From c1e99720dc24af7b89ce8efc168980dc2036eccb Mon Sep 17 00:00:00 2001
From: Bandie <bandie@chaospott.de>
Date: Tue, 12 Jan 2021 22:53:49 +0100
Subject: [PATCH] Initial

---
 Dockerfile           | 29 ++++++++++++++++++++++
 configs/aliases      |  1 +
 configs/envs/php7.sh | 11 +++++++++
 configs/msmtprc      | 18 ++++++++++++++
 configs/nginx.conf   | 34 +++++++++++++++++++++++++
 docker-compose.yml   | 27 ++++++++++++++++++++
 start.sh             | 30 ++++++++++++++++++++++
 www/config.php       |  8 ++++++
 www/index.php        |  3 +++
 www/pr.php           | 59 ++++++++++++++++++++++++++++++++++++++++++++
 10 files changed, 220 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 configs/aliases
 create mode 100644 configs/envs/php7.sh
 create mode 100644 configs/msmtprc
 create mode 100644 configs/nginx.conf
 create mode 100644 docker-compose.yml
 create mode 100644 start.sh
 create mode 100644 www/config.php
 create mode 100644 www/index.php
 create mode 100644 www/pr.php

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..d777a94
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,29 @@
+FROM alpine:latest
+MAINTAINER Bandie <bandie@chaospott.de>
+
+RUN apk add --no-cache php nginx php-fpm msmtp tzdata
+
+RUN adduser -D -g 'www' www
+RUN mkdir /www
+COPY ./www/* /www/
+
+RUN chown -R www:www /var/lib/nginx
+RUN chown -R www:www /www
+COPY configs/nginx.conf /etc/nginx/nginx.conf
+
+COPY configs/envs/php7.sh /etc/profile.d/php7.sh
+RUN chown www:www /var/log/php7
+RUN chown www:www /var/lib/nginx/logs/
+
+RUN cp /usr/share/zoneinfo/UTC /etc/localtime
+RUN echo "UTC" > /etc/timezone
+RUN sed -i "s|;*date.timezone =.*|date.timezone = UTC|i" /etc/php7/php.ini
+
+COPY configs/msmtprc /etc/msmtprc
+
+COPY configs/aliases /etc/aliases
+
+COPY start.sh /start.sh
+RUN chmod +x /start.sh
+
+CMD /start.sh
diff --git a/configs/aliases b/configs/aliases
new file mode 100644
index 0000000..78ef674
--- /dev/null
+++ b/configs/aliases
@@ -0,0 +1 @@
+root: $SMTP_FROM
diff --git a/configs/envs/php7.sh b/configs/envs/php7.sh
new file mode 100644
index 0000000..fbb88c1
--- /dev/null
+++ b/configs/envs/php7.sh
@@ -0,0 +1,11 @@
+PHP_FPM_USER="www"
+PHP_FPM_GROUP="www"
+PHP_FPM_LISTEN_MODE="0660"
+PHP_MEMORY_LIMIT="512M"
+PHP_MAX_UPLOAD="50M"
+PHP_MAX_FILE_UPLOAD="200"
+PHP_MAX_POST="100M"
+PHP_DISPLAY_ERRORS="On"
+PHP_DISPLAY_STARTUP_ERRORS="On"
+PHP_ERROR_REPORTING="E_COMPILE_ERROR\|E_RECOVERABLE_ERROR\|E_ERROR\|E_CORE_ERROR"
+PHP_CGI_FIX_PATHINFO=0
diff --git a/configs/msmtprc b/configs/msmtprc
new file mode 100644
index 0000000..9a69da6
--- /dev/null
+++ b/configs/msmtprc
@@ -0,0 +1,18 @@
+# Set default values for all following accounts.
