Compare commits
4 Commits
99dafce303
...
v0.3
| Author | SHA1 | Date | |
|---|---|---|---|
| b11c8cbcbf | |||
| 2ff3299ad7 | |||
| 2255b1f158 | |||
| 5d62b70e90 |
34
Dockerfile
Normal file
34
Dockerfile
Normal file
@@ -0,0 +1,34 @@
|
||||
# Start from the official Golang base image version 1.22
|
||||
FROM golang:1.22-alpine as builder
|
||||
|
||||
# Set the Current Working Directory inside the container
|
||||
WORKDIR /app
|
||||
|
||||
# Copy go mod and sum files
|
||||
COPY go.mod go.sum ./
|
||||
|
||||
# Download all dependencies. Dependencies will be cached if the go.mod and go.sum files are not changed
|
||||
RUN go mod download
|
||||
|
||||
# Copy the source code into the container
|
||||
COPY . .
|
||||
|
||||
# Build the Go app
|
||||
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o webhook-listener .
|
||||
|
||||
# Start a new stage from scratch using a slim version of Alpine for a smaller image size
|
||||
FROM alpine:latest
|
||||
|
||||
WORKDIR /root/
|
||||
|
||||
# Copy the Pre-built binary file from the previous stage
|
||||
COPY --from=builder /app/webhook-listener .
|
||||
|
||||
# Environment variable for the port, set a default value if not provided
|
||||
ENV PORT=62082
|
||||
|
||||
# Expose the port specified by the PORT environment variable
|
||||
EXPOSE $PORT
|
||||
|
||||
# Command to run the executable, modified to use the environment variable for the port
|
||||
CMD ["./webhook-listener"]
|
||||
19
Makefile
Normal file
19
Makefile
Normal file
@@ -0,0 +1,19 @@
|
||||
BINARY_DIR=bin
|
||||
BINARY_NAME=webhook-listener
|
||||
COVERAGE_DIR=coverage
|
||||
|
||||
lint:
|
||||
golangci-lint run ./...
|
||||
goreportcard:
|
||||
goreportcard-cli -v
|
||||
test:
|
||||
go test ./...
|
||||
test-coverage:
|
||||
rm -rf ${COVERAGE_DIR}
|
||||
mkdir ${COVERAGE_DIR}
|
||||
go test -v -coverprofile ${COVERAGE_DIR}/cover.out ./...
|
||||
go tool cover -html ${COVERAGE_DIR}/cover.out -o ${COVERAGE_DIR}/cover.html
|
||||
build:
|
||||
rm -rf ${BINARY_DIR}
|
||||
mkdir ${BINARY_DIR}
|
||||
env GOOS=linux CGO_ENABLED=0 GOARCH=amd64 go build -o ./${BINARY_DIR}/${BINARY_NAME} main.go
|
||||
45
build.sh
Executable file
45
build.sh
Executable file
@@ -0,0 +1,45 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Define variables
|
||||
IMAGE_NAME="gitea-webhook-listener"
|
||||
DOCKERFILE_PATH="./"
|
||||
VERSION_FILE="version.txt"
|
||||
REGISTRY="registry.fungimail.llc"
|
||||
NAMESPACE="urko"
|
||||
|
||||
# Version management
|
||||
if [ ! -f "$VERSION_FILE" ]; then
|
||||
echo "Version file not found, creating one with version 1..."
|
||||
echo "1" > $VERSION_FILE
|
||||
fi
|
||||
|
||||
VERSION=$(cat $VERSION_FILE)
|
||||
echo "Current version is $VERSION."
|
||||
|
||||
# Increment the version
|
||||
VERSION=$((VERSION+1))
|
||||
echo "Incrementing to new version $VERSION..."
|
||||
echo $VERSION > $VERSION_FILE
|
||||
|
||||
# Step 1: Build the Docker image with the new version tag
|
||||
echo "Building Docker image $IMAGE_NAME:$VERSION..."
|
||||
docker build -t $IMAGE_NAME:$VERSION $DOCKERFILE_PATH
|
||||
|
||||
# Step 1b: Tag the image for the registry with version
|
||||
FULL_IMAGE_NAME_VERSION="${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:${VERSION}"
|
||||
echo "Tagging image for registry as $FULL_IMAGE_NAME_VERSION..."
|
||||
docker tag $IMAGE_NAME:$VERSION $FULL_IMAGE_NAME_VERSION
|
||||
|
||||
# Step 1c: Tag the image for the registry with 'latest'
|
||||
FULL_IMAGE_NAME_LATEST="${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:latest"
|
||||
echo "Tagging image for registry as $FULL_IMAGE_NAME_LATEST..."
|
||||
docker tag $IMAGE_NAME:$VERSION $FULL_IMAGE_NAME_LATEST
|
||||
|
||||
# Step 1d: Push the versioned image to the Docker registry
|
||||
echo "Pushing $FULL_IMAGE_NAME_VERSION to the Docker registry..."
