webhook
This commit is contained in:
parent
a4e2a9c272
commit
5ef8f2271d
|
@ -0,0 +1,54 @@
|
||||||
|
<?php
|
||||||
|
# https://docs.gitea.com/usage/webhooks
|
||||||
|
|
||||||
|
// check for POST request
|
||||||
|
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
|
||||||
|
error_log('FAILED - not POST - '. $_SERVER['REQUEST_METHOD']);
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
// get content type
|
||||||
|
$content_type = isset($_SERVER['CONTENT_TYPE']) ? strtolower(trim($_SERVER['CONTENT_TYPE'])) : '';
|
||||||
|
|
||||||
|
if ($content_type != 'application/json') {
|
||||||
|
error_log('FAILED - not application/json - '. $content_type);
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
// get payload
|
||||||
|
$payload = trim(file_get_contents("php://input"));
|
||||||
|
|
||||||
|
if (empty($payload)) {
|
||||||
|
error_log('FAILED - no payload');
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
// get header signature
|
||||||
|
$header_signature = isset($_SERVER['HTTP_X_GITEA_SIGNATURE']) ? $_SERVER['HTTP_X_GITEA_SIGNATURE'] : '';
|
||||||
|
|
||||||
|
if (empty($header_signature)) {
|
||||||
|
error_log('FAILED - header signature missing');
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
// calculate payload signature
|
||||||
|
$payload_signature = hash_hmac('sha256', $payload, $secret_key, false);
|
||||||
|
|
||||||
|
// check payload signature against header signature
|
||||||
|
if ($header_signature !== $payload_signature) {
|
||||||
|
error_log('FAILED - payload signature');
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
// convert json to array
|
||||||
|
$decoded = json_decode($payload, true);
|
||||||
|
|
||||||
|
// check for json decode errors
|
||||||
|
if (json_last_error() !== JSON_ERROR_NONE) {
|
||||||
|
error_log('FAILED - json decode - '. json_last_error());
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
// success, do something
|
||||||
|
shell_exec('sh ../webhook/webhook.sh')
|
||||||
|
?>
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/bash
|
||||||
|
username=$(getent passwd 1000 | cut -d: -f1)
|
||||||
|
touch /home/$username/webhook_ok
|
51
install.sh
51
install.sh
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
PURPLE='\033[35m'
|
PURPLE='\033[35m'
|
||||||
ORANGE='\033[33m'
|
ORANGE='\033[33m'
|
||||||
|
BLUE='\033[34m'
|
||||||
BOLD='\033[1m'
|
BOLD='\033[1m'
|
||||||
RESET='\033[0m'
|
RESET='\033[0m'
|
||||||
|
|
||||||
|
@ -208,9 +209,9 @@ get_ip
|
||||||
cms_folder="cms_${domain_name}"
|
cms_folder="cms_${domain_name}"
|
||||||
|
|
||||||
echo -e "${PURPLE}${BOLD}Configure the ${domain_name} DNS ZONE as the following${RESET}"
|
echo -e "${PURPLE}${BOLD}Configure the ${domain_name} DNS ZONE as the following${RESET}"
|
||||||
echo -e "${PURPLE}Domain : ${domain_name} | Type : A | Target : ${ip}${RESET}"
|
echo -e "${BLUE}Domain : ${domain_name} | Type : A | Target : ${ip}${RESET}"
|
||||||
echo -e "${PURPLE}Domain : cms.${domain_name} | Type : A | Target : ${ip}${RESET}"
|
echo -e "${BLUE}Domain : cms.${domain_name} | Type : A | Target : ${ip}${RESET}"
|
||||||
echo -e "${PURPLE}Domain : www.${domain_name} | Type : A | Target : ${ip}${RESET}"
|
echo -e "${BLUE}Domain : www.${domain_name} | Type : A | Target : ${ip}${RESET}"
|
||||||
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
|
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
|
||||||
read
|
read
|
||||||
|
|
||||||
|
@ -256,6 +257,8 @@ if [[ "$answer" == "y" ]]; then
|
||||||
echo \"DB_PASSWORD='${db_directus_password}'\" >> ${env_file} &&\
|
echo \"DB_PASSWORD='${db_directus_password}'\" >> ${env_file} &&\
|
||||||
echo \"SECRET='${secret}'\" >> ${env_file} &&\
|
echo \"SECRET='${secret}'\" >> ${env_file} &&\
|
||||||
echo \"KEY='${key}'\" >> ${env_file} &&\
|
echo \"KEY='${key}'\" >> ${env_file} &&\
|
||||||
|
echo \"CORS_ENABLED='true'\" >> ${env_file} &&\
|
||||||
|
echo \"CORS_ORIGIN='true'\" >> ${env_file} &&\
|
||||||
cd ${cms_folder} &&\
|
cd ${cms_folder} &&\
|
||||||
npm init -y &&\
|
npm init -y &&\
|
||||||
npx directus bootstrap --skipAdminInit" $username
