feat: deploy webhook allow multiple deploys

Dockerfile

@@ -0,0 +1,34 @@
+# Start from the official Golang base image version 1.22
+FROM golang:1.22-alpine as builder
+
+# Set the Current Working Directory inside the container
+WORKDIR /app
+
+# Copy go mod and sum files
+COPY go.mod go.sum ./
+
+# Download all dependencies. Dependencies will be cached if the go.mod and go.sum files are not changed
+RUN go mod download
+
+# Copy the source code into the container
+COPY . .
+
+# Build the Go app
+RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o webhook-listener .
+
+# Start a new stage from scratch using a slim version of Alpine for a smaller image size
+FROM alpine:latest  
+
+WORKDIR /root/
+
+# Copy the Pre-built binary file from the previous stage
+COPY --from=builder /app/webhook-listener .
+
+# Environment variable for the port, set a default value if not provided
+ENV PORT=62082
+
+# Expose the port specified by the PORT environment variable
+EXPOSE $PORT
+
+# Command to run the executable, modified to use the environment variable for the port
+CMD ["./webhook-listener"]

build.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# Define variables
+IMAGE_NAME="gitea-webhook-listener"
+DOCKERFILE_PATH="./"
+VERSION_FILE="version.txt"
+REGISTRY="registry.fungimail.llc"
+NAMESPACE="urko"
+
+# Version management
+if [ ! -f "$VERSION_FILE" ]; then
+    echo "Version file not found, creating one with version 1..."
+    echo "1" > $VERSION_FILE
+fi
+
+VERSION=$(cat $VERSION_FILE)
+echo "Current version is $VERSION."
+
+# Increment the version
+VERSION=$((VERSION+1))
+echo "Incrementing to new version $VERSION..."
+echo $VERSION > $VERSION_FILE
+
+# Step 1: Build the Docker image with the new version tag
+echo "Building Docker image $IMAGE_NAME:$VERSION..."
+docker build -t $IMAGE_NAME:$VERSION $DOCKERFILE_PATH
+
+# Step 1b: Tag the image for the registry with version
+FULL_IMAGE_NAME_VERSION="${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:${VERSION}"
+echo "Tagging image for registry as $FULL_IMAGE_NAME_VERSION..."
+docker tag $IMAGE_NAME:$VERSION $FULL_IMAGE_NAME_VERSION
+
+# Step 1c: Tag the image for the registry with 'latest'
+FULL_IMAGE_NAME_LATEST="${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:latest"
+echo "Tagging image for registry as $FULL_IMAGE_NAME_LATEST..."
+docker tag $IMAGE_NAME:$VERSION $FULL_IMAGE_NAME_LATEST
+
+# Step 1d: Push the versioned image to the Docker registry
+echo "Pushing $FULL_IMAGE_NAME_VERSION to the Docker registry..."
+docker push $FULL_IMAGE_NAME_VERSION
+
+# Step 1e: Push the latest image to the Docker registry
+echo "Pushing $FULL_IMAGE_NAME_LATEST to the Docker registry..."
+docker push $FULL_IMAGE_NAME_LATEST
+

kit/config/config.go

@@ -7,10 +7,13 @@ import (
 )
 
 type Config struct {
-	Secret     string `yaml:"secret"`
-	Port       int    `yaml:"port"`
-	BinaryPath string `yaml:"binary_path"`
-	ScriptPath string `yaml:"script_path"`
+	Secret  string                  `yaml:"secret"`
+	Port    int                     `yaml:"port"`
+	Scripts map[string]ConfigScript `yaml:"scripts"`
+}
+type ConfigScript struct {
+	BinaryPath string `yaml:"binary"`
+	ScriptPath string `yaml:"script"`
 }
 
 func LoadConfig(path string) (*Config, error) {

main.go

@@ -1,31 +1,32 @@
 package main
 
 import (
-	"crypto/hmac"
-	"crypto/sha256"
-	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io"
+	"log"
 	"net/http"
 	"os"
 	"os/exec"
+	"path"
+	"runtime"
 
 	"gitea.urkob.com/urko/gitea-webhook-listener/kit/config"
 )
 
 func main() {
-	cfg, err := config.LoadConfig(".configs/app.yml")
+	// Get root path
+	_, filename, _, _ := runtime.Caller(0)
+	cfg, err := config.LoadConfig(path.Join(path.Dir(filename), "configs", "app.yml"))
 	if err != nil {
-		panic(err)
+		log.Fatalf("Error loading config: %v", err)
 	}
-	http.HandleFunc("/payload", handlePayload(cfg.Secret, cfg.BinaryPath, cfg.ScriptPath))
+	http.HandleFunc("/", handlePayload(cfg.Secret, cfg.Scripts))
 	http.ListenAndServe(fmt.Sprintf(":%d", cfg.Port), nil)
 }
 
-func handlePayload(secret, binaryPath, scriptPath string) func(w http.ResponseWriter, r *http.Request) {
+func handlePayload(secret string, scripts map[string]config.ConfigScript) func(w http.ResponseWriter, r *http.Request) {
 	return (func(w http.ResponseWriter, r *http.Request) {
-
 		// Read the request body
 		body, err := io.ReadAll(r.Body)
 		if err != nil {
@@ -34,12 +35,26 @@ func handlePayload(secret, binaryPath, scriptPath string) func(w http.ResponseWr
 		}
 		defer r.Body.Close()
 
-		// Verify the signature
-		if !verifySignature(body, r.Header.Get("X-Hub-Signature-256"), []byte(secret)) {
+		authHeader := r.Header.Get("Authorization")
+		log.Println("authHeader", authHeader)
+		if authHeader != secret {
 			http.Error(w, "Signatures didn't match", http.StatusUnauthorized)
 			return
 		}
 
+		if !r.URL.Query().Has("project") {
+			http.Error(w, "", http.StatusBadRequest)
+			return
+		}
+
+		project := r.URL.Query().Get("project")
+		scr, found := scripts[project]
+		if !found {
+			http.Error(w, "not found", http.StatusNotFound)
+			return
+		}
+
+		log.Println("body", body)
 		// Parse the JSON payload
 		var payload interface{}
 		err = json.Unmarshal(body, &payload)
@@ -51,7 +66,7 @@ func handlePayload(secret, binaryPath, scriptPath string) func(w http.ResponseWr
 		// TODO: Do something with the payload
 		fmt.Fprintf(w, "I got some JSON: %v", payload)
 
-		if err := execute(binaryPath, scriptPath); err != nil {
+		if err := execute(scr.BinaryPath, scr.ScriptPath); err != nil {
 			panic(err)
 		}
 	})
@@ -68,13 +83,3 @@ func execute(binaryPath, scriptPath string) error {
 
 	return nil
 }
-
-func verifySignature(payload []byte, signature string, secret []byte) bool {
-	// Compute the expected signature
-	mac := hmac.New(sha256.New, secret)
-	mac.Write(payload)
-	expectedSignature := hex.EncodeToString(mac.Sum(nil))
-
-	// Compare the expected signature with the actual signature
-	return hmac.Equal([]byte(signature), []byte("sha256="+expectedSignature))
-}