github与gitee代码自动同步到服务器实现PHP项目自动部署webhooks

2021-12-07 15:07:28 浏览数 (1)

gitee.com/kotlindev/P…

www.bilibili.com/video/av456…

配置这个网址

http://415.759.288.189:8123/webhook/hook.php

代码语言:javascript复制
<?php

// 允许请求IP gitee请求的时候会打印
$allowIpArr = [
    'gitee的ip'
];

// 请求密码 你的密码
$password = 'tsdsdaf_asdf_fsd1234123sdf';

// 检测IP
if (!in_array($_SERVER['REMOTE_ADDR'], $allowIpArr)) {
    echo '非法IP:' . $_SERVER['REMOTE_ADDR'];
    exit(0);
}

// 获取请求参数
$headers = getallheaders();
$body = json_decode(file_get_contents("php://input"), true);

// 验证提交分支是否为master
if (!isset($body['ref']) || $body['ref'] !== 'refs/heads/master') {
    echo '非主分支' . $body;
    exit(0);
}

// 验证提交密码是否正确
if (!isset($body['password']) || $body['password'] !== $password) {
    echo '密码错误';
    exit(0);
}

// 验证成功,拉取代码
$path = $body['project']['path'];
$command = 'cd /usr/www/' . $path . ' && git pull 2>&1';
$res = shell_exec($command);

//$body['sender']['email'],// 将邮件发送给发送者
//$body['repository']['owner']['email']// 将邮件发送给仓库所有者
//$message = $body['head_commit']['message'];// 提交信息
//$datetime = date('Y-m-d H:i:s', $body['timestamp'] / 1000);// 时间
//$pusher = $body['pusher']['name'];// 提交人
//$name = $body['project']['name'];// 项目名
//$path = $body['project']['path'];// 路径

// 返回结果
echo 'git pull执行结果:' . $res;
复制代码

//另外一种方法:签名秘钥

代码语言:javascript复制
<?php
//本地路径
$local = '/www/wwwroot/otc';

//签名验证
$headers = getallheaders();
$gitee_token = $headers["X-Gitee-Token"];
$gitee_timestamp =$headers["X-Gitee-Timestamp"];
echo "gitee_token: $gitee_token <br />n";
echo "gitee_timestamp: $gitee_timestamp <br />n";
$sign_key = "LEreKhDjwoN8aZ8L";
$sec_str = "$gitee_timestampn$sign_key";
$compute_token =  base64_encode(hash_hmac('sha256', $sec_str,$sign_key,true));

echo "computetoken: $compute_token <br />n";

if($compute_token!=$gitee_token){
    die('sign is not right');
}

shell_exec("cd {$local} && sudo git pull 2>&1");


die('done ' . date('Y-m-d H:i:s', time()));
复制代码

//第3种签名秘钥 指定分支

代码语言:javascript复制
<?php
/**
 * 自动更新钩子
 * 修改密钥及项目路径即可使用
 **/

//以流的方式读取
$requestBody = file_get_contents("php://input");

if (empty($requestBody)) {
    die('send fail');
}

//file_put_contents('./requestBody.log', $requestBody);

$requestBody = json_decode($requestBody,true);

//加密字符串
$secret_post = $requestBody['sign'];

//时间戳参数,单位毫秒级
$time_stamp = $requestBody['timestamp'];

//在WebHooks签名密钥一栏填写的密钥信息
$access_token = 'abcdefg';

//加密文档
//https://gitee.com/help/articles/4290
$secret_join = $time_stamp . "n" . $access_token;

//file_put_contents('./join.log', $secret_join);

$base64 = base64_encode(hash_hmac('sha256', $secret_join, $access_token, true));

//file_put_contents('./base64.log' , $base64);

//看推送的是哪个分支就构建哪个分支
//如有需要可以更改规则,比如屏蔽某些分支不构建
$branch = str_replace('refs/heads/', '', $requestBody['ref']);

$requestBody = null;

// 打开网站目录下的hooks.log文件 需要在服务器上创建 并给写权限
$fs = fopen('/tmp/deploy_webhooks_pull.log', 'a');

fwrite($fs, date('Y-m-d H:i:s') . ' ================ Update Start ===============' . PHP_EOL);// 请求ip
$client_ip = $_SERVER['REMOTE_ADDR'];

// 把请求的IP和时间写进log
fwrite($fs, date('Y-m-d H:i:s') . ' Request on [' . date("Y-m-d H:i:s") . '] from [' . $client_ip . ']' . PHP_EOL);

// 验证token 有错就写进日志并退出
if ($base64 !== $secret_post) {
    fwrite($fs, date('Y-m-d H:i:s') . " Invalid token [{$client_token}]" . PHP_EOL);

    $fs and fclose($fs);

    header("HTTP/1.1 404 Not Found");

    header("Status: 404 Not Found");

    exit;
}

// 如果有需要 可以打开下面,把传送过来的信息写进log 可用于调试,测试成功后注释即可
// fwrite($fs, 'Data: ' . print_r($data, true) . PHP_EOL);

// 执行shell命令并把返回信息写进日志
if($branch == 'master') {

}else {
	$branch = 'master';
}

//www/wwwroot/garfield 项目目录
$output = shell_exec('cd /www/wwwroot/garfield/; git pull origin ' . $branch . ' 2<&1; chown -R www:www /www/wwwroot/garfield/*;');


fwrite($fs, date('Y-m-d H:i:s') . 'Info:' . print_r($output, true) . PHP_EOL);
fwrite($fs, date('Y-m-d H:i:s') .  '================ Update End ===============' . PHP_EOL . PHP_EOL);
$fs and fclose($fs);

// 调试时打开
 echo json_encode($output);
复制代码

​Buy me a cup of coffee :)

0 人点赞