myron/web-dashboard
1
0
Fork 0
mirror of https://github.com/myronblair/web-dashboard synced 2026-06-30 17:50:10 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat: add auto-deploy webhook handler

Browse Source
This commit is contained in:
Myron Blair
2026-06-23 17:43:53 +00:00
parent cc7ae4d15d
commit 750915697c
1 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
webhook.php
+41
View File
@@ -0,0 +1,41 @@
<?php
/**
* GitHub Auto-Deploy Webhook
* Verifies GitHub HMAC signature, then queues the repo for git pull.
* A root cron job (/usr/local/bin/web-dashboard-deploy.sh) processes the queue every minute.
*
* WEBHOOK_SECRET must be defined — set it as a constant in a gitignored config file,
* or define it directly here for single-site use.
*/
define('WEBHOOK_SECRET', '4c8805f0285214ff0a0602b5880270b935f36a896946c7f1');
define('DEPLOY_QUEUE', '/tmp/web-dashboard-deploy.txt');
define('DEPLOY_LOG', '/home/webacct/logs/deploy.log');
define('REPO_PATH', '/home/webacct/public_html');
header('Content-Type: application/json');
$payload = file_get_contents('php://input');
$sig = $_SERVER['HTTP_X_HUB_SIGNATURE_256'] ?? '';
$expected = 'sha256=' . hash_hmac('sha256', $payload, WEBHOOK_SECRET);
if (!hash_equals($expected, $sig)) {
http_response_code(403);
echo json_encode(['error' => 'Invalid signature']);
exit;
}
$data = json_decode($payload, true);
$ref = $data['ref'] ?? '';
$pusher = $data['pusher']['name'] ?? 'unknown';
if ($ref !== 'refs/heads/main') {
echo json_encode(['ok' => true, 'skipped' => "ref $ref is not main"]);
exit;
}
$ts = date('Y-m-d H:i:s');
file_put_contents(DEPLOY_QUEUE, REPO_PATH . "\n", FILE_APPEND | LOCK_EX);
file_put_contents(DEPLOY_LOG, "[$ts] Queued deploy by $pusher\n", FILE_APPEND | LOCK_EX);
echo json_encode(['ok' => true, 'queued' => 'web-dashboard']);