The server reacts to webhooks from GitHub with the event package.published. If everything checks out it proceeds to download the new image & restart every container with the same configuration it was started except for the new image.

• There has to be at least one Container running using the image to be reloaded.
• Currently does not support versioned images. E.g. upgrade from 1.1 to 1.2 wont work.
• If something goes wrong there is no recovery!

• WEBHOOK_SECRET (or WEBHOOK_SECRET_FILE)

For full configuration & defaults see: src/utils/config.ts

Create webhook secret.

echo $(openssl rand -base64 32 | tr -d '\n') > webhook.secret

Create docker-compose.yml.

version: '3.8'

secrets:
  webhook:
    file: ./webhook.secret

services:
  webhooks:
    image: ghcr.io/lucarickli/ghcr-hook
    secrets:
      - webhook
    environment:
      WEBHOOK_SECRET_FILE: /run/secrets/webhook
      # Can also be set without docker secret.
      # WEBHOOK_SECRET: ${WEBHOOK_SECRET:?WEBHOOK_SECRET is required!}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./logs:/home/logs
    ports:
      - 8000:8000

Start container.

docker compose up

cp example.env .env

Edit WEBHOOK_SECRET inside .env to prevent attackers from accessing this endpoint!

npm i
npm run build
npm start

npm run dev
npm run dev:debug # With debugging

1. Pull the docker image you want to sync to your server.
2. Start at least one container using this image.
3. Add a webhook to your GitHub repo.
   • Set Payload Url to your server.
   • Set Webhook Secret to your generated secret.
   • Set Content type to applications/json.
   • Select individual events and remove everything except packages.

• Add version control with downgrade protection.