GitLab WebHook Integration
Collect GitLab events (via webhooks), transform them to cdevents.
- GitLab tracks all changes to repositories, issues, merge requests, releases, pipelines, jobs, and more. And it notifies a webhook about these changes.
- cdviz-collector transforms these events to cdevents, and sends them to the database, listeners,...
| CDEvents | From event |
|---|---|
| pipelineRun.queued | pipeline.created/pending |
| pipelineRun.started | pipeline.running |
| pipelineRun.finished | pipeline.success/failed |
| taskRun.started | build.running |
| taskRun.finished | build.success/failed |
| artifact.published | release.created |
| artifact.published | tag_push |
| ticket.created | issue.open/reopen |
| ticket.closed | issue.close |
| ticket.updated | issue.update |
| change.created | merge_request.open/reopen |
| change.merged | merge_request.merge |
| change.abandoned | merge_request.close |
| change.reviewed | merge_request.approved |
| change.updated | merge_request.update |
| branch.created/deleted | push (branch) |
Configuration β
Setting Up cdviz-collector β
Configure cdviz-collector.toml to receive GitLab webhook events:
toml
[sources.gitlab_webhook]
enabled = true
transformer_refs = ["gitlab_events"]
[sources.gitlab_webhook.extractor]
type = "webhook"
id = "000-gitlab" # used as part of the webhook's url
headers_to_keep = ["X-Gitlab-Event"]
[sources.gitlab_webhook.extractor.headers]
# value set by env CDVIZ_COLLECTOR__SOURCES__GITLAB_WEBHOOK__EXTRACTOR__HEADERS__X-GITLAB-TOKEN__VALUE
"x-gitlab-token" = { type = "equals", value = "xxx", case_sensitive = true }
# Transformer from transformers-pro repository
[remote.transformers-pro]
type = "github"
owner = "cdviz-dev"
repo = "transformers-pro"
# token = "xxx" # set by env 'CDVIZ_COLLECTOR__REMOTE__TRANSFORMERS-PRO'
[transformers]
gitlab_events = { type = "vrl", template_rfile = "transformers-pro:///gitlab_events/transformer.vrl" }Replace "token-changeme" with your actual secret token configured in GitLab webhook settings.
The template_rfile references the VRL transformation logic from the transformers-pro repository. For more details on remote transformers, see the Transformers documentation.
Testing the access to the webhook β
Make an empty POST to the endpoint, it should be rejected with HTTP status 400.
β― curl -i -X POST https://demo.cdviz.dev/webhook/000-gitlab -H 'X-Gitlab-Token: xxxxxxx'
HTTP/2 400
...
Failed to parse the request body as JSONSetting Up GitLab Webhook β
Configure a webhook in your GitLab project or group:
- Navigate to Settings > Webhooks
- For projects:
https://gitlab.com/<namespace>/<project>/-/hooks - For groups:
https://gitlab.com/groups/<group>/-/hooks
- For projects:
- Click Add new webhook
- URL:
http://your-collector-url/webhook/000-gitlab - Secret token: Enter the token from your collector configuration (the same as
valuefor headerx-gitlab-tokendefined in the configuration) - Select Trigger events:
- β Push events
- β Tag push events
- β Issues events
- β Confidential issues events
- β Merge request events
- β Job events
- β Pipeline events
- β Deployment events
- β Release events
- β Vulnerability events
- Enable SSL verification (recommended for production)
- Ensure Enable webhook is checked
- Click Add webhook
Testing the Integration β
Test webhook delivery: use the Test button
Check webhook delivery logs in GitLab: Settings > Webhooks > Edit > Recent events
To verify webhook reception before transformation:
toml
[sources.gitlab_webhook]
transformer_refs = ["log", "discard_all"] # Log payloads without processingFor webhook troubleshooting, see the Webhook Extractor documentation.
Event Mapping β
The transformer converts GitLab webhook events into CDEvents following the CDEvents specification:
| GitLab Event | CDEvent Type | Detection Logic |
|---|---|---|
| pipeline:created/pending | pipelineRun.queued | object_kind=pipeline AND status in [created, waiting_for_resource, preparing, pending] |
| pipeline:running | pipelineRun.started | object_kind=pipeline AND status=running |
| pipeline:success/failed | pipelineRun.finished | object_kind=pipeline AND status in [success, failed, canceled, skipped] |
| build:running | taskRun.started | object_kind=build AND build_status=running |
| build:success/failed | taskRun.finished | object_kind=build AND build_status in [success, failed, canceled] |
| release:created | artifact.published | object_kind=release |
| tag_push | artifact.published | object_kind=tag_push AND tag created |
| issue:open/reopen | ticket.created | object_kind=issue AND action in [open, reopen] |
| issue:close | ticket.closed | object_kind=issue AND action=close |
| issue:update | ticket.updated | object_kind=issue AND other actions |
| merge_request:open/reopen | change.created | object_kind=merge_request AND action in [open, reopen] |
| merge_request:merge | change.merged | object_kind=merge_request AND action=merge |
| merge_request:close | change.abandoned | object_kind=merge_request AND action=close (not merged) |
| merge_request:approved | change.reviewed | object_kind=merge_request AND action=approved |
| merge_request:update | change.updated | object_kind=merge_request AND other actions |
| push (branch) | branch.created/deleted | object_kind=push AND ref starts with refs/heads/ |
CDEvent Structure β
The VRL transformation generates CDEvents with:
- context.id: Auto-generated by collector
- context.source: Automatically set to
{http.root_url}/?source={source_name}where{source_name}is the configuration key (e.g.,gitlab_webhook) - subject.id: Web URL of the entity (pipeline, job, issue, MR) or PURL for artifacts
- subject.source: Empty (not set)
- customData.gitlab: Selected GitLab-specific metadata (project, user, event-specific details)
Artifact Identification β
For artifact.published events, the subject.id is a PURL (Package URL):
- Release:
pkg:generic/<project_path>@<tag_name>?repository_url=<encoded_url> - Tag Push:
pkg:generic/<project_path>@<tag_name>?repository_url=<encoded_url>
Event Coverage β
Supported Events:
- β Pipeline lifecycle (queued, started, finished)
- β Job lifecycle (started, finished)
- β Issues (created, updated, closed)
- β Merge requests (created, updated, merged, abandoned, reviewed)
- β Releases and tags (artifact published)
- β Branch operations (created, deleted)
Not Yet Supported:
- Deployment events β
service.deployed - Wiki page events
- Comment events
- Confidential issues/MRs
- System hooks
These can be added following the existing pattern in the transformer VRL file.