GitHub PHP webhook to auto-pull on repo push

github_post_recieve.php

<?php

// Use in the "Post-Receive URLs" section of your GitHub repo.

if ( $_POST['payload'] ) {
  shell_exec( 'cd /srv/www/git-repo/ && git reset --hard HEAD && git pull' );
}

?>hi

<?php
// GitHub Webhook Secret.
// Keep it the same with the 'Secret' field on your Webhooks / Manage webhook page of your respostory.
$secret = "";

// Path to your respostory on your server.
// e.g. "/var/www/respostory"
$path = "";

// Headers deliveried from GitHub
$signature = $_SERVER['HTTP_X_HUB_SIGNATURE'];

if ($signature) {
  $hash = "sha1=".hash_hmac('sha1', file_get_contents("php://input"), $secret);
  if (strcmp($signature, $hash) == 0) {
    echo shell_exec("cd {$path} && /usr/bin/git reset --hard origin/master && /usr/bin/git clean -f && /usr/bin/git pull 2>&1");
    exit();
  }
}

http_response_code(404);

?>

Source: https://github.com/mdluo/github-webhook-handler-php/blob/master/github-webhook-handler-php70.php

@Luc45 thank you for the suggestion, it worked and was quite helpful !! 🙌
In addition, on my remote server, I have added a little line to the /etc/sudoers file to allow the webserver user (usually www-data) to execute /usr/bin/git as the user that owns my repo files 😉
Here is my example: www-data ALL = (repo_owner) NOPASSWD : /usr/bin/git

Always be cautious when running shell commands from web scripts backpack battles for security reasons. Sanitize inputs, restrict access, and log activities to avoid potential vulnerabilities.