This commit is contained in:
Valentin 2024-02-25 19:17:44 +01:00
parent a4e2a9c272
commit 5ef8f2271d
3 changed files with 99 additions and 9 deletions

54
assets/webhook.php Normal file
View File

@ -0,0 +1,54 @@
<?php
# https://docs.gitea.com/usage/webhooks
// check for POST request
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
error_log('FAILED - not POST - '. $_SERVER['REQUEST_METHOD']);
exit();
}
// get content type
$content_type = isset($_SERVER['CONTENT_TYPE']) ? strtolower(trim($_SERVER['CONTENT_TYPE'])) : '';
if ($content_type != 'application/json') {
error_log('FAILED - not application/json - '. $content_type);
exit();
}
// get payload
$payload = trim(file_get_contents("php://input"));
if (empty($payload)) {
error_log('FAILED - no payload');
exit();
}
// get header signature
$header_signature = isset($_SERVER['HTTP_X_GITEA_SIGNATURE']) ? $_SERVER['HTTP_X_GITEA_SIGNATURE'] : '';
if (empty($header_signature)) {
error_log('FAILED - header signature missing');
exit();
}
// calculate payload signature
$payload_signature = hash_hmac('sha256', $payload, $secret_key, false);
// check payload signature against header signature
if ($header_signature !== $payload_signature) {
error_log('FAILED - payload signature');
exit();
}
// convert json to array
$decoded = json_decode($payload, true);
// check for json decode errors
if (json_last_error() !== JSON_ERROR_NONE) {
error_log('FAILED - json decode - '. json_last_error());
exit();
}
// success, do something
shell_exec('sh ../webhook/webhook.sh')
?>

3
assets/webhook.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/bash
username=$(getent passwd 1000 | cut -d: -f1)
touch /home/$username/webhook_ok

