PHP writing Webhook Unable to execute git

It is necessary to build a visual version control and code submission platform to deploy on-line in operation and maintenance management. In this case, it is not convenient for OPS to use the command line or GIT tools in Linux terminal. The way we need to do this is to use Webhook automatic deployment or a Web-interface control Panel.

PHP Webhook to perform git operations

Note that this is just a simple demo not used as a production link

Read Webhookpost submitted data $data = input (' post. '); $wdata = [' ref ' = + $data [' ref '], ' before ' + $data [' before '], ' after ' + $data [' after '], ' Compare_ur L ' = $data [' Before ']];//take out data that needs to be written to the log if (Isset ($data [' commits '][0]) {$wdata [' commits_id '] = $data [' Commits '][0]['    ID '];    $wdata [' commits_message '] = $data [' commits '][0][' message '];    $wdata [' commits_url '] = $data [' commits '][0][' url '];    $wdata [' commits_author_name '] = $data [' commits '][0][' author '] [' name '];    $wdata [' commits_author_email '] = $data [' commits '][0][' author '] [' email '];    $wdata [' commits_author_username '] = $data [' commits '][0][' author '] [' username '];    $wdata [' commits_committer_name '] = $data [' commits '][0][' committer '] [' name '];    $wdata [' commits_committer_email '] = $data [' commits '][0][' committer '] [' email ']; $wdata [' commits_committer_username '] = $data [' commits '][0][' committer '] [' username '];} If the log directory does not exist then it is necessary to create this for post-analysis Log//Create directory if (!is_dir (". /logs/". $data [' repository '] [' name ']) {shell_exec (" MKdir. /logs/{$data [' Repository '] [' name ']} "); Create a file if (!file_exists (". /logs/{$data [' Repository '] [' name ']}/'. Date ("y-m-d"). ". TXT ") {shell_exec (" touch.. /logs/{$data [' Repository '] [' name ']}/'. Date ("y-m-d"). ". TXT ");} Write log file File_put_contents (".. /logs/{$data [' Repository '] [' name ']}/'. Date ("y-m-d"). ". TXT ", implode (" | | | ", $wdata), 2);//See if our Wwwroot directory has the project my Wwwroot directory is the directory of the web App $path ="/data/wwwroot/". $data [' Repository ' [' Name '];if (!is_dir ($path)) {$commandStr = "cd/data/wwwroot/&& sudo/usr/bin/git clone http://[    Your own git account]:[your own git password] @git. sikukeji.com/". $data [' repository '] [' full_name '];    $outPut = Shell_exec ($COMMANDSTR); Return Json::create ($outPut);}    else{$commandStr = "cd/data/wwwroot/{$data [' Repository '] [' name ']} && sudo/usr/bin/git pull";    $outPut = Shell_exec ($COMMANDSTR); Return Json::create ($outPut);}

Key code Explanation

$COMMANDSTR = "cd/data/wwwroot/&& sudo/usr/bin/git clone http://[your own git account]:[your own git password] @git. sikukeji.com/". $data [' repository '] [' full_name '];

The above command first is to switch the working directory to the/data/wwwroot directory, this is my web directory. The second command Sudo/usr/bin/git clone http://[your own git account]:[your own git password] @git. sikukeji.com/". $data [' repository '] [' full_name ']; is actually executing the regular git command only. Clone the code from our online git code base to local.

Problem analysis

So after writing, the code is not a problem in fact, your webhook is not executed, why? We added sudo before we executed git. sudo executes commands using the system administrator, and we know that it is necessary to enter the root[admin] password when using sudo in Linux. However, we do not have a way to enter the password when we use PHP's shell_exec. What happens now? In fact, there are ways in Linux for some commands to be executed using sudo without entering the password

Linux free password using sudo

We need to configure the file/etc/sudoers this file from the name we can guess his meaning.

Add git command to free secret

Because our PHP execution is actually used by www users. We can set this up on our own. The default is WWW users. Then git in PHP is also using WWW users. Let www user password-free execution git statement is in the diagram

www     all=nopasswd:/usr/bin/git

This is to authorize WWW users to run git as an administrator on all computers without having to enter a password. For more information on/etc/sudoers, please refer to the relevant materials yourself.

Send me an email if you have any questions weiyongqiang@weiyongqiang.com