Use PHP to automatically deploy GIT code and php to deploy git. Using PHP to automatically deploy GIT code, php to deploy git is using Coding code hosting recently, and WebHook automatic deployment is set by the way, the process is still quite difficult, I still don't understand Linux permissions. I can use PHP to automatically deploy GIT code, and use php to deploy git.
Recently, we are using Coding code hosting. By the way, we have set up automatic WebHook deployment. this process is still quite difficult, but we still don't understand the Linux permission control, but it is better to do it, I would like to share one of the most beneficial articles for your reference. The original article is in English, and I cannot understand English either.
Link: http://jondavidjohn.com/git-pull-from-a-php-script-not-so-simple/
I intended to set up a repository (hosted on BitBucket) to initiate a pull on a dev server when new commits are pushed up.
It seemed like a simple enough process. bitBucket has a service that will fire off a POST request as a post-receive hook. so I set up a login ing php script to check a randomized token and then initiategit pull
. Looking something like this...
Didn't end up being as simple as I had anticipated...
There were a few considerations that I did not take into account. Documenting them here will hopefully help you avoid some obstacles in trying to get something like this set up.
(Missed) Considerationsthe binary (git
In this case)The user that is attempting to executegit pull
Is the apache user (www
In our case). This user did not happen to havegit
In their path.
This took a while to track down becauseexec()
Family of functions simply fail silently because they only report STDOUT and not STDERR. To get the function to report STDERR you can route it into STDOUT by adding2->&1
At the end of your command.
After I realized this I logged in and found the full path of the git binarywhich git
, Which is/full/path/to/bin/git
.
&1");...
Now it was reporting the next issue...
Permissionserror: cannot open .git/FETCH_HEAD: Permission denied
The apache user also needs read and write access to the entire repository.
chown -R ssh_user:www repository/
It's also a good idea to make sure any files/directories inherit this ownership if being created by others by setting the group sticky bit.
chmod -R g+s repository/
"Host key verification failed"Next, you need to do an intial git pull with the apache user to make sure the remote is added to the apache user'sknown_hosts
File
sudo -u www git pull
Ssh keyAnother consideration created by this command being run by the apache user is the ssh key it uses to communicate with the remote repository.
First, I went down the path of attempting to useGIT_SSH
Environment variable to setssh -i
Option to tell it to use a specific ssh key I had generated with the ssh user. I never got this to work, most likely because there are a lot of rules ssh uses to determine the safety of a given key. it requires some specific permissions regarding the user that is attempting to use the key.
An easier way I discovered was to give the apache user a home directory (/etc/passwd
) And.ssh
Directory and then runssh-keygen
CommandAsThe apache user (www
)
sudo -u www ssh-keygen -t rsa
This creates the keys and puts them in their expected location with the proper permissions applied.
Then I added the key as a read-only key for the BitBucket repository and everything worked as expected.
Later, Ghost was using Coding code hosting. By the way, it was difficult to set up automatic WebHook deployment. I still didn't understand Linux permissions...