Changeset 3983
- Timestamp:
- 09/07/2016 06:02:21 AM (8 years ago)
- Location:
- sites/trunk/api.wordpress.org/public_html/dotorg/github-sync
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/api.wordpress.org/public_html/dotorg/github-sync/feature-plugins.php
r2698 r3983 1 1 <?php 2 2 /** 3 * A easy webhook to allow feature plugins to be sync'd to WordPress.org plugins SVN easier. 3 * This webhook is very basic, but handles syncing a select few featured plugins over to plugins.svn.wordpress.org during development. 4 * 5 * To have your *feature project* handled by this sync script: 6 * - Ensure you're listed on https://make.wordpress.org/core/features-as-plugins/ if you're not, ping in #meta 7 * - Ping in #meta to get your project added to the whitelist within this file 8 * - Add `https://api.wordpress.org/dotorg/github-sync/feature-plugins.php` as a `push` webhook on github with the secret we'll provide you. 9 * - Push to github master and watch https://plugins.trac.wordpress.org/log/$plugin_slug/ 10 * - Profit from all the Open Source points you're getting! 4 11 */ 5 12 … … 8 15 class GH2WORG { 9 16 10 private $whitelisted_repos = array( 11 // Github User/Repo => plugins.svn.wordpress.org/****/trunk/ 12 'dd32/feature-plugin-testing' => 'test-plugin-3', 13 'voldemortensen/menu-customizer' => 'menu-customizer', 14 'georgestephanis/two-factor' => 'two-factor', 17 private $whitelisted_repos = [ 18 // Github.com/{$user/repo-name} => plugins.svn.wordpress.org/{$slug}/trunk/ 19 'dd32/feature-plugin-testing' => 'test-plugin-3', 20 'georgestephanis/two-factor' => 'two-factor', 15 21 'georgestephanis/application-passwords' => 'application-passwords', 16 'obenland/shiny-updates' => 'shiny-updates',17 'pento/react' => 'react',18 );22 'obenland/shiny-updates' => 'shiny-updates', 23 'pento/react' => 'react', 24 ]; 19 25 20 26 function __construct() { 21 $this->populate_post_vars(); 22 23 if ( ! $this->verify_github_signature() ) { 24 die( 'Cheating, huh?' ); 25 } 26 27 $repo_name = $_POST['repository']['full_name']; 28 $repo_url = $_POST['repository']['git_url']; 29 30 if ( ! $this->verify_valid_plugin( $repo_name ) ) { 31 die( 'Sorry, This Github repo is not configured for WordPress.org Plugins SVN Github Sync. Please contact us.' ); 32 } 27 $repo_name = $this->get_notified_repo(); 33 28 34 29 $svn_directory = $this->whitelisted_repos[ $repo_name ]; 35 30 36 $this->process_github_to_svn( $repo_url, $svn_directory ); 31 if ( ! $repo_name || ! $svn_directory ) { 32 die( 'Sorry, This Github repo is not configured for WordPress.org Plugins SVN Github Sync. Please ping in #meta on Slack for assistance.' ); 33 } 34 35 $this->process_github_to_svn( $repo_name, $svn_directory ); 37 36 } 38 37 39 function populate_post_vars() { 40 if ( 'application/json' == $_SERVER['HTTP_CONTENT_TYPE'] ) { 41 $_POST = @json_decode( file_get_contents('php://input'), true ); 42 } else { 43 // Assuming Magic Quotes disabled like a good host. 44 $_POST = @json_decode( $_POST['payload'], true ); 38 /** 39 * Determines the Github Repo (user/repo) which Github is notifying us about. 