Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Deploy With Git

Deploy with GitHub webhook

Put this file in your repo and setup a webhook to call it on the push event. It will trigger a git pull to update the local copy.

Change the path on line 49 to point to your secret file.

$secretFile = __DIR__ . '/../../.gitpullsecretkey';
<?php
/**
* GIT DEPLOYMENT SCRIPT
*
* Used for automatically deploying websites via github securely, more deets here:
*
* https://gist.github.com/limzykenneth/baef1b190c68970d50e1
*
* Put a .gitpullsecretkey file with the webhook secret somewhere not publicly accessible and reference the path on line 49
* If the git repo is in a different directory than this file, you have two options:
* 1. You can CD to it before doing git pull. Put both commands on one line with a && separating them.
* 'cd www && git pull origin master'
* 2. Set the git-dir parameter for the git command. Note that you have to set it all the way to the .git folder in the repo.
* git --git-dir=relative/path/to/my/repo/.git pull
*/
// The header information which will be verified
$agent=$_SERVER['HTTP_USER_AGENT'];
$signature=$_SERVER['HTTP_X_HUB_SIGNATURE'];
$body=@file_get_contents('php://input');
// The commands
$commands = array(
'git pull origin master'
);
if (strpos($agent,'GitHub-Hookshot') !== false){
if (hash_equals($signature, verify_request())){
// Run the commands
foreach($commands AS $command){
// Run it
$tmp = shell_exec($command);
}
echo "Deploy successful.";
}else{
header('HTTP/1.1 403 Forbidden');
echo "Invalid request 1.";
}
}else{
header('HTTP/1.1 403 Forbidden');
echo "Invalid request 2.";
}
// Generate the hash verification with the request body and the key stored in your .htaccess file
function verify_request(){
$message = $GLOBALS['body'];
$key = getSecretKey();
$hash = hash_hmac("sha1", $message, $key);
$hash = "sha1=".$hash;
return $hash;
}
// Gets the secret key from a file outside public_html. The file should contain nothing but the key on one line only.
function getSecretKey() {
$secretFile = __DIR__ . '/../../.gitpullsecretkey';
$fh = fopen($secretFile, 'r');
$secretKey = fread($fh, filesize($secretFile));
fclose($fh);
return trim($secretKey);
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment