Beyond btw
- 6 days ago
- 3 min read

Automating Git Calls with Webhooks

Check out the video on this : https://youtu.be/PCtJmiMrSEY

So, You want to automate a Git operation to simplify your workflow. This solution is straightforward and easy to implement, relying on simple code and basic logic without the need for complex APIs or code.

Prerequisites:

- Access to the Nginx server terminal (ensure Nginx, Ubuntu, etc., are installed).

- A GitHub repository containing the code.

- A shell script file.

- A log file (optional).

Why We are Use HTTPS:

Using HTTPS is crucial for security reasons. HTTP calls are not secure and can expose sensitive data to potential threats. HTTPS, on the other hand, encrypts the data transmitted between the server and client, ensuring a secure connection. This prevents unauthorized access and protects the integrity of the data being exchanged.

Node JS code

First, ensure you have two packages installed: `express` and `dotenv`. The `dotenv` package is used to secure the HTTPS calls.

Here’s a brief overview of the code setup:

1. Package Installation: Make sure `express` and `dotenv` are installed in your project.

2. Declaring Constants: Begin by declaring all necessary constants in your code.

3. Middleware Setup: Use `app.use` to verify that the incoming GitHub POST request is genuinely from GitHub and not from an unauthorized source.

4. Handling POST Requests: The `app.post` method processes the incoming POST requests and executes the shell script file.

5. Error Handling: Include error handling to manage any issues that arise during execution.

6. Server Listening: Use `app.listen` to set up the server to listen on a specified port. You can

choose any port except 80 and 443. Ensure that if you are running multiple Node.js servers, each one uses a unique port to avoid `EADDRINUSE` errors.

Next, in your GitHub repository settings:

1. Click Settings.

2. On the left, select Webhooks.

3. Click Add Webhook.

You’ll see three fields to fill in:

- Payload URL: Enter the HTTPS URL that will trigger the Node.js file, which will then invoke the shell script.

Content type: This field is not critical as we’re not sending any data back. Just set it to `application/json`.

- Secret: While not mandatory, this is important for security. It helps prevent unwanted attacks by requiring a password for verification. Set a password here, then create an environment variable in your server with the same name, which will be referenced in the Node.js file.

Here’s how to set an environment variable:

1. Open the environment file: `sudo nano /etc/environment`

2. Add the variable: export passkey=”password”

3. Save the file.

4. Reboot the system: `sudo reboot`

To make sure the variable exists, run the command echo $passkey, the output will the value.

Now lets look at our server block code

As you can see, the basic pointer is in place. The key part here is the `location /mylibg`. You can replace `/mylibg` with any word you prefer, but ensure that the word is consistent wherever it appears, including in the Node.js file where the URL is checked and in the payload URL pointer. Consistency across all instances is crucial.

Regarding the port, you can choose any available one, but be cautious of potential conflicts with other services.

A critical aspect is the `listen 443 ssl` code block at the bottom. This ensures that HTTP calls are redirected to HTTPS. This block of code is essential, and even if it’s not present in your server block, make sure it is added to the configuration file. Without this, HTTPS calls will not function.

Let’s look at the shell script code:

The log file is optional, but I highly recommend it for debugging and tracking purposes. The crucial lines in your script are `cd ./mylib` and `sudo git pull`. Ensure these lines are included and are the locations of your file directories, as they handle navigating to your repository’s directory and pulling the latest updates from GitHub. Make sure its accurate.

Another important step is granting the necessary permissions to the shell script since it executes commands and performs write actions. You can choose between the first two options or use the last one. The final option provides all permissions. I recommend applying all of them just to be on the safe side.