205 lines
5.9 KiB
Python
205 lines
5.9 KiB
Python
""" GogsMaker
|
|
|
|
A webhook-handler for Gogs running `make` when needed. """
|
|
|
|
import os
|
|
import sys
|
|
import subprocess
|
|
import hmac
|
|
import logging
|
|
import coloredlogs
|
|
from hashlib import sha256
|
|
from threading import Thread
|
|
from functools import wraps
|
|
from flask import Flask, request
|
|
from . import settings
|
|
|
|
LOGGER_NAME = __name__
|
|
|
|
app = Flask(__name__)
|
|
|
|
|
|
class UnmonitoredRepository(Exception):
|
|
pass
|
|
|
|
|
|
class GitError(Exception):
|
|
def __init__(self, what):
|
|
super().__init__()
|
|
self.what = what
|
|
|
|
def __str__(self):
|
|
return self.what
|
|
|
|
|
|
def get_hook(url):
|
|
''' Get the hook matching an URL, or raise UnmonitoredRepository '''
|
|
for hook in settings.HOOKS:
|
|
if hook['url'] == url:
|
|
return hook
|
|
raise UnmonitoredRepository
|
|
|
|
|
|
def repo_path(hook):
|
|
''' Get the path at which the hook's repo is cloned '''
|
|
return os.path.join(settings.CLONE_ROOT, hook['name'])
|
|
|
|
|
|
def subprocess_run(command, **kwargs):
|
|
''' Run subprocess with default arguments '''
|
|
args = {
|
|
'check': True,
|
|
'stdout': subprocess.DEVNULL,
|
|
'stderr': subprocess.PIPE,
|
|
}
|
|
args.update(kwargs)
|
|
|
|
return subprocess.run(command, **args)
|
|
|
|
|
|
class MakeWorker(Thread):
|
|
''' A make job '''
|
|
|
|
def __init__(self, hook):
|
|
super().__init__()
|
|
self.hook = hook
|
|
self.name = 'makeworker-{}'.format(hook['name'])
|
|
self.path = repo_path(hook)
|
|
|
|
def run(self):
|
|
''' Run the make job '''
|
|
try:
|
|
subprocess_run(['make', '-C', self.path, '--']
|
|
+ self.hook['targets'])
|
|
except subprocess.CalledProcessError as error:
|
|
logging.error(
|
|
("Hook %s: make failed with status %s. "
|
|
"Error output:\n%s\n"),
|
|
self.hook['name'],
|
|
error.returncode,
|
|
error.stderr.decode('utf-8'))
|
|
|
|
|
|
def update_repo(hook, clone_url):
|
|
''' Update (or clone) the given repository. May raise GitError. '''
|
|
path = repo_path(hook)
|
|
if os.path.isdir(os.path.join(path, '.git')): # Repo is already cloned
|
|
try:
|
|
subprocess_run(['git', '-C', path, 'reset', '--hard']
|
|
) # Just in case.
|
|
subprocess_run(['git', '-C', path, 'pull'])
|
|
except subprocess.CalledProcessError as error:
|
|
logging.error(
|
|
("Hook %s: git failed with status %s. "
|
|
"Error output:\n%s\n"),
|
|
hook['name'],
|
|
error.returncode,
|
|
error.stderr.decode('utf-8'))
|
|
raise GitError("Cannot pull {}".format(hook['name']))
|
|
|
|
else: # Repo is to be cloned
|
|
try:
|
|
subprocess_run(['mkdir', '-p', path])
|
|
subprocess_run(['git', 'clone', clone_url, path], check=True)
|
|
except subprocess.CalledProcessError as error:
|
|
logging.error(
|
|
("Hook %s: git failed cloning with status %s. "
|
|
"Error output:\n%s"),
|
|
hook['name'],
|
|
error.returncode,
|
|
error.stderr.decode('utf-8'))
|
|
raise GitError("Cannot clone {}".format(clone_url))
|
|
|
|
|
|
def check_signature(received_sig, hook, payload):
|
|
''' Check Gogs signature '''
|
|
digest = hmac.new(hook['secret'].encode('utf-8'),
|
|
msg=payload,
|
|
digestmod=sha256).hexdigest()
|
|
return hmac.compare_digest(digest, received_sig)
|
|
|
|
|
|
def gogs_payload(required):
|
|
def wrapper(fct):
|
|
@wraps(fct)
|
|
def wrapped(*args, **kwargs):
|
|
payload = request.json
|
|
if payload is None:
|
|
return 'Expected json\n', 415
|
|
|
|
for field in required + ['repository/html_url']:
|
|
path = field.split('/')
|
|
explore = payload
|
|
for section in path:
|
|
if section not in explore:
|
|
return (
|
|
'Invalid json: missing {}\n'.format(
|
|
'/'.join(path)),
|
|
400)
|
|
explore = explore[section]
|
|
|
|
try:
|
|
hook = get_hook(payload['repository']['html_url'])
|
|
except UnmonitoredRepository:
|
|
return 'Unmonitored repository\n', 403
|
|
|
|
if not settings.DEBUG:
|
|
received_sig = request.headers['X-Gogs-Signature']
|
|
payload_raw = request.data
|
|
if not check_signature(received_sig, hook, payload_raw):
|
|
return 'Invaild signature\n', 403
|
|
|
|
return fct(payload, hook, *args, **kwargs)
|
|
return wrapped
|
|
return wrapper
|
|
|
|
|
|
@app.route('/', methods=['POST'])
|
|
@gogs_payload(['repository/clone_url'])
|
|
def view_root(payload, hook):
|
|
clone_url = payload['repository']['clone_url']
|
|
|
|
try:
|
|
update_repo(hook, clone_url)
|
|
except GitError as error:
|
|
return 'Git error: {}\n'.format(error), 500
|
|
|
|
worker = MakeWorker(hook)
|
|
worker.start()
|
|
|
|
return 'OK\n', 200
|
|
|
|
|
|
@app.before_first_request # FIXME this should be run on startup...
|
|
def startup_actions():
|
|
setup_logger()
|
|
check_settings()
|
|
|
|
|
|
def setup_logger():
|
|
''' Setup the default logger '''
|
|
coloredlogs.install(
|
|
fmt="%(asctime)s [%(levelname)s] %(message)s",
|
|
)
|
|
|
|
|
|
def check_settings():
|
|
''' Check the supplied settings '''
|
|
if settings.DEBUG:
|
|
logging.warning('GogsMaker is running in DEBUG MODE, this is '
|
|
'unsuitable for production environments!')
|
|
|
|
required_keys = ['name', 'url', 'targets', 'secret']
|
|
for hook_id, hook in enumerate(settings.HOOKS):
|
|
for key in required_keys:
|
|
if key not in hook:
|
|
if key == 'name':
|
|
descr = '#{}'.format(hook_id)
|
|
else:
|
|
descr = '{} (#{})'.format(hook['name'], hook_id)
|
|
|
|
logging.critical(('Configuration error: hook %s lacks '
|
|
'attribute %s.'),
|
|
descr, key)
|
|
sys.exit(1)
|