First try

.gitignore

@@ -0,0 +1,2 @@
+.idea
+.env

Dockerfile

@@ -0,0 +1,32 @@
+FROM debian:bookworm-slim
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install dependencies
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends git ca-certificates curl unzip bash gnupg \
+ && rm -rf /var/lib/apt/lists/*
+
+# Install Hugo (Linux 64bit)
+RUN curl -fsSL "https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_Linux-64bit.tar.gz" \
+    | tar -xzf - -C /tmp \
+ && mv /tmp/hugo /usr/local/bin/hugo \
+ && chmod +x /usr/local/bin/hugo \
+ && rm -rf /tmp/hugo
+
+# Install adnanh/webhook binary
+RUN curl -fsSL "https://github.com/adnanh/webhook/releases/download/${WEBHOOK_VERSION}/webhook-linux-amd64.tar.gz" \
+    | tar -xzf - -C /tmp \
+ && mv /tmp/webhook-linux-amd64/webhook /usr/local/bin/webhook \
+ && chmod +x /usr/local/bin/webhook \
+ && rm -rf /tmp/webhook-linux-amd64
+
+# App layout
+WORKDIR /app
+COPY entrypoint.sh /app/entrypoint.sh
+COPY hooks/update_site.sh /app/hooks/update_site.sh
+RUN chmod +x /app/entrypoint.sh /app/hooks/update_site.sh
+
+EXPOSE 1313 ${WEBHOOK_PORT}
+
+ENTRYPOINT ["/app/entrypoint.sh"]

docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  site:
+    build: ./builder
+    container_name: hugo-webhook
+    env_file:
+      - .env
+    ports:
+      - "1313:1313"   # hugo server
+      - "9000:9000"   # webhook listener (only expose to Gitea or reverse-proxy)
+    volumes:
+      - site-data:/srv/site
+    restart: unless-stopped
+
+volumes:
+  site-data:

entrypoint.sh

@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Environment variables (can be passed via docker-compose)
+: "${GIT_REPO:?You must set GIT_REPO environment variable}"
+GIT_BRANCH="${GIT_BRANCH:-main}"
+WEBHOOK_SECRET="${WEBHOOK_SECRET:-}"
+WEBHOOK_PORT="${WEBHOOK_PORT:-9000}"
+HUGO_FLAGS="${HUGO_FLAGS:-}"
+HUGO_BASEURL="${HUGO_BASEURL:-http://localhost:1313}"
+REPO_DIR="/app/site"
+HOOKS_FILE="/app/hooks.json"
+WEBHOOK_BIN="/usr/local/bin/webhook"
+
+# Clone repo into volume if missing
+if [ ! -d "$REPO_DIR/.git" ]; then
+  echo "Cloning $GIT_REPO (branch $GIT_BRANCH) into $REPO_DIR"
+  git clone --branch "$GIT_BRANCH" --single-branch "$GIT_REPO" "$REPO_DIR"
+else
+  echo "Repository already exists at $REPO_DIR"
+fi
+
+# Ensure working tree matches origin branch
+git -C "$REPO_DIR" fetch origin "$GIT_BRANCH" || true
+git -C "$REPO_DIR" reset --hard "origin/$GIT_BRANCH" || true
+
+# Generate hooks.json for adnanh/webhook with secret and trigger rule for branch
+cat > "$HOOKS_FILE" <<EOF
+[
+  {
+    "id": "update-site",
+    "execute-command": "/app/hooks/update_site.sh",
+    "command-working-directory": "/app",
+    "response-message": "Update started",
+    "trigger-rule": {
+      "and": [
+        {
+          "match": {
+            "type": "value",
+            "value": "refs/heads/${GIT_BRANCH}",
+            "parameter": {
+              "source": "payload",
+              "name": "ref"
+            }
+          }
+        }
+      ]
+    },
+    "pass-arguments-to-command": [
+      {
+        "source": "payload",
+        "name": "ref"
+      }
+    ]
+    $( [ -n "$WEBHOOK_SECRET" ] && echo ",\"secret\": \"$WEBHOOK_SECRET\"" || echo "" )
+  }
+]
+EOF
+
+echo "Created webhook hooks file at $HOOKS_FILE (branch filter: $GIT_BRANCH)"
+
+# Start webhook in background
+echo "Starting adnanh/webhook on port $WEBHOOK_PORT"
+# run webhook with hooks file and allow hotreload (good for changing hooks.json via entrypoint)
+$WEBHOOK_BIN -hooks "$HOOKS_FILE" -port "$WEBHOOK_PORT" -hotreload &
+WEBHOOK_PID=$!
+
+# Start hugo server in foreground (PID 1 for container)
+echo "Starting Hugo server, baseURL=$HUGO_BASEURL"
+# bind to 0.0.0.0 so it is reachable outside container
+hugo server --bind 0.0.0.0 --baseURL "${HUGO_BASEURL}" ${HUGO_FLAGS}
+
+# If hugo exits, shut down webhook as well
+kill "$WEBHOOK_PID" 2>/dev/null || true
+wait "$WEBHOOK_PID" 2>/dev/null || true

hooks/update_site.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# This script is invoked by adnanh/webhook when a matching hook is triggered.
+# It updates the git checkout in /app/site to origin/$GIT_BRANCH.
+# Hugo server runs separately and watches the files, so no explicit hugo build is required.
+
+REPO_DIR="/app/site"
+GIT_BRANCH="${GIT_BRANCH:-main}"
+
+if [ ! -d "$REPO_DIR/.git" ]; then
+  echo "Repository not found at $REPO_DIR; nothing to update."
+  exit 1
+fi
+
+echo "Updating repository in $REPO_DIR to origin/$GIT_BRANCH"
+cd "$REPO_DIR"
+
+# Fetch and reset
+git fetch origin "$GIT_BRANCH" --depth=1 || true
+git reset --hard "origin/$GIT_BRANCH"
+
+# Optionally, you can clear caches or perform other tasks here.
+echo "Update completed at $(date -u +%Y-%m-%dT%H:%M:%SZ)"
+exit 0