Search code examples
phpgitgithubnginxgit-post-receive

Github Service Hooks: post-receive via PHP


I'm having some issues deploying via service hook and I think it's a matter of permissions, but I'll state all the facts first.

Server: Nginx w/ PHP-FPM on Arch Linux

Nginx is running as user http and has ownership of the directory to be updated by the script. I've also created an SSH key for HTTP and installed it on GitHub. Other commands seem to work just fine through the shell_exec, but I can't get a reset or a pull to complete and there's no output returned from either. Any help would be appreciated. Thanks!

Hook script (PHP):

if ( isset($_SERVER["REMOTE_ADDR"]) )    { 
    $requestIP = $_SERVER["REMOTE_ADDR"]; 
} else if ( isset($_SERVER["HTTP_X_FORWARDED_FOR"]) )    { 
    $requestIP = $_SERVER["HTTP_X_FORWARDED_FOR"]; 
} else if ( isset($_SERVER["HTTP_CLIENT_IP"]) )    { 
    $requestIP = $_SERVER["HTTP_CLIENT_IP"]; 
}

// GitHub post-receive IPs
$validIPs = array(
    '207.97.227.253',
    '50.57.128.197',
    '180.171.174.178'.
    '50.57.231.61',
    '54.235.183.49',
    '54.235.183.23',
    '54.235.118.251',
    '54.235.120.57',
    '54.235.120.61',
    '54.235.120.62'
);

if(($payload = $_REQUEST['payload']) && in_array($validIps, $requestIP)) {
    $payload = json_decode($payload);
    $repository = $payload->repository->name;
    $docRoot = '/var/www/'.escapeshellcmd($repository);

    if(is_dir($docRoot)) {
        $command = 'cd '.$docRoot.' && git reset --hard HEAD && git pull';
        $output = shell_exec( $command );
        file_put_contents("hook.log", "$repository: $output\r\n", FILE_APPEND);     
    }
}

Solution

  • You should check the environment your commands run in. It is possible git is not in the path that environment is using.

    If this is the case, you could run git using it full pathname.