slowkow/Apache www-data setup

## Apache www-data setup
sudo mkdir -m 0700  /var/www/.ssh
sudo chown -R www-data:www-data /var/www/.ssh
sudo -u www-data ssh-keygen (empty passphrase)

# On Github, paste public key into "Deploy keys"

sudo -u www-data bash
cd /path/to/repo
git clone ...

## github-webhook-handler.php
<?php

/**
 * GitHub webhook handler template.
 *
 * @see  https://developer.github.com/webhooks/
 * @author  Miloslav Hůla (https://github.com/milo)
 */

// In this file: /etc/apache2/sites-available/example.com.conf
// Put this line: SetEnv GITHUB_WEBHOOK_SECRET MY_SECRET
$hookSecret = getenv('GITHUB_WEBHOOK_SECRET');

set_error_handler(function($severity, $message, $file, $line) {
    throw new \ErrorException($message, 0, $severity, $file, $line);
});

set_exception_handler(function($e) {
    header('HTTP/1.1 500 Internal Server Error');
    echo "Error on line {$e->getLine()}: " . htmlSpecialChars($e->getMessage());
    die();
});

$rawPost = NULL;

if ($hookSecret !== NULL) {
    if (!isset($_SERVER['HTTP_X_HUB_SIGNATURE'])) {
        throw new \Exception("HTTP header 'X-Hub-Signature' is missing.");
    } elseif (!extension_loaded('hash')) {
        throw new \Exception("Missing 'hash' extension to check the secret code validity.");
    }
    list($algo, $hash) = explode('=', $_SERVER['HTTP_X_HUB_SIGNATURE'], 2) + array('', '');
    if (!in_array($algo, hash_algos(), TRUE)) {
        throw new \Exception("Hash algorithm '$algo' is not supported.");
    }
    $rawPost = file_get_contents('php://input');
    if (!hash_equals($hash, hash_hmac($algo, $rawPost, $hookSecret))) {
        throw new \Exception('Hook secret does not match.');
    }
};

if (!isset($_SERVER['CONTENT_TYPE'])) {
    throw new \Exception("Missing HTTP 'Content-Type' header.");
} elseif (!isset($_SERVER['HTTP_X_GITHUB_EVENT'])) {
    throw new \Exception("Missing HTTP 'X-Github-Event' header.");
}

switch ($_SERVER['CONTENT_TYPE']) {
    case 'application/json':
        $json = $rawPost ?: file_get_contents('php://input');
        break;
    case 'application/x-www-form-urlencoded':
        $json = $_POST['payload'];
        break;
    default:
        throw new \Exception("Unsupported content type: $_SERVER[CONTENT_TYPE]");
}

# Payload structure depends on triggered event
# https://developer.github.com/v3/activity/events/types/
$payload = json_decode($json);
switch (strtolower($_SERVER['HTTP_X_GITHUB_EVENT'])) {
    case 'ping':
        echo 'pong';
        break;
//    case 'push':
//        break;
    default:
        header('HTTP/1.0 404 Not Found');
        echo "Event:$_SERVER[HTTP_X_GITHUB_EVENT] Payload:\n";
        print_r($payload); # For debug only. Can be found in GitHub hook log.
        die();
}
	sudo mkdir -m 0700 /var/www/.ssh
	sudo chown -R www-data:www-data /var/www/.ssh
	sudo -u www-data ssh-keygen (empty passphrase)

	# On Github, paste public key into "Deploy keys"

	sudo -u www-data bash
	cd /path/to/repo
	git clone ...
	<?php

	/**
	* GitHub webhook handler template.
	*
	* @see https://developer.github.com/webhooks/
	* @author Miloslav Hůla (https://github.com/milo)
	*/

	// In this file: /etc/apache2/sites-available/example.com.conf
	// Put this line: SetEnv GITHUB_WEBHOOK_SECRET MY_SECRET
	$hookSecret = getenv('GITHUB_WEBHOOK_SECRET');

	set_error_handler(function($severity, $message, $file, $line) {
	throw new \ErrorException($message, 0, $severity, $file, $line);
	});

	set_exception_handler(function($e) {
	header('HTTP/1.1 500 Internal Server Error');
	echo "Error on line {$e->getLine()}: " . htmlSpecialChars($e->getMessage());
	die();
	});

	$rawPost = NULL;

	if ($hookSecret !== NULL) {
	if (!isset($_SERVER['HTTP_X_HUB_SIGNATURE'])) {
	throw new \Exception("HTTP header 'X-Hub-Signature' is missing.");
	} elseif (!extension_loaded('hash')) {
	throw new \Exception("Missing 'hash' extension to check the secret code validity.");
	}
	list($algo, $hash) = explode('=', $_SERVER['HTTP_X_HUB_SIGNATURE'], 2) + array('', '');
	if (!in_array($algo, hash_algos(), TRUE)) {
	throw new \Exception("Hash algorithm '$algo' is not supported.");
	}
	$rawPost = file_get_contents('php://input');
	if (!hash_equals($hash, hash_hmac($algo, $rawPost, $hookSecret))) {
	throw new \Exception('Hook secret does not match.');
	}
	};

	if (!isset($_SERVER['CONTENT_TYPE'])) {
	throw new \Exception("Missing HTTP 'Content-Type' header.");
	} elseif (!isset($_SERVER['HTTP_X_GITHUB_EVENT'])) {
	throw new \Exception("Missing HTTP 'X-Github-Event' header.");
	}

	switch ($_SERVER['CONTENT_TYPE']) {
	case 'application/json':
	$json = $rawPost ?: file_get_contents('php://input');
	break;
	case 'application/x-www-form-urlencoded':
	$json = $_POST['payload'];
	break;
	default:
	throw new \Exception("Unsupported content type: $_SERVER[CONTENT_TYPE]");
	}

	# Payload structure depends on triggered event
	# https://developer.github.com/v3/activity/events/types/
	$payload = json_decode($json);
	switch (strtolower($_SERVER['HTTP_X_GITHUB_EVENT'])) {
	case 'ping':
	echo 'pong';
	break;
	// case 'push':
	// break;
	default:
	header('HTTP/1.0 404 Not Found');
	echo "Event:$_SERVER[HTTP_X_GITHUB_EVENT] Payload:\n";
	print_r($payload); # For debug only. Can be found in GitHub hook log.
	die();
	}