DenverCoder1 · February 6, 2022 02:15
diff --git a/github.inc b/github.inc
 <?php

    define('GH_USERNAME', '');  // Username for authentication
    define('GH_PASSWORD', '');  // GitHub Personal Access Token with repo scope* (starting with 'ghp_')
    define('GH_REPO', '');      // GitHub Repo URL (eg. 'github.com/UserName/RepoName.git')
    define('GH_SECRET', '');    // Webhook secret provided to GitHub when creating the webhook


    // Steps:
    // 1. Visit the repository on GitHub, select 'Settings', then 'Webhooks'
    // 2. Select 'Add Webhook'
    // 3. For Payload URL, put the public URL where the pull.php is located
    // 4. Set Content Type to 'application/json'
    // 5. Generate any random string to use as a Webhook secret which will be used above in the github.inc
    // 6. For events, you can use "Just the push event"
    // 7. Set the webhook to active and create it (a test payload will be delivered when added)
    
    // *PATs can be generated by visiting https://github.com/settings/tokens/new?scopes=repo
diff --git a/pull.php b/pull.php
 <?php

 /**
 * Pull the latest version of the codebase from GitHub
 */

 header("Content-Type: text/plain; charset=UTF-8");

 require_once "github.inc"; // path to config file where details are defined

 $username = GH_USERNAME;
 $password = GH_PASSWORD;
 $repo = GH_REPO;
 $secret = GH_SECRET;

 $payload = @file_get_contents('php://input');
 $payload_json = json_decode($payload);

 // Check if the request is from GitHub
 if (isset($_SERVER['HTTP_X_HUB_SIGNATURE_256'])) {
    $hash = $_SERVER['HTTP_X_HUB_SIGNATURE_256'];
    $raw_sig = explode('=', $hash);
    $sig = $raw_sig[1];
    $payload_hash = hash_hmac($raw_sig[0], $payload, $secret);
    if ($payload_hash !== $sig) {
        die('Invalid signature');
    }
 } else {
    die('No signature');
 }

 // Check if the branch pushed to is the current checked out branch
 $payload_branch = explode("/", $payload_json->ref)[2];
 $current_branch = trim(`git rev-parse --abbrev-ref HEAD`);
 echo "Branch pushed to: " . $payload_branch . "\n";
 echo "Current branch: " . $current_branch . "\n";
 if ($payload_branch !== $current_branch) {
    die("Branch '$payload_branch' is not the current branch ('$current_branch')");
 }

 // Pull the latest codebase
 echo `git pull --ff-only "https://$username:$password@$repo" "$current_branch" 2>&1`;
	<?php

	define('GH_USERNAME', ''); // Username for authentication
	define('GH_PASSWORD', ''); // GitHub Personal Access Token with repo scope* (starting with 'ghp_')
	define('GH_REPO', ''); // GitHub Repo URL (eg. 'github.com/UserName/RepoName.git')
	define('GH_SECRET', ''); // Webhook secret provided to GitHub when creating the webhook


	// Steps:
	// 1. Visit the repository on GitHub, select 'Settings', then 'Webhooks'
	// 2. Select 'Add Webhook'
	// 3. For Payload URL, put the public URL where the pull.php is located
	// 4. Set Content Type to 'application/json'
	// 5. Generate any random string to use as a Webhook secret which will be used above in the github.inc
	// 6. For events, you can use "Just the push event"
	// 7. Set the webhook to active and create it (a test payload will be delivered when added)

	// *PATs can be generated by visiting https://github.com/settings/tokens/new?scopes=repo
	<?php

	/**
	* Pull the latest version of the codebase from GitHub
	*/

	header("Content-Type: text/plain; charset=UTF-8");

	require_once "github.inc"; // path to config file where details are defined

	$username = GH_USERNAME;
	$password = GH_PASSWORD;
	$repo = GH_REPO;
	$secret = GH_SECRET;

	$payload = @file_get_contents('php://input');
	$payload_json = json_decode($payload);

	// Check if the request is from GitHub
	if (isset($_SERVER['HTTP_X_HUB_SIGNATURE_256'])) {
	$hash = $_SERVER['HTTP_X_HUB_SIGNATURE_256'];
	$raw_sig = explode('=', $hash);
	$sig = $raw_sig[1];
	$payload_hash = hash_hmac($raw_sig[0], $payload, $secret);
	if ($payload_hash !== $sig) {
	die('Invalid signature');
	}
	} else {
	die('No signature');
	}

	// Check if the branch pushed to is the current checked out branch
	$payload_branch = explode("/", $payload_json->ref)[2];
	$current_branch = trim(`git rev-parse --abbrev-ref HEAD`);
	echo "Branch pushed to: " . $payload_branch . "\n";
	echo "Current branch: " . $current_branch . "\n";
	if ($payload_branch !== $current_branch) {
	die("Branch '$payload_branch' is not the current branch ('$current_branch')");
	}

	// Pull the latest codebase
	echo `git pull --ff-only "https://$username:$password@$repo" "$current_branch" 2>&1`;