Initial Commit

Author: Ybrin

.gitignore

@@ -0,0 +1,2 @@
+.DS_Store
+node_modules/

Dockerfile

@@ -0,0 +1,23 @@
+FROM node:12.10.0-alpine
+
+LABEL "version"="0.1.0"
+LABEL "repository"="https://github.com/Ybrin/secure-actions-webhook"
+LABEL "homepage"="https://github.com/Ybrin/secure-actions-webhook"
+LABEL "maintainer"="Koray Koska <[email protected]>"
+LABEL "com.github.actions.name"="Secure Actions Webhook"
+LABEL "com.github.actions.description"="Post data and an hmac signature to an endpoint"
+LABEL "com.github.actions.icon"="message-square"
+LABEL "com.github.actions.color"="gray-dark"
+
+# Add the entry point
+ADD main.js /main.js
+ADD package.json /package.json
+ADD entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+WORKDIR /
+
+RUN npm install
+
+# Load the entry point
+ENTRYPOINT ["/entrypoint.sh"]

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Koray Koska
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

entrypoint.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+set -eu
+
+node main.js

main.js

@@ -0,0 +1,62 @@
+const request = require("request");
+const crypto = require("crypto");
+
+const hmacSecret = process.env.HMAC_SECRET;
+if (!hmacSecret || hmacSecret === "" || hmacSecret.trim() === "") {
+  console.warn(
+    "The hmac secret seems empty. This doesn't seem like what you want."
+  );
+}
+if (hmacSecret.length < 32) {
+  console.warn(
+    "The hmac secret seems week. You should use at least 32 secure random hex chars."
+  );
+}
+
+const createHmacSignature = body => {
+  const hmac = crypto.createHmac("sha1", hmacSecret);
+  const bodySignature = hmac.update(JSON.stringify(body)).digest("hex");
+
+  return `sha1=${bodySignature}`;
+};
+
+function isJsonString(str) {
+  try {
+    const json = JSON.parse(str);
+    return typeof json === "object";
+  } catch (e) {
+    return false;
+  }
+}
+
+const url = process.env.REQUEST_URL;
+const data = {
+  data: isJsonString(process.env.REQUEST_DATA) ? JSON.parse(process.env.REQUEST_DATA) : process.env.REQUEST_DATA
+};
+
+const signature = createHmacSignature(data);
+
+request(
+  {
+    method: "POST",
+    uri: "https://kube-cd.volkncloud.com/",
+
+    json: true,
+    body: data,
+    headers: {
+      "X-Hub-Signature": signature
+    }
+  },
+  (error, response, body) => {
+    if (error || response.statusCode < 200 || response.statusCode > 299) {
+      // Something went wrong
+      console.error(`Request failed with status code ${response.statusCode}!`);
+      console.error(response.body);
+
+      process.exit(1);
+    } else {
+      // Success
+      process.exit();
+    }
+  }
+);