mirror of
https://github.com/Dokploy/dokploy.git
synced 2026-06-15 20:25:23 +02:00
597 lines
16 KiB
TypeScript
597 lines
16 KiB
TypeScript
import {
|
|
type Bitbucket,
|
|
getBitbucketHeaders,
|
|
IS_CLOUD,
|
|
shouldDeploy,
|
|
} from "@dokploy/server";
|
|
import { db } from "@dokploy/server/db";
|
|
import { eq } from "drizzle-orm";
|
|
import type { NextApiRequest, NextApiResponse } from "next";
|
|
import { applications } from "@/server/db/schema";
|
|
import type { DeploymentJob } from "@/server/queues/queue-types";
|
|
import { myQueue } from "@/server/queues/queueSetup";
|
|
import { deploy } from "@/server/utils/deploy";
|
|
|
|
/**
|
|
* Log a webhook handler error server-side without leaking its shape to the HTTP
|
|
* response. Drizzle errors carry the raw SQL query, column list and parameters,
|
|
* so we never forward the error object to the client.
|
|
*/
|
|
export const logWebhookError = (context: string, error: unknown) => {
|
|
console.error(context, error);
|
|
};
|
|
|
|
/**
|
|
* Helper function to get package_version from registry_package events
|
|
*/
|
|
const getPackageVersion = (headers: any, body: any) => {
|
|
const event = headers["x-github-event"];
|
|
if (event === "registry_package") {
|
|
return body.registry_package?.package_version;
|
|
}
|
|
return null;
|
|
};
|
|
|
|
export default async function handler(
|
|
req: NextApiRequest,
|
|
res: NextApiResponse,
|
|
) {
|
|
const { refreshToken } = req.query;
|
|
try {
|
|
if (req.headers["x-github-event"] === "ping") {
|
|
res.status(200).json({ message: "Ping received, webhook is active" });
|
|
return;
|
|
}
|
|
const application = await db.query.applications.findFirst({
|
|
where: eq(applications.refreshToken, refreshToken as string),
|
|
with: {
|
|
environment: {
|
|
with: {
|
|
project: true,
|
|
},
|
|
},
|
|
bitbucket: true,
|
|
},
|
|
});
|
|
|
|
if (!application) {
|
|
res.status(404).json({ message: "Application Not Found" });
|
|
return;
|
|
}
|
|
if (!application?.autoDeploy) {
|
|
res.status(400).json({
|
|
message: "Automatic deployments are disabled for this application",
|
|
});
|
|
return;
|
|
}
|
|
|
|
const deploymentTitle = extractCommitMessage(req.headers, req.body);
|
|
|
|
const deploymentHash = extractHash(req.headers, req.body);
|
|
const sourceType = application.sourceType;
|
|
|
|
if (sourceType === "docker") {
|
|
const applicationImageName = extractImageName(application.dockerImage);
|
|
const applicationDockerTag = extractImageTag(application.dockerImage);
|
|
|
|
const webhookImageName = extractImageNameFromRequest(
|
|
req.headers,
|
|
req.body,
|
|
);
|
|
const webhookDockerTag = extractImageTagFromRequest(
|
|
req.headers,
|
|
req.body,
|
|
);
|
|
|
|
if (!applicationImageName) {
|
|
res.status(301).json({
|
|
message: "Application Docker Image Name Not Found",
|
|
});
|
|
return;
|
|
}
|
|
|
|
// If webhook provides image information, validate it matches the configured image
|
|
// If webhook doesn't provide image information, fall back to using the configured image (backward compatibility)
|
|
if (webhookImageName) {
|
|
// Validate image name matches
|
|
if (webhookImageName !== applicationImageName) {
|
|
res.status(301).json({
|
|
message: `Application Image Name (${applicationImageName}) doesn't match request event payload Image Name (${webhookImageName}).`,
|
|
});
|
|
return;
|
|
}
|
|
|
|
if (!applicationDockerTag) {
|
|
res.status(301).json({
|
|
message: "Application Docker Tag Not Found",
|
|
});
|
|
return;
|
|
}
|
|
|
|
if (webhookDockerTag) {
|
|
if (webhookDockerTag !== applicationDockerTag) {
|
|
res.status(301).json({
|
|
message: `Application Image Tag (${applicationDockerTag}) doesn't match request event payload Image Tag (${webhookDockerTag}).`,
|
|
});
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
// If webhook doesn't provide image info, we'll use the configured image (old behavior)
|
|
} else if (sourceType === "github") {
|
|
const normalizedCommits = req.body?.commits?.flatMap(
|
|
(commit: any) => commit.modified,
|
|
);
|
|
|
|
const shouldDeployPaths = shouldDeploy(
|
|
application.watchPaths,
|
|
normalizedCommits,
|
|
);
|
|
|
|
if (!shouldDeployPaths) {
|
|
res.status(301).json({ message: "Watch Paths Not Match" });
|
|
return;
|
|
}
|
|
|
|
const branchName = extractBranchName(req.headers, req.body);
|
|
if (!branchName || branchName !== application.branch) {
|
|
res.status(301).json({ message: "Branch Not Match" });
|
|
return;
|
|
}
|
|
} else if (sourceType === "git") {
|
|
const branchName = extractBranchName(req.headers, req.body);
|
|
|
|
if (!branchName || branchName !== application.customGitBranch) {
|
|
res.status(301).json({ message: "Branch Not Match" });
|
|
return;
|
|
}
|
|
|
|
const provider = getProviderByHeader(req.headers);
|
|
let normalizedCommits: string[] = [];
|
|
|
|
if (provider === "github") {
|
|
normalizedCommits = req.body?.commits?.flatMap(
|
|
(commit: any) => commit.modified,
|
|
);
|
|
} else if (provider === "gitlab") {
|
|
normalizedCommits = req.body?.commits?.flatMap(
|
|
(commit: any) => commit.modified,
|
|
);
|
|
} else if (provider === "gitea") {
|
|
normalizedCommits = req.body?.commits?.flatMap(
|
|
(commit: any) => commit.modified,
|
|
);
|
|
} else if (provider === "soft-serve") {
|
|
normalizedCommits = req.body?.commits?.flatMap(
|
|
(commit: any) => commit.modified,
|
|
);
|
|
}
|
|
|
|
const shouldDeployPaths = shouldDeploy(
|
|
application.watchPaths,
|
|
normalizedCommits,
|
|
);
|
|
|
|
if (!shouldDeployPaths) {
|
|
res.status(301).json({ message: "Watch Paths Not Match" });
|
|
return;
|
|
}
|
|
} else if (sourceType === "gitlab") {
|
|
const branchName = extractBranchName(req.headers, req.body);
|
|
|
|
const normalizedCommits = req.body?.commits?.flatMap(
|
|
(commit: any) => commit.modified,
|
|
);
|
|
|
|
const shouldDeployPaths = shouldDeploy(
|
|
application.watchPaths,
|
|
normalizedCommits,
|
|
);
|
|
|
|
if (!shouldDeployPaths) {
|
|
res.status(301).json({ message: "Watch Paths Not Match" });
|
|
return;
|
|
}
|
|
|
|
if (!branchName || branchName !== application.gitlabBranch) {
|
|
res.status(301).json({ message: "Branch Not Match" });
|
|
return;
|
|
}
|
|
} else if (sourceType === "bitbucket") {
|
|
const branchName = extractBranchName(req.headers, req.body);
|
|
|
|
if (!branchName || branchName !== application.bitbucketBranch) {
|
|
res.status(301).json({ message: "Branch Not Match" });
|
|
return;
|
|
}
|
|
|
|
const committedPaths = await extractCommittedPaths(
|
|
req.body,
|
|
application.bitbucket,
|
|
application.bitbucketRepositorySlug ||
|
|
application.bitbucketRepository ||
|
|
"",
|
|
);
|
|
|
|
const shouldDeployPaths = shouldDeploy(
|
|
application.watchPaths,
|
|
committedPaths,
|
|
);
|
|
|
|
if (!shouldDeployPaths) {
|
|
res.status(301).json({ message: "Watch Paths Not Match" });
|
|
return;
|
|
}
|
|
} else if (sourceType === "gitea") {
|
|
const branchName = extractBranchName(req.headers, req.body);
|
|
|
|
const normalizedCommits = req.body?.commits?.flatMap(
|
|
(commit: any) => commit.modified,
|
|
);
|
|
|
|
const shouldDeployPaths = shouldDeploy(
|
|
application.watchPaths,
|
|