|
||||
docker push $FULL_IMAGE_NAME_VERSION
|
||||
|
||||
# Step 1e: Push the latest image to the Docker registry
|
||||
echo "Pushing $FULL_IMAGE_NAME_LATEST to the Docker registry..."
|
||||
docker push $FULL_IMAGE_NAME_LATEST
|
||||
|
||||
@@ -7,10 +7,13 @@ import (
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
Secret string `yaml:"secret"`
|
||||
Port int `yaml:"port"`
|
||||
BinaryPath string `yaml:"binary_path"`
|
||||
ScriptPath string `yaml:"script_path"`
|
||||
Secret string `yaml:"secret"`
|
||||
Port int `yaml:"port"`
|
||||
Scripts map[string]ConfigScript `yaml:"scripts"`
|
||||
}
|
||||
type ConfigScript struct {
|
||||
BinaryPath string `yaml:"binary"`
|
||||
ScriptPath string `yaml:"script"`
|
||||
}
|
||||
|
||||
func LoadConfig(path string) (*Config, error) {
|
||||
|
||||
63
main.go
63
main.go
@@ -1,31 +1,36 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/hmac"
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path"
|
||||
"runtime"
|
||||
|
||||
"gitea.urkob.com/urko/gitea-webhook-listener/kit/config"
|
||||
)
|
||||
|
||||
func main() {
|
||||
cfg, err := config.LoadConfig(".configs/app.yml")
|
||||
if err != nil {
|
||||
panic(err)
|
||||
cfgFile := os.Getenv("CONFIG_FILE")
|
||||
if cfgFile == "" {
|
||||
// Get root path
|
||||
_, filename, _, _ := runtime.Caller(0)
|
||||
cfgFile = path.Join(path.Dir(filename), "configs", "app.yml")
|
||||
}
|
||||
http.HandleFunc("/payload", handlePayload(cfg.Secret, cfg.BinaryPath, cfg.ScriptPath))
|
||||
cfg, err := config.LoadConfig(cfgFile)
|
||||
if err != nil {
|
||||
log.Fatalf("Error loading config: %v", err)
|
||||
}
|
||||
http.HandleFunc("/", handlePayload(cfg.Secret, cfg.Scripts))
|
||||
http.ListenAndServe(fmt.Sprintf(":%d", cfg.Port), nil)
|
||||
}
|
||||
|
||||
func handlePayload(secret, binaryPath, scriptPath string) func(w http.ResponseWriter, r *http.Request) {
|
||||
func handlePayload(secret string, scripts map[string]config.ConfigScript) func(w http.ResponseWriter, r *http.Request) {
|
||||
return (func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
// Read the request body
|
||||
body, err := io.ReadAll(r.Body)
|
||||
if err != nil {
|
||||
@@ -34,26 +39,34 @@ func handlePayload(secret, binaryPath, scriptPath string) func(w http.ResponseWr
|
||||
}
|
||||
defer r.Body.Close()
|
||||
|
||||
// Verify the signature
|
||||
if !verifySignature(body, r.Header.Get("X-Hub-Signature-256"), []byte(secret)) {
|
||||
authHeader := r.Header.Get("Authorization")
|
||||
if authHeader != secret {
|
||||
http.Error(w, "Signatures didn't match", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// Parse the JSON payload
|
||||
if !r.URL.Query().Has("project") {
|
||||
http.Error(w, "", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
project := r.URL.Query().Get("project")
|
||||
scr, found := scripts[project]
|
||||
if !found {
|
||||
http.Error(w, "not found", http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
var payload interface{}
|
||||
err = json.Unmarshal(body, &payload)
|
||||
if err != nil {
|
||||
if err = json.Unmarshal(body, &payload); err != nil {
|
||||
http.Error(w, "Failed to parse JSON payload", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// TODO: Do something with the payload
|
||||
fmt.Fprintf(w, "I got some JSON: %v", payload)
|
||||
|
||||
if err := execute(binaryPath, scriptPath); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
go func() {
|
||||
if err := execute(scr.BinaryPath, scr.ScriptPath); err != nil {
|
||||
log.Println(err)
|
||||
}
|
||||
}()
|
||||
})
|
||||
}
|
||||
|
||||
@@ -68,13 +81,3 @@ func execute(binaryPath, scriptPath string) error {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func verifySignature(payload []byte, signature string, secret []byte) bool {
|
||||
// Compute the expected signature
|
||||
mac := hmac.New(sha256.New, secret)
|
||||
mac.Write(payload)
|
||||
expectedSignature := hex.EncodeToString(mac.Sum(nil))
|
||||
|
||||
// Compare the expected signature with the actual signature
|
||||
return hmac.Equal([]byte(signature), []byte("sha256="+expectedSignature))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user