Compare commits
3 Commits
c98900a9ff
...
dev
| Author | SHA1 | Date | |
|---|---|---|---|
| c4568a2f23 | |||
| 0a2937ad55 | |||
| ef2b9667fc |
38
README.md
38
README.md
@@ -72,18 +72,36 @@ Application runs on http://localhost:8080
|
||||
|
||||
Use a service like ngrok.
|
||||
|
||||
---
|
||||
|
||||
## Infisical Webhook Configuration
|
||||
|
||||
When creating a webhook in Infisical, the following rules must be respected.
|
||||
|
||||
### Webhook URL format
|
||||
### Webhook URL Formats
|
||||
|
||||
Infisical bridge supports two webhook URL formats, depending on the Dokploy resource you want to update.
|
||||
|
||||
#### Dokploy Compose Webhook
|
||||
|
||||
`${INFISICAL_API_URL}/webhook?dokployComposeId=${DOKPLOY_COMPOSE_ID}`
|
||||
|
||||
- `dokployComposeId` must be the target Dokploy compose identifier
|
||||
- This value is required and used to determine which Dokploy service is updated
|
||||
Parameters:
|
||||
- dokployComposeId (required):
|
||||
The identifier of the target Dokploy Compose.
|
||||
This value is used to determine which Dokploy compose service should be updated when the webhook is triggered.
|
||||
|
||||
#### Dokploy Application Webhook
|
||||
|
||||
`${INFISICAL_API_URL}/webhook?dokployApplicationId=${DOKPLOY_APPLICATION_ID}`
|
||||
|
||||
Parameters:
|
||||
- dokployApplicationId (required):
|
||||
The identifier of the target Dokploy Application.
|
||||
This value is used to determine which Dokploy application should be updated when the webhook is triggered.
|
||||
|
||||
#### Notes
|
||||
- Exactly one identifier must be provided per webhook URL.
|
||||
- If no identifier or multiple identifiers are provided, the webhook request will be rejected.
|
||||
- Ensure the provided ID matches an existing Dokploy resource.
|
||||
|
||||
### Webhook Secret
|
||||
|
||||
@@ -93,8 +111,6 @@ The webhook secret **must exactly match**:
|
||||
|
||||
Requests with an invalid or missing secret will be rejected.
|
||||
|
||||
---
|
||||
|
||||
## Webhooks Behavior
|
||||
|
||||
- Incoming webhook signatures are validated
|
||||
@@ -102,8 +118,6 @@ Requests with an invalid or missing secret will be rejected.
|
||||
- Dokploy is updated using its API
|
||||
- Invalid or unsigned requests are ignored
|
||||
|
||||
---
|
||||
|
||||
## Security Notes
|
||||
|
||||
- Secrets are never persisted
|
||||
@@ -111,16 +125,12 @@ Requests with an invalid or missing secret will be rejected.
|
||||
- HTTPS is recommended in production
|
||||
- Restrict network access to trusted sources only
|
||||
|
||||
---
|
||||
|
||||
## Testing
|
||||
|
||||
```sh
|
||||
./gradlew test
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Tech Stack
|
||||
|
||||
- Java 21
|
||||
@@ -128,8 +138,6 @@ Requests with an invalid or missing secret will be rejected.
|
||||
- Gradle (Kotlin DSL)
|
||||
- Docker / Docker Compose
|
||||
|
||||
---
|
||||
|
||||
## License
|
||||
|
||||
MIT License
|
||||
|
||||
@@ -4,6 +4,7 @@ import org.springframework.cloud.openfeign.FeignClient;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
|
||||
import com.abnov.infisicalbridge.dto.DokployApplicationUpdateRequest;
|
||||
import com.abnov.infisicalbridge.dto.DokployComposeUpdateRequest;
|
||||
|
||||
@FeignClient(name = "dokployClient", url = "${dokploy.api-url}", configuration = DokployFeignConfig.class)
|
||||
@@ -11,4 +12,7 @@ public interface DokployClient {
|
||||
|
||||
@PostMapping("/compose.update")
|
||||
void updateCompose(@RequestBody DokployComposeUpdateRequest request);
|
||||
|
||||
@PostMapping("/application.update")
|
||||
void updateApplication(@RequestBody DokployApplicationUpdateRequest request);
|
||||
}
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
package com.abnov.infisicalbridge.dto;
|
||||
|
||||
public record DokployApplicationUpdateRequest(
|
||||
String applicationId,
|
||||
String env) {
|
||||
}
|
||||
@@ -13,6 +13,7 @@ import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import com.abnov.infisicalbridge.dokploy.DokployClient;
|
||||
import com.abnov.infisicalbridge.dto.DokployApplicationUpdateRequest;
|
||||
import com.abnov.infisicalbridge.dto.DokployComposeUpdateRequest;
|
||||
import com.abnov.infisicalbridge.dto.InfisicalWebhookEventResponse;
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
@@ -38,7 +39,8 @@ public class InfisicalWebhookController {
|
||||
@PostMapping
|
||||
public ResponseEntity<Void> handleWebhook(
|
||||
@RequestBody String payload,
|
||||
@RequestParam String dokployComposeId,
|
||||
@RequestParam(required = false) String dokployComposeId,
|
||||
@RequestParam(required = false) String dokployApplicationId,
|
||||
@RequestHeader(value = "X-Infisical-Signature", required = false) String signature)
|
||||
throws InfisicalException {
|
||||
|
||||
@@ -80,6 +82,7 @@ public class InfisicalWebhookController {
|
||||
.map(s -> s.getSecretKey() + "=" + s.getSecretValue())
|
||||
.collect(Collectors.joining("\n"));
|
||||
|
||||
if (dokployComposeId != null) {
|
||||
try {
|
||||
dokployClient.updateCompose(
|
||||
new DokployComposeUpdateRequest(dokployComposeId, envContent));
|
||||
@@ -87,6 +90,17 @@ public class InfisicalWebhookController {
|
||||
log.error("Failed to update Dokploy compose {}", dokployComposeId, e);
|
||||
return ResponseEntity.status(HttpStatus.BAD_GATEWAY).build();
|
||||
}
|
||||
}
|
||||
|
||||
if (dokployApplicationId != null) {
|
||||
try {
|
||||
dokployClient.updateApplication(
|
||||
new DokployApplicationUpdateRequest(dokployApplicationId, envContent));
|
||||
} catch (Exception e) {
|
||||
log.error("Failed to update Dokploy application {}", dokployApplicationId, e);
|
||||
return ResponseEntity.status(HttpStatus.BAD_GATEWAY).build();
|
||||
}
|
||||
}
|
||||
|
||||
return ResponseEntity.ok().build();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user