normalizedCommits,
|
|
);
|
|
|
|
if (!shouldDeployPaths) {
|
|
res.status(301).json({ message: "Watch Paths Not Match" });
|
|
return;
|
|
}
|
|
|
|
if (!branchName || branchName !== application.giteaBranch) {
|
|
res.status(301).json({ message: "Branch Not Match" });
|
|
return;
|
|
}
|
|
}
|
|
|
|
try {
|
|
const jobData: DeploymentJob = {
|
|
applicationId: application.applicationId as string,
|
|
titleLog: deploymentTitle,
|
|
...(deploymentHash && { descriptionLog: `Hash: ${deploymentHash}` }),
|
|
type: "deploy",
|
|
applicationType: "application",
|
|
server: !!application.serverId,
|
|
};
|
|
|
|
if (IS_CLOUD && application.serverId) {
|
|
jobData.serverId = application.serverId;
|
|
deploy(jobData).catch((error) => {
|
|
console.error("Background deployment failed:", error);
|
|
});
|
|
} else {
|
|
await myQueue.add(
|
|
"deployments",
|
|
{ ...jobData },
|
|
{
|
|
removeOnComplete: true,
|
|
removeOnFail: true,
|
|
},
|
|
);
|
|
}
|
|
} catch (error) {
|
|
logWebhookError("Error deploying Application:", error);
|
|
res.status(400).json({ message: "Error deploying Application" });
|
|
return;
|
|
}
|
|
|
|
res.status(200).json({ message: "Application deployed successfully" });
|
|
} catch (error) {
|
|
logWebhookError("Error deploying Application:", error);
|
|
res.status(400).json({ message: "Error deploying Application" });
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Return the image name without the tag
|
|
* Example: "my-image" => "my-image"
|
|
* Example: "my-image:latest" => "my-image"
|
|
* Example: "my-image:1.0.0" => "my-image"
|
|
* Example: "myregistryhost:5000/fedora/httpd:version1.0" => "myregistryhost:5000/fedora/httpd"
|
|
* @link https://docs.docker.com/reference/cli/docker/image/tag/
|
|
*/
|
|
export function extractImageName(dockerImage: string | null): string | null {
|
|
if (!dockerImage || typeof dockerImage !== "string") {
|
|
return null;
|
|
}
|
|
|
|
// Handle case where there's no tag (no colon or colon is part of port number)
|
|
const lastColonIndex = dockerImage.lastIndexOf(":");
|
|
if (lastColonIndex === -1) {
|
|
return dockerImage;
|
|
}
|
|
|
|
// Check if the part after the last colon looks like a tag (not a port number)
|
|
// Port numbers are typically 1-5 digits, tags are usually longer or contain letters
|
|
const afterColon = dockerImage.substring(lastColonIndex + 1);
|
|
const isPortNumber = /^\d{1,5}$/.test(afterColon);
|
|
|
|
// If it's a port number (like registry:5000/image), don't split
|
|
if (isPortNumber) {
|
|
return dockerImage;
|
|
}
|
|
|
|
// Otherwise, split at the last colon to get image name
|
|
return dockerImage.substring(0, lastColonIndex);
|
|
}
|
|
|
|
/**
|
|
* Return the last part of the image name, which is the tag
|
|
* Example: "my-image" => null
|
|
* Example: "my-image:latest" => "latest"
|
|
* Example: "my-image:1.0.0" => "1.0.0"
|
|
* Example: "myregistryhost:5000/fedora/httpd:version1.0" => "version1.0"
|
|
* @link https://docs.docker.com/reference/cli/docker/image/tag/
|
|
*/
|
|
export function extractImageTag(dockerImage: string | null) {
|
|
if (!dockerImage || typeof dockerImage !== "string") {
|
|
return null;
|
|
}
|
|
|
|
const lastColonIndex = dockerImage.lastIndexOf(":");
|
|
if (lastColonIndex === -1) {
|
|
return "latest";
|
|
}
|
|
|
|
const afterColon = dockerImage.substring(lastColonIndex + 1);
|
|
const isPortWithPath = /^\d{1,5}\//.test(afterColon);
|
|
|
|
if (isPortWithPath) {
|
|
return "latest";
|
|
}
|
|
|
|
return afterColon;
|
|
}
|
|
|
|
/**
|
|
* Extract the image name (without tag) from webhook request
|
|
* @link https://docs.docker.com/docker-hub/webhooks/#example-webhook-payload
|
|
* @link https://docs.github.com/en/webhooks/webhook-events-and-payloads#registry_package
|
|
*/
|
|
export const extractImageNameFromRequest = (
|
|
headers: any,
|
|
body: any,
|
|
): string | null => {
|
|
// GitHub Packages: registry_package events (container registry)
|
|
const packageVersion = getPackageVersion(headers, body);
|
|
if (packageVersion?.package_url) {
|
|
const packageUrl = packageVersion.package_url;
|
|
// Remove tag if present (everything after the last colon)
|
|
if (packageUrl.includes(":")) {
|
|
const lastColonIndex = packageUrl.lastIndexOf(":");
|
|
// Check if it's a port number (like registry:5000/image)
|
|
const afterColon = packageUrl.substring(lastColonIndex + 1);
|
|
const isPortNumber = /^\d{1,5}$/.test(afterColon);
|
|
if (isPortNumber) {
|
|
return packageUrl;
|
|
}
|
|
return packageUrl.substring(0, lastColonIndex);
|
|
}
|
|
return packageUrl;
|
|
}
|
|
|
|
// Docker Hub
|
|
if (headers["user-agent"]?.includes("Go-http-client")) {
|
|
if (body.repository) {
|
|
const repoName = body.repository.repo_name;
|
|
return `${repoName}`;
|
|
}
|
|
}
|
|
return null;
|
|
};
|
|
|
|
/**
|
|
* @link https://docs.docker.com/docker-hub/webhooks/#example-webhook-payload
|
|
* @link https://docs.github.com/en/webhooks/webhook-events-and-payloads#registry_package
|
|
*/
|
|
export const extractImageTagFromRequest = (
|
|
headers: any,
|
|
body: any,
|
|
): string | null => {
|
|
// GitHub Packages: registry_package events (container registry)
|
|
const packageVersion = getPackageVersion(headers, body);
|
|
if (packageVersion) {
|
|
// Try to get tag from container_metadata first (most reliable)
|
|
// Only use it if it's not empty and not the same as the version (digest)
|
|
const tagName = packageVersion.container_metadata?.tag?.name?.trim() || "";
|
|
if (
|
|
tagName &&
|
|
tagName !== packageVersion.version &&
|
|
!tagName.startsWith("sha256:")
|
|
) {
|
|
return tagName;
|
|
}
|
|
// Fallback: extract tag from package_url (e.g., "ghcr.io/owner/repo:tag")
|
|
if (packageVersion.package_url) {
|
|
const packageUrl = packageVersion.package_url;
|
|
// Handle case where package_url ends with colon (no tag)
|
|
if (packageUrl.endsWith(":")) {
|
|
return null;
|
|
}
|
|
const tagMatch = packageUrl.match(/:([^:]+)$/);
|
|
if (tagMatch?.[1]?.trim()) {
|
|
return tagMatch[1].trim();
|
|
}
|
|
}
|
|
}
|
|
|
|
// Docker Hub
|
|
if (headers["user-agent"]?.includes("Go-http-client")) {
|
|
if (body.push_data && body.repository) {
|
|
return body.push_data.tag;
|
|
}
|
|
}
|
|
return null;
|
|
};
|
|
|
|
export const extractCommitMessage = (headers: any, body: any) => {
|
|
// GitHub Packages: registry_package events (container tags)
|
|
const githubEvent = headers["x-github-event"];
|
|
if (githubEvent === "registry_package") {
|
|
const packageVersion = getPackageVersion(headers, body);
|
|
if (packageVersion) {
|
|
if (packageVersion.package_url) {
|
|
return `Docker GHCR image pushed: ${packageVersion.package_url}`;
|
|
}
|
|
return "Docker GHCR image pushed";
|
|
}
|
|
// If package_version is missing, fall through to default behavior
|
|
}
|
|
// GitHub
|
|
if (headers["x-github-event"]) {
|
|
return body.head_commit ? body.head_commit.message : "NEW COMMIT";
|
|
}
|
|
|
|
// GitLab
|
|
if (headers["x-gitlab-event"]) {
|
|
return body.commits && body.commits.length > 0
|
|
? body.commits[0].message
|
|
: "NEW COMMIT";
|
|
}
|
|
|
|
// Bitbucket
|
|
if (headers["x-event-key"]?.includes("repo:push")) {
|
|
