最近在使用Coding的代码托管,顺便设置了WebHook自动部署,过程还是挺艰辛的,主要还是没搞懂Linux的权限控制,不过好在弄好了,分享一下获益最深的一篇文章,供大家参考,原文是英文版的,我的英语也不行,勉强能看懂,大家凑合着看吧

原文链接:http://jondavidjohn.com/git-pull-from-a-php-script-not-so-simple/

I intended to set up a repository (hosted on BitBucket) to initiate a pull on a dev server when new commits are pushed up.

It seemed like a simple enough process. BitBucket has a service that will fire off a POST request as a post-receive hook. So I set up a receiving php script to check a randomized token and then initiate the git pull. Looking something like this...

<?php

define('PRIVATE_KEY', 'XXXXXXXXXXXXXXXXxxx');

if ($_SERVER['REQUEST_METHOD'] === 'POST'

        && $_REQUEST['thing'] === PRIVATE_KEY)

{

    echo shell_exec("git pull");

}

Didn't end up being as simple as I had anticipated...

There were a few considerations that I did not take into account. Documenting them here will hopefully help you avoid some obstacles in trying to get something like this set up.

(Missed) Considerations

the binary (git in this case)

The user that is attempting to execute git pull is the apache user (www in our case). This user did not happen to have git in their path.

This took a while to track down because the exec() family of functions simply fail silently because they only report STDOUT and not STDERR. To get the function to report STDERR you can route it into STDOUT by adding 2->&1 at the end of your command.

After I realized this I logged in and found the full path of the git binary with which git, which is /full/path/to/bin/git.

<?php

...

    echo shell_exec("/full/path/to/bin/git pull 2>&1");

...

Now it was reporting the next issue...

permissions

error: cannot open .git/FETCH_HEAD: Permission denied

The apache user also needs read and write access to the entire repository.

chown -R ssh_user:www repository/

It's also a good idea to make sure any files/directories inherit this ownership if being created by others by setting the group sticky bit.

chmod -R g+s repository/

"Host key verification failed"

Next, you need to do an intial git pull with the apache user to make sure the remote is added to the apache user's known_hosts file

sudo -u www git pull

ssh key

Another consideration created by this command being run by the apache user is the ssh key it uses to communicate with the remote repository.

First, I went down the path of attempting to use the GIT_SSH environment variable to set the ssh -i option to tell it to use a specific ssh key I had generated with the ssh user. I never got this to work, most likely because there are a lot of rules ssh uses to determine the safety of a given key. It requires some specific permissions regarding the user that is attempting to use the key.

An easier way I discovered was to give the apache user a home directory (via /etc/passwd) and a .ssh directory and then run the ssh-keygen command as the apache user (www)

sudo -u www ssh-keygen -t rsa

This creates the keys and puts them in their expected location with the proper permissions applied.

Then I added the key as a read-only key for the BitBucket repository and everything worked as expected.

 

使用PHP自动部署GIT代码的更多相关文章

  1. 利用WebHook实现PHP自动部署Git代码

    平时项目代码都托管在Coding,然后每次提交了代码之后都要SSH到服务器上去git pull一次,很是繁琐,在看了OverTrue的<使用PHP脚本远程部署git项目>后就尝试在自己服务 ...

  2. Jenkins之自动部署、代码安全扫描、自动化接口测试

    搭建Jenkins wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.reporpm --i ...

  3. 基于webhook方案的Git自动部署方案

    之前已经用Git实现了自己博客的提交自动部署,并自动提交到GitHub和coding以备不时之需.平时项目代码都托管在Coding或者GitHub上,也已经用上了coding提供的webhook功能, ...

  4. coding.net------WEBHOOK自动部署实战

    使用WebHook自动部署项目今天在laravist.com看到了这个 Webhook 自动部署Git项目 这个教学视频,以前自己也想做这样做一个利用Git WebHook的自动化部署,但总是不成功, ...

  5. Visual Studio Git代码管理环境部署

    Visual Studio 2010 部署Git代码管理环境. 第一:首先做Git的安装和环境部署 1.下载并安装Git软件,在windows环境下的Git叫做“msysGit”,官网地址为https ...

  6. Webhook 实践 —— 自动部署

    https://segmentfault.com/a/1190000007892407 安装nodejs 安装nodejs建议直接下载二进制包,把官网上的64位二进制版本下载地址复制下来,执行 wge ...

  7. 做了一个简易的git 代码自动部署脚本

    做了一个简易的git 代码自动部署脚本 http://my.oschina.net/caomenglong/blog/472665 发表于2个月前(2015-06-30 21:08)   阅读(200 ...

  8. git的安装使用和代码自动部署

    1.安装 http://www.cnblogs.com/sunada2005/archive/2013/06/06/3121098.html http://www.cnblogs.com/zhcncn ...

  9. centos 安装git服务器,配置使用证书登录并你用hook实现代码自动部署

    安装git服务器先安装依赖软件:yum -y install gcc zlib-devel openssl-devel perl cpio expat-devel gettext-devel open ...

随机推荐

  1. JDK,TomCat安装配置

    JDK.Tomcat.myEclipse安装配置 准备安装包 JAVA运行环境包 JDK1.7下载地址: http://www.veryhuo.com/down/html/43205.html Jsp ...

  2. 【solr基础教程之一】Solr相关知识点串讲

           Solr是Apache Lucene的一个子项目.Lucene为全文搜索功能提供了完备的API,但它只作为一个API库存在,而不能直接用于搜索.因此,Solr基于Lucene构建了一个完 ...

  3. transient 做个标记

    import java.io.*; import java.util.*; public class Logon implements Serializable { /** * */ private ...

  4. position属性absolute与relative(转)

    每次要用到Position属性时,总要去搜索下,这两个属性值的区别:今天就直接复制网上的结果,以便以后多看看. Absolute,CSS中的写法是:position:absolute; 他的意思是绝对 ...

  5. Eclipse 乱码解决方案(UTF8 -- GBK)

    UTF8 --> GBK;   GBK --> UTF8 eclipse的中文乱码问题,一般不外乎是由操作系统平台编码的不一致导致,如Linux中默认的中文字体编码问UTF8, 而Wind ...

  6. Effective Java2读书笔记-创建和销毁对象(三)

    第5条:避免创建不必要的对象 本条主要讲的是一些反面教材,希望大家引以为鉴. ①无意中使用自动装箱导致多创建对象. public class Sum { public static void main ...

  7. Redis应用场景-整理

    1.  MySql+Memcached架构的问题 Memcached采用客户端-服务器的架构,客户端和服务器端的通讯使用自定义的协议标准,只要满足协议格式要求,客户端Library可以用任何语言实现. ...

  8. error: ‘shared_ptr’ in namespace ‘std’ does not name a type

    用G++编译项目的时候发生标题上的错误,原因是,这是c++ 11标准的.在给g++传递命令行的时候加上-std=c++0x就行了. 还需要在源码中#include<memory> 我的cm ...

  9. linux date

    我使用过的Linux命令之date - 显示.修改系统日期时间 本文链接:http://codingstandards.iteye.com/blog/1157513   (转载请注明出处) 用途说明 ...

  10. 安装GeoIP数据库

    1.安装GeoIP数据库 cd /usr/local/logstash/etc curl -O "http://geolite.maxmind.com/download/geoip/data ...