By continuing to navigate on this website, you accept the use of cookies to serve you more relevant services & content.
For more information and to change the setting of cookies on your computer, please read our Cookie Policy.

Web Hooks for Gitlab using PHP and Shell Scripts

Web-hooks play a vital role if you are in Continuous Integration(CI). Higher Level organizations follow GitLab for CI purposes if they operate on open source solutions and at times every developer needs to check his code integrity. At times like that, web hooks can help us.

Webhooks calls URL if any push, merge, issue events are created.

The process involves:

1. PHP script to run on URL call

2. The PHP script calls a bash script which does actual work.

Make sure that your webhook ip follows this format

http://example.com/test.php?token="your token"  //generate some random token, later used for verification

PHP code to call when URL hits are

$access_token = 'same-token-mentioned-in-webhook-url';

$access_ip = array('xx.xx.xx.xx');  //ip address of the gitlab server

$client_token = $_GET['token'];

$client_ip = $_SERVER['REMOTE_ADDR'];

$fs = fopen('./webhook.log', 'a');  //creates a log in the same directory as your php script

if ($client_token !== $access_token)
{
echo "error 403";
fwrite($fs, "Invalid token [{$client_token}]".PHP_EOL);
exit(0);
}

if ( ! in_array($client_ip, $access_ip))
{
echo "error 503";
fwrite($fs, "Invalid ip [{$client_ip}]".PHP_EOL);
exit(0);
}

exec("sudo location/of/bash/script");

?>

You have to make sure that Bash script location is different from that of PHP script for safe usage.

Now your PHP calling Bash script should have the following code:

#!/bin/bash

cd /location/to/store/git/files
git checkout
git reset --hard HEAD
git clean -f -d
git pull origin   >> /choose/a/locaion/for/log
echo "" >> /same/log/locationWe have called  Bash script with sudo permissions in PHP. so, when we run the script remotely, it will wait for the password. In order to avoid that we need to give user, a permission to execute a sudo command without prompt of the password. For that, we need to edit sudoer's file

Note:

The location where git repository is downloading is properly git configured and you use ssh key with empty pass phrase to download git repository

In terminal edit sudoer's file in safe mode and append the line below.

sudo visudo //to access the sudoer's file in safemode

user ALL=(ALL) NOPASSWD:/path/to/script.sh

If you're confused which user should be given permission, it will depend on the web server. It can be www-data for apache2 & Nginx or nobody for Nginx. If you don't know which user to grant permissions for or have any issues running script, Don't forget the PHP script works till the last line but fails to execute exec function . so you need to push your changes to GitLab and wait in the terminal of the server(use top command) for the script to be called. Wait for the script to be called and then make note of user and give that user permissions in visudo file.

One final push and you can see your changes successfully applied automatically.

If you have any trouble executing the bash script without password after editing sudoer's file

1. Check permissions of script(i.e. Does user belong to group that can execute the script).

2.restart so that changes in sudoer's file may take effect

    Posted On
  • 20 November 2014
  • By
  • Micropyramid

Need any Help in your Project?Let's Talk

Latest Comments
Related Articles
ELK Stack for Parsing your Logs

In This Tutorial we will look onto parsing your syslog files and store and display it in interactable website. We will be using ELK Stack ...

Continue Reading...
Ansible for Server Process Automation

Ansible is one of the few automation tools which uses an agentless architecture, where you dont need to install daemons in client nodes for interacting ...

Continue Reading...
Django hosting on Nginx with uwsgi for high performance

Quick guide to host django application using uwsgi and nginx which offers better resource utilization and performance.

Continue Reading...
open source packages

Subscribe To our news letter

Subscribe and Stay Updated about our Webinars, news and articles on Django, Python, Machine Learning, Amazon Web Services, DevOps, Salesforce, ReactJS, AngularJS, React Native.
* We don't provide your email contact details to any third parties