使用 Flask 编写 Gitlab Webhook 实现自动拉取代码到服务器

1、在要拉取代码的机器上生成用户的ssh keys，添加到gitlab ssh keys，避免git pull的时候需要输入代码。

测试是否能连接 gitlab

# ssh -T git@gitlab.xxx.com
Welcome to GitLab, @webhook!

说明可以使用git用户连接到gitlab

2、配置 gitlab webhook

如果添加时出现 “Webhooks and insecure internal web services”，则配置

3、编写 flask webhook 服务 app.py

from flask import Flask
from flask import request, jsonify, abort
import subprocess
app = Flask(__name__)
WEBHOOK_VERIFY_TOKEN = "Gitlab 中 Secret Token 的值"   # 这里的值可以随便写，然后填写在gitlab的secret token中即可

@app.route('/webhook', methods=['GET', 'POST'])
def webhook():
    if request.method == 'GET':
        verify_token = request.headers.get('X-Gitlab-Token')
        if verify_token == WEBHOOK_VERIFY_TOKEN:
            return jsonify({'status': 'success'}), 200
        else:
            return jsonify({'status': 'bad token'}), 401
    elif request.method == 'POST':
        verify_token = request.headers.get('X-Gitlab-Token')
        if verify_token == WEBHOOK_VERIFY_TOKEN:
            # 进入到代码目录，拉取最新代码
            retcode = subprocess.call("cd /data/xxx-salt/ && git pull", shell=True)
            if retcode == 0:
                return jsonify({'status': 'success'}), 200
            else:
                return jsonify({'status': 'git pull error'}), 503
        else:
            return jsonify({'status': 'bad token'}), 401
    else:
        abort(400)

if __name__ == '__main__':
    app.run(host='0.0.0.0', port='5000')

4、在要拉取代码的机器上部署 flask webhook 服务 app.py

# pip install flask
# yum install -y supervisor
// 先直接运行 app.py 看是否正常
# /usr/bin/python /data/webhook/app.py
// 用 curl 测试一下，看服务是否能处理请求
# curl -X POST -H 'X-Gitlab-Token: Gitlab 中 Secret Token 的值' 10.1.xxx.xxx:5000/webhook
{"status":"success"}

// 用 supervisor 部署服务（也可以先用 gunicorn 运行 app.js）。或者直接运行 /usr/bin/python /data/webhook/app.py ，就可以忽略这一步
# egrep -v "^$|^;" /etc/supervisord.conf
[unix_http_server]
file=/var/run/supervisor/supervisor.sock   ; (the path to the socket file)
[supervisord]
logfile=/var/log/supervisor/supervisord.log  ; (main log file;default $CWD/supervisord.log)
logfile_maxbytes=50MB       ; (max main logfile bytes b4 rotation;default 50MB)
logfile_backups=10          ; (num of main logfile rotation backups;default 10)
loglevel=info               ; (log level;default info; others: debug,warn,trace)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
nodaemon=false              ; (start in foreground if true;default false)
minfds=1024                 ; (min. avail startup file descriptors;default 1024)
minprocs=200                ; (min. avail process descriptors;default 200)
user=root                 ; (default is current user, required if root)
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///var/run/supervisor/supervisor.sock ; use a unix:// URL  for a unix socket
[include]
files = supervisord.d/*.ini
# egrep -v "^$|^;" /etc/supervisord.d/webhook.ini 
[program:webhook]
command=/usr/bin/python /data/webhook/app.py              ; the program (relative uses PATH, can take args)
process_name=%(program_name)s ; process_name expr (default %(program_name)s)
numprocs=1                    ; number of processes copies to start (def 1)
directory=/data/webhook                ; directory to cwd to before exec (def no cwd)
umask=022                     ; umask for process (default None)
priority=999                  ; the relative start priority (default 999)
autostart=true                ; start at supervisord start (default: true)
autorestart=true              ; retstart at unexpected quit (default: true)
startsecs=10                  ; number of secs prog must stay running (def. 1)
startretries=3                ; max # of serial start failures (default 3)
exitcodes=0,2                 ; 'expected' exit codes for process (default 0,2)
stopsignal=QUIT               ; signal used to kill process (default TERM)
stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
user=root                   ; setuid to this UNIX account to run the program
redirect_stderr=true          ; redirect proc stderr to stdout (default false)
stdout_logfile=/tmp/webhook.log        ; stdout log path, NONE for none; default AUTO
stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
stdout_logfile_backups=10     ; # of stdout logfile backups (default 10)
stdout_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
stdout_events_enabled=false   ; emit events on stdout writes (default false)
stderr_logfile=/tmp/webhook.error.log        ; stderr log path, NONE for none; default AUTO
stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
stderr_logfile_backups=10     ; # of stderr logfile backups (default 10)
stderr_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
stderr_events_enabled=false   ; emit events on stderr writes (default false)
environment=A=1,B=2           ; process environment additions (def no adds)
serverurl=AUTO                ; override serverurl computation (childutils)

# systemctl restart supervisord
# supervisorctl status
webhook                          RUNNING   pid 11246, uptime 1:29:18

5、测试 gitlab webook

查看 app.py 日志

# tail /tmp/webhook.log 
10.1.9.34 - - [03/Jan/2019 13:06:12] "POST /webhook HTTP/1.1" 200 -
Already up-to-date.
10.1.200.91 - - [03/Jan/2019 13:12:34] "POST /webhook HTTP/1.1" 200 -

这样就可以实现一个简单的自动拉取代码到服务器的 webhook。

posted @ 2024-09-03 16:21 羊脂玉净瓶阅读(105) 评论(0) 收藏举报

刷新页面返回顶部

羊脂玉净瓶

使用 Flask 编写 Gitlab Webhook 实现自动拉取代码到服务器

公告