+defaults
+auth           on
+tls            on
+tls_trust_file /etc/ssl/certs/ca-certificates.crt
+syslog         on
+
+# Gmail
+account        themail
+host           $SMTP_HOST
+port           $SMTP_PORT
+from           $SMTP_FROM
+user           $SMTP_USER
+password       $SMTP_PASSWORD
+
+# Set a default account
+account default : themail
+aliases        /etc/aliases
diff --git a/configs/nginx.conf b/configs/nginx.conf
new file mode 100644
index 0000000..30eff14
--- /dev/null
+++ b/configs/nginx.conf
@@ -0,0 +1,34 @@
+user                            www;
+worker_processes                auto; # it will be determinate automatically by the number of core
+
+error_log                       /var/log/nginx/error.log warn;
+pid                             /run/nginx.pid;
+#pid                             /var/run/nginx/nginx.pid; # it permit you to use /etc/init.d/nginx reload|restart|stop|start
+
+events {
+    worker_connections          1024;
+}
+
+http {
+    include                     /etc/nginx/mime.types;
+    default_type                application/octet-stream;
+    sendfile                    on;
+    access_log                  /var/log/nginx/access.log;
+    keepalive_timeout           3000;
+    server {
+        listen                  80;
+        root                    /www;
+        index                   index.html index.htm index.php;
+        server_name             localhost;
+        client_max_body_size    32m;
+        error_page              500 502 503 504  /50x.html;
+        location = /50x.html {
+              root              /var/lib/nginx/html;
+        }
+        location ~ \.php$ {
+              fastcgi_pass      127.0.0.1:9000;
+              fastcgi_index     index.php;
+              include           fastcgi.conf;
+        }
+    }
+}
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..2546b21
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,27 @@
+version: '3'
+services:
+  foodoor-keys:
+    container_name: gitea-webhooks
+    build: .
+    restart: always
+    ports:
+      - '127.0.0.1:3002:80'
+    environment:
+      - SMTP_HOST=
+      - SMTP_PORT=
+      - SMTP_FROM=
+      - SMTP_USER=
+      - SMTP_PASSWORD=
+      - SMTP_ENCRYPTION=
+      - SECRET_KEY=
+      - RECIPIENTS_PR=
+    labels:
+      - "traefik.frontend.rule=Host:webhooks.chaospott.de"
+      - "traefik.port=3002"
+      - "traefik.docker.network=web"
+    networks:
+      extern:
+networks:
+  extern:
+    external:
+      name: web
diff --git a/start.sh b/start.sh
new file mode 100644
index 0000000..a3596f0
--- /dev/null
+++ b/start.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+source /etc/profile.d/php7.sh
+sed -i "s|;listen.owner\s*=\s*nobody|listen.owner = ${PHP_FPM_USER}|g" /etc/php7/php-fpm.d/www.conf
+sed -i "s|;listen.group\s*=\s*nobody|listen.group = ${PHP_FPM_GROUP}|g" /etc/php7/php-fpm.d/www.conf
+sed -i "s|;listen.mode\s*=\s*0660|listen.mode = ${PHP_FPM_LISTEN_MODE}|g" /etc/php7/php-fpm.d/www.conf
+sed -i "s|user\s*=\s*nobody|user = ${PHP_FPM_USER}|g" /etc/php7/php-fpm.d/www.conf
+sed -i "s|group\s*=\s*nobody|group = ${PHP_FPM_GROUP}|g" /etc/php7/php-fpm.d/www.conf
+sed -i "s|;log_level\s*=\s*notice|log_level = notice|g" /etc/php7/php-fpm.d/www.conf
+sed -i "s|display_errors\s*=\s*Off|display_errors = ${PHP_DISPLAY_ERRORS}|i" /etc/php7/php.ini
