This is a static webpage powered by the great HUGO site generator and uses the introduction theme.
For every push to the master-branch GitHub triggers a Webhook to a URL on my server which then starts the redeploy server-side.
To secure this mechanism the hook itself uses a secret and the URL to trigger the redeploy is treated as a secret.
To make all of this work the webhook service just listens on localhost, which can be achived by creating an override for the systemd unit (via systemctl edit webhook.service):
[Service]
ExecStart=
ExecStart=/usr/bin/webhook -nopanic -ip 127.0.0.1 -verbose -hooks /etc/webhook.conf
Apache config:
ProxyPass /hooks/cryptic-long-str http://localhost:9000/hooks/website-redeploy
ProxyPassReverse /hooks/cryptic-long-str http://localhost:9000/hooks/website-redeploy
To actually handle the GitHub webhooks adnanh/webhook is used with the following config (/etc/webhook.conf):
[
{
"command-working-directory": "/opt/projects/christian.heusel.eu/",
"execute-command": "/usr/bin/sudo",
"id": "website-redeploy",
"pass-arguments-to-command": [
{
"name": "/opt/projects/christian.heusel.eu/update.sh",
"source": "string"
}
],
"response-message": "website update started",
"trigger-rule": {
"match": {
"parameter": {
"name": "X-Hub-Signature",
"source": "header"
},
"secret": "<redacted>",
"type": "payload-hash-sha1"
}
}
}
]
The website source files are updated via the following script
#!/bin/bash -
git pull --rebase
hugo