#102 Secure the git hook
state: closed opened by: adrianharabula on: 5/20/2017
- Read the documentation https://developer.github.com/webhooks/
Implement it!!!!!!!!!!
Comments
from: adrianharabula on: 5/20/2017
Ok, so this is our deploy webhook.
/*
* Webhook script;
* It is called by GitHub on every new push
* This updates the server code to the latest code available on GitHub repo
*/
Route::post('/webhook', function(Request $request){
// get request body
$content = $request->getContent();
// hash it with the key stored in APP_WEBHOOKKEY
// it's the same key configured as a secret in GitHub webhook settings
$hash = hash_hmac('sha1', $content, env('APP_WEBHOOKKEY'));
// compare it with the one we have in X-Hub-Signature
if($request->header('X-Hub-Signature') !== 'sha1=' . $hash)
abort(403);
// execute deploy command
SSH::run([
'cd /root/condr/app',
'/root/.config/composer/vendor/laravel/envoy/envoy run deploy',
]);
});
and this is our Envoy.blade.php
@servers(['localhost' => '127.0.0.1'])
@task('deploy')
cd /root/condr
git pull origin master
@endtask
and the exception in VerifyCsrfToken.php
protected $except = [
'/webhook',
];
This took some time... but it's a piece of art.