nanvel/pull.py

## pull.py
import hmac
import json
from hashlib import sha1

from django.views.decorators.csrf import csrf_exempt


@csrf_exempt
def pull_view(request):
    """
    response.body

    {
        "ref":"refs/heads/master",
        "before":"60c6dc52ebddc3fc97c61523e2eb4c4398e599eb",
        "after":"4ceb48913c33da98a3ad110b92983e4a63316050",
        "commits":[{
            "id":"4ceb48913c33da98a3ad110b92983e4a63316050",
            "added":[
            ],
            "removed":[
            ],
            "modified":[
                "projects/vo.yml",
                "deduplicated.txt"
            ]
        }]
    }
    """
    if not settings.GITHUB_WEBHOOK_SECRET:
        return HttpResponseBadRequest(b'GitHub secret is not specified.')

    sha_name, signature = request.META.get('HTTP_X_HUB_SIGNATURE').split('=')
    # only SHA1 is supported
    if sha_name != 'sha1':
        return HttpResponseBadRequest(b"Only sha1 is supported.")

    mac = hmac.new(
        settings.GITHUB_WEBHOOK_SECRET.encode('utf-8'),
        msg=request.body,
        digestmod=sha1
    )

    if not hmac.compare_digest(mac.hexdigest(), signature):
        return HttpResponseForbidden("Invalid signature.")

    logger.warning('GitHub pull ...')

    event = request.META.get('HTTP_X_GITHUB_EVENT', '')

    # ping
    if event == 'ping':
        return JsonResponse({'msg': 'pong'})

    elif event == 'push':
        data = json.loads(request.body.decode('utf-8'))
        if data['ref'] == 'refs/heads/{branch}'.format(branch=settings.GITHUB_WEBHOOK_BRANCH):
            print(data['commits'])
            objects = set()
            for commit in data['commits']:
                pass

    return JsonResponse({'success': True})
	import hmac
	import json
	from hashlib import sha1

	from django.views.decorators.csrf import csrf_exempt


	@csrf_exempt
	def pull_view(request):
	"""
	response.body

	{
	"ref":"refs/heads/master",
	"before":"60c6dc52ebddc3fc97c61523e2eb4c4398e599eb",
	"after":"4ceb48913c33da98a3ad110b92983e4a63316050",
	"commits":[{
	"id":"4ceb48913c33da98a3ad110b92983e4a63316050",
	"added":[
	],
	"removed":[
	],
	"modified":[
	"projects/vo.yml",
	"deduplicated.txt"
	]
	}]
	}
	"""
	if not settings.GITHUB_WEBHOOK_SECRET:
	return HttpResponseBadRequest(b'GitHub secret is not specified.')

	sha_name, signature = request.META.get('HTTP_X_HUB_SIGNATURE').split('=')
	# only SHA1 is supported
	if sha_name != 'sha1':
	return HttpResponseBadRequest(b"Only sha1 is supported.")

	mac = hmac.new(
	settings.GITHUB_WEBHOOK_SECRET.encode('utf-8'),
	msg=request.body,
	digestmod=sha1
	)

	if not hmac.compare_digest(mac.hexdigest(), signature):
	return HttpResponseForbidden("Invalid signature.")

	logger.warning('GitHub pull ...')

	event = request.META.get('HTTP_X_GITHUB_EVENT', '')

	# ping
	if event == 'ping':
	return JsonResponse({'msg': 'pong'})

	elif event == 'push':
	data = json.loads(request.body.decode('utf-8'))
	if data['ref'] == 'refs/heads/{branch}'.format(branch=settings.GITHUB_WEBHOOK_BRANCH):
	print(data['commits'])
	objects = set()
	for commit in data['commits']:
	pass

	return JsonResponse({'success': True})