projects:
# GitLab project (provider defaults to gitlab if not specified)
- name: my-gitlab-project
token: your-gitlab-token
env:
DEPLOY_DIR: /var/www/app
commands:
- "cd $DEPLOY_DIR"
- "git pull"
- "npm install"
- "npm run build"
# GitHub project
- name: my-github-project
provider: github
token: your-github-webhook-secret # Used for HMAC signature verification
env:
DEPLOY_DIR: /var/www/another-app
commands:
- "cd $DEPLOY_DIR"
- "docker-compose down"
- "docker-compose pull"
- "docker-compose up -d"# Default (port 5000, host 0.0.0.0)
shook
# Custom port and host
shook --port 8080 --host 127.0.0.1
# Custom config file
shook --config /path/to/config.yml
# Verbose logging
shook --verboseConfigure your repository webhooks to point to:
http://your-server:5000/webhook/{project_name}
Where {project_name} matches the name in your config file.
Test your webhook configuration using the trigger endpoint:
http://your-server:5000/trigger/{project_name}?path=owner/repo&repo=https://github.com/owner/repo.git
- Go to your GitLab project → Settings → Webhooks
- URL:
http://your-server:5000/webhook/your-project-name - Secret Token: Enter the token from your config
- Trigger: Select "Merge request events"
- Click "Add webhook"
- Go to your GitHub repository → Settings → Webhooks
- Payload URL:
http://your-server:5000/webhook/your-project-name - Content type:
application/json - Secret: Enter the token from your config (used for HMAC signature)
- Events: Select "Pull requests"
- Click "Add webhook"
- GitLab: Uses token-based authentication via
X-Gitlab-Tokenheader - GitHub: Uses HMAC-SHA256 signature verification via
X-Hub-Signature-256header - Always use strong, unique tokens/secrets for each project
- Consider using HTTPS in production
- Repositories are cloned to
/var/cache/shook/- ensure proper permissions
cargo buildcargo runTo see all arguments that are available execute the command cargo run -- --help.
Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.