Created
March 15, 2016 08:32
-
-
Save iolloyd/f96100a4c0b7f9fdf261 to your computer and use it in GitHub Desktop.
secure webhook for using git to deploy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| cd /var/www/site-staging && git reset --hard && git pull -f origin staging | |
| echo ok |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function run($branch, $buildCommand, $envKey) { | |
| $data = json_decode(file_get_contents('php://input'), true); | |
| $key = getenv($envKey); | |
| if (verify($data, $key)) { | |
| $ref = $data['ref']; | |
| $foundBranch = explode('/', $ref)[2]; | |
| if ($foundBranch == $branch) { | |
| shell_exec($buildCommand); | |
| } | |
| } | |
| } | |
| function verify($payload, $key) { | |
| $expected = $_REQUEST['HTTP_X_HUB_SIGNATURE']; | |
| $actual = sprintf("%s%s", 'sha1=', hash_hmac('sha1', $payload, $key)); | |
| return safeEquals($expected, $actual); | |
| } | |
| function safeEquals($a, $b) { | |
| return substr_count($a ^ $b, "\0") * 2 === strlen($a . $b); | |
| } | |
| $branch = 'staging'; | |
| $buildScript = '/usr/local/bin/build-staging.sh'; | |
| $envKey = 'secret_token_github'; | |
| run($branch, $buildScript, $envKey); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment