Feature #29664
open
Webhook triggers in Redmine
0%
Description
To have Redmine be able to at least use POST method with web hooks upon multiple events, similarly implemented in GitLab or GitHub. This will allow to integrate Redmine into other networks, which people may use for team communication.
Trigger event examples:- On Issue Created
- On New Repository Commit
- On Forum Post
- On Wiki page edit
- On Wiki page created
- On New Document added
- On New activity
- On News posted
etc
To make it better than GitLab, you can even allow users to input custom JSON subscribe headers and subscribe body in order to make it compatible with any web hook format, else some services might have parsing problems and result in a rejected request.
Files
Related issues
Updated by Anonymous about 7 years ago
The only related feature I found: https://www.redmine.org/issues/23368 but is closed
Updated by Go MAEDA over 6 years ago
- Related to Feature #23368: webook/push notifications added
Updated by Go MAEDA over 6 years ago
- Has duplicate Feature #3971: Add new notification abitily. added
Updated by George Chester almost 5 years ago
This would be really nice. I'm trying to join in Camunda BPM into a ticket so a ticket can be assigned a proecess. Webhooks would be wonderful.
Anyone got ideas?
Updated by
Updated by Ferdinand S over 3 years ago
I would also benefit form this feature greatly. We use Shortcut (shortcut.com) as a Scrum tool and it would be great if we could consume Redmine webhooks in order to update user stories in Shortcut.
Is there any plan for this feature?
Updated by Jens Krämer 6 months ago
The attached patch implements web hook support - to call / notify external services when something happens in Redmine.
While this patch just implements the issue create / update / delete events, it was built to be easily extended for lifecycle events of other entities.
Web hooks are defined at the user level, and always run in this users' context, regardless of who triggered the actual event. Events on issues a user cannot see will not trigger this users' configured hooks. The hook payload is JSON and has type (event), timestamp and data (the object involved) top level elements, using the existing issues/show API template for consistency to render the issue data inside data.
Each hook is defined for a list of events and projects. Whenever one of the events occurs in one of the projects, a POST request is sent to the configured URL with a payload depending on the event. Webhook signing with a pre-configured secret is implemented using the same algorithm GitHub uses .
This feature was developed and is in production use at Planio .
We'd very much like this to be integrated into Redmine, since it is really powerful when combined with platforms like Zapier or IFTTT. Zapier for example allows to define transformations (using Javascript) to change the JSON payload before triggering an action on another service and can therefore work as an adapter between Redmine and another service, even if the original payload format is not what the other service expects.
Updated by Go MAEDA 6 months ago
Thank you for sharing this great patch developed at Planio! I believe it would be a very valuable improvement to Redmine.
I have just one concern: currently, it seems that any user can create webhooks.
Since webhooks automatically send data to external services, some administrators might want to restrict or even disable their use for security or data protection reasons.
To support such requirements, I think it would be helpful to have permission settings to control who can create or use webhooks.
Updated by Jens Krämer 6 months ago
Yes, I agree that some organizations might want to limit who can use this feature even if users only could share data they can actually see. I'll update this issue with a second patch that implements this soon.
Updated by Jens Krämer 6 months ago
- File 0001-Issue-Webhooks.patch 0001-Issue-Webhooks.patch added
- File 0002-adds-the-use_webhooks-permission.patch 0002-adds-the-use_webhooks-permission.patch added
I rebased on current master, added a `use_webhooks` permission and also fixed some random test failures related to the caching of the IP blacklist configuration.
Updated by
Updated by Marius BĂLTEANU 5 months ago
- Related to Feature #31006: Add feature Webhook added
Updated by Marius BĂLTEANU about 1 month ago
- Target version changed from Candidate for next major release to 7.0.0
Updated by Vikas Kumar 
Updated by
Updated by Marius BĂLTEANU 18 days ago
- Status changed from New to Resolved
I've committed the change, but we have a Rubocop offense and I'm not sure if we should fix it or not:
Offenses: app/models/webhook.rb:32:3: C: Rails/HasAndBelongsToMany: Prefer has_many :through to has_and_belongs_to_many. has_and_belongs_to_many :projects ^^^^^^^^^^^^^^^^^^^^^^^ 1030 files inspected, 1 offense detected Error: Process completed with exit code 1.
Updated by Katsuya HIDAKA 17 days ago
Marius BĂLTEANU wrote in #note-18:
but we have a Rubocop offense and I'm not sure if we should fix it or not:
I'm also not sure if we should fix it or not, but currently all commits since r24034 fail CI due to lint errors. It's a bit of noise when developing Redmine. If it may take some time to resolve, how about temporarily adding rubocop:disable to suppress the error?
diff --git a/app/models/webhook.rb b/app/models/webhook.rb
index 39e866343..d45a01e39 100644
--- a/app/models/webhook.rb
+++ b/app/models/webhook.rb
@@ -29,7 +29,7 @@ class Webhook < ApplicationRecord
end
belongs_to :user
- has_and_belongs_to_many :projects
+ has_and_belongs_to_many :projects # rubocop:disable Rails/HasAndBelongsToMany
validates :url, presence: true, webhook_endpoint: true, length: { maximum: 2000 }
validates :secret, length: { maximum: 255 }, allow_blank: true
Updated by Katsuya HIDAKA 17 days ago
- File 0001-Fix-RuboCop-offense-Style-CommentAnnotation.patch 0001-Fix-RuboCop-offense-Style-CommentAnnotation.patch added
- File 0002-Remove-unnecessary-fixture-declarations.patch 0002-Remove-unnecessary-fixture-declarations.patch added
I'm attaching patch 0001 to fix another RuboCop error that still causes the lint check to fail.
