Created
February 6, 2022 02:15
-
-
Save DenverCoder1/412b4155087d97c87c75dfe5454d5b41 to your computer and use it in GitHub Desktop.
Webhook endpoint to pull code from GitHub when the repo is updated
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| define('GH_USERNAME', ''); // Username for authentication | |
| define('GH_PASSWORD', ''); // GitHub Personal Access Token with repo scope* (starting with 'ghp_') | |
| define('GH_REPO', ''); // GitHub Repo URL (eg. 'github.com/UserName/RepoName.git') | |
| define('GH_SECRET', ''); // Webhook secret provided to GitHub when creating the webhook | |
| // Steps: | |
| // 1. Visit the repository on GitHub, select 'Settings', then 'Webhooks' | |
| // 2. Select 'Add Webhook' | |
| // 3. For Payload URL, put the public URL where the pull.php is located | |
| // 4. Set Content Type to 'application/json' | |
| // 5. Generate any random string to use as a Webhook secret which will be used above in the github.inc | |
| // 6. For events, you can use "Just the push event" | |
| // 7. Set the webhook to active and create it (a test payload will be delivered when added) | |
| // *PATs can be generated by visiting https://github.com/settings/tokens/new?scopes=repo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Pull the latest version of the codebase from GitHub | |
| */ | |
| header("Content-Type: text/plain; charset=UTF-8"); | |
| require_once "github.inc"; // path to config file where details are defined | |
| $username = GH_USERNAME; | |
| $password = GH_PASSWORD; | |
| $repo = GH_REPO; | |
| $secret = GH_SECRET; | |
| $payload = @file_get_contents('php://input'); | |
| $payload_json = json_decode($payload); | |
| // Check if the request is from GitHub | |
| if (isset($_SERVER['HTTP_X_HUB_SIGNATURE_256'])) { | |
| $hash = $_SERVER['HTTP_X_HUB_SIGNATURE_256']; | |
| $raw_sig = explode('=', $hash); | |
| $sig = $raw_sig[1]; | |
| $payload_hash = hash_hmac($raw_sig[0], $payload, $secret); | |
| if ($payload_hash !== $sig) { | |
| die('Invalid signature'); | |
| } | |
| } else { | |
| die('No signature'); | |
| } | |
| // Check if the branch pushed to is the current checked out branch | |
| $payload_branch = explode("/", $payload_json->ref)[2]; | |
| $current_branch = trim(`git rev-parse --abbrev-ref HEAD`); | |
| echo "Branch pushed to: " . $payload_branch . "\n"; | |
| echo "Current branch: " . $current_branch . "\n"; | |
| if ($payload_branch !== $current_branch) { | |
| die("Branch '$payload_branch' is not the current branch ('$current_branch')"); | |
| } | |
| // Pull the latest codebase | |
| echo `git pull --ff-only "https://$username:$password@$repo" "$current_branch" 2>&1`; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment