tambah webhook

2026-05-22 16:12:05 +08:00
parent d9ecdfc8f6
commit 2a67d937e8
5 changed files with 74 additions and 0 deletions
--- a/deploy.sh
+++ b/deploy.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+# eCert MBIP — Production Deploy Script
+# Dipanggil oleh webhook selepas git push ke GitHub
+set -e
+
+PROJECT_DIR="/srv/ecert"
+LOG="$PROJECT_DIR/deploy.log"
+
+log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG"; }
+
+log "=== Deploy dimulakan ==="
+
+cd "$PROJECT_DIR"
+
+log "git pull..."
+git pull origin main
+
+log "migrate database..."
+docker exec ecert_app php artisan migrate --force
+
+log "optimize cache..."
+docker exec ecert_app php artisan optimize
+
+log "restart queue worker..."
+docker restart ecert_queue
+
+log "=== Deploy selesai ==="
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -62,6 +62,22 @@ services:
      APP_ENV: production
    extra_hosts: []

+  # ── Webhook Deploy (GitHub → auto pull + migrate) ──────────────────────────
+  webhook:
+    build:
+      context: ./docker/webhook
+    container_name: ecert_webhook
+    restart: always
+    environment:
+      WEBHOOK_SECRET: ${WEBHOOK_SECRET}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /root/.ssh:/root/.ssh:ro
+      - ./docker/webhook/hooks.json:/etc/webhook/hooks.json:ro
+      - ./deploy.sh:/deploy.sh:ro
+      - .:/srv/ecert
+    command: -hooks=/etc/webhook/hooks.json -template -verbose
+
 ###############################################################################
 volumes:
  storage_data:
--- a/docker/nginx/default.conf
+++ b/docker/nginx/default.conf
@@ -62,6 +62,13 @@ server {
        try_files  $uri =404;
    }

+    # ── GitHub Webhook Deploy ─────────────────────────────────────────────────
+    location /hooks/ {
+        proxy_pass         http://ecert_webhook:9000/hooks/;
+        proxy_set_header   Host $host;
+        proxy_read_timeout 60s;
+    }
+
    # ── Halang akses fail tersembunyi ─────────────────────────────────────────
    location ~ /\. {
        deny all;
--- a/docker/webhook/Dockerfile
+++ b/docker/webhook/Dockerfile
@@ -0,0 +1,6 @@
+FROM alpine:3.21
+RUN apk add --no-cache git docker-cli curl && \
+    curl -fsSL https://github.com/adnanh/webhook/releases/download/2.8.1/webhook-linux-amd64.tar.gz \
+    | tar xz -C /usr/local/bin --strip-components=1
+EXPOSE 9000
+ENTRYPOINT ["/usr/local/bin/webhook"]
--- a/docker/webhook/hooks.json
+++ b/docker/webhook/hooks.json
@@ -0,0 +1,18 @@
+[
+  {
+    "id": "deploy",
+    "execute-command": "/deploy.sh",
+    "command-working-directory": "/srv/ecert",
+    "response-message": "Deploy dimulakan.",
+    "trigger-rule": {
+      "match": {
+        "type": "payload-hmac-sha256",
+        "secret": "{{ .Env.WEBHOOK_SECRET }}",
+        "parameter": {
+          "source": "header",
+          "name": "X-Hub-Signature-256"
+        }
+      }
+    }
+  }
+]