oCoreoCore Docs
User Guide

Git Integration

Connect GitHub, GitLab, or Bitbucket repositories and set up automatic deployments on push.

oCore integrates with GitHub, GitLab, and Bitbucket to enable automatic deployments when you push code. This page covers connecting repositories, configuring webhooks, setting up branch-to-environment mappings, and using the GitHub App integration for enhanced features.

Project Repository Settings

Configure Git repository connection and webhook settings.

Open in Dashboard

Connecting a Repository

Supported Providers

ProviderWebhookDeploy KeyGitHub App
GitHubYesYesYes
GitLabYesYesNo
BitbucketYesYesNo

Connection Steps

Navigate to your project and open the Repository tab.

Enter the repository URL and select the provider:

git@github.com:acme/odoo-custom.git

oCore generates a deploy key (SSH public key) for read access. Add this key to your repository:

  • GitHub: Repository Settings > Deploy Keys > Add deploy key
  • GitLab: Repository Settings > Repository > Deploy Keys
  • Bitbucket: Repository Settings > Access Keys > Add key

oCore provides a webhook URL and secret. Add the webhook to your repository:

  • GitHub: Repository Settings > Webhooks > Add webhook
  • GitLab: Repository Settings > Webhooks > Add webhook
  • Bitbucket: Repository Settings > Webhooks > Add webhook
curl -X POST https://ocore.example.com/api/projects/{projectId}/repository \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "repositoryUrl": "git@github.com:acme/odoo-custom.git",
    "branch": "main",
    "provider": "github"
  }'
ocore project connect-repo <project-id> \
  --url git@github.com:acme/odoo-custom.git \
  --branch main \
  --provider github

Webhook Configuration

Webhooks notify oCore when code is pushed to your repository. oCore validates the webhook signature and triggers a deployment if the branch has a mapping.

Webhook Endpoints

oCore exposes provider-specific webhook endpoints:

ProviderEndpoint
GitHubPOST /api/webhooks/github/{projectId}
GitLabPOST /api/webhooks/gitlab/{projectId}
BitbucketPOST /api/webhooks/bitbucket/{projectId}

These endpoints are public (no JWT required) -- authentication is done via HMAC signature verification using the webhook secret.

Webhook Events

Configure your webhook to send:

ProviderEvents
GitHubpush events
GitLabPush events
Bitbucketrepo:push

Verifying Webhook Delivery

If deployments are not triggering:

  1. Check the webhook delivery logs in your Git provider's settings
  2. Look for HTTP 200 responses from oCore
  3. Verify the webhook secret matches between the provider and oCore
  4. Use the Reconfigure Webhook action to regenerate:
curl -X POST https://ocore.example.com/api/projects/{projectId}/repository/reconfigure-webhook \
  -H "Authorization: Bearer $TOKEN"

Webhook Security

oCore verifies every webhook request using HMAC signature validation. GitHub uses X-Hub-Signature-256, GitLab uses X-Gitlab-Token, and Bitbucket uses HMAC-SHA256. Invalid signatures are rejected with a 401 response.

Automatic Deployments on Push

When oCore receives a webhook for a push event, it:

  1. Extracts the branch name and commit SHA from the payload
  2. Looks up branch-to-environment mappings for the project
  3. If a mapping exists, triggers a deployment to the mapped environment
  4. The deployment follows the standard pipeline (see Deployments)

Example Flow

Developer pushes to `main`
  -> GitHub sends webhook to oCore
    -> oCore finds `main` maps to Production environment
      -> Deployment triggered: build, push, restart
        -> Production instance updated with new code

Branch-to-Environment Mapping

Map Git branches to environments so pushes automatically deploy to the correct target.

Creating Mappings

curl -X PUT https://ocore.example.com/api/projects/{projectId}/branch-mappings \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "branch": "main",
    "environmentId": "ENV_UUID"
  }'
ocore project map-branch <project-id> \
  --branch main \
  --environment ENV_UUID

Common Branch Strategies

StrategyBranchesEnvironments
SimplemainProduction
Stagingmain, stagingProduction, Staging
Fullmain, staging, developProduction, Staging, Development
Featuremain, staging, feature/*Production, Staging, per-feature dev

Listing Mappings

curl https://ocore.example.com/api/projects/{projectId}/branch-mappings \
  -H "Authorization: Bearer $TOKEN"

GitHub App Integration

For enhanced GitHub integration, install the oCore GitHub App on your organization. The GitHub App provides:

  • Automatic repository access -- No need to manually add deploy keys
  • Enhanced webhook management -- Webhooks configured automatically
  • Check runs -- Deployment status reported as GitHub check runs
  • Commit status -- Build status shown directly on commits and PRs

Installing the GitHub App

Go to Organization Settings > GitHub App.

Click Install GitHub App. You will be redirected to GitHub to authorize the app.

Select the repositories you want to connect.

After installation, oCore automatically configures webhooks and deploy access for selected repositories.

GitHub App Settings

Manage your GitHub App installation and connected repositories.

