Skip to content

Instantly share code, notes, and snippets.

@tomazzaman
Last active August 29, 2015 14:15
Show Gist options
  • Save tomazzaman/cbf366d74795195c11d2 to your computer and use it in GitHub Desktop.
Save tomazzaman/cbf366d74795195c11d2 to your computer and use it in GitHub Desktop.
Do a git pull whenever a GitHub webhook triggers a php script
# This is a monit configuration file that watches a 'git.log' file
# which should be a 777 file inside your WordPress
check file observable_file with path /home/webmaster/www/domain.com/git.log
if changed checksum then exec "/usr/local/sbin/observable_file.sh"
#!/bin/bash
# This script pulls the repo as the user 'webmaster' inside
# the theme folder. Change the path according to your setup
THEME_PATH=/home/webmaster/www/domain.com/assets/themes/theme_name
cd $THEME_PATH;
sudo -H -u webmaster bash -c '/usr/bin/git pull 2>&1';
exit 0;
<?php
# Most of this file serves as a security measure, checking whether
# the request really came from GitHub. If so, it writes a date to the
# 'git.log' file. Doesn't need to be the date as long as it
# changes the file, in turn changing it checksum, triggering monit.
# This file should be placed inside your WordPress, next to wp-config.php
# and GitHub webhook should be set to something like http://domain.com/pull.php
define( 'PRIVATE_KEY', 'GitHub Secred that you generate with the WebHook' );
set_error_handler( function( $severity, $message, $file, $line ) {
throw new \ErrorException($message, 0, $severity, $file, $line );
});
set_exception_handler( function( $e ) {
header('HTTP/1.1 500 Internal Server Error');
echo "Error on line {$e->getLine()}: " . htmlSpecialChars( $e->getMessage() );
die();
} );
if ( ! isset( $_SERVER['HTTP_X_HUB_SIGNATURE'] ) ) {
throw new \Exception( "HTTP header 'X-Hub-Signature' is missing." );
} elseif ( !extension_loaded( 'hash' ) ) {
throw new \Exception( "Missing 'hash' extension to check the secret code validity." );
}
list( $algo, $hash ) = explode( '=', $_SERVER['HTTP_X_HUB_SIGNATURE'], 2 ) + array( '', '' );
if ( ! in_array( $algo, hash_algos(), TRUE ) ) {
throw new \Exception( "Hash algorithm '$algo' is not supported." );
}
$raw_post = file_get_contents( 'php://input' );
if ( $hash !== hash_hmac( $algo, $raw_post, PRIVATE_KEY ) ) {
throw new \Exception( 'Hook secret does not match.' );
}
if ( ! isset($_SERVER['HTTP_CONTENT_TYPE'] ) ) {
throw new \Exception( "Missing HTTP 'Content-Type' header." );
} elseif ( ! isset( $_SERVER['HTTP_X_GITHUB_EVENT'] ) ) {
throw new \Exception( "Missing HTTP 'X-Github-Event' header." );
}
switch ($_SERVER['HTTP_CONTENT_TYPE']) {
case 'application/json':
$json = $raw_post ?: file_get_contents( 'php://input' );
break;
case 'application/x-www-form-urlencoded':
$json = $_POST['payload'];
break;
default:
throw new \Exception( "Unsupported content type: $_SERVER[HTTP_CONTENT_TYPE]" );
}
echo shell_exec( 'echo $(date) > git.log' );
echo "Updated.";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment