kidino · September 26, 2024 04:48
diff --git a/.htaccess b/.htaccess
 # taruk .htaccess untuk protect webhook.php agar hanya terima
 # trafik daripada Github sahaja. Ini IP address Github yang
 # akan hantar webhook.

 # lepas tu sebab webhook.php akan pakai fungsi exec(), lagilah
 # kita kena protect

 <Files "webhook.php">
    Order Deny,Allow
    Deny from all
    Allow from 192.30.252.0/22
    Allow from 185.199.108.0/22
    Allow from 140.82.112.0/20
 </Files>
diff --git a/deploy.sh b/deploy.sh
 #!/bin/bash

 # jangan lupa kena chmod +x deploy.sh
 # kadang ada isu dengan unicode yang salah. kena run dos2unix
 # kalau tak jalan, kena create file tu dari SSH pakai vim atau nano

 export HOME=/home/user

 # Add Composer to PATH -- kadang tak jumpa Composer. Jadi taruk ni
 # ni untuk Cpanel yang Cloudlinux. Atau boleh run which composer untuk cari
 # path yang betul
 export PATH="$PATH:/opt/cpanel/composer/bin"

 # Navigate to the Laravel application directory
 cd /home/user/project

 # Pull the latest changes from the Git repository
 git pull origin staging

 # Install/update Composer dependencies
 composer install --no-interaction --prefer-dist --optimize-autoloader

 # Run database migrations (if any)
 # php artisan migrate --force

 # Clear and cache configurations
 php artisan config:cache
 php artisan route:cache
 php artisan view:cache

 # tambahlah apa-apa lagi yang perlu. npm ke, restart server ke, apa ke.

 npm install
 npm run build

 echo "Deployment finished!"
diff --git a/webhook.php b/webhook.php
 <?php
 // set ni dalam Github. Akan digunakan untuk verify penghantar webhook
 $secret = 'CONTOH-SECRET-KEY'; 
 $branch = 'staging'; // nama branch

 // Get the request body and headers
 $payload = file_get_contents('php://input');
 $signature = 'sha1=' . hash_hmac('sha1', $payload, $secret);
 $headers = getallheaders();

 // Verify the signature
 if (!hash_equals($signature, $headers['X-Hub-Signature'])) {
    http_response_code(403);
    echo 'Invalid signature';
    exit;
 }

 $data = json_decode($payload, true);
 // saja log data dari webhook. jangan lupa di Github agar set
 // untuk terima data application/json
 file_put_contents("deploy-payload.txt", print_r( $data, true ));

 // Check if the push is to the specific branch
 if ($data['ref'] !== 'refs/heads/'.$branch) {
    http_response_code(200);
    echo 'Push was not to the ' . $branch . ' branch. No deployment triggered.';
    exit;
 }

 // Run the deploy script
 $output = [];
 $return_var = 0;
 // trigger CLI deploy script. kita buat guna Bash. Kadang ada isu
 // yang mana exec() adalah disabled functions. Kena enablekan kat
 // hosting atau dalam php.ini
 exec('/home/user/project/deploy.sh 2>&1', $output, $return_var);

 // Log the output and result
 file_put_contents('deploy.log', implode("\n", $output), FILE_APPEND);

 if ($return_var !== 0) {
    http_response_code(500);
    echo 'Deployment failed';
    exit;
 }

 echo 'Deployment succeeded';
	# taruk .htaccess untuk protect webhook.php agar hanya terima
	# trafik daripada Github sahaja. Ini IP address Github yang
	# akan hantar webhook.

	# lepas tu sebab webhook.php akan pakai fungsi exec(), lagilah
	# kita kena protect

	<Files "webhook.php">
	Order Deny,Allow
	Deny from all
	Allow from 192.30.252.0/22
	Allow from 185.199.108.0/22
	Allow from 140.82.112.0/20
	</Files>
	#!/bin/bash

	# jangan lupa kena chmod +x deploy.sh
	# kadang ada isu dengan unicode yang salah. kena run dos2unix
	# kalau tak jalan, kena create file tu dari SSH pakai vim atau nano

	export HOME=/home/user

	# Add Composer to PATH -- kadang tak jumpa Composer. Jadi taruk ni
	# ni untuk Cpanel yang Cloudlinux. Atau boleh run which composer untuk cari
	# path yang betul
	export PATH="$PATH:/opt/cpanel/composer/bin"

	# Navigate to the Laravel application directory
	cd /home/user/project

	# Pull the latest changes from the Git repository
	git pull origin staging

	# Install/update Composer dependencies
	composer install --no-interaction --prefer-dist --optimize-autoloader

	# Run database migrations (if any)
	# php artisan migrate --force

	# Clear and cache configurations
	php artisan config:cache
	php artisan route:cache
	php artisan view:cache

	# tambahlah apa-apa lagi yang perlu. npm ke, restart server ke, apa ke.

	npm install
	npm run build

	echo "Deployment finished!"
	<?php
	// set ni dalam Github. Akan digunakan untuk verify penghantar webhook
	$secret = 'CONTOH-SECRET-KEY';
	$branch = 'staging'; // nama branch

	// Get the request body and headers
	$payload = file_get_contents('php://input');
	$signature = 'sha1=' . hash_hmac('sha1', $payload, $secret);
	$headers = getallheaders();

	// Verify the signature
	if (!hash_equals($signature, $headers['X-Hub-Signature'])) {
	http_response_code(403);
	echo 'Invalid signature';
	exit;
	}

	$data = json_decode($payload, true);
	// saja log data dari webhook. jangan lupa di Github agar set
	// untuk terima data application/json
	file_put_contents("deploy-payload.txt", print_r( $data, true ));

	// Check if the push is to the specific branch
	if ($data['ref'] !== 'refs/heads/'.$branch) {
	http_response_code(200);
	echo 'Push was not to the ' . $branch . ' branch. No deployment triggered.';
	exit;
	}

	// Run the deploy script
	$output = [];
	$return_var = 0;
	// trigger CLI deploy script. kita buat guna Bash. Kadang ada isu
	// yang mana exec() adalah disabled functions. Kena enablekan kat
	// hosting atau dalam php.ini
	exec('/home/user/project/deploy.sh 2>&1', $output, $return_var);

	// Log the output and result
	file_put_contents('deploy.log', implode("\n", $output), FILE_APPEND);

	if ($return_var !== 0) {
	http_response_code(500);
	echo 'Deployment failed';
	exit;
	}

	echo 'Deployment succeeded';