dotNET跨平臺(tái) 今天
以下文章來(lái)源于桂跡 ,作者桂素偉
前情提要:因?yàn)轫?xiàng)目特點(diǎn)�,需要在自己的服務(wù)器上集成測(cè)試����,而不是用github的DevOpt體系;再有就是服務(wù)器是windows的;項(xiàng)目倉(cāng)庫(kù)在github上�����;并且項(xiàng)目是asp.net core的項(xiàng)目�����;開(kāi)發(fā)人員一枚�。以前的做法就是發(fā)布后����,把執(zhí)行碼復(fù)制在服務(wù)器上啟動(dòng)�����;后來(lái)就是在服務(wù)器寫(xiě)了個(gè)bat����,運(yùn)行bat,完成clone項(xiàng)目�����,發(fā)布項(xiàng)目�����,運(yùn)行項(xiàng)項(xiàng)目�����;再后臺(tái)就是寫(xiě)了個(gè)web服務(wù)����,讓github項(xiàng)目感知到推送后,通知web服務(wù)����,web服務(wù)執(zhí)行這個(gè)bat�����。
在這里面�����,有幾個(gè)要素:
- bat:完成代碼clone�,發(fā)布,運(yùn)行(其實(shí)真實(shí)中還要完成對(duì)運(yùn)行的項(xiàng)目進(jìn)行關(guān)閉�,清理等工作�����,以方便展開(kāi)最新一次的clone,發(fā)布����,運(yùn)行)
先看bat,命令如下�,就是關(guān)閉運(yùn)行中的項(xiàng)目����,清理目錄����,clone項(xiàng)目,進(jìn)入項(xiàng)目目錄,發(fā)布項(xiàng)目�,然后運(yùn)行項(xiàng)目
taskkill /f /im 項(xiàng)目名稱(chēng).exetimeout 1 >NUL@RD /S /Q "C:\項(xiàng)目名稱(chēng)\項(xiàng)目目錄"cd C:\項(xiàng)目名稱(chēng)git clone https://用戶(hù)名:密碼@github.com/用戶(hù)名/項(xiàng)目名稱(chēng).gitcd C:\項(xiàng)目名稱(chēng)\項(xiàng)目目錄dotnet publish -o C:\項(xiàng)目名稱(chēng)\pubtimeout 1>NULcd C:\項(xiàng)目名稱(chēng)\pub項(xiàng)目名稱(chēng).exe
再看一下web服務(wù)�����,就是等待github通知�,收到通知后����,獲取key參數(shù)�����,然后驗(yàn)證這個(gè)調(diào)用通知是否有效(最好和https)�,再調(diào)用bat
appsettings.json
projects的配置目的是實(shí)現(xiàn)一個(gè)web服務(wù)����,可以接收多個(gè)項(xiàng)目的通知����,然后針對(duì)不對(duì)的項(xiàng)目進(jìn)行發(fā)布和運(yùn)行����,當(dāng)github通知的時(shí)間�����,會(huì)在參數(shù)key中告訴web服務(wù)要執(zhí)行那個(gè)project�����,這里與web服務(wù)的key參數(shù)結(jié)合使用�����。{ "urls": "http://*:6789", "Logging": { "LogLevel": { "Default": "Information", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" } }, "AllowedHosts": "*", "Projects": [ { "key": "memall", "BATPath": "C://MeMall/MeMall_Start.bat", "Secret": "e0f0d18348fbcb090fa17f9fbc638a8be56be3ab" } ]}homecontrolloer.cs文件
其中IsGitHubSignatureSHA1和 IsGitHubSignatureSHA256是兩種驗(yàn)證方式����,可以選其中的一種進(jìn)行驗(yàn)證就可以����,驗(yàn)證成功才能執(zhí)行bat,這里同時(shí)用兩種驗(yàn)證方式�,只是為了演示而以�����。
using Microsoft.AspNetCore.Mvc;using Microsoft.Extensions.Configuration;using Microsoft.Extensions.Logging;using Microsoft.Extensions.Primitives;using System;using System.Collections.Generic;using System.Diagnostics;using System.IO;using System.Linq;using System.Security.Cryptography;using System.Text;using System.Text.RegularExpressions;using System.Threading.Tasks;
namespace GitHubNotice.Controllers{ [ApiController] [Route("[controller]")] public class HomeController : ControllerBase { private readonly IEnumerable<Project> _projects; private readonly ILogger<HomeController> _logger;
public HomeController(ILogger<HomeController> logger, IConfiguration configuration) { _projects = configuration.GetSection("Projects").Get<List<Project>>(); _logger = logger; }
[HttpPost("/")] public async Task<IActionResult> Notice() { _logger.LogInformation($"應(yīng)用收到github Notice"); Request.Headers.TryGetValue("X-GitHub-Delivery", out StringValues gitHubDeliveryId); Request.Headers.TryGetValue("X-GitHub-Event", out StringValues gitHubEvent); _logger.LogInformation($"收到github通知事務(wù):X-GitHub-Delivery:{gitHubDeliveryId}�,X-GitHub-Event:{gitHubEvent}"); Request.Headers.TryGetValue("X-Hub-Signature", out StringValues gitHubSignature); Request.Headers.TryGetValue("X-Hub-Signature-256", out StringValues gitHubSignature256); var reader = new StreamReader(Request.Body, Encoding.UTF8); var bodyContent = await reader.ReadToEndAsync(); var key = GetMark(bodyContent); var rgx = new