Git Webhooks workflow
Question
Dear stackoverflow community, I need some advice about bitbucket webhooks.
I decided to go with the following workflow. I work on local -> pushing to dev branch bitbucket -> bitbucket makes post request to mydomain:7000 where my node server is listening -> node server runs gulp-git to pull code from dev branch to a /www folder in order to test the code on my server at dev.mydomain
Although I'm restricting access to :7000 to bitbucket IP's only, someone could spoof the IP address and leave me vulnerable to ddos and multiple code pulls from bitbucket, because bitbucket uses a POST request for my webhook listener
How can I do this safely? I know I can make a corn job on server to pull code, or i can run a ssh script from my laptop to pull code on server. But I want to automate this because I'm very lazy. Is there a safe way ?
1 answers
solution1
0 2016-10-28 05:29:25
I use github webhook very often, you can do:
- Keep the webhook url
Secret - Set the Secret field in
setting/webhook. - Hash the url with secret key.
Maybe you need this git webhook platform , with Flask + celery + react. Can manage Multiple servers.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.