gitdeploy/internal/webhooks/github/github.go

package github

import (
	"fmt"
	"io/ioutil"
	"net/http"
	"os"
	"strings"

	"git.rootprojects.org/root/gitdeploy/internal/log"
	"git.rootprojects.org/root/gitdeploy/internal/options"
	"git.rootprojects.org/root/gitdeploy/internal/webhooks"

	"github.com/go-chi/chi"
	// TODO nix this dependency in favor of a lightweight X-Hub-Signature
	// and JSON-to-Go-struct approach
	"github.com/google/go-github/v33/github"
)

func init() {
	var githubSecrets string
	options.ServerFlags.StringVar(
		&githubSecrets, "github-secret", "",
		"secret for github webhooks (same as GITHUB_SECRET=)",
	)
	webhooks.AddProvider("github", InitWebhook("github", &githubSecrets, "GITHUB_SECRET"))
}

func InitWebhook(providername string, secretList *string, envname string) func() {
	return func() {
		secrets := webhooks.ParseSecrets(providername, *secretList, envname)
		if 0 == len(secrets) {
			fmt.Fprintf(os.Stderr, "skipped route for missing %q\n", envname)
			return
		}

		webhooks.AddRouteHandler(providername, func(router chi.Router) {
			router.Post("/", func(w http.ResponseWriter, r *http.Request) {
				r.Body = http.MaxBytesReader(w, r.Body, options.DefaultMaxBodySize)

				payload, err := ioutil.ReadAll(r.Body)
				if err != nil {
					// if there's a read error, it should have been handled already by the MaxBytesReader
					return
				}

				sig := r.Header.Get("X-Hub-Signature")
				for _, secret := range secrets {
					if err = github.ValidateSignature(sig, payload, secret); nil != err {
						continue
					}
					// err = nil
					break
				}
				if nil != err {
					log.Printf("invalid %q signature: error: %s\n", providername, err)
					http.Error(w, fmt.Sprintf("invalid %q signature", providername), http.StatusBadRequest)
					return
				}

				hookType := github.WebHookType(r)
				event, err := github.ParseWebHook(hookType, payload)
				if err != nil {
					log.Printf("invalid github webhook payload: error: %s\n", err)
					http.Error(w, "invalid github webhook payload", http.StatusBadRequest)
					return
				}

				switch e := event.(type) {
				case *github.PushEvent:
					var branch string
					var tag string

					ref := e.GetRef() // *e.Ref
					parts := strings.Split(ref, "/")
					refType := parts[1]
					prefixLen := len("refs/") + len(refType) + len("/")
					refName := ref[prefixLen:]
					switch refType {
					case "tags":
						refType = "tag"
						tag = refName
					case "heads":
						refType = "branch"
						branch = refName
					}
					webhooks.Hook(webhooks.Ref{
						HTTPSURL: e.GetRepo().GetCloneURL(),
						SSHURL:   e.GetRepo().GetSSHURL(),
						Rev:      e.GetAfter(), // *e.After
						Ref:      ref,
						RefType:  refType,
						RefName:  refName,
						Branch:   branch,
						Tag:      tag,
						Repo:     e.GetRepo().GetName(), // *e.Repo.Name
						Owner:    e.GetRepo().GetOwner().GetLogin(),
					})
				/*
					case *github.PullRequestEvent:
						// probably doesn't matter
					case *github.StatusEvent:
						// probably doesn't matter
					case *github.WatchEvent:
						// probably doesn't matter
				*/
				default:
					log.Printf("unknown event type %s\n", hookType)
					return
				}

			})
		})
	}
}
refactor webhooks 2020-09-28 23:39:05 +00:00			`package github`
handle github and github-like hooks 2020-09-28 09:43:30 +00:00
			`import (`
			`"fmt"`
			`"io/ioutil"`
			`"net/http"`
			`"os"`
add exec script 2020-09-29 03:15:30 +00:00			`"strings"`
handle github and github-like hooks 2020-09-28 09:43:30 +00:00
wrap log 2020-12-01 00:48:09 +00:00			`"git.rootprojects.org/root/gitdeploy/internal/log"`
rename to gitdeploy 2020-10-09 09:22:06 +00:00			`"git.rootprojects.org/root/gitdeploy/internal/options"`
			`"git.rootprojects.org/root/gitdeploy/internal/webhooks"`
refactor webhooks 2020-09-28 23:39:05 +00:00
handle github and github-like hooks 2020-09-28 09:43:30 +00:00			`"github.com/go-chi/chi"`
add bitbucket, update build tags 2020-09-29 08:08:35 +00:00			`// TODO nix this dependency in favor of a lightweight X-Hub-Signature`
			`// and JSON-to-Go-struct approach`
go-github v32 -> v33 2021-02-22 22:48:33 +00:00			`"github.com/google/go-github/v33/github"`
handle github and github-like hooks 2020-09-28 09:43:30 +00:00			`)`

			`func init() {`
allow multiple webhook secrets per provider 2020-10-19 20:11:14 +00:00			`var githubSecrets string`
refactor webhooks 2020-09-28 23:39:05 +00:00			`options.ServerFlags.StringVar(`
allow multiple webhook secrets per provider 2020-10-19 20:11:14 +00:00			`&githubSecrets, "github-secret", "",`
refactor webhooks 2020-09-28 23:39:05 +00:00			`"secret for github webhooks (same as GITHUB_SECRET=)",`
			`)`
allow multiple webhook secrets per provider 2020-10-19 20:11:14 +00:00			`webhooks.AddProvider("github", InitWebhook("github", &githubSecrets, "GITHUB_SECRET"))`
handle github and github-like hooks 2020-09-28 09:43:30 +00:00			`}`

allow multiple webhook secrets per provider 2020-10-19 20:11:14 +00:00			`func InitWebhook(providername string, secretList *string, envname string) func() {`
handle github and github-like hooks 2020-09-28 09:43:30 +00:00			`return func() {`
allow multiple webhook secrets per provider 2020-10-19 20:11:14 +00:00			`secrets := webhooks.ParseSecrets(providername, *secretList, envname)`
			`if 0 == len(secrets) {`
			`fmt.Fprintf(os.Stderr, "skipped route for missing %q\n", envname)`
handle github and github-like hooks 2020-09-28 09:43:30 +00:00			`return`
			`}`
allow multiple webhook secrets per provider 2020-10-19 20:11:14 +00:00
refactor webhooks 2020-09-28 23:39:05 +00:00			`webhooks.AddRouteHandler(providername, func(router chi.Router) {`
handle github and github-like hooks 2020-09-28 09:43:30 +00:00			`router.Post("/", func(w http.ResponseWriter, r *http.Request) {`
bugfix ignored MaxBytesReader 2020-09-29 09:57:49 +00:00			`r.Body = http.MaxBytesReader(w, r.Body, options.DefaultMaxBodySize)`
handle github and github-like hooks 2020-09-28 09:43:30 +00:00
			`payload, err := ioutil.ReadAll(r.Body)`
			`if err != nil {`
			`// if there's a read error, it should have been handled already by the MaxBytesReader`
			`return`
			`}`

			`sig := r.Header.Get("X-Hub-Signature")`
allow multiple webhook secrets per provider 2020-10-19 20:11:14 +00:00			`for _, secret := range secrets {`
			`if err = github.ValidateSignature(sig, payload, secret); nil != err {`
			`continue`
			`}`
			`// err = nil`
			`break`
			`}`
			`if nil != err {`
			`log.Printf("invalid %q signature: error: %s\n", providername, err)`
			`http.Error(w, fmt.Sprintf("invalid %q signature", providername), http.StatusBadRequest)`
handle github and github-like hooks 2020-09-28 09:43:30 +00:00			`return`
			`}`

			`hookType := github.WebHookType(r)`
			`event, err := github.ParseWebHook(hookType, payload)`
			`if err != nil {`
			`log.Printf("invalid github webhook payload: error: %s\n", err)`
			`http.Error(w, "invalid github webhook payload", http.StatusBadRequest)`
			`return`
			`}`

			`switch e := event.(type) {`
			`case *github.PushEvent:`
add exec script 2020-09-29 03:15:30 +00:00			`var branch string`
			`var tag string`
handle github and github-like hooks 2020-09-28 09:43:30 +00:00
			`ref := e.GetRef() // *e.Ref`
add exec script 2020-09-29 03:15:30 +00:00			`parts := strings.Split(ref, "/")`
			`refType := parts[1]`
			`prefixLen := len("refs/") + len(refType) + len("/")`
			`refName := ref[prefixLen:]`
			`switch refType {`
			`case "tags":`
			`refType = "tag"`
			`tag = refName`
			`case "heads":`
			`refType = "branch"`
			`branch = refName`
			`}`
refactor webhooks 2020-09-28 23:39:05 +00:00			`webhooks.Hook(webhooks.Ref{`
add exec script 2020-09-29 03:15:30 +00:00			`HTTPSURL: e.GetRepo().GetCloneURL(),`
			`SSHURL: e.GetRepo().GetSSHURL(),`
			`Rev: e.GetAfter(), // *e.After`
			`Ref: ref,`
			`RefType: refType,`
			`RefName: refName,`
			`Branch: branch,`
			`Tag: tag,`
			`Repo: e.GetRepo().GetName(), // *e.Repo.Name`
			`Owner: e.GetRepo().GetOwner().GetLogin(),`
refactor webhooks 2020-09-28 23:39:05 +00:00			`})`
handle github and github-like hooks 2020-09-28 09:43:30 +00:00			`/*`
			`case *github.PullRequestEvent:`
			`// probably doesn't matter`
			`case *github.StatusEvent:`
			`// probably doesn't matter`
			`case *github.WatchEvent:`
			`// probably doesn't matter`
			`*/`
			`default:`
			`log.Printf("unknown event type %s\n", hookType)`
			`return`
			`}`

			`})`
refactor webhooks 2020-09-28 23:39:05 +00:00			`})`
handle github and github-like hooks 2020-09-28 09:43:30 +00:00			`}`
			`}`