-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwebhook-handler.php
97 lines (88 loc) · 4.45 KB
/
webhook-handler.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<?php
/*
* Endpoint for GitHub Webhook URLs
* see: https://docs.github.com/en/developers/webhooks-and-events/webhooks
*
* All emails will be sent to the address specified in email->to in .ht.config.json
* Errors will also be sent to that email address
*/
$configFilename = '.ht.config.json'; // Some security: files starting with .ht are usually never served by apache
function run($config, $repoConfig, $payload) {
if (empty($repoConfig['run']))
return
$returnCode = -1;
$output = null;
exec($repoConfig['run'], $output, $returnCode);
if (isset($config['email'])) {
// send notification mail
$headers = "From: {$config['email']['from']}\r\n";
if (!empty($repoConfig['cc-pusher']))
// CC the github user who pushed the changes
$headers .= "CC: {$payload->pusher->email}\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=utf-8\r\n";
$body = '<p>The GitHub user <a href="https://github.com/'
. $payload->pusher->name .'">@' . $payload->pusher->name . '</a>'
. ' has pushed to <a href="' . $payload->repository->url . '">'
. $payload->repository->url . '</a>:</p><ul>';
foreach ($payload->commits as $commit) {
$body .= '<li><pre>' . $commit->message . '</pre>';
$body .= '<small>added: <b>' . count($commit->added)
.'</b> modified: <b>' . count($commit->modified)
.'</b> removed: <b>' . count($commit->removed)
.'</b> <a href="' . $commit->url
. '">read more</a></small></li>';
}
$body .= "</ul><p>GitHub webhook handler invoked action: <b>{$repoConfig['description']}.</b></p>";
$body .= "<p>Output of the script " . $repoConfig['run'] . ":</p><pre>" . implode("\n", $output) . "</pre>";
mail($config['email']['to'], $repoConfig['description'] . (($returnCode == 0)? " OK" : " ERROR"), $body, $headers);
}
}
try {
if (!file_exists($configFilename))
throw new Exception("Can't find $configFilename");
$config = json_decode(file_get_contents($configFilename), true);
if (empty($config))
throw new Exception("Error while reading configuration.");
$json = null;
if (isset($_SERVER['CONTENT_TYPE'])) {
if ($_SERVER['CONTENT_TYPE'] == 'application/json')
$json = file_get_contents('php://input');
elseif ($_SERVER['CONTENT_TYPE'] == 'application/x-www-form-urlencoded')
// $json = $_POST['payload']; // not sure why but hashes don't match with this method
throw new Exception("Content type 'application/x-www-form-urlencoded' not supported, please use 'application/json'.");
}
$payload = json_decode($json);
if (empty($payload)) {
echo "GitHub webhook handler here. No payload detected. Doing nothing.";
} else {
$repoConfig = null;
$branch = substr($payload->ref, 11); // $payload->ref contains e.g. "refs/heads/main"
foreach ($config['endpoints'] as $endpoint) {
// check if we have a configuration for this repository and branch
if ($payload->repository->url == 'https://github.com/' . $endpoint['repo']
&& $branch == $endpoint['branch']) {
$repoConfig = $endpoint;
break;
}
}
if (!empty($repoConfig)) {
if (!empty($repoConfig['secret'])) {
$hash = 'sha1=' . hash_hmac('sha1', $json, $repoConfig['secret']);
$headerHash = $_SERVER['HTTP_X_HUB_SIGNATURE'];
if (!hash_equals($hash, $headerHash))
throw new Exception("The recieved hash ($headerHash) doesn't match the computed one ($hash).");
} // else, there's no secret configured, we assume it's ok
run($config, $repoConfig, $payload);
} else {
// TODO make it configurable whether to send an email or not if we have no configuration for this repo and branch
// throw new Exception("No configuration found for {$payload->repository->url} on branch $branch");
}
}
} catch (Exception $e) {
echo $e->getMessage();
if (!empty($config) && isset($config['email']) && isset($config['email']['to']))
mail($config['email']['to'], $e->getMessage(), (string) $e);
else
echo "ERROR: Couldn't find configuration for email address. No email sent.";
}