return body.push.changes && body.push.changes.length > 0
|
|
? body.push.changes[0].new.target.message
|
|
: "NEW COMMIT";
|
|
}
|
|
|
|
// Gitea
|
|
if (headers["x-gitea-event"]) {
|
|
return body.commits && body.commits.length > 0
|
|
? body.commits[0].message
|
|
: "NEW COMMIT";
|
|
}
|
|
|
|
// Soft Serve
|
|
if (headers["x-softserve-event"]) {
|
|
return body.commits && body.commits.length > 0
|
|
? body.commits[0].message
|
|
: "NEW COMMIT";
|
|
}
|
|
|
|
if (headers["user-agent"]?.includes("Go-http-client")) {
|
|
if (body.push_data && body.repository) {
|
|
return `DockerHub image pushed: ${body.repository.repo_name}:${body.push_data.tag} by ${body.push_data.pusher}`;
|
|
}
|
|
}
|
|
|
|
return "NEW CHANGES";
|
|
};
|
|
|
|
export const extractHash = (headers: any, body: any) => {
|
|
// GitHub
|
|
if (headers["x-github-event"]) {
|
|
return body.head_commit ? body.head_commit.id : "";
|
|
}
|
|
|
|
// GitLab
|
|
if (headers["x-gitlab-event"]) {
|
|
return (
|
|
body.checkout_sha ||
|
|
(body.commits && body.commits.length > 0
|
|
? body.commits[0].id
|
|
: "NEW COMMIT")
|
|
);
|
|
}
|
|
|
|
// Bitbucket
|
|
if (headers["x-event-key"]?.includes("repo:push")) {
|
|
return body.push.changes && body.push.changes.length > 0
|
|
? body.push.changes[0].new.target.hash
|
|
: "NEW COMMIT";
|
|
}
|
|
|
|
// Gitea
|
|
if (headers["x-gitea-event"]) {
|
|
return body.after || "NEW COMMIT";
|
|
}
|
|
|
|
// Soft Serve
|
|
if (headers["x-softserve-event"]) {
|
|
return body.after || "NEW COMMIT";
|
|
}
|
|
|
|
return "";
|
|
};
|
|
|
|
export const extractBranchName = (headers: any, body: any) => {
|
|
if (headers["x-github-event"] || headers["x-gitea-event"]) {
|
|
return body?.ref?.replace("refs/heads/", "");
|
|
}
|
|
|
|
if (
|
|
headers["x-gitlab-event"] ||
|
|
headers["x-softserve-event"]?.includes("push")
|
|
) {
|
|
return body?.ref ? body?.ref.replace("refs/heads/", "") : null;
|
|
}
|
|
|
|
if (headers["x-event-key"]?.includes("repo:push")) {
|
|
return body?.push?.changes[0]?.new?.name;
|
|
}
|
|
|
|
return null;
|
|
};
|
|
|
|
export const getProviderByHeader = (headers: any) => {
|
|
if (headers["x-github-event"]) {
|
|
return "github";
|
|
}
|
|
|
|
if (headers["x-gitea-event"]) {
|
|
return "gitea";
|
|
}
|
|
|
|
if (headers["x-gitlab-event"]) {
|
|
return "gitlab";
|
|
}
|
|
|
|
if (headers["x-event-key"]?.includes("repo:push")) {
|
|
return "bitbucket";
|
|
}
|
|
|
|
if (headers["x-softserve-event"]) {
|
|
return "soft-serve";
|
|
}
|
|
|
|
return null;
|
|
};
|
|
|
|
export const extractCommittedPaths = async (
|
|
body: any,
|
|
bitbucket: Bitbucket | null,
|
|
repository: string,
|
|
) => {
|
|
const changes = body.push?.changes || [];
|
|
|
|
const commitHashes = changes
|
|
.map((change: any) => change.new?.target?.hash)
|
|
.filter(Boolean);
|
|
const committedPaths: string[] = [];
|
|
const username =
|
|
bitbucket?.bitbucketWorkspaceName || bitbucket?.bitbucketUsername || "";
|
|
for (const commit of commitHashes) {
|
|
const url = `https://api.bitbucket.org/2.0/repositories/${username}/${repository}/diffstat/${commit}`;
|
|
try {
|
|
const response = await fetch(url, {
|
|
headers: getBitbucketHeaders(bitbucket!),
|
|
});
|
|
const data = await response.json();
|
|
for (const value of data.values) {
|
|
if (value?.new?.path) committedPaths.push(value.new.path);
|
|
}
|
|
} catch (error) {
|
|
console.error(
|
|
`Error fetching Bitbucket diffstat for commit ${commit}:`,
|
|
error instanceof Error ? error.message : "Unknown error",
|
|
);
|
|
|
|
return [];
|
|
}
|
|
}
|
|
|
|
return committedPaths;
|
|
};
|