mirror of
https://github.com/myronblair/jarvis
synced 2026-06-30 17:50:23 -05:00
45fef11785
- deploy/jarvis-watchdog.sh: self-healing watchdog (every 5 min) * monitors lsws/mysql/redis, restarts on failure * JARVIS HTTP self-check, restarts OLS on 5xx * disk/memory alerts inserted to DB * offline Proxmox VM agents restarted via qm guest exec * log rotation (1000 line cap) - deploy/jarvis-deploy.sh: smart deploy with PHP validation * php8.3 syntax check on every changed .php file * auto-reverts git commit + inserts critical alert on syntax error * reloads OLS after JARVIS deploys - api/endpoints/facts_collector.php: site health monitoring * curls all 7 managed sites every 3 min * stores up/down status in kb_facts - api/endpoints/alerts.php: auto-heal + site alerts * dispatches restart_service commands when services down on agents * generates alerts from kb_facts site health data - public_html/install-agent.sh: one-liner Linux agent installer * installs deps, downloads agent, registers with JARVIS, sets up systemd - public_html/webhook.php: fixed infra deploy path to /opt/infra
59 lines
2.0 KiB
PHP
59 lines
2.0 KiB
PHP
<?php
|
|
/**
|
|
* GitHub Auto-Deploy Webhook
|
|
* Verifies GitHub HMAC signature, then queues the repo for git pull.
|
|
* A root cron job (/usr/local/bin/jarvis-deploy.sh) processes the queue every minute.
|
|
*/
|
|
|
|
define('WEBHOOK_SECRET', '8a8c50c83d37527bdef876f1736b654235724a1a475cb8e5');
|
|
define('DEPLOY_QUEUE', '/tmp/jarvis-deploy-queue.txt');
|
|
define('DEPLOY_LOG', '/home/jarvis.orbishosting.com/logs/deploy.log');
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
$payload = file_get_contents('php://input');
|
|
$sig = $_SERVER['HTTP_X_HUB_SIGNATURE_256'] ?? '';
|
|
$expected = 'sha256=' . hash_hmac('sha256', $payload, WEBHOOK_SECRET);
|
|
|
|
if (!hash_equals($expected, $sig)) {
|
|
http_response_code(403);
|
|
echo json_encode(['error' => 'Invalid signature']);
|
|
exit;
|
|
}
|
|
|
|
$data = json_decode($payload, true);
|
|
$repo = $data['repository']['name'] ?? '';
|
|
$ref = $data['ref'] ?? '';
|
|
$pusher = $data['pusher']['name'] ?? 'unknown';
|
|
|
|
// Only deploy on pushes to main
|
|
if ($ref !== 'refs/heads/main') {
|
|
echo json_encode(['ok' => true, 'skipped' => "ref $ref is not main"]);
|
|
exit;
|
|
}
|
|
|
|
$repoMap = [
|
|
'jarvis' => '/home/jarvis.orbishosting.com',
|
|
'tomsjavajive' => '/home/tomsjavajive.com/public_html',
|
|
'epictravelexpeditions' => '/home/epictravelexpeditions.com/public_html',
|
|
'parkerslingshotrentals' => '/home/parkerslingshotrentals.com/public_html',
|
|
'orbishosting' => '/home/orbishosting.com/public_html',
|
|
'orbis-hosting-portal' => '/home/orbis.orbishosting.com/public_html',
|
|
'tomtomgames' => '/home/tomtomgames.com/public_html',
|
|
'infra' => '/opt/infra',
|
|
];
|
|
|
|
if (!isset($repoMap[$repo])) {
|
|
http_response_code(404);
|
|
echo json_encode(['error' => "Unknown repo: $repo"]);
|
|
exit;
|
|
}
|
|
|
|
$path = $repoMap[$repo];
|
|
file_put_contents(DEPLOY_QUEUE, $path . "\n", FILE_APPEND | LOCK_EX);
|
|
|
|
$msg = "[" . date('Y-m-d H:i:s') . "] Queued deploy: $repo by $pusher -> $path";
|
|
file_put_contents(DEPLOY_LOG, $msg . "\n", FILE_APPEND | LOCK_EX);
|
|
|
|
echo json_encode(['ok' => true, 'queued' => $repo, 'path' => $path]);
|