Skip to content

Instantly share code, notes, and snippets.

Created May 31, 2022 13:24
Show Gist options
  • Save cnicodeme/37093f069822bef0dd1883c25fb54372 to your computer and use it in GitHub Desktop.
Save cnicodeme/37093f069822bef0dd1883c25fb54372 to your computer and use it in GitHub Desktop.
Autodeploy script for Github webhook, using Sanic server.
This scripts creates a new server listing at APP_PORT (default at 9001).
Can be put behind a Caddy server or directly facing the Internet by changing the APP_HOST value too
It receives a WEBHOOK request from Github, and based on the data, updates the local code if the push was made on the "prod" branch.
Then update the requirements.txt and update the database.
# Please configure the proper variables here:
APP_PORT = 9001
GITHUB_APP_KEY = b'abcde'
GITHUB_REPOSITORY = 'organization/project'
WORKING_DIRECTORY = '/var/www/project/www/'
# Now, leave the rest
from sanic import Sanic
from sanic.response import text, empty
from sanic.exceptions import InvalidUsage, ServerError
from hmac import HMAC, compare_digest
from hashlib import sha256
import subprocess
app = Sanic("DeployServer")"/webhook/github/push")
async def github_push(request):
received_signature = request.headers.get('X-Hub-Signature-256')
if not received_signature or received_signature.find('sha256=') == -1:
raise InvalidUsage('Invalid event.')
received_signature = received_signature[received_signature.find('sha256=') + 7:]
expected_signature = HMAC(key=GITHUB_APP_KEY, msg=request.body, digestmod=sha256).hexdigest()
if not compare_digest(received_signature, expected_signature):
raise InvalidUsage('Invalid event.')
if request.headers.get('X-Github-Event') == 'ping':
return empty()
elif request.headers.get('X-Github-Event') != 'push':
raise InvalidUsage('Invalid event.')
assert request.json['repository'].get('full_name') == GITHUB_REPOSITORY
if request.json['ref'] == 'refs/heads/prod':
# Triggers deploy :
# Updates the repository
assert'git pull origin prod', shell=True, cwd=WORKING_DIRECTORY, stderr=subprocess.DEVNULL, stdout=subprocess.DEVNULL) == 0, "Unable to update the repository"
# Update the requirements
assert'../env/bin/pip install --upgrade -r requirements.txt', shell=True, cwd=WORKING_DIRECTORY, stderr=subprocess.DEVNULL, stdout=subprocess.DEVNULL) == 0, "Unable to update the packages (pip)"
# Update the database
assert'../env/bin/python db upgrade', shell=True, cwd=WORKING_DIRECTORY, stderr=subprocess.DEVNULL, stdout=subprocess.DEVNULL) == 0, "Unable to upgrade the database"
except AssertionError as e:
raise ServerError(str(e))
return text("Deployment done.")
if __name__ == '__main__':, port=APP_PORT, auto_reload=True, debug=False)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment