[webhook] Adds webhook for redeploying npm projects

2025-06-04 17:35:31 -07:00
parent 104cd2fd2e
commit f8378354fb
4 changed files with 138 additions and 26 deletions
--- a/system/hosts/mcp/static-site-hooks.nix
+++ b/system/hosts/mcp/static-site-hooks.nix
@@ -0,0 +1,77 @@
+{ config, pkgs, ... }:
+let
+  gitKnownHosts = pkgs.writeText "known_hosts" ''
+    [git.blazestar.net]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSikNAZDAbdQ5TA6Eg95FBM3sdPfAfghG+n56akCal8XXV/vOnXgqfeDASfXVOu+PZqCHnpGTxsym7hf2naFC0enznhS2sqahdQKKcsHvSfyQxpYFYyB2Zp8YDbnbRNGl2SbnqOajzk1SxJrJ0fFXmfrRIMnGNz+uFtIqc+T52CM051nd5Gj3f9a8xCwg7hedvSCynobsW9IOCmCc9rZ99TRd+m0kO74pUbgVqLv/+aSuW40K1uCkKgyh6PQsmkZd5GY0URwoJvLZauZLSPxl6DEU6lYz8S/hPrTP/e6fOPZsavQBYC+3Q/akoFnY+qlKgWLQy/Om6hz0EfYuuzNPRhf1jaGKjHgEri1f3OMgXcRMvjovRgbbu0JRGANmN8FMe20S4AAvbxmsQdQci+QcXZPDPbcmT3XJv8e8p4HNQyLxHyh0u9dLBE2ccTv5gdf/6iZy6WXlYEf1UAKC2lExRuKBV3lrnuyHhOj+iL09gUMYFuIyHuX2Hsw9yKZbO8J2+STNIVQfAJ0Upa2cJ33a6RlOxGiHXi4UbZTPguNgQaQdM0CuklVTynBfWr1Hfd8c8hVtT+HLz+XOU2Nrmgq90/w7g7mo5JxXHkcfBlqlXKONTkDUG3KHbwKtQNVC6l3bhpvPc32Mys6e7JeWnrb1zXojopnPvoct54qDVlwc5xQ==
+  '';
+  testHook =
+    with pkgs;
+    writeShellApplication {
+      name = "deploy-astro-app";
+      runtimeInputs = [
+        openssh
+        gitFull
+        nodejs_22
+        bashNonInteractive
+      ];
+      text = ''
+        set -e
+        id
+        pwd
+
+        export GIT_SSH_COMMAND='ssh -v -o "UserKnownHostsFile ${gitKnownHosts}" -i "${
+          config.sops.secrets."deploy-key/terakoda.com".path
+        }"'
+
+        # Disable astro telemetry otherwise it will try to write to `~/.config/astro/config.json`
+        export ASTRO_TELEMETRY_DISABLED=1
+
+        # Fetch the repository and make sure we are reset to HEAD
+        git fetch origin main
+        git reset --hard
+        git checkout main
+        git reset --hard origin/main
+
+        # Use a local cache with --cache .npm
+        npm ci --cache .npm
+        npm run build
+      '';
+    };
+in
+{
+  # [ ] Make sure the hook can operate on that directory
+  # [ ] Run the build command
+
+  sops.secrets = {
+    "deploy-key/terakoda.com" = {
+      restartUnits = [ "webhook.service" ];
+      owner = config.users.users.webhook.name;
+    };
+  };
+
+  services.webhook = {
+    enable = true;
+    verbose = true;
+    port = 9000;
+    openFirewall = true;
+    hooks = {
+      "deploy-www2-terakoda-com" = {
+        id = "deploy-www2-terakoda-com";
+        http-methods = [ "POST" ];
+        command-working-directory = "/tank/web/www2.terakoda.com";
+        include-command-output-in-response = true;
+        include-command-output-in-response-on-error = true;
+        execute-command = "${testHook}/bin/deploy-astro-app";
+        trigger-rule = {
+          match = {
+            type = "payload-mac-sha256";
+            secret = "test123";
+            parameter = {
+              source = "header";
+              name = "X-Hub-Signature-256";
+            };
+          };
+        };
+      };
+    };
+  };
+}