40 * 41 * - Extracts the repo from both `application/json` and `application/x-www-form-urlencoded` webhook variants. 42 * - Verifies the signature of the request 43 * 44 * @return string|bool Github repo on success, false on failure. 45 */ 46 function get_notified_repo() { 47 $github_payload = file_get_contents( 'php://input' ); 48 $signature_of_payload = 'sha1=' . hash_hmac( 'sha1', $github_payload, FEATURE_PLUGIN_GH_SYNC_SECRET ); 49 50 if ( ! hash_equals( $signature_of_payload, $_SERVER['HTTP_X_HUB_SIGNATURE'] ) ) { 51 return false; 45 52 } 53 54 /* 55 * Extract the payload from the `php://input` stream, although this is also present in 56 * $_POST, the Github signature is of this raw data, so we'll use that data. 57 */ 58 if ( 'application/x-www-form-urlencoded' === $_SERVER['HTTP_CONTENT_TYPE'] ) { 59 parse_str( $github_payload, $github_payload ); 60 $github_payload = $github_payload['payload']; 61 } 62 63 return json_decode( $github_payload, true )['repository']['full_name']; 46 64 } 47 65 48 function verify_github_signature() { 49 if ( empty( $_SERVER['HTTP_X_HUB_SIGNATURE'] ) ) 50 return false; 66 /** 67 * Triggers the shell script to migrate the Git commit to plugins.svn 68 * 69 * @param string $github_repo The Github Repo which was modified (user/repo). 70 * @param string $svn_directory The plugins.svn directory/plugin (plugin-slug). 71 */ 72 function process_github_to_svn( $github_repo, $svn_directory ) { 51 73 52 list( $algo, $hash ) = explode( '=', $_SERVER['HTTP_X_HUB_SIGNATURE'], 2 ); 53 54 // Todo? Doesn't handle standard $_POST, only application/json 55 $hmac = hash_hmac( $algo, file_get_contents('php://input' ), FEATURE_PLUGIN_GH_SYNC_SECRET ); 56 57 return $hash === $hmac; 58 } 59 60 function verify_valid_plugin( $repo ) { 61 return isset( $this->whitelisted_repos[ $repo ] ); 62 } 63 64 function process_github_to_svn( $github_url, $svn_directory ) { 65 66 putenv( 'PHP_SVN_USER=' . FEATURE_PLUGIN_GH_SYNC_USER ); 74 putenv( 'PHP_SVN_USER=' . FEATURE_PLUGIN_GH_SYNC_USER ); 67 75 putenv( 'PHP_SVN_PASSWORD=' . FEATURE_PLUGIN_GH_SYNC_PASS ); 68 76 69 echo shell_exec( __DIR__ . "/feature-plugins.sh $github_url $svn_directory 2>&1" ); 77 $github_repo = escapeshellarg( $github_repo ); 78 $svn_directory = escapeshellarg( $svn_directory ); 79 80 echo shell_exec( __DIR__ . "/feature-plugins.sh $github_repo $svn_directory 2>&1" ); 70 81 71 82 putenv( 'PHP_SVN_USER' ); -
sites/trunk/api.wordpress.org/public_html/dotorg/github-sync/feature-plugins.sh
r2295 r3983 1 1 #!/bin/bash 2 2 3 GITHUB_ URL=$1;3 GITHUB_REPO=$1; 4 4 SVN_PLUGIN=$2; 5 5 … … 16 16 17 17 # Validate all Parameters are present 18 if [ ! $GITHUB_ URL] || [ ! $SVN_PLUGIN ] || [ ! $PHP_SVN_USER ] || [ ! $PHP_SVN_PASSWORD ]; then18 if [ ! $GITHUB_REPO ] || [ ! $SVN_PLUGIN ] || [ ! $PHP_SVN_USER ] || [ ! $PHP_SVN_PASSWORD ]; then 19 19 echo "Invalid Input, missing parameter"; exit 1 20 20 fi 21 21 22 GITHUB_URL="git://github.com/$GITHUB_REPO.git" 22 23 SVN_URL="https://plugins.svn.wordpress.org/$SVN_PLUGIN/trunk/" 23 24 ASSETS_SVN_URL="https://plugins.svn.wordpress.org/$SVN_PLUGIN/assets/"
Note: See TracChangeset
for help on using the changeset viewer.