Status

Table of Contents

GitLab Webhook Setup for Slack Notifications

This guide explains how to set up GitLab webhook notifications to receive Slack messages when your pipeline completes.

Setup Steps

1. Get GitLab Webhook Token

Run make apply and you will see in the Terraform output something like:

gitlab_webhook_token_secret_name = "projects/303122725076/secrets/gitlab-webhook-token"
gitlab_webhook_token_value = <sensitive>

This gives you the name of the secret in Secret Manager with the webhook token. Go to Secret Manager and retrieve the value.

2. Configure GitLab CI/CD Variables

In your GitLab project, go to Settings → CI/CD → Variables and add:

  • GITLAB_WEBHOOK_TOKEN - The token you generated
  • BLUEBERRY_WEBHOOK_URL - Your Blueberry instance URL (e.g., https://blueberry.florenciacomuzzi.com/api/webhooks/gitlab/pipeline)

Make sure both are marked as "Protected" if you only want them on protected branches.

3. Configure Slack Integration

Setting up Slack Webhook

  1. Go to your Slack workspace's app directory
  2. Search for "Incoming WebHooks" and add it to your workspace
  3. Choose the channel where you want to receive notifications
  4. Copy the webhook URL (it will look like https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX)
  5. Set these environment variables in Blueberry:
  6. SLACK_WEBHOOK_URL - Your Slack webhook URL
  7. SLACK_DEFAULT_CHANNEL - Default channel (optional, e.g., #blueberry-ci)

5. Update Terraform (Optional)

If using Terraform, update the webhook token secret:

cd blueberry-terraform
terraform apply -var="gitlab_webhook_token_value=your-webhook-token"

Testing

Test the Webhook Endpoint

curl -X GET https://blueberry.florenciacomuzzi.com/api/webhooks/gitlab/test

Test Pipeline Webhook

When a pipeline completes, it will automatically send a notification with:
- Project name
- Commit SHA (short)
- Full Docker image name with tag
- Pipeline status (success/failed)
- Pipeline URL (for failures)

Webhook Payload Format

The webhook sends this information to Slack:

GitLab Pipeline SUCCESS
Project: blueberry
Commit: abc12345
Image: us-docker.pkg.dev/development-454916/blueberry/blueberry:abc12345

For failures, it includes the pipeline URL for quick debugging.

Troubleshooting

  1. No Slack message received: Check Blueberry logs for webhook processing errors
  2. 401 Unauthorized: Verify the GITLAB_WEBHOOK_TOKEN matches in both GitLab and Blueberry
  3. Slack webhook errors: Check your Slack webhook URL is correct and the channel exists
  4. Webhook not triggered: Ensure the GitLab CI variables are set correctly

Security Notes

  • Always use HTTPS for webhook URLs
  • Keep webhook tokens secure and rotate them periodically
  • Use Protected variables in GitLab for sensitive values
  • Store credentials in Secret Manager for production deployments
Document ID: setup/05-cicd/webhooks