-
-
Save slowkow/92f021272e760d10d111d7fb72679276 to your computer and use it in GitHub Desktop.
Github webhook handler in PHP.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo mkdir -m 0700 /var/www/.ssh | |
| sudo chown -R www-data:www-data /var/www/.ssh | |
| sudo -u www-data ssh-keygen (empty passphrase) | |
| # On Github, paste public key into "Deploy keys" | |
| sudo -u www-data bash | |
| cd /path/to/repo | |
| git clone ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * GitHub webhook handler template. | |
| * | |
| * @see https://developer.github.com/webhooks/ | |
| * @author Miloslav Hůla (https://github.com/milo) | |
| */ | |
| // In this file: /etc/apache2/sites-available/example.com.conf | |
| // Put this line: SetEnv GITHUB_WEBHOOK_SECRET MY_SECRET | |
| $hookSecret = getenv('GITHUB_WEBHOOK_SECRET'); | |
| set_error_handler(function($severity, $message, $file, $line) { | |
| throw new \ErrorException($message, 0, $severity, $file, $line); | |
| }); | |
| set_exception_handler(function($e) { | |
| header('HTTP/1.1 500 Internal Server Error'); | |
| echo "Error on line {$e->getLine()}: " . htmlSpecialChars($e->getMessage()); | |
| die(); | |
| }); | |
| $rawPost = NULL; | |
| if ($hookSecret !== NULL) { | |
| if (!isset($_SERVER['HTTP_X_HUB_SIGNATURE'])) { | |
| throw new \Exception("HTTP header 'X-Hub-Signature' is missing."); | |
| } elseif (!extension_loaded('hash')) { | |
| throw new \Exception("Missing 'hash' extension to check the secret code validity."); | |
| } | |
| list($algo, $hash) = explode('=', $_SERVER['HTTP_X_HUB_SIGNATURE'], 2) + array('', ''); | |
| if (!in_array($algo, hash_algos(), TRUE)) { | |
| throw new \Exception("Hash algorithm '$algo' is not supported."); | |
| } | |
| $rawPost = file_get_contents('php://input'); | |
| if (!hash_equals($hash, hash_hmac($algo, $rawPost, $hookSecret))) { | |
| throw new \Exception('Hook secret does not match.'); | |
| } | |
| }; | |
| if (!isset($_SERVER['CONTENT_TYPE'])) { | |
| throw new \Exception("Missing HTTP 'Content-Type' header."); | |
| } elseif (!isset($_SERVER['HTTP_X_GITHUB_EVENT'])) { | |
| throw new \Exception("Missing HTTP 'X-Github-Event' header."); | |
| } | |
| switch ($_SERVER['CONTENT_TYPE']) { | |
| case 'application/json': | |
| $json = $rawPost ?: file_get_contents('php://input'); | |
| break; | |
| case 'application/x-www-form-urlencoded': | |
| $json = $_POST['payload']; | |
| break; | |
| default: | |
| throw new \Exception("Unsupported content type: $_SERVER[CONTENT_TYPE]"); | |
| } | |
| # Payload structure depends on triggered event | |
| # https://developer.github.com/v3/activity/events/types/ | |
| $payload = json_decode($json); | |
| switch (strtolower($_SERVER['HTTP_X_GITHUB_EVENT'])) { | |
| case 'ping': | |
| echo 'pong'; | |
| break; | |
| // case 'push': | |
| // break; | |
| default: | |
| header('HTTP/1.0 404 Not Found'); | |
| echo "Event:$_SERVER[HTTP_X_GITHUB_EVENT] Payload:\n"; | |
| print_r($payload); # For debug only. Can be found in GitHub hook log. | |
| die(); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment