fix: rebuild hook
This commit is contained in:
74
server.js
74
server.js
@@ -3,9 +3,14 @@ import fastifyStatic from "@fastify/static";
|
||||
import { exec } from "node:child_process";
|
||||
import { promisify } from "node:util";
|
||||
import path from "node:path";
|
||||
import crypto from "node:crypto";
|
||||
|
||||
const { WEBHOOK_SECRET } = process.env;
|
||||
const { AUTH_TOKEN } = process.env;
|
||||
|
||||
const authMiddleware = async (request, reply) => {
|
||||
if (request.headers.authorization !== `Bearer ${AUTH_TOKEN}`) {
|
||||
return reply.code(401).send("Unauthorized");
|
||||
}
|
||||
};
|
||||
|
||||
const execAsync = promisify(exec);
|
||||
const fastify = Fastify({ logger: true });
|
||||
@@ -15,47 +20,38 @@ fastify.register(fastifyStatic, {
|
||||
prefix: "/",
|
||||
});
|
||||
|
||||
const verifySignature = (payload, signature) => {
|
||||
const hmac = crypto.createHmac("sha256", WEBHOOK_SECRET);
|
||||
const digest = "sha256=" + hmac.update(payload).digest("hex");
|
||||
return crypto.timingSafeEqual(Buffer.from(digest), Buffer.from(signature));
|
||||
};
|
||||
fastify.post(
|
||||
"/webhook/rebuild",
|
||||
{ preHandler: authMiddleware },
|
||||
async (request, reply) => {
|
||||
try {
|
||||
const {
|
||||
ref,
|
||||
repository: { clone_url: repoUrl },
|
||||
} = request.body;
|
||||
|
||||
const updateRepo = async (repoUrl) => {
|
||||
try {
|
||||
const { code } = await execAsync("git rev-parse --git-dir")
|
||||
.then(() => ({ code: 0 }))
|
||||
.catch((error) => ({ code: error.code }));
|
||||
const { code } = await execAsync("git rev-parse --git-dir")
|
||||
.then(() => ({ code: 0 }))
|
||||
.catch((error) => ({ code: error.code }));
|
||||
|
||||
if (code !== 0) {
|
||||
await execAsync("git init");
|
||||
await execAsync(`git remote add origin ${repoUrl}`);
|
||||
if (code !== 0) {
|
||||
await execAsync("git init");
|
||||
await execAsync(`git remote add origin ${repoUrl}`);
|
||||
}
|
||||
|
||||
await execAsync(`git remote set-url origin ${repoUrl}`);
|
||||
await execAsync("git fetch origin");
|
||||
// we won't be able to reply later, so do it here
|
||||
// this doesn't necessarily imply a successful build though
|
||||
// TODO: healthcheck
|
||||
reply.status(200).send("Updated successfully");
|
||||
await execAsync(`git reset --hard ${ref}`);
|
||||
await execAsync("npm run build");
|
||||
} catch (error) {
|
||||
reply.status(500).send("Update failed");
|
||||
}
|
||||
|
||||
await execAsync("git fetch origin");
|
||||
await execAsync("git reset --hard origin/main");
|
||||
await execAsync("npm run build");
|
||||
} catch (error) {
|
||||
console.error("Failed to update repository:", error);
|
||||
throw error;
|
||||
}
|
||||
};
|
||||
|
||||
fastify.post("/webhook/rebuild", async (request, reply) => {
|
||||
const signature = request.headers["x-gitea-signature"];
|
||||
|
||||
if (!signature || !verifySignature(JSON.stringify(request.body), signature)) {
|
||||
return reply.status(401).send("Invalid signature");
|
||||
}
|
||||
|
||||
try {
|
||||
const repoUrl = request.body.repository.clone_url;
|
||||
await updateRepo(repoUrl);
|
||||
reply.status(200).send("Updated successfully");
|
||||
} catch (error) {
|
||||
reply.status(500).send("Update failed");
|
||||
}
|
||||
});
|
||||
);
|
||||
|
||||
fastify.listen({ port: 3000, host: "0.0.0.0" }, (err) => {
|
||||
if (err) {
|
||||
|
||||
Reference in New Issue
Block a user