最近在使用Coding的代码托管,顺便设置了WebHook自动部署,过程还是挺艰辛的,主要还是没搞懂Linux的权限控制,不过好在弄好了,分享一下获益最深的一篇文章,供大家参考,原文是英文版的,我的英语也不行,勉强能看懂,大家凑合着看吧

原文链接:http://jondavidjohn.com/git-pull-from-a-php-script-not-so-simple/

I intended to set up a repository (hosted on BitBucket) to initiate a pull on a dev server when new commits are pushed up.

It seemed like a simple enough process. BitBucket has a service that will fire off a POST request as a post-receive hook. So I set up a receiving php script to check a randomized token and then initiate the git pull. Looking something like this...

<?php

define('PRIVATE_KEY', 'XXXXXXXXXXXXXXXXxxx');

if ($_SERVER['REQUEST_METHOD'] === 'POST'

        && $_REQUEST['thing'] === PRIVATE_KEY)

{

    echo shell_exec("git pull");

}

Didn't end up being as simple as I had anticipated...

There were a few considerations that I did not take into account. Documenting them here will hopefully help you avoid some obstacles in trying to get something like this set up.

(Missed) Considerations

the binary (git in this case)

The user that is attempting to execute git pull is the apache user (www in our case). This user did not happen to have git in their path.

This took a while to track down because the exec() family of functions simply fail silently because they only report STDOUT and not STDERR. To get the function to report STDERR you can route it into STDOUT by adding 2->&1 at the end of your command.

After I realized this I logged in and found the full path of the git binary with which git, which is /full/path/to/bin/git.

<?php

...

    echo shell_exec("/full/path/to/bin/git pull 2>&1");

...

Now it was reporting the next issue...

permissions

error: cannot open .git/FETCH_HEAD: Permission denied

The apache user also needs read and write access to the entire repository.

chown -R ssh_user:www repository/

It's also a good idea to make sure any files/directories inherit this ownership if being created by others by setting the group sticky bit.

chmod -R g+s repository/

"Host key verification failed"

Next, you need to do an intial git pull with the apache user to make sure the remote is added to the apache user's known_hosts file

sudo -u www git pull

ssh key

Another consideration created by this command being run by the apache user is the ssh key it uses to communicate with the remote repository.

First, I went down the path of attempting to use the GIT_SSH environment variable to set the ssh -i option to tell it to use a specific ssh key I had generated with the ssh user. I never got this to work, most likely because there are a lot of rules ssh uses to determine the safety of a given key. It requires some specific permissions regarding the user that is attempting to use the key.

An easier way I discovered was to give the apache user a home directory (via /etc/passwd) and a .ssh directory and then run the ssh-keygen command as the apache user (www)

sudo -u www ssh-keygen -t rsa

This creates the keys and puts them in their expected location with the proper permissions applied.

Then I added the key as a read-only key for the BitBucket repository and everything worked as expected.

 

使用PHP自动部署GIT代码的更多相关文章

  1. 利用WebHook实现PHP自动部署Git代码

    平时项目代码都托管在Coding,然后每次提交了代码之后都要SSH到服务器上去git pull一次,很是繁琐,在看了OverTrue的<使用PHP脚本远程部署git项目>后就尝试在自己服务 ...

  2. Jenkins之自动部署、代码安全扫描、自动化接口测试

    搭建Jenkins wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.reporpm --i ...

  3. 基于webhook方案的Git自动部署方案

    之前已经用Git实现了自己博客的提交自动部署,并自动提交到GitHub和coding以备不时之需.平时项目代码都托管在Coding或者GitHub上,也已经用上了coding提供的webhook功能, ...

  4. coding.net------WEBHOOK自动部署实战

    使用WebHook自动部署项目今天在laravist.com看到了这个 Webhook 自动部署Git项目 这个教学视频,以前自己也想做这样做一个利用Git WebHook的自动化部署,但总是不成功, ...

  5. Visual Studio Git代码管理环境部署

    Visual Studio 2010 部署Git代码管理环境. 第一:首先做Git的安装和环境部署 1.下载并安装Git软件,在windows环境下的Git叫做“msysGit”,官网地址为https ...

  6. Webhook 实践 —— 自动部署

    https://segmentfault.com/a/1190000007892407 安装nodejs 安装nodejs建议直接下载二进制包,把官网上的64位二进制版本下载地址复制下来,执行 wge ...

  7. 做了一个简易的git 代码自动部署脚本

    做了一个简易的git 代码自动部署脚本 http://my.oschina.net/caomenglong/blog/472665 发表于2个月前(2015-06-30 21:08)   阅读(200 ...

  8. git的安装使用和代码自动部署

    1.安装 http://www.cnblogs.com/sunada2005/archive/2013/06/06/3121098.html http://www.cnblogs.com/zhcncn ...

  9. centos 安装git服务器,配置使用证书登录并你用hook实现代码自动部署

    安装git服务器先安装依赖软件:yum -y install gcc zlib-devel openssl-devel perl cpio expat-devel gettext-devel open ...

随机推荐

  1. mysql 使用set names 解决乱码问题的原理

    解决乱码的方法,我们经常使用“set names utf8”,那么为什么加上这句代码就可以解决了呢?下面跟着我一起来深入set names utf8的内部执行原理 先说MySQL的字符集问题.Wind ...

  2. ajax 传值 中文乱码问题

    使用encodeURI编码内容 var Path = encodeURI("中文.xls"); url: "ashx/Data.ashx?Path =" + P ...

  3. rub、sass和compass的安装

    长话短说,直接进入正题. [ruby安装] ruby下载网址:http://rubyinstaller.org/downloads/ 选择适合自己电脑的版本: 下载完成后直接双击安装,记得勾选加入环境 ...

  4. 读取xml文件转成List<T>对象的两种方法(附源码)

    读取xml文件转成List<T>对象的两种方法(附源码) 读取xml文件,是项目中经常要用到的,所以就总结一下,最近项目中用到的读取xml文件并且转成List<T>对象的方法, ...

  5. jquery 单选框整个选中

    问题:遇到单选框,如图 解决办法:利用jqurey click->checked <!DOCTYPE html> <html lang="en"> & ...

  6. QT中的OpcDa 客户端 实现

    前段时间开发Windows下的设备端软件接触到了OPC DA,虽然现在有了更强大的OPC UA,但是为了兼容一些老的设备,不得不硬着头皮去啃这个老掉牙的已经过时了的技术.本来只是想粗略了解一下,简单写 ...

  7. Python学习(六) Python数据类型:字典(重要)

    字典dict: 字典其实就相当于java里面的Map,用来存储键值对的.其中存储的数据时无序的. 假如有这样的数据: t1=['name','age','sex'] t2=['tom',30,'mal ...

  8. PIL参考手册

    Python Imaging Library Handbook http://effbot.org/imagingbook/pil-index.htm 随机验证码的产生 import Image, I ...

  9. 学习Emacs

    1.http://ergoemacs.org/emacs/emacs.html 2.Debian7安装emacs24 http://my.oschina.net/xuzhouyu/blog/14954 ...

  10. WPF & ArcGIS Engine三维开发入门攻略

    原文 http://www.cnblogs.com/Realh/archive/2010/12/14/1906112.html 前些日子在做ESRI的开发大赛,从刚开始接触ArcGIS Engine( ...