blob: b874233c2c4a55e6c85a5c302731328c705dafb8 (
plain) (
tree)
|
|
#!/bin/sh
# Simple webhook to build and deploy latest blog version.
# The webhook allows to pass an optional ref as url path.
#
# Examples:
# curl <host> ; Will deploy main ref
# curl <host>/blub ; Will deploy blub ref
while true; do
echo "Wait for webhook trigger ..."
# Wait until webhook is triggered and parse out optional branch info.
# The branch info can be passed via the url path, an example is:
# GET /blub HTTP/1.1
REF=$(echo -e "HTTP/1.0 204 No Content\r\nConnection: close\r\n\r" | nc -l -p 80 | awk '/GET/ { print $2; }' | tr -d '/')
# If we got a ref use it else default to main.
REF=${REF:-main}
if [ ! -d blog ]; then
# Use non-redirected port to clone repository as the runner executes on
# the same machine as the webserver.
#
# We use a NAT:PREROUTING chain to implement the redirection (dnat).
# However as described by the netfilter packet flow and the connection
# tracking system (CONNTRACK), the NAT hooks are only traversed for NEW
# connections.
# For packages originating from the local machine, the connection will
# be seen as NEW by the CONNTRACK system on the OUTPUT path and hence
# the NAT:OUTPUT hooks will be traversed.
# Once the package is looped-back and arrives at the PREROUTING path,
# the NAT:PREROUTING rules wont be traversed as the package is already
# known to the CONNTRACK system (not NEW).
#
# We could additionally implement dnat for lo interface on the OUTPUT
# path as described here, but we dont do it and just use the actual
# port here :^)
# https://unix.stackexchange.com/questions/618229/nftables-destination-nat-block-local-access-to-port
git clone https://git.memzero.de:8443/blog
fi
git -C blog submodule init
git -C blog submodule update
git -C blog fetch --prune
echo "Checking out ref: $REF"
git -C blog checkout $REF || continue
zola --root blog build || continue
# webroot must be mounted at /www.
rm -rf /www/blog
mv blog/public /www/blog
echo "SUCCESS: Updated /www/blog"
done
|
