使用PHP自动部署GIT代码,php部署git
使用PHP自动部署GIT代码,php部署git
最近在使用Coding的代码托管,顺便设置了WebHook自动部署,过程还是挺艰辛的,主要还是没搞懂Linux的权限控制,不过好在弄好了,分享一下获益最深的一篇文章,供大家参考,原文是英文版的,我的英语也不行,勉强能看懂,大家凑合着看吧
原文链接:http://jondavidjohn.com/git-pull-from-a-php-script-not-so-simple/
I intended to set up a repository (hosted on BitBucket) to initiate a pull on a dev server when new commits are pushed up.
It seemed like a simple enough process. BitBucket has a service that will fire off a POST request as a post-receive hook. So I set up a receiving php script to check a randomized token and then initiate the git pull. Looking something like this...
<code class="language-php" data-lang="php"><span class="cp"><?php
<span class="nb">define<span class="p">(<span class="s1">'PRIVATE_KEY'<span class="p">, <span class="s1">'XXXXXXXXXXXXXXXXxxx'<span class="p">);
<span class="k">if <span class="p">(<span class="nv">$_SERVER<span class="p">[<span class="s1">'REQUEST_METHOD'<span class="p">] <span class="o">=== <span class="s1">'POST'
<span class="o">&& <span class="nv">$_REQUEST<span class="p">[<span class="s1">'thing'<span class="p">] <span class="o">=== <span class="nx">PRIVATE_KEY<span class="p">)
<span class="p">{
<span class="k">echo <span class="nb">shell_exec<span class="p">(<span class="s2">"git pull"<span class="p">);
<span class="p">}
</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></code>Didn't end up being as simple as I had anticipated...
There were a few considerations that I did not take into account. Documenting them here will hopefully help you avoid some obstacles in trying to get something like this set up.
(Missed) Considerations
the binary (git in this case)
The user that is attempting to execute git pull is the apache user (www in our case). This user did not happen to have git in their path.
This took a while to track down because the exec() family of functions simply fail silently because they only report STDOUT and not STDERR. To get the function to report STDERR you can route it into STDOUT by adding 2->&1 at the end of your command.
After I realized this I logged in and found the full path of the git binary with which git, which is /full/path/to/bin/git.
<code class="language-php" data-lang="php"><span class="cp"><?php
<span class="o">...
<span class="k">echo <span class="nb">shell_exec<span class="p">(<span class="s2">"/full/path/to/bin/git pull 2>&1"<span class="p">);
<span class="o">...
</span></span></span></span></span></span></span></span></code>Now it was reporting the next issue...
permissions
<code class="language-text" data-lang="text">error: cannot open .git/FETCH_HEAD: Permission denied </code>
The apache user also needs read and write access to the entire repository.
<code class="language-text" data-lang="text">chown -R ssh_user:www repository/ </code>
It's also a good idea to make sure any files/directories inherit this ownership if being created by others by setting the group sticky bit.
<code class="language-text" data-lang="text">chmod -R g+s repository/ </code>
"Host key verification failed"
Next, you need to do an intial git pull with the apache user to make sure the remote is added to the apache user's known_hosts file
<code class="language-text" data-lang="text">sudo -u www git pull </code>
ssh key
Another consideration created by this command being run by the apache user is the ssh key it uses to communicate with the remote repository.
First, I went down the path of attempting to use the GIT_SSH environment variable to set the ssh -i option to tell it to use a specific ssh key I had generated with the ssh user. I never got this to work, most likely because there are a lot of rules ssh uses to determine the safety of a given key. It requires some specific permissions regarding the user that is attempting to use the key.
An easier way I discovered was to give the apache user a home directory (via /etc/passwd) and a .ssh directory and then run the ssh-keygen command as the apache user (www)
<code class="language-text" data-lang="text">sudo -u www ssh-keygen -t rsa </code>
This creates the keys and puts them in their expected location with the proper permissions applied.
Then I added the key as a read-only key for the BitBucket repository and everything worked as expected.
<code class="language-php" data-lang="php"><span class="cp"><span class="nb"><span class="p"><span class="s1"><span class="p"><span class="s1"><span class="p"><span class="k"><span class="p"><span class="nv"><span class="p"><span class="s1"><span class="p"><span class="o"><span class="s1"><span class="o"><span class="nv"><span class="p"><span class="s1"><span class="p"><span class="o"><span class="nx"><span class="p"><span class="p"><span class="k"><span class="nb"><span class="p"><span class="s2"><span class="p"><span class="p"> </span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></code>
Alat AI Hot
Undresser.AI Undress
Apl berkuasa AI untuk mencipta foto bogel yang realistik
AI Clothes Remover
Alat AI dalam talian untuk mengeluarkan pakaian daripada foto.
