最近在使用Coding的代码托管,顺便设置了WebHook自动部署,过程还是挺艰辛的,主要还是没搞懂Linux的权限控制,不过好在弄好了,分享一下获益最深的一篇文章,供大家参考,原文是英文版的,我的英语也不行,勉强能看懂,大家凑合着看吧

原文链接:http://jondavidjohn.com/git-pull-from-a-php-script-not-so-simple/

I intended to set up a repository (hosted on BitBucket) to initiate a pull on a dev server when new commits are pushed up.

It seemed like a simple enough process. BitBucket has a service that will fire off a POST request as a post-receive hook. So I set up a receiving php script to check a randomized token and then initiate the git pull. Looking something like this...

<?php

define('PRIVATE_KEY', 'XXXXXXXXXXXXXXXXxxx');

if ($_SERVER['REQUEST_METHOD'] === 'POST'

        && $_REQUEST['thing'] === PRIVATE_KEY)

{

    echo shell_exec("git pull");

}

Didn't end up being as simple as I had anticipated...

There were a few considerations that I did not take into account. Documenting them here will hopefully help you avoid some obstacles in trying to get something like this set up.

(Missed) Considerations

the binary (git in this case)

The user that is attempting to execute git pull is the apache user (www in our case). This user did not happen to have git in their path.

This took a while to track down because the exec() family of functions simply fail silently because they only report STDOUT and not STDERR. To get the function to report STDERR you can route it into STDOUT by adding 2->&1 at the end of your command.

After I realized this I logged in and found the full path of the git binary with which git, which is /full/path/to/bin/git.

<?php

...

    echo shell_exec("/full/path/to/bin/git pull 2>&1");

...

Now it was reporting the next issue...

permissions

error: cannot open .git/FETCH_HEAD: Permission denied

The apache user also needs read and write access to the entire repository.

chown -R ssh_user:www repository/

It's also a good idea to make sure any files/directories inherit this ownership if being created by others by setting the group sticky bit.

chmod -R g+s repository/

"Host key verification failed"

Next, you need to do an intial git pull with the apache user to make sure the remote is added to the apache user's known_hosts file

sudo -u www git pull

ssh key

Another consideration created by this command being run by the apache user is the ssh key it uses to communicate with the remote repository.

First, I went down the path of attempting to use the GIT_SSH environment variable to set the ssh -i option to tell it to use a specific ssh key I had generated with the ssh user. I never got this to work, most likely because there are a lot of rules ssh uses to determine the safety of a given key. It requires some specific permissions regarding the user that is attempting to use the key.

An easier way I discovered was to give the apache user a home directory (via /etc/passwd) and a .ssh directory and then run the ssh-keygen command as the apache user (www)

sudo -u www ssh-keygen -t rsa

This creates the keys and puts them in their expected location with the proper permissions applied.

Then I added the key as a read-only key for the BitBucket repository and everything worked as expected.

 

使用PHP自动部署GIT代码的更多相关文章

  1. 利用WebHook实现PHP自动部署Git代码

    平时项目代码都托管在Coding,然后每次提交了代码之后都要SSH到服务器上去git pull一次,很是繁琐,在看了OverTrue的<使用PHP脚本远程部署git项目>后就尝试在自己服务 ...

  2. Jenkins之自动部署、代码安全扫描、自动化接口测试

    搭建Jenkins wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.reporpm --i ...

  3. 基于webhook方案的Git自动部署方案

    之前已经用Git实现了自己博客的提交自动部署,并自动提交到GitHub和coding以备不时之需.平时项目代码都托管在Coding或者GitHub上,也已经用上了coding提供的webhook功能, ...

  4. coding.net------WEBHOOK自动部署实战

    使用WebHook自动部署项目今天在laravist.com看到了这个 Webhook 自动部署Git项目 这个教学视频,以前自己也想做这样做一个利用Git WebHook的自动化部署,但总是不成功, ...

  5. Visual Studio Git代码管理环境部署

    Visual Studio 2010 部署Git代码管理环境. 第一:首先做Git的安装和环境部署 1.下载并安装Git软件,在windows环境下的Git叫做“msysGit”,官网地址为https ...

