1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
#!/usr/bin/env python3
"""
This script takes care of updating the code in a directory by performing
git pull when triggered via an HTTP request to port 8000.
The script needs the sshpass and git packages installed.
Configuration is read from /etc/git-pull-hook.ini, ~/.git-pull-hook.ini and
a git-pull-hook.ini in the working directory in that order.
"""
from configparser import ConfigParser
from http import HTTPStatus
from http.server import HTTPServer, BaseHTTPRequestHandler
import os
from subprocess import Popen, PIPE
ENV_FOR_GIT = {
'PATH': '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
}
TOKENS = []
GIT_DIRECTORY = ""
def read_ini():
global ENV_FOR_GIT, TOKENS, GIT_DIRECTORY
config = ConfigParser()
config.read(['/etc/git-pull-hook.ini',
os.path.expanduser('~/.git-pull-hook.ini'),
'git-pull-hook.ini'])
ENV_FOR_GIT['SSHPASS'] = config['git-pull-hook']['ssh_passphrase']
TOKENS = [token.strip() for token in
config['git-pull-hook']['tokens'].split(',')]
GIT_DIRECTORY = config['git-pull-hook']['git_directory']
class GitHookRequestHandler(BaseHTTPRequestHandler):
"""
Custom HTTP request handler for updating a git repository when called
with a known authentication token in an "Authentication" HTTP header.
"""
def _handle_pull(self):
try:
git_proc = Popen(
['sshpass', '-e', '-P', 'passphrase', 'git', 'pull'],
env=ENV_FOR_GIT, cwd=GIT_DIRECTORY, stdout=PIPE, stderr=PIPE)
stdout, stderr = git_proc.communicate()
for line in stderr.decode('UTF-8').splitlines():
self.log_error('git: %s', line)
for line in stdout.decode('UTF-8').splitlines():
self.log_message('git: %s', line)
except Exception as e:
self.log_error("Could not pull changes for %s: %s",
GIT_DIRECTORY, e)
self.send_response(HTTPStatus.OK)
self.send_header('Content-Type', 'text/plain; charset=utf8')
self.flush_headers()
self.wfile.write(("updated %s" % GIT_DIRECTORY).encode('UTF-8'))
# noinspection PyPep8Naming
def do_GET(self):
"""
Handle GET requests, requests to /health are allowed for every caller,
requests to / need a valid token in the "Authentication" HTTP header
and trigger a git pull in the configured directory.
"""
if self.path == '/':
if self.headers['Authentication'] in [token for token in TOKENS]:
self._handle_pull()
else:
self.send_response(HTTPStatus.UNAUTHORIZED)
self.flush_headers()
elif self.path == '/health':
self.send_response(HTTPStatus.OK)
self.flush_headers()
self.wfile.write(b"I'm healthy!")
else:
self.send_error(HTTPStatus.BAD_REQUEST)
self.flush_headers()
self.wfile.write(b"You requested something I do not understand")
def run(server_class=HTTPServer, handler_class=GitHookRequestHandler):
server_address = ('', 8000)
httpd = server_class(server_address, handler_class)
httpd.serve_forever()
if __name__ == '__main__':
read_ini()
run()
|