七、Flask+Github触发webhoop接口
[root@iZj6cbtjqbqb2cx7qdl9z5Z bugbk.com]# more app.py
#coding: utf8
import hmac
import os
from flask import Flask, request, jsonify
app = Flask(__name__)
# github中webhooks的secret
github_secret = 'aabb1122'
def encryption(data):
key = github_secret.encode('utf-8')
obj = hmac.new(key, msg=data, digestmod='sha1')
return obj.hexdigest()
@app.route('/bugbk', methods=['POST'])
def post_data():
"""
github加密是将post提交的data和WebHooks的secret通过hmac的sha1加密,放到HTTP headers的
X-Hub-Signature参数中
"""
post_data = request.data
token = encryption(post_data)
# 认证签名是否有效
signature = request.headers.get('X-Hub-Signature', '').split('=')[-1]
if signature != token:
return "token认证无效", 401
# 运行shell脚本,更新代码
os.system('sh deploy.sh &')
return jsonify({"status": 200})
if __name__ == '__main__':
app.run()uwsgi.ini
[uwsgi]
#plugin=python3
virtualenv=/root/.local/share/virtualenvs/bugbk.com-nBYCV8PL
http=0.0.0.0:39000
uid=root
gid=root
#socket=/tmp/uwsgi.sock
#chmod-socket=666
enable-threads=true
master=true
vhost=true
workers=5
max-requests=1000
pidfile=/var/run/uwsgi.pid
daemonize=/var/log/uwsgi.log
module=app
callable=app
chdir=/www/wwwroot/bugbk.com
wsgi-file=app.py
manage-script-name=true
touce-reload=/www/wwwroot/bugbk.compipenv管理
[root@iZj6cbtjqbqb2cx7qdl9z5Z bugbk.com]# cat Pipfile
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
flask = "*"
uwsgi = "*"
pipfile = "*"
[dev-packages]
[requires]
python_version = "3.7"deploy.sh
[root@iZj6cbtjqbqb2cx7qdl9z5Z bugbk.com]# cat deploy.sh
#!/usr/bin/bash
WORK_DIR=$(pwd)
echo "开始自动化构建..." >> /root/bugbk
[[ -d "${WORK_DIR}/bugbk" ]] && rm -fr ${WORK_DIR}/bugbk
git clone https://github.com.cnpmjs.org/dev-centos/bugbk.git \
&& cd ${WORK_DIR}/bugbk && npm install && hexo g && hexo d && chown www:www public -R
#[[ $? != 0 ]] && echo "hexo -d错误" >>/root/bugbk && exit 1
#cd ${WORK_DIR} && mv public /tmp/public_`date +%F_%T` && mv ${WORK_DIR}/bugbk/public . && chown www:www public -RLast updated