AG-IT
/
programm-webhook
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Changed to docker-compose deployment

main
Andre Challier 2024-03-27 13:06:19 +01:00
parent d48de2cd98
commit d5c733767b
10 changed files with 157 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -1,4 +1,4 @@
FROM nginx
FROM jkaninda/nginx-php-fpm
# Install git and ssh-keygen
RUN apt-get update && \

6
README.md
View File

@ -1,3 +1,7 @@
# Docker Nginx Git
This is a container to serve static pages from a git repository.
This is a container to serve static pages from two git repositories. One repository holds the static sites, the other holds an assets-folder.
From the static sites repository all branches are initially loaded to `$HTML_FOLDER/branches/<branchname>`, the assets folder is initially loaded to `$HTML_FOLDER/assets`.
On a push to some branch on the static sites repository, this branches folder is deleted and cloned again. The assets folder is only updated if the push happened on the `main` branch.

27
docker-compose.yml
View File

@ -1,8 +1,27 @@
version: '3'
version: '3.8'
services:
my-container:
image: <image_name>:<tag_name>
nginx:
image: nginx:latest
ports:
- "80:80"
# Add other configuration options as needed
volumes:
- static-files: /usr/share/nginx/html
- webhooks-git-ssh: /root/.ssh
- webhooks-git-data: /etc/webhook/
webhooks-git:
build:
context: ./webhooks-git
dockerfile: Dockerfile
volumes:
- static-files:/etc/static-files
volumes:
static-files:
external: true
webhooks-git-ssh:
external: true
webhooks-git-data:
external: true

5
entrypoint.sh
View File

@ -1,5 +0,0 @@
#!/bin/bash
echo "Starting Nginx git publisher on $NGINX_SERVER_NAME"
echo $SSH_KEY_PATH
nginx -g daemon off;

14
nginx.conf.dist
View File

@ -1,14 +0,0 @@
events {}
http {
server {
listen 80;
server_name ${NGINX_SERVER_NAME};
location / {
root /usr/share/nginx/html;
index index.html;
}
}
}

18
webhook-git-2.Dockerfile Normal file
View File

@ -0,0 +1,18 @@
# Dockerfile for https://github.com/adnanh/webhook
FROM golang:alpine AS build
MAINTAINER Almir Dzinovic <almir@dzinovic.net>
WORKDIR /go/src/github.com/adnanh/webhook
ENV WEBHOOK_VERSION 2.8.1
RUN apk add --update -t build-deps curl libc-dev gcc libgcc git openssh-client bash nano
RUN curl -L --silent -o webhook.tar.gz https://github.com/adnanh/webhook/archive/${WEBHOOK_VERSION}.tar.gz && \
tar -xzf webhook.tar.gz --strip 1
RUN go get -d -v
RUN CGO_ENABLED=0 go build -ldflags="-s -w" -o /usr/local/bin/webhook
FROM alpine
RUN apk --no-cache add git openssh-client bash nano
COPY --from=build /usr/local/bin/webhook /usr/local/bin/webhook
WORKDIR /etc/webhook
EXPOSE 9000
ENTRYPOINT ["/usr/local/bin/webhook"]
CMD ["-verbose", "-hooks=/etc/webhook/hooks.yaml", "-hotreload"]

11
webhook-git.Dockerfile Normal file
View File

@ -0,0 +1,11 @@
# Dockerfile for https://github.com/adnanh/webhook
FROM almir/webhook
COPY hooks.json.example /etc/webhook/hooks.json
FROM alpine
RUN apk --no-cache add git openssh-client bash nano
COPY --from=build /usr/local/bin/webhook /usr/local/bin/webhook
WORKDIR /etc/webhook
EXPOSE 9000
ENTRYPOINT ["/usr/local/bin/webhook"]
CMD ["-verbose", "-hooks=/etc/webhook/hooks.json", "-hotreload"]

54
webhook.php
View File

@ -1,54 +0,0 @@
<?php
$secret_key = '1234';
// check for POST request
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
error_log('FAILED - not POST - '. $_SERVER['REQUEST_METHOD']);
exit();
}
// get content type
$content_type = isset($_SERVER['CONTENT_TYPE']) ? strtolower(trim($_SERVER['CONTENT_TYPE'])) : '';
if ($content_type != 'application/json') {
error_log('FAILED - not application/json - '. $content_type);
exit();
}
// get payload
$payload = trim(file_get_contents("php://input"));
if (empty($payload)) {
error_log('FAILED - no payload');
exit();
}
// get header signature
$header_signature = isset($_SERVER['HTTP_X_GITEA_SIGNATURE']) ? $_SERVER['HTTP_X_GITEA_SIGNATURE'] : '';
if (empty($header_signature)) {
error_log('FAILED - header signature missing');
exit();
}
// calculate payload signature
$payload_signature = hash_hmac('sha256', $payload, $secret_key, false);
// check payload signature against header signature
if ($header_signature !== $payload_signature) {
error_log('FAILED - payload signature');
exit();
}
// convert json to array
$decoded = json_decode($payload, true);
// check for json decode errors
if (json_last_error() !== JSON_ERROR_NONE) {
error_log('FAILED - json decode - '. json_last_error());
exit();
}
// success, do something
file_put_contents("payload.json", $decoded);

0
webhooks-git/Dockerfile Normal file
View File

99
webhooks-git/hooks.json.example Normal file
View File

@ -0,0 +1,99 @@
[
{
"id": "programm-webhook",
"http-methods": ["PUSH"],
"execute-command": "/etc/webhook/programm-hook.sh",
"command-working-directory": "/etc/webhook/",
"response-message": "I got the payload!",
"response-headers":
[
{
"name": "Access-Control-Allow-Origin",
"value": "*"
}
],
"pass-arguments-to-command":
[
{
"source": "payload",
"name": "ref"
},
{
"source": "payload",
"name": "repository.name"
}
],
"trigger-rule":
{
"and":
[
{
"match":
{
"type": "payload-hmac-sha1",
"secret": "1234",
"parameter":
{
"source": "header",
"name": "X-Hub-Signature"
}
}
}
]
}
},
{
"id": "assets-webhook",
"execute-command": "/etc/webhook/assets-hook.sh",
"command-working-directory": "/etc/webhook/",
"response-message": "I got the payload!",
"response-headers":
[
{
"name": "Access-Control-Allow-Origin",
"value": "*"
}
],
"pass-arguments-to-command":
[
{
"source": "payload",
"name": "repository.name"
},
{
"source": "payload",
"name": "ref"
}
],
"trigger-rule":
{
"and":
[
{
"match":
{
"type": "payload-hmac-sha256",
"secret": "1234",
"parameter":
{
"source": "header",
"name": "X-Hub-Signature-256"
}
}
},
{
"match":
{
"type":"value",
"value": "refs/heads/main",
"parameter":
{
"source": "payload",
"name": "ref"
}
}
}
]
}
}
]