The server reacts to webhooks from GitHub with the event package.published
. If everything checks out it proceeds to download the new image & restart every container with the same configuration it was started except for the new image.
- There has to be at least one Container running using the image to be reloaded.
- Currently does not support versioned images. E.g. upgrade from 1.1 to 1.2 wont work.
- If something goes wrong there is no recovery!
- WEBHOOK_SECRET (or WEBHOOK_SECRET_FILE)
For full configuration & defaults see:
src/utils/config.ts
Create webhook secret.
echo $(openssl rand -base64 32 | tr -d '\n') > webhook.secret
Create docker-compose.yml
.
version: '3.8'
secrets:
webhook:
file: ./webhook.secret
services:
webhooks:
image: ghcr.io/lucarickli/ghcr-hook
secrets:
- webhook
environment:
WEBHOOK_SECRET_FILE: /run/secrets/webhook
# Can also be set without docker secret.
# WEBHOOK_SECRET: ${WEBHOOK_SECRET:?WEBHOOK_SECRET is required!}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./logs:/home/logs
ports:
- 8000:8000
Start container.
docker compose up
cp example.env .env
Edit
WEBHOOK_SECRET
inside.env
to prevent attackers from accessing this endpoint!
npm i
npm run build
npm start
npm run dev
npm run dev:debug # With debugging
- Pull the docker image you want to sync to your server.
- Start at least one container using this image.
- Add a webhook to your GitHub repo.
- Set
Payload Url
to your server. - Set
Webhook Secret
to your generated secret. - Set
Content type
toapplications/json
. - Select
individual events
and remove everything exceptpackages
.
- Set
- Add version control with downgrade protection.