+sed -i "s|display_startup_errors\s*=\s*Off|display_startup_errors = ${PHP_DISPLAY_STARTUP_ERRORS}|i" /etc/php7/php.ini
+sed -i "s|error_reporting\s*=\s*E_ALL & ~E_DEPRECATED & ~E_STRICT|error_reporting = ${PHP_ERROR_REPORTING}|i" /etc/php7/php.ini
+sed -i "s|;*memory_limit =.*|memory_limit = ${PHP_MEMORY_LIMIT}|i" /etc/php7/php.ini
+sed -i "s|;*upload_max_filesize =.*|upload_max_filesize = ${PHP_MAX_UPLOAD}|i" /etc/php7/php.ini
+sed -i "s|;*max_file_uploads =.*|max_file_uploads = ${PHP_MAX_FILE_UPLOAD}|i" /etc/php7/php.ini
+sed -i "s|;*post_max_size =.*|post_max_size = ${PHP_MAX_POST}|i" /etc/php7/php.ini
+sed -i "s|;*cgi.fix_pathinfo=.*|cgi.fix_pathinfo= ${PHP_CGI_FIX_PATHINFO}|i" /etc/php7/php.ini
+
+sed -i "s/\$SMTP_HOST/$SMTP_HOST/g;s/\$SMTP_PORT/$SMTP_PORT/g;s/\$SMTP_FROM/$SMTP_FROM/g;s/\$SMTP_USER/$SMTP_USER/g;s/\$SMTP_PASSWORD/$SMTP_PASSWORD/g;s/\$SMTP_ENCRYPTION/$SMTP_ENCRYPTION/g" /etc/msmtprc
+
+sed -i "s/\$SMTP_HOST/$SMTP_HOST/g;s/\$SMTP_PORT/$SMTP_PORT/g;s/\$SMTP_FROM/$SMTP_FROM/g;s/\$SMTP_USER/$SMTP_USER/g;s/\$SMTP_PASSWORD/$SMTP_PASSWORD/g;s/\$SMTP_ENCRYPTION/$SMTP_ENCRYPTION/g" /etc/aliases
+
+sed -i "s/%%SECRETKEY%%/$SECRET_KEY/g;s/%%RECIPIENTS_PR%%/$RECIPIENTS_PR/g" /www/config.php
+
+chown www:www /var/log/nginx/*
+ln -sf /usr/bin/msmtp /usr/sbin/sendmail
+nginx
+
+su www
+php-fpm7 -F
diff --git a/www/config.php b/www/config.php
new file mode 100644
index 0000000..cbe3155
--- /dev/null
+++ b/www/config.php
@@ -0,0 +1,8 @@
+<?php
+$secret_key['pr'] = '%%SECRETKEY%%';
+
+$recipients = [
+  'pr' => [
+    %%RECIPIENTS_PR%%
+  ]
+];
diff --git a/www/index.php b/www/index.php
new file mode 100644
index 0000000..4e1b63b
--- /dev/null
+++ b/www/index.php
@@ -0,0 +1,3 @@
+<?php
+  phpinfo();
+?>
diff --git a/www/pr.php b/www/pr.php
new file mode 100644
index 0000000..290ae3c
--- /dev/null
+++ b/www/pr.php
@@ -0,0 +1,59 @@
+<?php
+require_once('config.php');
+
+// check for POST request
+if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+    error_log('FAILED - not POST - '. $_SERVER['REQUEST_METHOD']);
+    exit();
+}
+
+// get content type
+$content_type = isset($_SERVER['CONTENT_TYPE']) ? strtolower(trim($_SERVER['CONTENT_TYPE'])) : '';
+
+if ($content_type != 'application/json') {
+    error_log('FAILED - not application/json - '. $content_type);
+    exit();
+}
+
+// get payload
+$payload = trim(file_get_contents("php://input"));
+
+if (empty($payload)) {
+    error_log('FAILED - no payload');
+    exit();
+}
+
+// convert json to array
+$decoded = json_decode($payload, true);
+
+// check for json decode errors
+if (json_last_error() !== JSON_ERROR_NONE) {
+    error_log('FAILED - json decode - '. json_last_error());
+    exit();
+}
+
+if($decoded['secret'] != $secret_key['pr']) {
+    error_log('FAILED - wrong secret key');
+    exit();
+}
+
+file_put_contents("log.txt", print_r($decoded, true));
+
+$subject = "Pull request: " . $decoded['pull_request']['title'] . " by " . $decoded['pull_request']['user']['login'];
+$message = $decoded['sender']['login'] 
+           . " has " . 
+           ($decoded['pull_request']['merged'] ? "merged" : $decoded['action'])
+           . " pull request #" .
+           $decoded['pull_request']['number']
+           . " for " .
+           $decoded['repository']['full_name']
+           . ".\n" .
+           $decoded['pull_request']['html_url'];
+
+log("SUBJECT: " . $subject . "; " . $message);
+
+
+
+// success, do something
+?>
+Nothing to see here.