Public | Automated Build

Last pushed: 2 years ago
Short Description
Short description is empty for this repo.
Full Description


postdeploy is a http service that listens for deployment requests and executes a predefined command when the request arrives

Build Status


If you have go installed you can build postdeploy yourself:

git clone && cd postdeploy

or with go get:

go get


You can also use docker to run postdeploy.

Build the postdeploy image:

git clone && cd postdeploy
docker build -t postdeploy .

Run the postdeploy image:

docker run postdeploy


If you want to cross-compile postdeploy for macOS (amd64), Linux (arm5, arm6, arm7 and amd64) and Windows (amd64) you can use the crosscompile action of the make script:

make crosscompile


For running postdeploy you must specify an ip binding (e.g. "") and the path to a JSON configurtion file (e.g. "postdeploy.conf.js"):

postdeploy -binding ":7070" -config "postdeploy.conf.js"

postdeploy will spawn a http server and listen for POST requests to /deploy/<provider-name>/<route-name> and will then execute the commands that have been configured for this route.

The Configuration File

The postdeploy configuration has the following JSON structure:

    "hooks": [
            "provider": "<provider-name>",
            "route": "some/route",
            "directory": "/the/working/directory",
            "commands": [
                    "name": "<Some command>",
                    "args": [

Assuming you bind postdeploy to port 7070 a POST request to<provider-name>/some/route will execute the command <Some command> in the specified directory /the/working/directory.


A simple ping

Write the current date and time to a log file every time the ping route is executed:

    "hooks": [
            "provider": "generic",
            "route": "ping",
            "directory": "",
            "commands": [
                    "name": "bash",
                    "args": [
                        "echo $(date) >> ping.log"
curl -X POST


Do not run this tool on mission critical components!

I've tried to build the system in a way that the worst thing that could happen is that someone who knows your routes can trigger the deployment hook associated with that route. But this can be bad enough. So please keep in mind that this is just a convenience tool and nothing you should deploy to your production servers.


As of now there is no security. Everybody who knows your configured routes will be able to trigger the action.

Code Execution

The system will only execute the commands specified in the config file and nothing else. Attackers should not be able trigger any other commands than the ones you specified.


  • Providers
    • Add a github provider
  • Security
    • Make sure postdeploy executes every hook only once every x seconds.
    • Block IP addresses that try to find deployment hooks (e.g. block after 3 attempts)


If you have an idea how to make this little tool better please send me a message or a pull request.

All contributions are welcome.

Docker Pull Command
Source Repository