Created October 11, 2010 02:04
GitHub PHP webhook to auto-pull on repo push
// Use in the "Post-Receive URLs" section of your GitHub repo.
if ( $_POST['payload'] ) {
shell_exec( 'cd /srv/www/git-repo/ && git reset --hard HEAD && git pull' );
Just an fyi: I had to change the following before it would work:

if ( $_POST['payload'] ) {


if ($_SERVER['HTTP_X_GITHUB_EVENT'] == 'push') {

also, as usually shell_exec is run from the user www-data I had to change permissions by executing the following command inside /var/www/html

sudo chown www-data:www-data -R my-repo/

izeta commented Aug 24, 2015

Thanks @lmann that worked for me:

if ($_SERVER['HTTP_X_GITHUB_EVENT'] == 'push') {

Just figured out the difference. If you use the json content-type, then $_POST['payload'] will not work. You have to use the application/x-www-form-urlencoded for $_POST['payload'] to work.

youhide commented Sep 2, 2015

i need to use that on final of string and work nice:
shell_exec( 'cd '.$path.' && git reset --hard HEAD && git pull 2>&1' );

leotm commented Jun 1, 2016

@izeta application/x-www-form-urlencoded got $_POST['payload'] working, cheers!
You can also shell_exec("./"), remembering to chmod u+x
I'm on SiteGround hosting, so need to worry about www-data .

normanlolx commented Jul 4, 2017


www-data ALL = (myuser) NOPASSWD: /usr/bin/git
www-data ALL = (myuser) NOPASSWD: /usr/bin/node
www-data ALL = (myuser) NOPASSWD: /usr/bin/drush
www-data ALL = (myuser) NOPASSWD: /usr/bin/whoami



if ( isset($_POST['payload']) && $_POST['payload'] ) {
  echo shell_exec('cd /var/www/mydrupal/ && sudo -u myuser git pull');
  echo shell_exec('cd /var/www/mydrupal/sites/all/themes/mytheme/ && sudo -u myuser node ./node_modules/gulp/bin/gulp.js mygulptask');
  // Adding the drush will cause the delivery being displayed as unsuccessful. Means GitHub doesn't wait so long. The command will run nevertheless.
  echo shell_exec('cd /var/www/mydrupal/ && sudo -u myuser drush @sites cc all -y');

// Should return www-data
echo shell_exec('whoami');
// Should return myuser
echo shell_exec('sudo -u myuser whoami');



Thx for the simple gist!

I solved my issue with my shell_exec(... command not running by changing the directory it was in ownership to www-data (from root), ie: sudo chown -R www-data /var/www/

Luc45 commented Jan 29, 2019

// GitHub Webhook Secret.
// Keep it the same with the 'Secret' field on your Webhooks / Manage webhook page of your respostory.
$secret = "";

// Path to your respostory on your server.
// e.g. "/var/www/respostory"
$path = "";

// Headers deliveried from GitHub
$signature = $_SERVER['HTTP_X_HUB_SIGNATURE'];

if ($signature) {
  $hash = "sha1=".hash_hmac('sha1', file_get_contents("php://input"), $secret);
  if (strcmp($signature, $hash) == 0) {
    echo shell_exec("cd {$path} && /usr/bin/git reset --hard origin/master && /usr/bin/git clean -f && /usr/bin/git pull 2>&1");




imantsk commented Nov 4, 2022

@Luc45 thank you for the suggestion, it worked and was quite helpful !! 🙌
In addition, on my remote server, I have added a little line to the /etc/sudoers file to allow the webserver user (usually www-data) to execute /usr/bin/git as the user that owns my repo files 😉
Here is my example: www-data ALL = (repo_owner) NOPASSWD : /usr/bin/git