Open in Dashboard

Managing the GitHub App

# View GitHub App configuration
curl https://ocore.example.com/api/settings/github-app \
  -H "Authorization: Bearer $TOKEN"

# List GitHub App installations
curl https://ocore.example.com/api/settings/github-app/installations \
  -H "Authorization: Bearer $TOKEN"

Multiple GitHub Account Support

If your organization manages repositories across multiple GitHub accounts or organizations, oCore supports installing the same GitHub App on each of them. This is common when you have:

  • A company GitHub organization for production modules and a separate one for client-specific customizations
  • Personal GitHub accounts alongside an organization account
  • Separate GitHub organizations per client or business unit

How Multi-Installation Routing Works

Each GitHub App installation is associated with a specific GitHub account (user or organization). When oCore needs to interact with a repository -- for webhooks, check runs, or commit statuses -- it matches the repository owner to the correct installation:

  1. oCore extracts the repo owner from the repository URL (e.g., acme from git@github.com:acme/odoo-custom.git)
  2. It looks up all active GitHub App installations for your oCore organization
  3. It finds the installation whose account_login matches the repo owner (case-insensitive)
  4. The matched installation's credentials are used for API calls to that repository

This routing is automatic -- you do not need to manually assign installations to projects.

Fallback Behavior

If no installation matches the repo owner exactly, oCore falls back to the first available installation. This ensures backward compatibility for installations created before multi-account support was added.

Adding an Installation

Navigate to Organization Settings > GitHub App.

Click Install on Another Account. You will be redirected to GitHub.

Select the GitHub account or organization where you want to install the App, and authorize the requested permissions.

GitHub redirects back to oCore with the installation_id. oCore verifies the installation via the GitHub API, records the account_login and account_type, and links it to your organization.

Viewing Installations

The GitHub App settings page shows all active installations with their account name, type (user or organization), and creation date.

# List all installations
curl https://ocore.example.com/api/settings/github-app/installations \
  -H "Authorization: Bearer $TOKEN"

Response:

{
  "installations": [
    {
      "installation_id": 12345678,
      "account_login": "acme-corp",
      "account_type": "organization",
      "created_at": "2026-01-15T10:30:00Z"
    },
    {
      "installation_id": 87654321,
      "account_login": "acme-client-a",
      "account_type": "organization",
      "created_at": "2026-02-20T14:00:00Z"
    }
  ]
}

Removing an Installation

To unlink a GitHub App installation from your oCore organization:

curl -X DELETE https://ocore.example.com/api/settings/github-app/installations/{installationId} \
  -H "Authorization: Bearer $TOKEN"

This soft-deletes the installation record in oCore. To fully uninstall the GitHub App from the GitHub account, visit the GitHub App settings page on GitHub.

Impact of Removing

Removing an installation disables check runs, commit statuses, and automatic webhook management for all repositories under that GitHub account. Deploy key and manual webhook configurations are not affected.

Per-Project Routing

Each project in oCore is linked to a repository URL that includes the owner (e.g., acme-corp/odoo-modules). When oCore processes a webhook, creates a check run, or reports a commit status for that project, it automatically selects the installation matching acme-corp.

No per-project configuration is needed -- the routing is derived from the repository URL at runtime.

RepositoryOwnerMatched Installation
git@github.com:acme-corp/odoo-erp.gitacme-corpInstallation on acme-corp
git@github.com:acme-client-a/custom-addons.gitacme-client-aInstallation on acme-client-a
git@github.com:devuser/playground.gitdevuserInstallation on devuser (if installed)

Push Notifications

oCore can send deployment notifications via push events. Configure notification preferences to receive updates when:

  • Deployment starts
  • Deployment succeeds
  • Deployment fails

See your notification preferences in account settings.

Required Permissions

  • Connecting repositories requires manage:projects permission
  • Managing webhooks requires manage:projects permission
  • GitHub App installation requires manage:org_settings permission
  • Branch mappings require manage:projects for creation, view:projects for viewing

Troubleshooting

Webhook returns 401 Unauthorized

  • The webhook secret does not match. Regenerate using Reconfigure Webhook
  • Ensure the secret is copied exactly (no trailing whitespace)
  • Check that the correct project ID is in the webhook URL

Push to branch does not trigger deployment

  • Verify a branch mapping exists: GET /api/projects/{projectId}/branch-mappings
  • Check that the webhook is configured for push events
  • View webhook delivery logs in your Git provider for errors
  • Confirm the project has a connected repository

Deploy key rejected by Git provider

  • Regenerate the deploy key: POST /api/projects/{projectId}/repository/regenerate-key
  • Add the new key to your repository's deploy key settings
  • Ensure the key has read access (write access is not needed)

GitHub App not showing repositories

  • Check that the GitHub App is installed on the correct GitHub organization
  • Verify repository permissions in the GitHub App settings
  • Reinstall the GitHub App if repositories are missing

Deployment triggered but fails at clone step

  • The deploy key may have been revoked or removed from the repository
  • The repository may be private and the key lacks access
  • Network connectivity issue between oCore server and Git provider
  • Check the deployment step output for the specific Git error
Was this page helpful?
Edit on GitHub

Domains and DNS

Attach custom domains, manage SSL certificates, configure DNS records, and set IP access rules.

Admin Guide

Manage organizations, teams, roles, API keys, audit logs, security, and platform settings.

On this page

Connecting a RepositorySupported ProvidersConnection StepsWebhook ConfigurationWebhook EndpointsWebhook EventsVerifying Webhook DeliveryAutomatic Deployments on PushExample FlowBranch-to-Environment MappingCreating MappingsCommon Branch StrategiesListing MappingsGitHub App IntegrationInstalling the GitHub AppManaging the GitHub AppMultiple GitHub Account SupportHow Multi-Installation Routing WorksAdding an InstallationViewing InstallationsRemoving an InstallationPer-Project RoutingPush NotificationsRequired PermissionsTroubleshootingWebhook returns 401 UnauthorizedPush to branch does not trigger deploymentDeploy key rejected by Git providerGitHub App not showing repositoriesDeployment triggered but fails at clone step