Skip to content

Endpoint for post-receive requests from GitHub/GitLab which replaces githooks

Notifications You must be signed in to change notification settings

Diciannove/githook_endpoint

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

githook_endpoint

Endpoint for post-receive requests from GitHub/GitLab which replaces githooks

The security for this is fairly basic, there can be many "users" like a Github accont or repo. That "user" has a key that both identifies them and authorizes them to hit the endpoint. The key is put in the URL as a get parameter identified by the letter "k". An example URL: https://localhost/githooks/?k=5aef35982fb2d356789d4502f6ede1072793222d

Also, each user has a list of ip addresses that they can access the endpoint from or you can put in a "*" to let them access it from anywhere. The IP address whitelist combined with SSL use to keep sniffers from seeing the key in the URL should be good enough security for this type of application. If you have suggestions for better security let me know.

The user definition is in the config.php file and like like this:

# one user in the array of users
array(
        # the name of the user - this is only used in the logging
        'name' => 'gitlab', 
        # the key this user should put in their URL
        'key' => '5aef35982fb2d34e9d9d4502f6ede1072793222d', 
        # the ip addresses this user is authorized to connect from
        'ip_addresses' => array('10.9.8.7','172.6.5.4'), 
),

When a user successfully connects and sends the post-recieve data the PHP calls a bash script called "script_runner.sh" and includes some variables like:

  • $REPOSITORY -- the name of the repo the recieve was for
  • $BRANCH -- the name of the branch the commit was for
  • $USER -- the full name of the user that committed
  • $MESSAGE -- the commit message
  • $COMMITID -- the ID of the commit so you can checkout that specific revision if needed

Within "script_runner.sh" you have access to all these variables, so you can either do something like call another script located in hooks/$REPOSITORY/$BRANCH.sh or do if statements looking for commits to specific repo/branches or whatever you want.

Remember to rename the bash script in hooks/ subdirectory to match your repository name, as it will be invoked automatically looking for that speecific name.

About

Endpoint for post-receive requests from GitHub/GitLab which replaces githooks

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PHP 76.6%
  • Shell 23.4%