53 lines
1.7 KiB
Python
53 lines
1.7 KiB
Python
import os, hmac, hashlib, subprocess
|
|
from fastapi import FastAPI, Request, HTTPException, BackgroundTasks
|
|
import logging
|
|
|
|
# 로깅 설정
|
|
logging.basicConfig(level=logging.INFO)
|
|
logger = logging.getLogger("deployer")
|
|
|
|
app = FastAPI()
|
|
SECRET = os.getenv("WEBHOOK_SECRET", "")
|
|
|
|
def verify(sig: str, body: bytes) -> bool:
|
|
if not SECRET or not sig:
|
|
return False
|
|
|
|
mac = hmac.new(SECRET.encode(), msg=body, digestmod=hashlib.sha256).hexdigest()
|
|
candidates = {mac, f"sha256={mac}"}
|
|
return any(hmac.compare_digest(sig, c) for c in candidates)
|
|
|
|
def run_deploy_script():
|
|
"""배포 스크립트를 백그라운드에서 실행하고 로그를 남김"""
|
|
logger.info("Starting deployment script...")
|
|
try:
|
|
# 타임아웃 10분 설정
|
|
p = subprocess.run(["/bin/bash", "/scripts/deploy.sh"], capture_output=True, text=True, timeout=600)
|
|
|
|
if p.returncode == 0:
|
|
logger.info(f"Deployment SUCCESS:\n{p.stdout}")
|
|
else:
|
|
logger.error(f"Deployment FAILED ({p.returncode}):\n{p.stdout}\n{p.stderr}")
|
|
|
|
except Exception as e:
|
|
logger.exception(f"Exception during deployment: {e}")
|
|
|
|
@app.post("/webhook")
|
|
async def webhook(req: Request, background_tasks: BackgroundTasks):
|
|
body = await req.body()
|
|
|
|
sig = (
|
|
req.headers.get("X-Gitea-Signature")
|
|
or req.headers.get("X-Hub-Signature-256")
|
|
or ""
|
|
)
|
|
|
|
if not verify(sig, body):
|
|
raise HTTPException(401, "bad signature")
|
|
|
|
# ✅ 비동기 실행: Gitea에게는 즉시 OK 응답을 주고, 배포는 뒤에서 실행
|
|
background_tasks.add_task(run_deploy_script)
|
|
|
|
return {"ok": True, "message": "Deployment started in background"}
|
|
|