Skip to content

Replace post-deploy hook with Netlify

If we're moving from GitLab CI to Netlify performing the deployment, then we need to tweak when we send the post-deploy notification, as well as validating that it's a master deploy.

https://docs.netlify.com/site-deploys/notifications/#payload-signature

For the below request:

{
    "id": "5ebc34bf4fea0b01f02efa3a",
    "site_id": "fa4dd95a-994e-4f89-8a7a-2d9e9fc36a32",
    "build_id": "5ebc34bf4fea0b01f02efa38",
    "state": "ready",
    "name": "www-jvt-me",
    "url": "https://www.jvt.me",
    "ssl_url": "https://www.jvt.me",
    "admin_url": "https://app.netlify.com/sites/www-jvt-me",
    "deploy_url": "http://5ebc34bf4fea0b01f02efa3a--www-jvt-me.netlify.app",
    "deploy_ssl_url": "https://5ebc34bf4fea0b01f02efa3a--www-jvt-me.netlify.app",
    "created_at": "2020-05-13T17:56:15.346Z",
    "updated_at": "2020-05-13T17:58:56.738Z",
    "user_id": "5ace049efdd72a6b9aa9539c",
    "error_message": null,
    "required": [],
    "required_functions": [],
    "commit_ref": null,
    "review_id": null,
    "branch": "master",
    "commit_url": null,
    "skipped": null,
    "locked": null,
    "log_access_attributes": {
        "type": "firebase",
        "url": "https://netlify-builds3.firebaseio.com/builds/5ebc34bf4fea0b01f02efa38/log",
        "endpoint": "https://netlify-builds3.firebaseio.com",
        "path": "/builds/5ebc34bf4fea0b01f02efa38/log",
        "token": "..."
    },
    "title": null,
    "review_url": null,
    "published_at": "2020-05-13T17:58:56.634Z",
    "context": "production",
    "deploy_time": 159,
    "available_functions": [],
    "summary": {
        "status": "ready",
        "messages": [
            {
                "type": "info",
                "title": "2 new files uploaded",
                "description": "2 generated pages changed.",
                "details": "New pages include:\n- popular-posts/index.html\n- posts/2019/12/23/junit4-junit5-gotcha-together-gradle/index.html\n"
            },
            {
                "type": "info",
                "title": "4711 redirect rules processed",
                "description": "All redirect rules deployed without errors.",
                "details": ""
            },
            {
                "type": "info",
                "title": "No header rules processed",
                "description": "This deploy did not include any header rules. [Learn more about headers](https://www.netlify.com/docs/headers-and-basic-auth/).",
                "details": ""
            },
            {
                "type": "info",
                "title": "All linked resources are secure",
                "description": "Congratulations! No insecure mixed content found in your files.",
                "details": null
            }
        ]
    },
    "screenshot_url": null,
    "site_capabilities": {
        "title": "Netlify Team Free",
        "asset_acceleration": true,
        "form_processing": true,
        "cdn_propagation": "partial",
        "build_gc_exchange": "buildbot-gc",
        "build_node_pool": "buildbot-external-ssd",
        "domain_aliases": true,
        "secure_site": false,
        "prerendering": true,
        "proxying": true,
        "ssl": "custom",
        "rate_cents": 0,
        "yearly_rate_cents": 0,
        "ipv6_domain": "cdn.makerloop.com",
        "branch_deploy": true,
        "managed_dns": true,
        "geo_ip": true,
        "split_testing": true,
        "id": "nf_team_dev",
        "cdn_tier": "reg"
    },
    "committer": null,
    "skipped_log": null,
    "manual_deploy": false,
    "file_tracking_optimization": true
}

We receive:

X-Webhook-Signature: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJuZXRsaWZ5Iiwic2hhMjU2IjoiZjc3M2E4NTVmY2U1MTY0NWQ2Mzc1NDQ3MjMxNTI2ZTc2NmE2MDRlNzkwMmJlNjg0ZjU4ZDgyMDI4OTgxOTVhZSJ9.uOBy-6Drd34hRf9OiqrwFZjpa68VspwRUDAxaymOCfQ

Which has the JWS shared secret secret.

Edited by Jamie Tanna