|
npx directus bootstrap --skipAdminInit" $username
|
||||||
|
@ -298,8 +301,8 @@ if [[ "$answer" == "y" ]]; then
|
||||||
if [[ "$answer" == "y" ]]; then
|
if [[ "$answer" == "y" ]]; then
|
||||||
|
|
||||||
echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}"
|
echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}"
|
||||||
echo -e "${PURPLE}npx directus schema snapshot ./snapshot.yaml${RESET}"
|
echo -e "${BLUE}npx directus schema snapshot ./snapshot.yaml${RESET}"
|
||||||
echo -e "${PURPLE}scp /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}"
|
echo -e "${BLUE}scp /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}"
|
||||||
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
|
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
|
||||||
read
|
read
|
||||||
|
|
||||||
|
@ -325,9 +328,9 @@ if [[ "$answer" == "y" ]]; then
|
||||||
get_ip
|
get_ip
|
||||||
|
|
||||||
echo -e "${PURPLE}${BOLD}Create and push a prod branch on the repo${RESET}"
|
echo -e "${PURPLE}${BOLD}Create and push a prod branch on the repo${RESET}"
|
||||||
echo -e "${PURPLE}git checkout -b prod${RESET}"
|
echo -e "${BLUE}git checkout -b prod${RESET}"
|
||||||
echo -e "${PURPLE}git add . && git commit -m "first commit to prod"${RESET}"
|
echo -e "${BLUE}git add . && git commit -m "first commit to prod"${RESET}"
|
||||||
echo -e "${PURPLE}git push origin prod${RESET}"
|
echo -e "${BLUE}git push origin prod${RESET}"
|
||||||
echo -e "${PURPLE}${BOLD}What is the .git url of the repo${RESET}"
|
echo -e "${PURPLE}${BOLD}What is the .git url of the repo${RESET}"
|
||||||
read repo_url
|
read repo_url
|
||||||
|
|
||||||
|
@ -364,12 +367,39 @@ if [[ "$answer" == "y" ]]; then
|
||||||
echo -e "${PURPLE}${BOLD}Setup a webhook ? (y/N) ${RESET}"
|
echo -e "${PURPLE}${BOLD}Setup a webhook ? (y/N) ${RESET}"
|
||||||
read answer
|
read answer
|
||||||
if [[ "$answer" == "y" ]]; then
|
if [[ "$answer" == "y" ]]; then
|
||||||
echo "wawawawawa"
|
echo -e "${PURPLE}${BOLD}If it does not already exists, create a webhook at the following url${RESET}"
|
||||||
|
echo -e "${PURPLE}${BOLD}https://${repo_url}/settings/hooks/gitea/new${RESET}"
|
||||||
|
echo -e "${BLUE}${BOLD}Target URL ${RESET}${BLUE}https://${domain_name}/webhook.php${RESET}"
|
||||||
|
echo -e "${BLUE}${BOLD}Branch filter ${RESET}${BLUE}prod${RESET}"
|
||||||
|
echo -e "${BLUE}${BOLD}Authorization Header ${RESET}${ORANGE}Generate a safe string using \`openssl rand -base64 32\`${RESET}"
|
||||||
|
echo -e "${PURPLE}${BOLD}Enter the Authorization Header${RESET}"
|
||||||
|
read -s auth_header
|
||||||
|
|
||||||
|
apt install -y php php-fpm
|
||||||
|
rm /var/www/html/index.html
|
||||||
|
cp ./assets/webhook.php /var/www/html/
|
||||||
|
mkdir /var/www/webhook
|
||||||
|
cp .assets/webhook.sh /var/www/webhook
|
||||||
|
chown www-data:www-data /var/www/webhook/webhook.sh
|
||||||
|
chmod u+x /var/www/webhook/webhook.sh
|
||||||
|
|
||||||
|
sed -i '$ d' $caddyfile
|
||||||
|
echo "handle /webhook.php {" >> $caddyfile
|
||||||
|
echo "@unauthorized not header Authorization ${auth_header}" >> $caddyfile
|
||||||
|
echo "respond @unauthorized "Unauthorized access"" >> $caddyfile
|
||||||
|
echo "root * /var/www/html" >> $caddyfile
|
||||||
|
echo "php_fastcgi unix//run/php/php8.2-fpm.sock" >> $caddyfile
|
||||||
|
echo "file_server" >> $caddyfile
|
||||||
|
echo "}" >> $caddyfile
|
||||||
|
echo "}" >> $caddyfile
|
||||||
|
caddy fmt $caddyfile -w
|
||||||
|
caddy reload -c $caddyfile
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
# TODO
|
# TODO
|
||||||
|
#
|
||||||
# REMOVE EXPECT AT THE END IF IT IS INSTALLED
|
# REMOVE EXPECT AT THE END IF IT IS INSTALLED
|
||||||
# CREATE AN ASSETS FOLDER WITH THE DIRECTUS ENV
|
# CREATE AN ASSETS FOLDER WITH THE DIRECTUS ENV
|
||||||
# ZABBIX
|
# ZABBIX
|
||||||
|
@ -377,3 +407,6 @@ fi
|
||||||
# DIRECTUS EMAIL
|
# DIRECTUS EMAIL
|
||||||
# DIRECTUS REDIS
|
# DIRECTUS REDIS
|
||||||
# LOGING DE TOUT
|
# LOGING DE TOUT
|
||||||
|
# IMPORT DIRECTUS FULL DB
|
||||||
|
# CADDYFILE EN JSON
|
||||||
|
# MÀJ
|
||||||
|
|
Loading…
Reference in New Issue