webhook 자동 배포 설정

2026-01-25 11:51:39 +09:00
parent 9c9968b9a7
commit b815c37064
9 changed files with 97 additions and 1 deletions
--- a/deployer/app.py
+++ b/deployer/app.py
@@ -0,0 +1,29 @@
+import os, hmac, hashlib, subprocess
+from fastapi import FastAPI, Request, HTTPException
+
+app = FastAPI()
+SECRET = os.getenv("WEBHOOK_SECRET", "")
+
+def verify(sig: str, body: bytes) -> bool:
+    # Gitea: X-Gitea-Signature = sha256=...
+    if not SECRET:
+        return False
+    mac = hmac.new(SECRET.encode(), msg=body, digestmod=hashlib.sha256).hexdigest()
+    expected = f"sha256={mac}"
+    return hmac.compare_digest(expected, sig)
+
+@app.post("/webhook")
+async def webhook(req: Request):
+    body = await req.body()
+    sig = req.headers.get("X-Gitea-Signature", "")
+
+    if not verify(sig, body):
+        raise HTTPException(401, "bad signature")
+
+    # 배포 스크립트 실행
+    # (컨테이너에 /scripts 가 마운트되어 있어야 함)
+    p = subprocess.run(["/scripts/deploy.sh"], capture_output=True, text=True)
+    if p.returncode != 0:
+        raise HTTPException(500, f"deploy failed:\n{p.stdout}\n{p.stderr}")
+
+    return {"ok": True, "out": p.stdout}