bugfix gitea deploy and bash script

examples/deploy.sh

@@ -8,11 +8,13 @@ GIT_REPO_OWNER
 GIT_REPO_NAME
 GIT_CLONE_URL'
 
+# The directory of this bash script
 base_dir="$(dirname "$(readlink -f "$0")")"
-if [[ -f "scripts/${GIT_REPO_ID}/deploy.sh" ]]
+
+if [[ -f "${base_dir}/${GIT_REPO_ID}/deploy.sh" ]]
 then
   echo "Running deplay script for ${GIT_REPO_ID}"
-  bash "scripts/${GIT_REPO_ID}/deploy.sh"
+  bash "${base_dir}/${GIT_REPO_ID}/deploy.sh"
 else
   echo "Nothing to do for ${GIT_REPO_ID}"
   for x in $my_envs; do

examples/git.example.com/org/project/deploy.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo 'Hello World'

internal/webhooks/gitea/gitea.go

@@ -1,6 +1,9 @@
 package gitea
 
 import (
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -13,7 +16,6 @@ import (
 	"git.ryanburnette.com/ryanburnette/git-deploy/internal/webhooks"
 
 	"github.com/go-chi/chi"
-	"github.com/google/go-github/v32/github"
 )
 
 func init() {
@@ -50,9 +52,10 @@ func InitWebhook(providername string, secret *string, envname string) func() {
 					return
 				}
 
-				sig := "sha256=" + r.Header.Get("X_GITEA_SIGNATURE")
-				if err := github.ValidateSignature(sig, payload, secretB); nil != err {
-					log.Printf("invalid gitea signature: error: %s\n", err)
+				sig := r.Header.Get("X-Gitea-Signature")
+				sigB, err := hex.DecodeString(sig)
+				if !ValidMAC(payload, sigB, secretB) {
+					log.Printf("invalid gitea signature: %q\n", sig)
 					http.Error(w, "invalid gitea signature", http.StatusBadRequest)
 					return
 				}
@@ -98,3 +101,11 @@ func InitWebhook(providername string, secret *string, envname string) func() {
 		})
 	}
 }
+
+// ValidMAC reports whether messageMAC is a valid HMAC tag for message.
+func ValidMAC(message, messageMAC, key []byte) bool {
+	mac := hmac.New(sha256.New, key)
+	mac.Write(message)
+	expectedMAC := mac.Sum(nil)
+	return hmac.Equal(messageMAC, expectedMAC)
+}