View File

@ -2,6 +2,7 @@
PURPLE='\033[35m' PURPLE='\033[35m'
ORANGE='\033[33m' ORANGE='\033[33m'
BLUE='\033[34m'
BOLD='\033[1m' BOLD='\033[1m'
RESET='\033[0m' RESET='\033[0m'
@ -208,9 +209,9 @@ get_ip
cms_folder="cms_${domain_name}" cms_folder="cms_${domain_name}"
echo -e "${PURPLE}${BOLD}Configure the ${domain_name} DNS ZONE as the following${RESET}" echo -e "${PURPLE}${BOLD}Configure the ${domain_name} DNS ZONE as the following${RESET}"
echo -e "${PURPLE}Domain : ${domain_name} | Type : A | Target : ${ip}${RESET}" echo -e "${BLUE}Domain : ${domain_name} | Type : A | Target : ${ip}${RESET}"
echo -e "${PURPLE}Domain : cms.${domain_name} | Type : A | Target : ${ip}${RESET}" echo -e "${BLUE}Domain : cms.${domain_name} | Type : A | Target : ${ip}${RESET}"
echo -e "${PURPLE}Domain : www.${domain_name} | Type : A | Target : ${ip}${RESET}" echo -e "${BLUE}Domain : www.${domain_name} | Type : A | Target : ${ip}${RESET}"
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}" echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
read read
@ -256,6 +257,8 @@ if [[ "$answer" == "y" ]]; then
echo \"DB_PASSWORD='${db_directus_password}'\" >> ${env_file} &&\ echo \"DB_PASSWORD='${db_directus_password}'\" >> ${env_file} &&\
echo \"SECRET='${secret}'\" >> ${env_file} &&\ echo \"SECRET='${secret}'\" >> ${env_file} &&\
echo \"KEY='${key}'\" >> ${env_file} &&\ echo \"KEY='${key}'\" >> ${env_file} &&\
echo \"CORS_ENABLED='true'\" >> ${env_file} &&\
echo \"CORS_ORIGIN='true'\" >> ${env_file} &&\
cd ${cms_folder} &&\ cd ${cms_folder} &&\
npm init -y &&\ npm init -y &&\
npx directus bootstrap --skipAdminInit" $username npx directus bootstrap --skipAdminInit" $username
@ -298,8 +301,8 @@ if [[ "$answer" == "y" ]]; then
if [[ "$answer" == "y" ]]; then if [[ "$answer" == "y" ]]; then
echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}" echo -e "${PURPLE}${BOLD}Import local Directus data model${RESET}"
echo -e "${PURPLE}npx directus schema snapshot ./snapshot.yaml${RESET}" echo -e "${BLUE}npx directus schema snapshot ./snapshot.yaml${RESET}"
echo -e "${PURPLE}scp /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}" echo -e "${BLUE}scp /local/path/to/snapshot.yaml ${username}@${ip}:/home/${username}/snapshot.yaml${RESET}"
echo -e "${PURPLE}${BOLD}Press any key when done${RESET}" echo -e "${PURPLE}${BOLD}Press any key when done${RESET}"
read read
@ -325,9 +328,9 @@ if [[ "$answer" == "y" ]]; then
get_ip get_ip
echo -e "${PURPLE}${BOLD}Create and push a prod branch on the repo${RESET}" echo -e "${PURPLE}${BOLD}Create and push a prod branch on the repo${RESET}"
echo -e "${PURPLE}git checkout -b prod${RESET}" echo -e "${BLUE}git checkout -b prod${RESET}"
echo -e "${PURPLE}git add . && git commit -m "first commit to prod"${RESET}" echo -e "${BLUE}git add . && git commit -m "first commit to prod"${RESET}"
echo -e "${PURPLE}git push origin prod${RESET}" echo -e "${BLUE}git push origin prod${RESET}"
echo -e "${PURPLE}${BOLD}What is the .git url of the repo${RESET}" echo -e "${PURPLE}${BOLD}What is the .git url of the repo${RESET}"
read repo_url read repo_url
@ -364,12 +367,39 @@ if [[ "$answer" == "y" ]]; then
echo -e "${PURPLE}${BOLD}Setup a webhook ? (y/N) ${RESET}" echo -e "${PURPLE}${BOLD}Setup a webhook ? (y/N) ${RESET}"
read answer read answer
if [[ "$answer" == "y" ]]; then if [[ "$answer" == "y" ]]; then
echo "wawawawawa" echo -e "${PURPLE}${BOLD}If it does not already exists, create a webhook at the following url${RESET}"
echo -e "${PURPLE}${BOLD}https://${repo_url}/settings/hooks/gitea/new${RESET}"
echo -e "${BLUE}${BOLD}Target URL ${RESET}${BLUE}https://${domain_name}/webhook.php${RESET}"
echo -e "${BLUE}${BOLD}Branch filter ${RESET}${BLUE}prod${RESET}"
echo -e "${BLUE}${BOLD}Authorization Header ${RESET}${ORANGE}Generate a safe string using \`openssl rand -base64 32\`${RESET}"
echo -e "${PURPLE}${BOLD}Enter the Authorization Header${RESET}"
read -s auth_header
apt install -y php php-fpm
rm /var/www/html/index.html
cp ./assets/webhook.php /var/www/html/
mkdir /var/www/webhook
cp .assets/webhook.sh /var/www/webhook
chown www-data:www-data /var/www/webhook/webhook.sh
chmod u+x /var/www/webhook/webhook.sh
sed -i '$ d' $caddyfile
echo "handle /webhook.php {" >> $caddyfile
echo "@unauthorized not header Authorization ${auth_header}" >> $caddyfile
echo "respond @unauthorized "Unauthorized access"" >> $caddyfile
echo "root * /var/www/html" >> $caddyfile
echo "php_fastcgi unix//run/php/php8.2-fpm.sock" >> $caddyfile
echo "file_server" >> $caddyfile
echo "}" >> $caddyfile
echo "}" >> $caddyfile
caddy fmt $caddyfile -w
caddy reload -c $caddyfile
fi fi
fi fi
# TODO # TODO
#
# REMOVE EXPECT AT THE END IF IT IS INSTALLED # REMOVE EXPECT AT THE END IF IT IS INSTALLED
# CREATE AN ASSETS FOLDER WITH THE DIRECTUS ENV # CREATE AN ASSETS FOLDER WITH THE DIRECTUS ENV
# ZABBIX # ZABBIX
@ -377,3 +407,6 @@ fi
# DIRECTUS EMAIL # DIRECTUS EMAIL
# DIRECTUS REDIS # DIRECTUS REDIS
# LOGING DE TOUT # LOGING DE TOUT
# IMPORT DIRECTUS FULL DB
# CADDYFILE EN JSON
# MÀJ