#!/bin/sh # Simple webhook to build and deploy latest blog version. # The webhook allows to pass an optional ref as url path. # # Examples: # curl ; Will deploy main ref # curl /blub ; Will deploy blub ref while true; do echo "Wait for webhook trigger ..." # Wait until webhook is triggered and parse out optional branch info. # The branch info can be passed via the url path, an example is: # GET /blub HTTP/1.1 REF=$(echo -e "HTTP/1.0 204 No Content\r\nConnection: close\r\n\r" | nc -l -p 80 | awk '/GET/ { print $2; }' | tr -d '/') # If we got a ref use it else default to main. REF=${REF:-main} if [ ! -d blog ]; then # Use non-redirected port to clone repository as the runner executes on # the same machine as the webserver. # # We use a NAT:PREROUTING chain to implement the redirection (dnat). # However as described by the netfilter packet flow and the connection # tracking system (CONNTRACK), the NAT hooks are only traversed for NEW # connections. # For packages originating from the local machine, the connection will # be seen as NEW by the CONNTRACK system on the OUTPUT path and hence # the NAT:OUTPUT hooks will be traversed. # Once the package is looped-back and arrives at the PREROUTING path, # the NAT:PREROUTING rules wont be traversed as the package is already # known to the CONNTRACK system (not NEW). # # We could additionally implement dnat for lo interface on the OUTPUT # path as described here, but we dont do it and just use the actual # port here :^) # https://unix.stackexchange.com/questions/618229/nftables-destination-nat-block-local-access-to-port git clone https://git.memzero.de:8443/blog fi git -C blog submodule init git -C blog submodule update git -C blog fetch --prune echo "Checking out ref: $REF" git -C blog checkout $REF || continue zola --root blog build || continue # webroot must be mounted at /www. rm -rf /www/blog mv blog/public /www/blog echo "SUCCESS: Updated /www/blog" done