配置这个网址
http://415.759.288.189:8123/webhook/hook.php
<?php // 允许请求IP gitee请求的时候会打印 $allowIpArr = [ 'gitee的ip' ]; // 请求密码 你的密码 $password = 'tsdsdaf_asdf_fsd1234123sdf'; // 检测IP if (!in_array($_SERVER['REMOTE_ADDR'], $allowIpArr)) { echo '非法IP:' . $_SERVER['REMOTE_ADDR']; exit(0); } // 获取请求参数 $headers = getallheaders(); $body = json_decode(file_get_contents("php://input"), true); // 验证提交分支是否为master if (!isset($body['ref']) || $body['ref'] !== 'refs/heads/master') { echo '非主分支' . $body; exit(0); } // 验证提交密码是否正确 if (!isset($body['password']) || $body['password'] !== $password) { echo '密码错误'; exit(0); } // 验证成功,拉取代码 $path = $body['project']['path']; $command = 'cd /usr/www/' . $path . ' && git pull 2>&1'; $res = shell_exec($command); //$body['sender']['email'],// 将邮件发送给发送者 //$body['repository']['owner']['email']// 将邮件发送给仓库所有者 //$message = $body['head_commit']['message'];// 提交信息 //$datetime = date('Y-m-d H:i:s', $body['timestamp'] / 1000);// 时间 //$pusher = $body['pusher']['name'];// 提交人 //$name = $body['project']['name'];// 项目名 //$path = $body['project']['path'];// 路径 // 返回结果 echo 'git pull执行结果:' . $res;
//另外一种方法:签名秘钥
<?php //本地路径 $local = '/www/wwwroot/otc'; //签名验证 $headers = getallheaders(); $gitee_token = $headers["X-Gitee-Token"]; $gitee_timestamp =$headers["X-Gitee-Timestamp"]; echo "gitee_token: $gitee_token <br />\n"; echo "gitee_timestamp: $gitee_timestamp <br />\n"; $sign_key = "LEreKhDjwoN8aZ8L"; $sec_str = "$gitee_timestamp\n$sign_key"; $compute_token = base64_encode(hash_hmac('sha256', $sec_str,$sign_key,true)); echo "computetoken: $compute_token <br />\n"; if($compute_token!=$gitee_token){ die('sign is not right'); } shell_exec("cd {$local} && sudo git pull 2>&1"); die('done ' . date('Y-m-d H:i:s', time()));
//第3种签名秘钥 指定分支
<?php /** * 自动更新钩子 * 修改密钥及项目路径即可使用 **/ //以流的方式读取 $requestBody = file_get_contents("php://input"); if (empty($requestBody)) { die('send fail'); } //file_put_contents('./requestBody.log', $requestBody); $requestBody = json_decode($requestBody,true); //加密字符串 $secret_post = $requestBody['sign']; //时间戳参数,单位毫秒级 $time_stamp = $requestBody['timestamp']; //在WebHooks签名密钥一栏填写的密钥信息 $access_token = 'abcdefg'; //加密文档 //https://gitee.com/help/articles/4290 $secret_join = $time_stamp . "\n" . $access_token; //file_put_contents('./join.log', $secret_join); $base64 = base64_encode(hash_hmac('sha256', $secret_join, $access_token, true)); //file_put_contents('./base64.log' , $base64); //看推送的是哪个分支就构建哪个分支 //如有需要可以更改规则,比如屏蔽某些分支不构建 $branch = str_replace('refs/heads/', '', $requestBody['ref']); $requestBody = null; // 打开网站目录下的hooks.log文件 需要在服务器上创建 并给写权限 $fs = fopen('/tmp/deploy_webhooks_pull.log', 'a'); fwrite($fs, date('Y-m-d H:i:s') . ' ================ Update Start ===============' . PHP_EOL);// 请求ip $client_ip = $_SERVER['REMOTE_ADDR']; // 把请求的IP和时间写进log fwrite($fs, date('Y-m-d H:i:s') . ' Request on [' . date("Y-m-d H:i:s") . '] from [' . $client_ip . ']' . PHP_EOL); // 验证token 有错就写进日志并退出 if ($base64 !== $secret_post) { fwrite($fs, date('Y-m-d H:i:s') . " Invalid token [{$client_token}]" . PHP_EOL); $fs and fclose($fs); header("HTTP/1.1 404 Not Found"); header("Status: 404 Not Found"); exit; } // 如果有需要 可以打开下面,把传送过来的信息写进log 可用于调试,测试成功后注释即可 // fwrite($fs, 'Data: ' . print_r($data, true) . PHP_EOL); // 执行shell命令并把返回信息写进日志 if($branch == 'master') { }else { $branch = 'master'; } //www/wwwroot/garfield 项目目录 $output = shell_exec('cd /www/wwwroot/garfield/; git pull origin ' . $branch . ' 2<&1; chown -R www:www /www/wwwroot/garfield/*;'); fwrite($fs, date('Y-m-d H:i:s') . 'Info:' . print_r($output, true) . PHP_EOL); fwrite($fs, date('Y-m-d H:i:s') . '================ Update End ===============' . PHP_EOL . PHP_EOL); $fs and fclose($fs); // 调试时打开 echo json_encode($output);
