github-webhooks/server.js at main · axbegue/github-webhooks · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
require('dotenv').config();
const express = require('express');
const bodyParser = require('body-parser');
const crypto = require('crypto');
const { exec } = require('child_process');

const app = express();
const PORT = process.env.PORT || 3000;
const GITHUB_SECRET = process.env.GITHUB_SECRET || '';

const BRANCH_NAME = process.env.BRANCH_NAME || '';

const API_REPO_NAME = process.env.API_REPO_NAME || '';
const API_SCRIPT_PATH = process.env.API_SCRIPT_PATH || '';

const FRONT_REPO_NAME = process.env.FRONT_REPO_NAME || '';
const FRONT_SCRIPT_PATH = process.env.FRONT_SCRIPT_PATH || '';

// Middleware para capturar el raw body y verificar la firma
app.use(
  bodyParser.json({
    verify: (req, res, buf) => {
      req.rawBody = buf;
    },
  }),
);

// Función para verificar la firma del webhook
function verifySignature(req) {
  const signature = req.headers['x-hub-signature-256'];
  const hmac = crypto.createHmac('sha256', GITHUB_SECRET);
  const digest = 'sha256=' + hmac.update(req.rawBody).digest('hex');
  return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(digest));
}

// Función para ejecutar el script correspondiente
function runScript(scriptPath, res) {
  // Ejecutar el script
  exec(`sh ${scriptPath}`, (err, stdout, stderr) => {
    if (err) {
      console.error(`❌ Error ejecutando el script ${scriptPath}: ${err.message}`);
      console.error(`stderr: ${stderr}`);
      return;
    }
    console.log(`✅ Script ${scriptPath} ejecutado correctamente.`);
    console.log(`stdout: ${stdout}`);
  });
}

// Endpoint para el webhook
app.post('/webhook', (req, res) => {
  if (!verifySignature(req)) {
    return res.status(401).send('Firma inválida');
  }

  const event = req.headers['x-github-event'];

  if (event === 'ping') {
    console.log('Ping recibido');
    return res.status(200).send('pong');
  }

  if (event === 'push') {
    const repoName = req.body.repository?.name;
    const branchRef = req.body.ref; // e.g., refs/heads/master
    const branch = branchRef.split('/').pop(); // e.g., master

    console.log(`Push recibido desde el repositorio: ${repoName} en ${branch}`);

    // Verificar si el push es en la rama master
    if (branch !== BRANCH_NAME) {
      console.log(`⚠️ Push ignorado: no es en la rama ${BRANCH_NAME}, (${branch})`);
      return res.status(200).send(`Push ignorado. Rama: ${branch}`);
    }

    if (repoName === API_REPO_NAME) {
      console.log('Ejecutando script para API...');
      res.status(200).send('Ejecución de script iniciada');
      return runScript(API_SCRIPT_PATH, res);
    }

    if (repoName === FRONT_REPO_NAME) {
      console.log('Ejecutando script para Frontend...');
      res.status(200).send('Ejecución de script iniciada');
      return runScript(FRONT_SCRIPT_PATH, res);
    }

    console.log('Repositorio no reconocido');
    return res.status(400).send('Repositorio no reconocido');
  }

  res.status(200).send(`Evento ${event} no manejado`);
});

app.listen(PORT, () => {
  console.log(`Servidor escuchando en http://localhost:${PORT}`);
});