Last active
August 29, 2015 14:15
-
-
Save tomazzaman/cbf366d74795195c11d2 to your computer and use it in GitHub Desktop.
Do a git pull whenever a GitHub webhook triggers a php script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a monit configuration file that watches a 'git.log' file | |
| # which should be a 777 file inside your WordPress | |
| check file observable_file with path /home/webmaster/www/domain.com/git.log | |
| if changed checksum then exec "/usr/local/sbin/observable_file.sh" | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script pulls the repo as the user 'webmaster' inside | |
| # the theme folder. Change the path according to your setup | |
| THEME_PATH=/home/webmaster/www/domain.com/assets/themes/theme_name | |
| cd $THEME_PATH; | |
| sudo -H -u webmaster bash -c '/usr/bin/git pull 2>&1'; | |
| exit 0; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| # Most of this file serves as a security measure, checking whether | |
| # the request really came from GitHub. If so, it writes a date to the | |
| # 'git.log' file. Doesn't need to be the date as long as it | |
| # changes the file, in turn changing it checksum, triggering monit. | |
| # This file should be placed inside your WordPress, next to wp-config.php | |
| # and GitHub webhook should be set to something like http://domain.com/pull.php | |
| define( 'PRIVATE_KEY', 'GitHub Secred that you generate with the WebHook' ); | |
| set_error_handler( function( $severity, $message, $file, $line ) { | |
| throw new \ErrorException($message, 0, $severity, $file, $line ); | |
| }); | |
| set_exception_handler( function( $e ) { | |
| header('HTTP/1.1 500 Internal Server Error'); | |
| echo "Error on line {$e->getLine()}: " . htmlSpecialChars( $e->getMessage() ); | |
| die(); | |
| } ); | |
| if ( ! isset( $_SERVER['HTTP_X_HUB_SIGNATURE'] ) ) { | |
| throw new \Exception( "HTTP header 'X-Hub-Signature' is missing." ); | |
| } elseif ( !extension_loaded( 'hash' ) ) { | |
| throw new \Exception( "Missing 'hash' extension to check the secret code validity." ); | |
| } | |
| list( $algo, $hash ) = explode( '=', $_SERVER['HTTP_X_HUB_SIGNATURE'], 2 ) + array( '', '' ); | |
| if ( ! in_array( $algo, hash_algos(), TRUE ) ) { | |
| throw new \Exception( "Hash algorithm '$algo' is not supported." ); | |
| } | |
| $raw_post = file_get_contents( 'php://input' ); | |
| if ( $hash !== hash_hmac( $algo, $raw_post, PRIVATE_KEY ) ) { | |
| throw new \Exception( 'Hook secret does not match.' ); | |
| } | |
| if ( ! isset($_SERVER['HTTP_CONTENT_TYPE'] ) ) { | |
| throw new \Exception( "Missing HTTP 'Content-Type' header." ); | |
| } elseif ( ! isset( $_SERVER['HTTP_X_GITHUB_EVENT'] ) ) { | |
| throw new \Exception( "Missing HTTP 'X-Github-Event' header." ); | |
| } | |
| switch ($_SERVER['HTTP_CONTENT_TYPE']) { | |
| case 'application/json': | |
| $json = $raw_post ?: file_get_contents( 'php://input' ); | |
| break; | |
| case 'application/x-www-form-urlencoded': | |
| $json = $_POST['payload']; | |
| break; | |
| default: | |
| throw new \Exception( "Unsupported content type: $_SERVER[HTTP_CONTENT_TYPE]" ); | |
| } | |
| echo shell_exec( 'echo $(date) > git.log' ); | |
| echo "Updated."; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment