最近在使用Coding的代码托管,顺便设置了WebHook自动部署,过程还是挺艰辛的,主要还是没搞懂Linux的权限控制,不过好在弄好了,分享一下获益最深的一篇文章,供大家参考,原文是英文版的,我的英语也不行,勉强能看懂,大家凑合着看吧

原文链接:http://jondavidjohn.com/git-pull-from-a-php-script-not-so-simple/

I intended to set up a repository (hosted on BitBucket) to initiate a pull on a dev server when new commits are pushed up.

It seemed like a simple enough process. BitBucket has a service that will fire off a POST request as a post-receive hook. So I set up a receiving php script to check a randomized token and then initiate the git pull. Looking something like this...

<?php

define('PRIVATE_KEY', 'XXXXXXXXXXXXXXXXxxx');

if ($_SERVER['REQUEST_METHOD'] === 'POST'

        && $_REQUEST['thing'] === PRIVATE_KEY)

{

    echo shell_exec("git pull");

}

Didn't end up being as simple as I had anticipated...

There were a few considerations that I did not take into account. Documenting them here will hopefully help you avoid some obstacles in trying to get something like this set up.

(Missed) Considerations

the binary (git in this case)

The user that is attempting to execute git pull is the apache user (www in our case). This user did not happen to have git in their path.

This took a while to track down because the exec() family of functions simply fail silently because they only report STDOUT and not STDERR. To get the function to report STDERR you can route it into STDOUT by adding 2->&1 at the end of your command.

After I realized this I logged in and found the full path of the git binary with which git, which is /full/path/to/bin/git.

<?php

...

    echo shell_exec("/full/path/to/bin/git pull 2>&1");

...

Now it was reporting the next issue...

permissions

error: cannot open .git/FETCH_HEAD: Permission denied

The apache user also needs read and write access to the entire repository.

chown -R ssh_user:www repository/

It's also a good idea to make sure any files/directories inherit this ownership if being created by others by setting the group sticky bit.

chmod -R g+s repository/

"Host key verification failed"

Next, you need to do an intial git pull with the apache user to make sure the remote is added to the apache user's known_hosts file

sudo -u www git pull

ssh key

Another consideration created by this command being run by the apache user is the ssh key it uses to communicate with the remote repository.

First, I went down the path of attempting to use the GIT_SSH environment variable to set the ssh -i option to tell it to use a specific ssh key I had generated with the ssh user. I never got this to work, most likely because there are a lot of rules ssh uses to determine the safety of a given key. It requires some specific permissions regarding the user that is attempting to use the key.

An easier way I discovered was to give the apache user a home directory (via /etc/passwd) and a .ssh directory and then run the ssh-keygen command as the apache user (www)

sudo -u www ssh-keygen -t rsa

This creates the keys and puts them in their expected location with the proper permissions applied.

Then I added the key as a read-only key for the BitBucket repository and everything worked as expected.

 

使用PHP自动部署GIT代码的更多相关文章

  1. 利用WebHook实现PHP自动部署Git代码

    平时项目代码都托管在Coding,然后每次提交了代码之后都要SSH到服务器上去git pull一次,很是繁琐,在看了OverTrue的<使用PHP脚本远程部署git项目>后就尝试在自己服务 ...

  2. Jenkins之自动部署、代码安全扫描、自动化接口测试

    搭建Jenkins wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.reporpm --i ...

  3. 基于webhook方案的Git自动部署方案

    之前已经用Git实现了自己博客的提交自动部署,并自动提交到GitHub和coding以备不时之需.平时项目代码都托管在Coding或者GitHub上,也已经用上了coding提供的webhook功能, ...

  4. coding.net------WEBHOOK自动部署实战

    使用WebHook自动部署项目今天在laravist.com看到了这个 Webhook 自动部署Git项目 这个教学视频,以前自己也想做这样做一个利用Git WebHook的自动化部署,但总是不成功, ...

  5. Visual Studio Git代码管理环境部署

    Visual Studio 2010 部署Git代码管理环境. 第一:首先做Git的安装和环境部署 1.下载并安装Git软件,在windows环境下的Git叫做“msysGit”,官网地址为https ...

  6. Webhook 实践 —— 自动部署

    https://segmentfault.com/a/1190000007892407 安装nodejs 安装nodejs建议直接下载二进制包,把官网上的64位二进制版本下载地址复制下来,执行 wge ...

  7. 做了一个简易的git 代码自动部署脚本

    做了一个简易的git 代码自动部署脚本 http://my.oschina.net/caomenglong/blog/472665 发表于2个月前(2015-06-30 21:08)   阅读(200 ...

  8. git的安装使用和代码自动部署

    1.安装 http://www.cnblogs.com/sunada2005/archive/2013/06/06/3121098.html http://www.cnblogs.com/zhcncn ...

  9. centos 安装git服务器,配置使用证书登录并你用hook实现代码自动部署

    安装git服务器先安装依赖软件:yum -y install gcc zlib-devel openssl-devel perl cpio expat-devel gettext-devel open ...

随机推荐

  1. li浮动引起ul高度坍陷的解决方法

    我们都知道float在CSS中的作用是使元素脱离正常的文档流并使其移动到其父元素的“最左边”或“最右边”.元素浮动之后,它脱离当前正常的文档流,所以无法撑开其父元素,造成父元素的高度塌陷.如下的代码就 ...

  2. 一种无new创建对象的方法

    var L=function(){ var obj = { age:38, live:true, job:"web dev" }; obj.name = "zhouhui ...

  3. linux查看占用内存/cpu最高的进程情况

    linux查看占用cpu最高的进程 ps aux|head -1;ps aux|grep -v PID|sort -rn -k +3|head 或者top (然后按下M,注意这里是大写) linux查 ...

  4. Python学习(三) 输出任意格式的字符串以及字符串的切片

    在Python中想要输出一句话,如下 a='hello world' print a //打印出的是hello world print 'hello \n world' //打印出的是 //hello ...

  5. 根据查询结果创建新表create table .. as (select....)

    一张表 student 查询数学和英语都是90分以上的同学,并创建一张新表 test1

  6. 关于C语言静态链接的个人理解,欢迎指正

    摘要:本篇主要介绍在静态链接中多个文件合并.地址确定.符号解析和重定位相关问题,以GCC编译器为例.     首先,链接器链接多个文件时,采用何种方式合并为一个文件?方式一,按序叠加,即多个文件依次叠 ...

  7. JS--switch 语句

    说明:js中switch语句的语法风格 function convert(x){ switch(x) { case "string": document.write("s ...

  8. [转]Windows平台下LispBox环境搭建

    转自http://www.cnblogs.com/sunt2012/archive/2013/05/27/3102816.html Lisp in a Box软件包可以让新Lisp程序员在一流的Lis ...

  9. Linux系统编程(1)——文件与I/O之C标准I/O函数与系统调用I/O

    Linux系统的I/O也就是一般所说的低级I/O--操作系统提供的基本IO服务,与os绑定,特定于Linux平台.而标准I/O是ANSI C建立的一个标准I/O模型,是一个标准函数包和stdio.h头 ...

  10. 在javascript中使用com组件的方法

    转载自:  http://dhailin.blog.163.com/blog/static/230738322011128102043880/ 首先创建一个COM组件,插入一个双接口Itest,在此接 ...