Initial commit

Author: nsychev

.github/workflows/ci.yml

@@ -0,0 +1,57 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, golang ]
+  pull_request:
+    branches: [ main, golang ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: '1.24.1'
+
+    - name: Cache Go modules
+      uses: actions/cache@v3
+      with:
+        path: ~/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
+
+    - name: Download dependencies
+      run: go mod download
+
+    - name: Verify dependencies
+      run: go mod verify
+
+    - name: Check formatting
+      run: |
+        if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then
+          echo "The following files are not formatted correctly:"
+          gofmt -s -l .
+          exit 1
+        fi
+
+    - name: Run go vet
+      run: go vet ./...
+
+    - name: Run tests
+      run: go test -v ./...
+
+    - name: Run tests with race detector
+      run: go test -race -v ./...
+
+    - name: Build
+      run: go build -v ./...
+
+    - name: Test build for different architectures
+      run: |
+        GOOS=linux GOARCH=amd64 go build -o gh-deploy-linux-amd64 .
+        GOOS=linux GOARCH=arm64 go build -o gh-deploy-linux-arm64 .

.github/workflows/release.yml

@@ -0,0 +1,42 @@
+name: Release
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: '1.24.1'
+
+    - name: Cache Go modules
+      uses: actions/cache@v3
+      with:
+        path: ~/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
+
+    - name: Download dependencies
+      run: go mod download
+
+    - name: Build binaries
+      run: |
+        GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -trimpath -o gh-deploy-linux-amd64 .
+        GOOS=linux GOARCH=arm64 go build -ldflags="-w -s" -trimpath -o gh-deploy-linux-arm64 .
+    - name: Upload release assets
+      uses: softprops/action-gh-release@v1
+      with:
+        files: |
+          gh-deploy-linux-amd64
+          gh-deploy-linux-arm64
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,39 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Go workspace file
+go.work
+
+# Build artifacts
+/gh-deploy
+
+# Configuration files with secrets
+config.toml
+*.pem
+.env
+
+# IDE files
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db

LICENSE

@@ -0,0 +1,19 @@
+Copyright 2020-2025 Nikita Sychev, Nikolay Amiantov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the “Software”), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,64 @@
+# gh-deploy
+
+🚀 Tool to deploy code from GitHub repositories to your servers.
+
+## Installation
+
+The preferred option is to use our interactive installer: https://teamteam.dev/gh-deploy/. It will guide you through GitHub App registration and creates required configuration files.
+
+To install manually, create a GitHub App in your personal account on an organization that owns repositories you want to deploy. Set the following options:
+- Webhook URL: provide URL that you’ll deploy this tool to
+- Webhook events: `push`
+- Permissions: `contents:read` (Repository → Contents → Read-only)
+
+Acquire client ID webhook secret, private key (PEM file). Install the application on your own account.
+
+Then follow with one of the installation options:
+
+### Systems that have systemd enabled
+
+Decide which user will be running the tool. The following instructions suppose this user will be named `user` and has default group named `usergroup`. Execute these commands:
+
+```bash
+sudo install -Ddm 755 -o root -g usergroup /etc/gh-deploy
+```
+
+Then create files `/etc/gh-deploy/key.pem` and `/etc/gh-deploy/webhook-secret` with PEM file and webhook secret respectively. Then:
+
+```bash
+sudo chmod 640 /etc/gh-deploy/key.pem /etc/gh-deploy/webhook-secret
+sudo chown root:usergroup /etc/gh-deploy/key.pem /etc/gh-deploy/webhook-secret
+
+# This will download the latest release to /usr/local/bin/gh-deploy, create default config, install and start systemd unit.
+curl https://teamteam.dev/gh-deploy/install.sh | sudo APP_ID=<your-github-app-id> USER=user bash -
+```
+
+Then update `/etc/gh-deploy/config.toml` to your preference and make the webhook available at URL specified before.
+
+### NixOS
+
+Use `flake.nix` that provides `gh-deploy` service.
+
+### Other systems
+
+You can fetch latest release from [Releases](https://github.com/teamteamdev/gh-deploy/releases) page.
+
+To launch, use
+
+```shell
+gh-deploy path/to/config.toml
+```
+
+### Build from source
+
+```shell
+go build -o gh-deploy
+```
+
+## Configuration
+
+See [config.example.toml](config.example.toml) for configuration examples.
+
+## License
+
+Contents of this repository are available under [MIT License](LICENSE).

config.example.toml

@@ -0,0 +1,25 @@
+# Server configuration
+# bind = "127.0.0.1" # Default is "::" (all IPv4 and IPv6 interfaces)"
+port = 8080          # Required
+
+# Enable Git LFS support
+# git_lfs = true
+
+# Optional: TLS configuration
+# [tls]
+# cert_file = "/path/to/cert.pem" # TLS certificate file
+# key_file = "/path/to/key.pem" # TLS private key file
+
+# GitHub App configuration
+[github_app]
+client_id = "123456"                                     # GitHub App client ID
+private_key_file = "/path/to/github-app-private-key.pem" # GitHub App private key file
+webhook_secret_file = "/path/to/webhook-secret"          # File with webhook secret
+
+# Repository definitions
+[[repos]]
+full_name = "owner/repo"
+branch = "main"              # Branch to watch for changes
+clone_path = "/var/www/repo" # This folder should be writable by user running the gh-deploy
+command = "make deploy"      # Optional: command to run after update
+timeout = 300                # in seconds, default is 120

go.mod

@@ -0,0 +1,19 @@
+module gh-deploy
+
+go 1.23.0
+
+toolchain go1.24.1
+
+require (
+	github.com/BurntSushi/toml v1.5.0
+	github.com/gofrs/flock v0.12.1
+	github.com/golang-jwt/jwt/v5 v5.2.3
+	github.com/google/go-github/v57 v57.0.0
+)
+
+require (
+	github.com/google/go-cmp v0.7.0 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/stretchr/testify v1.10.0 // indirect
+	golang.org/x/sys v0.34.0 // indirect
+)

go.sum

@@ -0,0 +1,28 @@
+github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
+github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
+github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E=
+github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0=
+github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
+github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v5 v5.2.3 h1:kkGXqQOBSDDWRhWNXTFpqGSCMyh/PLnqUvMGJPDJDs0=
+github.com/golang-jwt/jwt/v5 v5.2.3/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/google/go-github/v57 v57.0.0 h1:L+Y3UPTY8ALM8x+TV0lg+IEBI+upibemtBD8Q9u7zHs=
+github.com/google/go-github/v57 v57.0.0/go.mod h1:s0omdnye0hvK/ecLvpsGfJMiRt85PimQh4oygmLIxHw=
+github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
+github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
+golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=