设置仓库
在GitHub上需要更新的代码仓库添加webhooks, 在指定仓库→settings→webhooks
编写GitHub推送回调
- python开启web服务(hook.py)
import hmac
import os
from flask import Flask, request, jsonify
app = Flask(__name__)
# github中webhooks的secret
github_secret = 'xxxxxxxx'
def encryption(data):
key = github_secret.encode('utf-8')
obj = hmac.new(key, msg=data, digestmod='sha1')
return obj.hexdigest()
@app.route('/hook', methods=['POST'])
def post_data():
"""
github加密是将post提交的data和WebHooks的secret通过hmac的sha1加密,放到HTTP headers的
X-Hub-Signature参数中
"""
post_data = request.data
token = encryption(post_data)
# 认证签名是否有效
signature = request.headers.get('X-Hub-Signature', '').split('=')[-1]
if signature != token:
return "token认证无效", 401
# 运行shell脚本,更新代码
os.system('sh deploy.sh')
return jsonify({"status": 200})
if __name__ == '__main__':
app.run(port=8989)
-
编写shell脚本(deploy.sh)
cd "$(dirname "$0")" echo '--------Git pull------------' git pull echo '-----Already up-to-date------' echo '----- restart supervision-----' supervisorctl restart blog echo '----- reload nginx-----' nginx -s reload
注意: 此次部署的hook.py
和deploy.sh
都是在仓库的同一目录下
开启服务
部署supervisor
[program:webhook]
directory=/data/wwwroot/docs
command=/home/dukenan/.envs/flask_py3/bin/python3 hook.py
autostart=true
autorestart=false
startsecs=1
;使用root账户
user=root
stderr_logfile=/etc/supervisor/logs/webhooks/stderr.log
stdout_logfile=/etc/supervisor/logs/webhooks/stdout.log
redirect_stderr=true
loginfo=info
部署NGINX
server {
listen 80;
server_name hook.abc.com; # 配置域名
client_max_body_size 300M;
location / {
proxy_pass http://127.0.0.1:8989;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}