CI/CD webhook trigger routes (ENH-011). Mounted at /api/v1 (INF-005)
without requireAuth — this router handles its own token-based authentication so
CI pipelines can call it with a per-project Bearer token rather than a user JWT.
Endpoints
| Method | Path | Auth | Description |
|---|---|---|---|
POST |
/api/v1/projects/:id/trigger |
Bearer token | Start a CI/CD test run |
GET |
/api/v1/projects/:id/trigger-tokens |
JWT (requireAuth) | List tokens — see runs.js |
POST |
/api/v1/projects/:id/trigger-tokens |
JWT (requireAuth) | Create token — see runs.js |
DELETE |
/api/v1/projects/:id/trigger-tokens/:tid |
JWT (requireAuth) | Revoke token — see runs.js |
Token management endpoints (list/create/delete) live in runs.js and are
protected by requireAuth. Only POST /trigger is here, unprotected.
- Source:
Methods
(async, inner) safeFetchCallback(url, payload)
Thin wrapper around safeFetch for the callbackUrl POST. Best-effort: errors are silently caught so a failing callback never affects the run outcome.
Parameters:
| Name | Type | Description |
|---|---|---|
url |
string | The validated callbackUrl. |
payload |
string | JSON string body. |
- Source: