Javi/hello-world
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

protect secret array

Browse Source
This commit is contained in:
Javier Blanco
2026-04-30 10:58:00 +07:00
parent cbfddb254d
commit 9637fcc797
1 changed files with 11 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
deploy.php
View File

@@ -1,7 +1,8 @@
<?php <?php
declare(strict_types=1); declare(strict_types=1);
const SECRET_FILE = '/home/javi/.deploy-secret.php'; const CONFIG_FILE = '/home/javi/.deploy-secret.php';
const PROJECT_KEY = 'hello-world';
const ALLOWED_BRANCH = 'master'; const ALLOWED_BRANCH = 'master';
const REPO_PATH = '/home/javi/hello-world.ai1.ovh'; const REPO_PATH = '/home/javi/hello-world.ai1.ovh';
const GIT_BIN = '/usr/bin/git'; const GIT_BIN = '/usr/bin/git';
@@ -28,15 +29,16 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
respond(405, 'Method Not Allowed'); respond(405, 'Method Not Allowed');
} }
if (!file_exists(SECRET_FILE)) { $config = require CONFIG_FILE;
log_line('ERROR: No existe SECRET_FILE: ' . SECRET_FILE); if (!is_array($config) || !isset($config[PROJECT_KEY])) {
respond(500, 'Secret file not found'); log_line('ERROR: Secret no configurado para PROJECT_KEY=' . PROJECT_KEY);
respond(500, 'Project secret not configured');
} }
$secret = require SECRET_FILE; $secret = $config[PROJECT_KEY];
if (!$secret || !is_string($secret)) { if (!is_string($secret) || $secret === '') {
log_line('ERROR: SECRET_FILE inválido'); log_line('ERROR: Secret inválido para PROJECT_KEY=' . PROJECT_KEY);
respond(500, 'Secret file error'); respond(500, 'Invalid project secret');
} }
$contentType = $_SERVER['CONTENT_TYPE'] ?? ''; $contentType = $_SERVER['CONTENT_TYPE'] ?? '';
@@ -94,7 +96,6 @@ if (!is_dir(REPO_PATH)) {
} }
$commands = [ $commands = [
'cd ' . escapeshellarg(REPO_PATH) . ' && ' . GIT_BIN . ' rev-parse --is-inside-work-tree 2>&1',
'cd ' . escapeshellarg(REPO_PATH) . ' && ' . GIT_BIN . ' fetch origin 2>&1', 'cd ' . escapeshellarg(REPO_PATH) . ' && ' . GIT_BIN . ' fetch origin 2>&1',
'cd ' . escapeshellarg(REPO_PATH) . ' && ' . GIT_BIN . ' checkout ' . escapeshellarg(ALLOWED_BRANCH) . ' 2>&1', 'cd ' . escapeshellarg(REPO_PATH) . ' && ' . GIT_BIN . ' checkout ' . escapeshellarg(ALLOWED_BRANCH) . ' 2>&1',
'cd ' . escapeshellarg(REPO_PATH) . ' && ' . GIT_BIN . ' pull origin ' . escapeshellarg(ALLOWED_BRANCH) . ' 2>&1', 'cd ' . escapeshellarg(REPO_PATH) . ' && ' . GIT_BIN . ' pull origin ' . escapeshellarg(ALLOWED_BRANCH) . ' 2>&1',
@@ -118,12 +119,7 @@ foreach ($commands as $cmd) {
} }
} }
$after = $data['after'] ?? ''; log_line("PROJECT_KEY=" . PROJECT_KEY . "\n" . implode("\n", $outputAll) . "\n---");
$pusher = $data['pusher']['login'] ?? ($data['sender']['login'] ?? 'unknown');
$logBlock = "Webhook OK | event=push | ref={$ref} | after={$after} | pusher={$pusher}\n" .
implode("\n", $outputAll) . "\n---";
log_line($logBlock);
if ($returnCode !== 0) { if ($returnCode !== 0) {
respond(500, 'Deploy failed. Revisa deploy.log'); respond(500, 'Deploy failed. Revisa deploy.log');