Skip to content

Instantly share code, notes, and snippets.

@cowboy

cowboy/github_post_recieve.php

Created October 11, 2010 02:04
Show Gist options
  • Save cowboy/619858 to your computer and use it in GitHub Desktop.
Save cowboy/619858 to your computer and use it in GitHub Desktop.
Download ZIP
GitHub PHP webhook to auto-pull on repo push
Raw
github_post_recieve.php
<?php
// Use in the "Post-Receive URLs" section of your GitHub repo.
if ( $_POST['payload'] ) {
shell_exec( 'cd /srv/www/git-repo/ && git reset --hard HEAD && git pull' );
}
?>hi
@leymannx
Copy link

leymannx commented Jul 4, 2017
edited
Loading

etc/suoders:

www-data ALL = (myuser) NOPASSWD: /usr/bin/git
www-data ALL = (myuser) NOPASSWD: /usr/bin/node
www-data ALL = (myuser) NOPASSWD: /usr/bin/drush
www-data ALL = (myuser) NOPASSWD: /usr/bin/whoami

github_post_recieve.php:

<?php

if ( isset($_POST['payload']) && $_POST['payload'] ) {
  echo shell_exec('cd /var/www/mydrupal/ && sudo -u myuser git pull');
  echo shell_exec('cd /var/www/mydrupal/sites/all/themes/mytheme/ && sudo -u myuser node ./node_modules/gulp/bin/gulp.js mygulptask');
  // Adding the drush will cause the delivery being displayed as unsuccessful. Means GitHub doesn't wait so long. The command will run nevertheless.
  echo shell_exec('cd /var/www/mydrupal/ && sudo -u myuser drush @sites cc all -y');
}

// Should return www-data
echo shell_exec('whoami');
// Should return myuser
echo shell_exec('sudo -u myuser whoami');

?>

Gist

@crobinson42
Copy link

Thx for the simple gist!

I solved my issue with my shell_exec(... command not running by changing the directory it was in ownership to www-data (from root), ie: sudo chown -R www-data /var/www/

@Luc45
Copy link

Luc45 commented Jan 29, 2019
edited
Loading 

<?php
// GitHub Webhook Secret.
// Keep it the same with the 'Secret' field on your Webhooks / Manage webhook page of your respostory.
$secret = "";

// Path to your respostory on your server.
// e.g. "/var/www/respostory"
$path = "";

// Headers deliveried from GitHub
$signature = $_SERVER['HTTP_X_HUB_SIGNATURE'];

if ($signature) {
  $hash = "sha1=".hash_hmac('sha1', file_get_contents("php://input"), $secret);
  if (strcmp($signature, $hash) == 0) {
    echo shell_exec("cd {$path} && /usr/bin/git reset --hard origin/master && /usr/bin/git clean -f && /usr/bin/git pull 2>&1");
    exit();
  }
}

http_response_code(404);

?>

Source: https://github.com/mdluo/github-webhook-handler-php/blob/master/github-webhook-handler-php70.php

@imantsk
Copy link

imantsk commented Nov 4, 2022
edited
Loading

@Luc45 thank you for the suggestion, it worked and was quite helpful !! 🙌
In addition, on my remote server, I have added a little line to the /etc/sudoers file to allow the webserver user (usually www-data) to execute /usr/bin/git as the user that owns my repo files 😉
Here is my example: www-data ALL = (repo_owner) NOPASSWD : /usr/bin/git

@timothyferriss
Copy link

Always be cautious when running shell commands from web scripts backpack battles for security reasons. Sanitize inputs, restrict access, and log activities to avoid potential vulnerabilities.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment