webhook 설정 오류 수정

- deployer 배포 webhook 오류 설정 수정

deployer/Dockerfile

@@ -1,5 +1,16 @@
 FROM python:3.12-slim
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git rsync ca-certificates curl \
+    docker.io \
+    && rm -rf /var/lib/apt/lists/*
+
 WORKDIR /app
-RUN pip install --no-cache-dir fastapi uvicorn
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
 COPY app.py /app/app.py
+
+ENV PYTHONUNBUFFERED=1
+EXPOSE 9000
 CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "9000"]

deployer/app.py

@@ -5,25 +5,33 @@ app = FastAPI()
 SECRET = os.getenv("WEBHOOK_SECRET", "")
 
 def verify(sig: str, body: bytes) -> bool:
-    # Gitea: X-Gitea-Signature = sha256=...
-    if not SECRET:
+    if not SECRET or not sig:
         return False
+
     mac = hmac.new(SECRET.encode(), msg=body, digestmod=hashlib.sha256).hexdigest()
-    expected = f"sha256={mac}"
-    return hmac.compare_digest(expected, sig)
+
+    # Gitea가 보내는 포맷이 케이스별로 달라서 둘 다 허용
+    candidates = {mac, f"sha256={mac}"}
+    return any(hmac.compare_digest(sig, c) for c in candidates)
 
 @app.post("/webhook")
 async def webhook(req: Request):
     body = await req.body()
-    sig = req.headers.get("X-Gitea-Signature", "")
+
+    # ✅ 여기(함수 안)에서 헤더 읽기
+    sig = (
+        req.headers.get("X-Gitea-Signature")
+        or req.headers.get("X-Hub-Signature-256")
+        or ""
+    )
 
     if not verify(sig, body):
         raise HTTPException(401, "bad signature")
 
     # 배포 스크립트 실행
-    # (컨테이너에 /scripts 가 마운트되어 있어야 함)
     p = subprocess.run(["/scripts/deploy.sh"], capture_output=True, text=True)
     if p.returncode != 0:
         raise HTTPException(500, f"deploy failed:\n{p.stdout}\n{p.stderr}")
 
     return {"ok": True, "out": p.stdout}
+

deployer/requirements.txt

@@ -0,0 +1,2 @@
+fastapi
+uvicorn