Compare commits
No commits in common. "2255b1f158c4a736a2ae26eb7a966224492f934f" and "99dafce303c24388196e0a5ef0c4ff98b7def4b3" have entirely different histories.
2255b1f158
...
99dafce303
34
Dockerfile
34
Dockerfile
|
@ -1,34 +0,0 @@
|
|||
# Start from the official Golang base image version 1.22
|
||||
FROM golang:1.22-alpine as builder
|
||||
|
||||
# Set the Current Working Directory inside the container
|
||||
WORKDIR /app
|
||||
|
||||
# Copy go mod and sum files
|
||||
COPY go.mod go.sum ./
|
||||
|
||||
# Download all dependencies. Dependencies will be cached if the go.mod and go.sum files are not changed
|
||||
RUN go mod download
|
||||
|
||||
# Copy the source code into the container
|
||||
COPY . .
|
||||
|
||||
# Build the Go app
|
||||
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o webhook-listener .
|
||||
|
||||
# Start a new stage from scratch using a slim version of Alpine for a smaller image size
|
||||
FROM alpine:latest
|
||||
|
||||
WORKDIR /root/
|
||||
|
||||
# Copy the Pre-built binary file from the previous stage
|
||||
COPY --from=builder /app/webhook-listener .
|
||||
|
||||
# Environment variable for the port, set a default value if not provided
|
||||
ENV PORT=62082
|
||||
|
||||
# Expose the port specified by the PORT environment variable
|
||||
EXPOSE $PORT
|
||||
|
||||
# Command to run the executable, modified to use the environment variable for the port
|
||||
CMD ["./webhook-listener"]
|
45
build.sh
45
build.sh
|
@ -1,45 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Define variables
|
||||
IMAGE_NAME="gitea-webhook-listener"
|
||||
DOCKERFILE_PATH="./"
|
||||
VERSION_FILE="version.txt"
|
||||
REGISTRY="registry.fungimail.llc"
|
||||
NAMESPACE="urko"
|
||||
|
||||
# Version management
|
||||
if [ ! -f "$VERSION_FILE" ]; then
|
||||
echo "Version file not found, creating one with version 1..."
|
||||
echo "1" > $VERSION_FILE
|
||||
fi
|
||||
|
||||
VERSION=$(cat $VERSION_FILE)
|
||||
echo "Current version is $VERSION."
|
||||
|
||||
# Increment the version
|
||||
VERSION=$((VERSION+1))
|
||||
echo "Incrementing to new version $VERSION..."
|
||||
echo $VERSION > $VERSION_FILE
|
||||
|
||||
# Step 1: Build the Docker image with the new version tag
|
||||
echo "Building Docker image $IMAGE_NAME:$VERSION..."
|
||||
docker build -t $IMAGE_NAME:$VERSION $DOCKERFILE_PATH
|
||||
|
||||
# Step 1b: Tag the image for the registry with version
|
||||
FULL_IMAGE_NAME_VERSION="${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:${VERSION}"
|
||||
echo "Tagging image for registry as $FULL_IMAGE_NAME_VERSION..."
|
||||
docker tag $IMAGE_NAME:$VERSION $FULL_IMAGE_NAME_VERSION
|
||||
|
||||
# Step 1c: Tag the image for the registry with 'latest'
|
||||
FULL_IMAGE_NAME_LATEST="${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:latest"
|
||||
echo "Tagging image for registry as $FULL_IMAGE_NAME_LATEST..."
|
||||
docker tag $IMAGE_NAME:$VERSION $FULL_IMAGE_NAME_LATEST
|
||||
|
||||
# Step 1d: Push the versioned image to the Docker registry
|
||||
echo "Pushing $FULL_IMAGE_NAME_VERSION to the Docker registry..."
|
||||
docker push $FULL_IMAGE_NAME_VERSION
|
||||
|
||||
# Step 1e: Push the latest image to the Docker registry
|
||||
echo "Pushing $FULL_IMAGE_NAME_LATEST to the Docker registry..."
|
||||
docker push $FULL_IMAGE_NAME_LATEST
|
||||
|
|
@ -7,13 +7,10 @@ import (
|
|||
)
|
||||
|
||||
type Config struct {
|
||||
Secret string `yaml:"secret"`
|
||||
Port int `yaml:"port"`
|
||||
Scripts map[string]ConfigScript `yaml:"scripts"`
|
||||
}
|
||||
type ConfigScript struct {
|
||||
BinaryPath string `yaml:"binary"`
|
||||
ScriptPath string `yaml:"script"`
|
||||
Secret string `yaml:"secret"`
|
||||
Port int `yaml:"port"`
|
||||
BinaryPath string `yaml:"binary_path"`
|
||||
ScriptPath string `yaml:"script_path"`
|
||||
}
|
||||
|
||||
func LoadConfig(path string) (*Config, error) {
|
||||
|
|
47
main.go
47
main.go
|
@ -1,32 +1,31 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/hmac"
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path"
|
||||
"runtime"
|
||||
|
||||
"gitea.urkob.com/urko/gitea-webhook-listener/kit/config"
|
||||
)
|
||||
|
||||
func main() {
|
||||
// Get root path
|
||||
_, filename, _, _ := runtime.Caller(0)
|
||||
cfg, err := config.LoadConfig(path.Join(path.Dir(filename), "configs", "app.yml"))
|
||||
cfg, err := config.LoadConfig(".configs/app.yml")
|
||||
if err != nil {
|
||||
log.Fatalf("Error loading config: %v", err)
|
||||
panic(err)
|
||||
}
|
||||
http.HandleFunc("/", handlePayload(cfg.Secret, cfg.Scripts))
|
||||
http.HandleFunc("/payload", handlePayload(cfg.Secret, cfg.BinaryPath, cfg.ScriptPath))
|
||||
http.ListenAndServe(fmt.Sprintf(":%d", cfg.Port), nil)
|
||||
}
|
||||
|
||||
func handlePayload(secret string, scripts map[string]config.ConfigScript) func(w http.ResponseWriter, r *http.Request) {
|
||||
func handlePayload(secret, binaryPath, scriptPath string) func(w http.ResponseWriter, r *http.Request) {
|
||||
return (func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
// Read the request body
|
||||
body, err := io.ReadAll(r.Body)
|
||||
if err != nil {
|
||||
|
@ -35,26 +34,12 @@ func handlePayload(secret string, scripts map[string]config.ConfigScript) func(w
|
|||
}
|
||||
defer r.Body.Close()
|
||||
|
||||
authHeader := r.Header.Get("Authorization")
|
||||
log.Println("authHeader", authHeader)
|
||||
if authHeader != secret {
|
||||
// Verify the signature
|
||||
if !verifySignature(body, r.Header.Get("X-Hub-Signature-256"), []byte(secret)) {
|
||||
http.Error(w, "Signatures didn't match", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
if !r.URL.Query().Has("project") {
|
||||
http.Error(w, "", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
project := r.URL.Query().Get("project")
|
||||
scr, found := scripts[project]
|
||||
if !found {
|
||||
http.Error(w, "not found", http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
|
||||
log.Println("body", body)
|
||||
// Parse the JSON payload
|
||||
var payload interface{}
|
||||
err = json.Unmarshal(body, &payload)
|
||||
|
@ -66,7 +51,7 @@ func handlePayload(secret string, scripts map[string]config.ConfigScript) func(w
|
|||
// TODO: Do something with the payload
|
||||
fmt.Fprintf(w, "I got some JSON: %v", payload)
|
||||
|
||||
if err := execute(scr.BinaryPath, scr.ScriptPath); err != nil {
|
||||
if err := execute(binaryPath, scriptPath); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
})
|
||||
|
@ -83,3 +68,13 @@ func execute(binaryPath, scriptPath string) error {
|
|||
|
||||
return nil
|
||||
}
|
||||
|
||||
func verifySignature(payload []byte, signature string, secret []byte) bool {
|
||||
// Compute the expected signature
|
||||
mac := hmac.New(sha256.New, secret)
|
||||
mac.Write(payload)
|
||||
expectedSignature := hex.EncodeToString(mac.Sum(nil))
|
||||
|
||||
// Compare the expected signature with the actual signature
|
||||
return hmac.Equal([]byte(signature), []byte("sha256="+expectedSignature))
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue