forked from vicenteguerra/git-deploy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeploy.php
95 lines (83 loc) · 3 KB
/
deploy.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
require_once("config.php");
$content = file_get_contents("php://input");
$json = json_decode($content, true);
$file = fopen(LOGFILE, "a");
$time = time();
$token = false;
// retrieve the token
if (!$token && isset($_SERVER["HTTP_X_HUB_SIGNATURE"])) {
list($algo, $token) = explode("=", $_SERVER["HTTP_X_HUB_SIGNATURE"], 2) + array("", "");
} elseif (isset($_SERVER["HTTP_X_GITLAB_TOKEN"])) {
$token = $_SERVER["HTTP_X_GITLAB_TOKEN"];
} elseif (isset($_GET["token"])) {
$token = $_GET["token"];
}
// log the time
date_default_timezone_set("UTC");
fputs($file, date("d-m-Y (H:i:s)", $time) . "\n");
// function to forbid access
function forbid($file, $reason) {
// explain why
if ($reason) fputs($file, "=== ERROR: " . $reason . " ===\n");
fputs($file, "*** ACCESS DENIED ***" . "\n\n\n");
fclose($file);
// forbid
header("HTTP/1.0 403 Forbidden");
exit;
}
// function to return OK
function ok() {
ob_start();
header("HTTP/1.1 200 OK");
header("Connection: close");
header("Content-Length: " . ob_get_length());
ob_end_flush();
ob_flush();
flush();
}
// Check for a GitHub signature
if (!empty(TOKEN) && isset($_SERVER["HTTP_X_HUB_SIGNATURE"]) && $token !== hash_hmac($algo, $content, TOKEN)) {
forbid($file, "X-Hub-Signature does not match TOKEN");
// Check for a GitLab token
} elseif (!empty(TOKEN) && isset($_SERVER["HTTP_X_GITLAB_TOKEN"]) && $token !== TOKEN) {
forbid($file, "X-GitLab-Token does not match TOKEN");
// Check for a $_GET token
} elseif (!empty(TOKEN) && isset($_GET["token"]) && $token !== TOKEN) {
forbid($file, "\$_GET[\"token\"] does not match TOKEN");
// if none of the above match, but a token exists, exit
} elseif (!empty(TOKEN) && !isset($_SERVER["HTTP_X_HUB_SIGNATURE"]) && !isset($_SERVER["HTTP_X_GITLAB_TOKEN"]) && !isset($_GET["token"])) {
forbid($file, "No token detected");
} else {
// check if pushed branch matches branch specified in config
if ($json["ref"] === BRANCH) {
fputs($file, $content . PHP_EOL);
// ensure directory is a repository
if (file_exists(DIR . ".git") && is_dir(DIR)) {
try {
// pull
chdir(DIR);
shell_exec(GIT . " pull");
// return OK to prevent timeouts on AFTER_PULL
ok();
// execute AFTER_PULL if specified
if (!empty(AFTER_PULL)) {
try {
shell_exec(AFTER_PULL);
} catch (Exception $e) {
fputs($file, $e . "\n");
}
}
fputs($file, "*** AUTO PULL SUCCESFUL ***" . "\n");
} catch (Exception $e) {
fputs($file, $e . "\n");
}
} else {
fputs($file, "=== ERROR: DIR is not a repository ===" . "\n");
}
} else{
fputs($file, "=== ERROR: Pushed branch does not match BRANCH ===\n");
}
}
fputs($file, "\n\n" . PHP_EOL);
fclose($file);