Webhook Setup

Set up automatic code reviews and scans by connecting your Git platform webhooks to a self-hosted drep server.

Automated Workflow

With webhooks configured, drep automatically:

Scans code on every push to detect issues
Reviews pull requests with inline comments
Runs in the background without manual intervention

Overview

Webhooks enable automatic code review and scanning when events occur in your Git repository. drep supports:

Push events - Trigger full repository scans to detect documentation issues
Pull request events - Generate inline code review comments automatically

Git Event	drep Action	Result
Push to branch	`drep scan`	Creates issues for findings
Pull request opened/synced	`drep review`	Posts inline PR comments

Step 1: Start drep Server

The drep server receives webhooks and triggers scans/reviews in the background.

Start the Server

drep serve --host 0.0.0.0 --port 8000

This starts a FastAPI server on port 8000 that listens for webhook events.

Endpoint	Purpose
`/api/health`	Health check (returns `{"status": "ok"}`)
`/webhooks/gitea`	Gitea webhook receiver
`/webhooks/github`	GitHub webhook receiver
`/webhooks/gitlab`	GitLab webhook receiver

Run as Systemd Service (Recommended)

For production, run drep as a systemd service that starts automatically.

Create /etc/systemd/system/drep.service:

[Unit]
Description=drep webhook server
After=network.target

[Service]
Type=simple
User=drep
WorkingDirectory=/home/drep
Environment="GITEA_TOKEN=your-token-here"
Environment="DREP_CONFIG=/home/drep/config.yaml"
ExecStart=/home/drep/.local/bin/drep serve --host 0.0.0.0 --port 8000
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl enable drep
sudo systemctl start drep
sudo systemctl status drep

Run with Docker Compose

For containerized deployment with an LLM backend:

version: '3.8'
services:
  drep:
    image: ghcr.io/slb350/drep:latest
    ports:
      - "8000:8000"
    volumes:
      - ./config.yaml:/app/config.yaml
      - ./data:/app/data
    environment:
      - GITEA_TOKEN=${GITEA_TOKEN}
      - DREP_LLM_ENDPOINT=http://ollama:11434
    command: serve --host 0.0.0.0 --port 8000
    depends_on:
      - ollama

  ollama:
    image: ollama/ollama:latest
    ports:
      - "11434:11434"
    volumes:
      - ollama_data:/root/.ollama

volumes:
  ollama_data:

Start the stack:

docker compose up -d

Step 2: Configure Git Platform Webhooks

Gitea Webhook Setup

Configure Gitea to send webhook events to your drep server.

Navigate to your repository settings in Gitea
Go to Settings → Webhooks → Add Webhook → Gitea
Configure the webhook:
- Target URL: http://your-drep-server:8000/webhooks/gitea
- HTTP Method: POST
- POST Content Type: application/json
- Trigger On: Select Push events and Pull request events
Click Add Webhook

Testing Your Webhook

After creating the webhook, click Test Delivery in Gitea to send a test event. Check your drep server logs to verify it received the webhook successfully.

GitHub Webhook Setup

Configure GitHub to send webhook events to your drep server.

Navigate to your repository on GitHub
Go to Settings → Webhooks → Add webhook
Configure the webhook:
- Payload URL: http://your-drep-server:8000/webhooks/github
- Content type: application/json
- Which events: Select Just the push event and Pull requests
Click Add webhook

All Platforms Supported

Webhooks are fully supported for Gitea, GitHub, and GitLab (as of v1.0.0). Configure webhooks on any platform to receive automatic PR reviews and code scans. Use /webhooks/gitea, /webhooks/github, or /webhooks/gitlab endpoints respectively.

Step 3: Verify Webhook Delivery

Health Check

Test that your drep server is running and accessible:

curl http://your-drep-server:8000/api/health

Expected response:

{"status": "ok"}

Test Webhook Delivery

Trigger a webhook by making a commit to your repository:

git commit --allow-empty -m "Test drep webhook"
git push

Check your drep server logs to confirm it received the webhook:

# Systemd
sudo journalctl -u drep -f

# Docker
docker compose logs -f drep

You should see log entries indicating a scan was triggered:

INFO:     Received webhook: push event for owner/repo
INFO:     Scheduled background scan for owner/repo

Webhook Payload Reference

drep extracts the following information from webhook payloads:

Gitea Webhook Payload

Gitea sends the event type in the X-Gitea-Event header.

{
  "repository": {
    "full_name": "owner/repo",
    "name": "repo",
    "owner": {
      "login": "owner"
    }
  },
  "pull_request": {
    "number": 42
  }
}

Event Header	drep Action
`X-Gitea-Event: push`	Run `drep scan owner/repo` in background
`X-Gitea-Event: pull_request`	Run `drep review owner/repo PR_NUMBER` in background

Troubleshooting

Webhook Not Received

If webhooks aren't triggering scans:

Check server accessibility:

curl http://your-drep-server:8000/api/health

Verify firewall rules: Ensure port 8000 is open and accessible from your Git server
Check webhook delivery logs: In Gitea/GitHub settings, view webhook delivery history for error messages
Inspect drep logs: Check server logs for incoming requests and error messages

Authentication Errors

If scans fail with authentication errors:

Verify GITEA_TOKEN or GITHUB_TOKEN environment variable is set correctly
Ensure the token has sufficient permissions (repo read/write, issue creation)
Check that config.yaml uses ${GITEA_TOKEN} or ${GITHUB_TOKEN} placeholders

Scan Not Running

If webhook is received but scan doesn't run:

Check config.yaml path: Set DREP_CONFIG environment variable if config is not in current directory
Verify LLM endpoint: Ensure your LLM backend (LM Studio, Ollama, AWS Bedrock) is accessible
Review repository patterns: Ensure repositories in config.yaml includes the webhook repository

Security Considerations

Production Security

For production deployments:

Use reverse proxy (nginx, Caddy) with HTTPS/TLS
Configure webhook secrets to verify payload authenticity (planned feature)
Restrict firewall rules to only allow your Git server IP
Run drep server as dedicated user with minimal permissions
Store tokens in environment variables, never in config files

Reverse Proxy with HTTPS

Example nginx configuration with HTTPS:

server {
    listen 443 ssl http2;
    server_name drep.example.com;

    ssl_certificate /etc/letsencrypt/live/drep.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/drep.example.com/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Next Steps

Now that webhooks are configured:

Monitor drep activity: Use drep metrics to track LLM usage and costs
Fine-tune configuration: Adjust rate limits, cache settings, and LLM parameters in config.yaml
Review findings: Check your Git platform for issues and PR comments created by drep

See real-world webhook deployment examples with Docker, Kubernetes, and CI/CD integration.

View Examples

Complete CLI command reference including serve options, configuration flags, and environment variables.

View API Reference