Validation Extension

Updated 2 years ago by Admin

You can use an validation extension to enforce custom checks, verification and linting rules to .drone.yml configuration files.


You can register a validation extension by providing the following configuration parameters to the Drone server:

    Provides the endpoint used to make http requests to an extension.
    Provides the token used to authenticate http requests to the extension. This token is shared between the server and extension.

How it Works

The server makes an HTTP post to the validation extension before the yaml file is processed and before any pipelines are scheduled. The validation extension is expected to accept or reject the yaml file.


The validation extension receives an HTTP request to verify the yaml. The request body includes the Repository and Build details in JSON format, as well as the raw Yaml configuration file.

Request Body definition:

1 class Request {
2 config: Config;
3 repo: Repo;
4 build: Build
5 }

1 class Config {
2 data: string;
3 }

1 class Repository {
2 id: int64;
3 uid: int64;
4 user_id: int64;
5 namespace: string;
6 name: string;
7 slug: string;
8 scm: string;
9 git_http_url: string;
10 git_ssh_url: string;
11 link: string;
12 default_branch: string;
13 private: boolean;
14 visibility: string;
15 active: boolean;
16 config: string;
17 trusted: boolean;
18 protected: boolean;
19 ignore_forks: boolean;
20 ignore_pulls: boolean;
21 cancel_pulls: boolean;
22 timeout: int64;
23 counter: int64;
24 synced: int64;
25 created: int64;
26 updated: int64;
27 version: int64;
28 }

1 class Build {
2 id: int64;
3 repo_id: int64;
4 number: int64;
5 parent: int64;
6 status: string;
7 error: string
8 event: string;
9 action: string;
10 link: string;
11 timestamp: int64;
12 title: string;
13 message: string;
14 before: string;
15 after: string;
16 ref: string;
17 source_repo: string;
18 source: string;
19 target: string;
20 author_login: string;
21 author_name: string;
22 author_email: string;
23 author_avatar: string;
24 sender: string;
25 params: [string][string];
26 cron: string;
27 deploy_to: string;
28 deploy_id: int64;
29 started: int64;
30 finished: int64;
31 created: int64;
32 updated: int64;
33 version: int64;
34 }


The validation extension should respond with one of the following:

  • 200 response code indicating the yaml passed validation
  • 400 response code indicating the yaml failed validation, with a JSON encoded error messaging indicating why validation failed.
  • 498 response code indicating the yaml failed validation and should be skipped.
  • 499 response code indicating the yaml failed validation and should be blocked, pending manual approval.
"message": "cannot use image from external registry"


The http request is signed per the http signatures draft specification use the shared secret. The receiver should use the signature to verify the authenticity and integrity of the webhook.

Starter Project

If you are interested in creating an validation extension we recommend using our starter project as a base to jumpstart development.

How did we do?