使用PHP自动部署GIT代码
最近在使用Coding的代码托管,顺便设置了WebHook自动部署,过程还是挺艰辛的,主要还是没搞懂Linux的权限控制,不过好在弄好了,分享一下获益最深的一篇文章,供大家参考,原文是英文版的,我的英语也不行,勉强能看懂,大家凑合着看吧
原文链接:http://jondavidjohn.com/git-pull-from-a-php-script-not-so-simple/
I intended to set up a repository (hosted on BitBucket) to initiate a pull on a dev server when new commits are pushed up.
It seemed like a simple enough process. BitBucket has a service that will fire off a POST request as a post-receive hook. So I set up a receiving php script to check a randomized token and then initiate the git pull. Looking something like this...
<?php
define('PRIVATE_KEY', 'XXXXXXXXXXXXXXXXxxx');
if ($_SERVER['REQUEST_METHOD'] === 'POST'
&& $_REQUEST['thing'] === PRIVATE_KEY)
{
echo shell_exec("git pull");
}
Didn't end up being as simple as I had anticipated...
There were a few considerations that I did not take into account. Documenting them here will hopefully help you avoid some obstacles in trying to get something like this set up.
(Missed) Considerations
the binary (git in this case)
The user that is attempting to execute git pull is the apache user (www in our case). This user did not happen to have git in their path.
This took a while to track down because the exec() family of functions simply fail silently because they only report STDOUT and not STDERR. To get the function to report STDERR you can route it into STDOUT by adding 2->&1 at the end of your command.
After I realized this I logged in and found the full path of the git binary with which git, which is /full/path/to/bin/git.
<?php
...
echo shell_exec("/full/path/to/bin/git pull 2>&1");
...
Now it was reporting the next issue...
permissions
error: cannot open .git/FETCH_HEAD: Permission denied
The apache user also needs read and write access to the entire repository.
chown -R ssh_user:www repository/
It's also a good idea to make sure any files/directories inherit this ownership if being created by others by setting the group sticky bit.
chmod -R g+s repository/
"Host key verification failed"
Next, you need to do an intial git pull with the apache user to make sure the remote is added to the apache user's known_hosts file
sudo -u www git pull
ssh key
Another consideration created by this command being run by the apache user is the ssh key it uses to communicate with the remote repository.
First, I went down the path of attempting to use the GIT_SSH environment variable to set the ssh -i option to tell it to use a specific ssh key I had generated with the ssh user. I never got this to work, most likely because there are a lot of rules ssh uses to determine the safety of a given key. It requires some specific permissions regarding the user that is attempting to use the key.
An easier way I discovered was to give the apache user a home directory (via /etc/passwd) and a .ssh directory and then run the ssh-keygen command as the apache user (www)
sudo -u www ssh-keygen -t rsa
This creates the keys and puts them in their expected location with the proper permissions applied.
Then I added the key as a read-only key for the BitBucket repository and everything worked as expected.
最新文章
- 微信小程序 wx.getUserInfo 解密 C# 代码
- Snort - manual 笔记(四)
- HTML添加多媒体或音乐
- wordpress自定义后台用户联系方式 添加qq、微博、微信
- golang的采集库
- linux中FTP自动备份VPS脚本
- 在eclipse中运行storm-starter
- NoSql之Redis使用(一)
- HDOJ 2802 F(N)
- MyEclipse Web Project导入Eclipse Dynamic Web Project,无法部署到tomcat问 题
- 免小号QQ空间说说刷赞器
- Android 获取截图 并将其保存到本地sd在卡路径
- iOS开发 - Swift使用GCD实现计时器功能
- Appium移动自动化测试之—基于java的iOS环境搭建
- SpringBoot+Angular2 开发环境搭建
- hdu 5505(GT and numbers)
- python中MySQLdb的使用
- Java 8中用法优雅的Stream,性能也"优雅"吗?
- 关于memset赋值问题
- SAS 日期格式显示年月的format