meow
This commit is contained in:
@@ -8,3 +8,9 @@ WEBHOOK_SECRET=
|
|||||||
|
|
||||||
# Optional. Override if pm2 is not available as "pm2" on PATH.
|
# Optional. Override if pm2 is not available as "pm2" on PATH.
|
||||||
PM2_BIN=
|
PM2_BIN=
|
||||||
|
|
||||||
|
# Optional. Override if npm is not available as "npm" on PATH.
|
||||||
|
NPM_BIN=
|
||||||
|
|
||||||
|
# Optional. Override if git is not available as "git" on PATH.
|
||||||
|
GIT_BIN=
|
||||||
|
|||||||
@@ -25,6 +25,15 @@ The app name is `linkweb`. The GitHub webhook receiver is:
|
|||||||
POST /webhook/github
|
POST /webhook/github
|
||||||
```
|
```
|
||||||
|
|
||||||
|
On a valid webhook request, the server runs:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
git pull --ff-only
|
||||||
|
npm install
|
||||||
|
npm run build
|
||||||
|
pm2 restart linkweb
|
||||||
|
```
|
||||||
|
|
||||||
Set `WEBHOOK_SECRET` in `ecosystem.config.cjs` if you want GitHub `x-hub-signature-256` verification:
|
Set `WEBHOOK_SECRET` in `ecosystem.config.cjs` if you want GitHub `x-hub-signature-256` verification:
|
||||||
|
|
||||||
```js
|
```js
|
||||||
@@ -36,3 +45,5 @@ env: {
|
|||||||
WEBHOOK_SECRET: 'your-secret',
|
WEBHOOK_SECRET: 'your-secret',
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
You can also set `PM2_BIN`, `NPM_BIN`, or `GIT_BIN` if a command is not available on the production `PATH`.
|
||||||
|
|||||||
@@ -11,6 +11,10 @@ const webhookPath = process.env.WEBHOOK_PATH || '/webhook/github';
|
|||||||
const webhookSecret = process.env.WEBHOOK_SECRET || '';
|
const webhookSecret = process.env.WEBHOOK_SECRET || '';
|
||||||
const pm2AppName = process.env.PM2_APP_NAME || 'linkweb';
|
const pm2AppName = process.env.PM2_APP_NAME || 'linkweb';
|
||||||
const pm2Command = process.env.PM2_BIN || (process.platform === 'win32' ? 'pm2.cmd' : 'pm2');
|
const pm2Command = process.env.PM2_BIN || (process.platform === 'win32' ? 'pm2.cmd' : 'pm2');
|
||||||
|
const npmCommand = process.env.NPM_BIN || (process.platform === 'win32' ? 'npm.cmd' : 'npm');
|
||||||
|
const gitCommand = process.env.GIT_BIN || 'git';
|
||||||
|
|
||||||
|
let deployInProgress = false;
|
||||||
|
|
||||||
function verifyGitHubSignature(req) {
|
function verifyGitHubSignature(req) {
|
||||||
if (!webhookSecret) {
|
if (!webhookSecret) {
|
||||||
@@ -33,27 +37,67 @@ function verifyGitHubSignature(req) {
|
|||||||
return received.length === expected.length && crypto.timingSafeEqual(received, expected);
|
return received.length === expected.length && crypto.timingSafeEqual(received, expected);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function runStep(label, command, args) {
|
||||||
|
console.log(`[deploy] ${label}`);
|
||||||
|
|
||||||
|
return new Promise((resolve, reject) => {
|
||||||
|
execFile(
|
||||||
|
command,
|
||||||
|
args,
|
||||||
|
{
|
||||||
|
cwd: __dirname,
|
||||||
|
maxBuffer: 1024 * 1024 * 10,
|
||||||
|
windowsHide: true,
|
||||||
|
},
|
||||||
|
(error, stdout, stderr) => {
|
||||||
|
if (stdout) {
|
||||||
|
console.log(stdout);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (stderr) {
|
||||||
|
console.error(stderr);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (error) {
|
||||||
|
reject(error);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
resolve();
|
||||||
|
},
|
||||||
|
);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async function runDeploy() {
|
||||||
|
if (deployInProgress) {
|
||||||
|
console.log('[deploy] Webhook ignored because a deploy is already running.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
deployInProgress = true;
|
||||||
|
|
||||||
|
try {
|
||||||
|
await runStep('Pulling latest changes', gitCommand, ['pull', '--ff-only']);
|
||||||
|
await runStep('Installing dependencies', npmCommand, ['install']);
|
||||||
|
await runStep('Building site', npmCommand, ['run', 'build']);
|
||||||
|
await runStep(`Restarting PM2 app "${pm2AppName}"`, pm2Command, ['restart', pm2AppName]);
|
||||||
|
console.log('[deploy] Complete.');
|
||||||
|
} catch (error) {
|
||||||
|
console.error('[deploy] Failed:', error.message);
|
||||||
|
} finally {
|
||||||
|
deployInProgress = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
app.post(webhookPath, express.raw({ type: '*/*' }), (req, res) => {
|
app.post(webhookPath, express.raw({ type: '*/*' }), (req, res) => {
|
||||||
if (!verifyGitHubSignature(req)) {
|
if (!verifyGitHubSignature(req)) {
|
||||||
res.status(401).json({ ok: false, error: 'Invalid webhook signature' });
|
res.status(401).json({ ok: false, error: 'Invalid webhook signature' });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
res.status(202).json({ ok: true, restarting: pm2AppName });
|
res.status(202).json({ ok: true, deploying: pm2AppName });
|
||||||
|
runDeploy();
|
||||||
execFile(pm2Command, ['restart', pm2AppName], (error, stdout, stderr) => {
|
|
||||||
if (error) {
|
|
||||||
console.error('PM2 restart failed:', error.message);
|
|
||||||
if (stderr) {
|
|
||||||
console.error(stderr);
|
|
||||||
}
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (stdout) {
|
|
||||||
console.log(stdout);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
|
|
||||||
app.get('/healthz', (_req, res) => {
|
app.get('/healthz', (_req, res) => {
|
||||||
|
|||||||
Reference in New Issue
Block a user