Regex(@"^[a-zA-Z]+$"); if (!string.IsNullOrWhiteSpace(key) && !rgx.IsMatch(key)) { _logger.LogError($"key={key} 錯(cuò)誤"); return BadRequest(); } else { var project = _projects.SingleOrDefault(s => s.Key == key); if (project != null) { var resultSHA256 = IsGitHubSignatureSHA256(project.Secret, bodyContent, gitHubSignature256); var resultSHA1 = IsGitHubSignatureSHA1(project.Secret, bodyContent, gitHubSignature); _logger.LogInformation($"SHA1={resultSHA1},SHA256={resultSHA256}"); if (resultSHA1 && resultSHA256) { var p = new Process(); p.StartInfo.CreateNoWindow = true; p.StartInfo.UseShellExecute = true; p.StartInfo.FileName = project.BATPath; p.Start(); p.Close(); _logger.LogInformation($"github通知成功"); return Ok(); } else { _logger.LogError("認(rèn)證錯(cuò)誤"); return Unauthorized(); } } else { _logger.LogError($"檢查配置文件Projects是否與github中的Payload URL相匹配"); return BadRequest(); } } } /// <summary> /// 獲取匹配項(xiàng)目的key /// </summary> /// <param name="text"></param> /// <returns></returns> string GetMark(string text) { var arry = text.Split('&'); foreach (var item in arry) { if (item.Contains("key=")) { return item.Split('=')[1]; } } return ""; } /// <summary> /// sha1 /// </summary> /// <param name="seckey"></param> /// <param name="bodyContent"></param> /// <param name="signatureSHA1"></param> /// <returns></returns> static bool IsGitHubSignatureSHA1(string seckey, string bodyContent, string signatureSHA1) { if (string.IsNullOrWhiteSpace(bodyContent)) throw new ArgumentNullException(nameof(bodyContent)); if (string.IsNullOrWhiteSpace(signatureSHA1)) throw new ArgumentNullException(nameof(signatureSHA1));
var signature = signatureSHA1.Replace("sha1=", ""); var secret = Encoding.ASCII.GetBytes(seckey); var payloadBytes = Encoding.ASCII.GetBytes(bodyContent);
using (var hmacsha1 = new HMACSHA1(secret)) { var hash = hmacsha1.ComputeHash(payloadBytes); var hashString = ToHexString(hash); if (hashString.Equals(signature)) return true; } return false;
static string ToHexString(byte[] bytes) { var builder = new StringBuilder(bytes.Length * 2); foreach (byte b in bytes) { builder.AppendFormat("{0:x2}", b); } return builder.ToString(); } }
/// <summary> /// X-Hub-Signature-256 /// </summary> /// <param name="secret"></param> /// <param name="bodyContent"></param> /// <param name="signatureSHA256"></param> /// <returns></returns> static bool IsGitHubSignatureSHA256(string secret, string bodyContent, string signatureSHA256) { if (string.IsNullOrWhiteSpace(bodyContent)) throw new ArgumentNullException(nameof(bodyContent)); if (string.IsNullOrWhiteSpace(signatureSHA256)) throw new ArgumentNullException(nameof(signatureSHA256));
var secretBytes = Encoding.UTF8.GetBytes(secret); var hasher = new HMACSHA256(secretBytes); var data = Encoding.UTF8.GetBytes(bodyContent); var computedSignature = BitConverter.ToString(hasher.ComputeHash(data)).Replace("-", "").ToLower(); return computedSignature == signatureSHA256.Replace("sha256=", ""); } } /// <summary> /// 項(xiàng)目實(shí)體 /// </summary> public class Project { public string Key { get; set; } public string BATPath { get; set; } public string Secret { get; set; } }}
最后就是github的Webhooks����,通過(guò)配置,當(dāng)有人推送代碼時(shí)����,會(huì)通知web服務(wù),方便進(jìn)行拉取構(gòu)建�。
其實(shí)這就是一個(gè)極其簡(jiǎn)單,代替手工發(fā)布的腳本級(jí)別工具�,特點(diǎn)就是小巧,靈活�����,簡(jiǎn)單,可以隨心所欲的改�;如果是大團(tuán)隊(duì),或更多的要求�,比如集成測(cè)試,打包鏡像等�,可以選用比較成熟的產(chǎn)品(可以搜索CICD工具,這里不作廣告了)來(lái)使用�����,相對(duì)來(lái)說(shuō)也需要學(xué)習(xí)成本�����。
