nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity

fix python CI

Browse Source
This commit is contained in:
nyanloutre 2021-12-30 20:41:12 +01:00
parent d38f7a3ad0
commit 0e9a87ec8e
1 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
services/python-ci.py
View File

@ -13,6 +13,8 @@ from gitlab import Gitlab
import urllib.request import urllib.request
import json import json
import argparse import argparse
import hmac
import hashlib
def gitlab_build(payload, gl): def gitlab_build(payload, gl):
@ -112,23 +114,33 @@ def gitea_build(payload, token):
route_name="gitea_payload", renderer="json", request_method="POST" route_name="gitea_payload", renderer="json", request_method="POST"
) )
class GiteaHook(object): class GiteaHook(object):
def __init__(self, request): def __init__(self, request):
self.request = request self.payload = request.json
self.payload = self.request.json
self.whitelist = ['nyanloutre/site-musique', 'nyanloutre/site-max'] self.whitelist = ['nyanloutre/site-musique', 'nyanloutre/site-max']
self.secret = open(args.secret, 'r').readline().splitlines()[0] self.gitea_token = open(args.gitea_token, 'r').readline().strip()
self.gitea_token = open(args.gitea_token, 'r').readline().splitlines()[0]
@view_config(header="X-Gitea-Event:push") @view_config(header=["X-Gitea-Event:push", "X-Gitea-Signature"], check_hmac=True)
def push_hook(self): def push_hook(self):
if self.payload['repository']['full_name'] in self.whitelist and self.payload['secret'] == self.secret: if self.payload['repository']['full_name'] in self.whitelist:
pool.apply_async(gitea_build, (self.payload, self.gitea_token)) pool.apply_async(gitea_build, (self.payload, self.gitea_token))
return "build started" return "build started"
else: else:
raise HTTPNotFound raise HTTPNotFound
class CheckHmacPredicate(object):
def __init__(self, val, info):
self.secret = open(args.secret, 'r').readline().strip().encode()
def text(self):
return 'HMAC checking enabled'
phash = text
def __call__(self, context, request):
payload_signature = hmac.new(self.secret, request.body, hashlib.sha256).hexdigest()
return hmac.compare_digest(request.headers["X-Gitea-Signature"], payload_signature)
if __name__ == "__main__": if __name__ == "__main__":
parser = argparse.ArgumentParser(description='CI server') parser = argparse.ArgumentParser(description='CI server')
parser.add_argument('--address', help='listening address', default='127.0.0.1') parser.add_argument('--address', help='listening address', default='127.0.0.1')
@ -139,10 +151,13 @@ if __name__ == "__main__":
parser.add_argument('--gitea-token', help='gitea token file') parser.add_argument('--gitea-token', help='gitea token file')
args = parser.parse_args() args = parser.parse_args()
pool = Pool(1) pool = Pool(1)
config = Configurator() config = Configurator()
config.add_view_predicate('check_hmac', CheckHmacPredicate)
config.add_route("gitlab_payload", "/gitlab_payload") config.add_route("gitlab_payload", "/gitlab_payload")
config.add_route("gitea_payload", "/gitea_payload") config.add_route("gitea_payload", "/gitea_payload")
config.scan() config.scan()