I'm also attaching patch 0002 to remove unnecessary fixtures declarations from the Webhook test files.
I've confirmed that all tests and lints pass with these changes.
Updated by Marius BĂLTEANU 17 days ago
Katsuya HIDAKA wrote in #note-22:
I'm attaching patch 0001 to fix another RuboCop error that still causes the lint check to fail.
I'm also attaching patch 0002 to remove unnecessaryfixturesdeclarations from the Webhook test files.I've confirmed that all tests and lints pass with these changes.
Sorry for not double checking, I wanted to quickly help you and commit the fix and I failed.
Updated by Katsuya HIDAKA 15 days ago
Marius BĂLTEANU
No problem at all. Please don't worry about it.
Updated by Katsuya HIDAKA 15 days ago
- File my-page-disabled.png my-page-disabled.png added
- File roles-disabled.png roles-disabled.png added
- File webhooks-disabled.png webhooks-disabled.png added
- File Add-configuration-option-to-enable-or-disable-webhooks.patch Add-configuration-option-to-enable-or-disable-webhooks.patch added
The Webhooks feature is a great addition. However, there may be cases where some users want to completely disable it. I believe providing an option to disable Webhooks can help users adopt Redmine 7.0 more smoothly.
- To operate Webhooks reliably, a stable environment for running asynchronous jobs is required.
- The
:asyncadapter is generally not recommended for production use, and:inlinemay noticeably slow down actions such as creating, editing, or deleting issues. - Even with other adapters such as
:solid_queue, users may need time to verify behavior and scale their asynchronous job infrastructure accordingly.
- The
- There may also be cases where Webhooks need to be disabled entirely for security reasons.
- While it is possible to restrict Webhooks by disabling the Use webhooks permission for all roles, administrators can still use them.
- Since Webhooks send Redmine data to external systems, some organizations may not want to allow this for any user, including administrators.
For these reasons, I'm attaching a patch that introduces a configuration option to enable or disable Webhooks.
Details of the patch:
- Adds
webhooks: true/falseto configuration.yml (default:true). - When disabled (
webhooks: false), Redmine behaves as if the Webhooks feature does not exist:- The Webhooks link is hidden from the My account page.
- Webhook management pages cannot be accessed.
- The Use webhooks permission is omitted (it does not appear in role settings).
- Webhooks are never triggered.
Verification:
- All tests and lints pass.
- When Webhooks are enabled, registration, triggering, and permission checks work as expected.
- When Webhooks are disabled, Redmine behaves as described above.
Screenshots:
My page when disabled:
Roles when disabled:
Webhooks (/webhooks) when disabled:
Updated by Marius BĂLTEANU 10 days ago
I agree that having an option to enable / disable this feature could be useful for some instance administrators, but having a stable environment for running asynchronous jobs is required not only for this feature, but also for sending emails, destroying projects and other cases in the (near) future.
Regarding the setting, adding it to the configuration.yml it will be confusing for users because all the similar features are configurable in the administration and the best example is the API, which is very similar to webhooks because it provides you access to the data from external services.
I'm in favour of:
1. Add this option to administration settings.
2. The API tab it will be a good option, but I think we need to rename it to "Integrations", "API / Webhooks" or any other good wording.
Updated by Marius BĂLTEANU 10 days ago
Jens Krämer, do you have any preference regarding the recommendation made by Rubocop to use has_many :through instead of has_and_belongs_to_many?
Updated by Katsuya HIDAKA 10 days ago
- File integration-tab.png integration-tab.png added
- File Allow-administrators-to-disable-webhooks-from-settings.patch Allow-administrators-to-disable-webhooks-from-settings.patch added
Marius BĂLTEANU wrote in #note-27:
Regarding the setting, adding it to the
configuration.ymlit will be confusing for users because all the similar features are configurable in the administration and the best example is the API, which is very similar to webhooks because it provides you access to the data from external services.I'm in favour of:
1. Add this option to administration settings.
2. The API tab it will be a good option, but I think we need to rename it to "Integrations", "API / Webhooks" or any other good wording.
Thank you for your feedback. I agree with your point.
Im attaching a patch to add the Webhooks option to the administration settings. The patch includes the following changes:
- Add the "Enable Webhooks" option to the API tab in the administration settings
- Rename the API tab to "Integrations"
- The option is enabled by default
Ive confirmed that:
- All tests pass
- When Webhooks is disabled, all users including administrators cannot configure Webhooks, and existing Webhooks are not triggered