saufi/eCert-MBIP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tambah webhook

Browse Source
This commit is contained in:
Saufi
2026-05-22 16:12:05 +08:00
parent d9ecdfc8f6
commit 2a67d937e8
5 changed files with 74 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
deploy.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/bin/bash
# eCert MBIP — Production Deploy Script
# Dipanggil oleh webhook selepas git push ke GitHub
set -e
PROJECT_DIR="/srv/ecert"
LOG="$PROJECT_DIR/deploy.log"
log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG"; }
log "=== Deploy dimulakan ==="
cd "$PROJECT_DIR"
log "git pull..."
git pull origin main
log "migrate database..."
docker exec ecert_app php artisan migrate --force
log "optimize cache..."
docker exec ecert_app php artisan optimize
log "restart queue worker..."
docker restart ecert_queue
log "=== Deploy selesai ==="

16
docker-compose.prod.yml
View File

@@ -62,6 +62,22 @@ services:
APP_ENV: production APP_ENV: production
extra_hosts: [] extra_hosts: []
# ── Webhook Deploy (GitHub → auto pull + migrate) ──────────────────────────
webhook:
build:
context: ./docker/webhook
container_name: ecert_webhook
restart: always
environment:
WEBHOOK_SECRET: ${WEBHOOK_SECRET}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/.ssh:/root/.ssh:ro
- ./docker/webhook/hooks.json:/etc/webhook/hooks.json:ro
- ./deploy.sh:/deploy.sh:ro
- .:/srv/ecert
command: -hooks=/etc/webhook/hooks.json -template -verbose
############################################################################### ###############################################################################
volumes: volumes:
storage_data: storage_data:

7
docker/nginx/default.conf
View File

@@ -62,6 +62,13 @@ server {
try_files $uri =404; try_files $uri =404;
} }
# ── GitHub Webhook Deploy ─────────────────────────────────────────────────
location /hooks/ {
proxy_pass http://ecert_webhook:9000/hooks/;
proxy_set_header Host $host;
proxy_read_timeout 60s;
}
# ── Halang akses fail tersembunyi ───────────────────────────────────────── # ── Halang akses fail tersembunyi ─────────────────────────────────────────
location ~ /\. { location ~ /\. {
deny all; deny all;

6
docker/webhook/Dockerfile Normal file
View File

@@ -0,0 +1,6 @@
FROM alpine:3.21
RUN apk add --no-cache git docker-cli curl && \
curl -fsSL https://github.com/adnanh/webhook/releases/download/2.8.1/webhook-linux-amd64.tar.gz \
| tar xz -C /usr/local/bin --strip-components=1
EXPOSE 9000
ENTRYPOINT ["/usr/local/bin/webhook"]

18
docker/webhook/hooks.json Normal file
View File

@@ -0,0 +1,18 @@
[
{
"id": "deploy",
"execute-command": "/deploy.sh",
"command-working-directory": "/srv/ecert",
"response-message": "Deploy dimulakan.",
"trigger-rule": {
"match": {
"type": "payload-hmac-sha256",
"secret": "{{ .Env.WEBHOOK_SECRET }}",
"parameter": {
"source": "header",
"name": "X-Hub-Signature-256"
}
}
}
}
]