  6. Webhook 实践 —— 自动部署

    https://segmentfault.com/a/1190000007892407 安装nodejs 安装nodejs建议直接下载二进制包,把官网上的64位二进制版本下载地址复制下来,执行 wge ...

  7. 做了一个简易的git 代码自动部署脚本

    做了一个简易的git 代码自动部署脚本 http://my.oschina.net/caomenglong/blog/472665 发表于2个月前(2015-06-30 21:08)   阅读(200 ...

  8. git的安装使用和代码自动部署

    1.安装 http://www.cnblogs.com/sunada2005/archive/2013/06/06/3121098.html http://www.cnblogs.com/zhcncn ...

  9. centos 安装git服务器,配置使用证书登录并你用hook实现代码自动部署

    安装git服务器先安装依赖软件:yum -y install gcc zlib-devel openssl-devel perl cpio expat-devel gettext-devel open ...

随机推荐

  1. 微信开发之门店管理{"errcode":40097,"errmsg":"invalid args hint: [xxxxxxx]"}

    最近在做微信端开发,做到门店开发部分,在创建门店的时候遇到40097问题{"errcode":40097,"errmsg":"invalid args ...

  2. C# 连接 数据库的时候 出现 程序出现异常"尝试读取或写入受保护的内存这通常指示其他内存已损坏" 错误

    今天调试程序的时候出现了毫无征兆的就出现了如标题所述 的错误,我之前的程序 都运行的好好的,网上 找了 好多帖子 ,都是没有找到解决方案,最后 一个问一个同事 不知道他在哪儿找到了一个解决方案,说是 ...

  3. [Head First Python]4.读取文件datafile.txt, 去除两边空格, 存储到列表,从列表格式化(nester.py)后输出到文件man.out,other.out

    datafile.txt  #文件 Man: this is the right room for an argument. Other Man: I've told you once. Man: N ...

  4. python基础教程第4章——字典

    1.映射(mapping):通过名字引用值的数据结构.字典是Python中唯一内建的映射类型,字典中的值并没有特殊的顺序,但是都存储在一个特定的键(key)里.键可以是数字.字符串甚至是元组. 2.字 ...

  5. Expedition(优先队列)

    Expedition 点我 Time Limit: 1000MS   Memory Limit: 65536K Total Submissions: 9465   Accepted: 2760 Des ...

  6. Qt 框架的图形性能高(OpenGL上的系统效率高),网络性能低,开发效率高,Quick是可以走硬件加速——Qt中分为好几套图形系统,差不多代表了2D描画的发展史。最经典的软描画系统

    -----图形性能部分-----Qt的widgets部分,运行时的图像渲染性能是一般的,因为大部分的界面内容都是Qt自绘,没有走硬件加速,也就是说很多图形内容都是CPU算出来的.但是widgets底层 ...

  7. ArcGIS API for Silverlight中专题地图的实现浅析

    原文http://www.gisall.com/html/32/7232-2418.html 专题地图是突出表现特定主题或者属性的地图.常见专题地图类型有唯一值渲染,分类渲染,柱状图,饼状图,点密度图 ...

  8. Android中通过代码获取arrays.xml文件中的数据

    android工程res/valuse文件夹下的arrays.xml文件中用于放各种数组数据,比如字符串数组.整型数组等,数组中的数据可能是具体的值,也有可能是对资源数据的引用,下面针对这两种情况通过 ...

  9. 用来控制 XML 序列化的属性

    通过将下表中的属性应用于类和类成员,可以控制 XmlSerializer 序列化或反序列化该类的实例的方式.若要了解这些属性如何控制 XML 序列化,请参见使用属性控制 XML 序列化. 这些属性还可 ...

  10. 2014.8.4我出的模拟赛【NTR酋长】

    NTR酋长 (ntr.pas/.c/.cpp) 黄巨大终于如愿以偿的进入了czy的后宫中……但是czy很生气……他要在黄巨大走到他面前的必经之路上放上几个NTR酋长来阻挡黄巨大. 众所周知,NTR酋长 ...