Undress AI Tool
Gambar buka pakaian secara percuma
Clothoff.io
Penyingkiran pakaian AI
AI Hentai Generator
Menjana ai hentai secara percuma.
Artikel Panas
Alat panas
Notepad++7.3.1
Editor kod yang mudah digunakan dan percuma
SublimeText3 versi Cina
Versi Cina, sangat mudah digunakan
Hantar Studio 13.0.1
Persekitaran pembangunan bersepadu PHP yang berkuasa
Dreamweaver CS6
Alat pembangunan web visual
SublimeText3 versi Mac
Perisian penyuntingan kod peringkat Tuhan (SublimeText3)
Topik panas
1359
52
Terangkan pengikatan statik lewat dalam php (statik: :).
Apr 03, 2025 am 12:04 AM
Mengikat statik (statik: :) Melaksanakan pengikatan statik lewat (LSB) dalam PHP, yang membolehkan kelas panggilan dirujuk dalam konteks statik dan bukannya menentukan kelas. 1) Proses parsing dilakukan pada masa runtime, 2) Cari kelas panggilan dalam hubungan warisan, 3) ia boleh membawa overhead prestasi.
Jelaskan JSON Web Tokens (JWT) dan kes penggunaannya dalam PHP API.
Apr 05, 2025 am 12:04 AM
JWT adalah standard terbuka berdasarkan JSON, yang digunakan untuk menghantar maklumat secara selamat antara pihak, terutamanya untuk pengesahan identiti dan pertukaran maklumat. 1. JWT terdiri daripada tiga bahagian: header, muatan dan tandatangan. 2. Prinsip kerja JWT termasuk tiga langkah: menjana JWT, mengesahkan JWT dan muatan parsing. 3. Apabila menggunakan JWT untuk pengesahan di PHP, JWT boleh dijana dan disahkan, dan peranan pengguna dan maklumat kebenaran boleh dimasukkan dalam penggunaan lanjutan. 4. Kesilapan umum termasuk kegagalan pengesahan tandatangan, tamat tempoh, dan muatan besar. Kemahiran penyahpepijatan termasuk menggunakan alat debugging dan pembalakan. 5. Pengoptimuman prestasi dan amalan terbaik termasuk menggunakan algoritma tandatangan yang sesuai, menetapkan tempoh kesahihan dengan munasabah,
Perpustakaan apa yang digunakan untuk operasi nombor terapung di GO?
Apr 02, 2025 pm 02:06 PM
Perpustakaan yang digunakan untuk operasi nombor terapung dalam bahasa Go memperkenalkan cara memastikan ketepatannya ...
Perpustakaan mana yang dibangunkan oleh syarikat besar atau disediakan oleh projek sumber terbuka yang terkenal?
Apr 02, 2025 pm 04:12 PM
Perpustakaan mana yang dibangunkan oleh syarikat besar atau projek sumber terbuka yang terkenal? Semasa pengaturcaraan di GO, pemaju sering menghadapi beberapa keperluan biasa, ...
Apakah kaedah Magic PHP (__construct, __destruct, __call, __get, __set, dll) dan menyediakan kes penggunaan?
Apr 03, 2025 am 12:03 AM
Apakah kaedah sihir PHP? Kaedah sihir PHP termasuk: 1. \ _ \ _ Membina, digunakan untuk memulakan objek; 2. \ _ \ _ Destruct, digunakan untuk membersihkan sumber; 3. \ _ \ _ Call, mengendalikan panggilan kaedah yang tidak wujud; 4. \ _ \ _ Mendapatkan, melaksanakan akses atribut dinamik; 5. \ _ \ _ Set, melaksanakan tetapan atribut dinamik. Kaedah ini secara automatik dipanggil dalam situasi tertentu, meningkatkan fleksibiliti dan kecekapan kod.
Python Hourglass Graph Lukisan: Bagaimana untuk mengelakkan kesilapan yang tidak ditentukan?
Apr 01, 2025 pm 06:27 PM
Bermula dengan Python: Lukisan Grafik Hourglass dan Pengesahan Input Artikel ini akan menyelesaikan masalah definisi berubah -ubah yang dihadapi oleh pemula python dalam program lukisan grafik Hourglass. Kod ...
GITEE PAGES PENYEDIAAN LAMAN WEB STATIC Gagal: Bagaimana menyelesaikan masalah dan menyelesaikan kesilapan fail tunggal 404?
Apr 04, 2025 pm 11:54 PM
Giteepages Statik Laman Web Penggunaan Gagal: 404 Penyelesaian Masalah dan Resolusi Ralat Semasa Menggunakan Gitee ...
Bagaimana menyelesaikan masalah penukaran jenis user_id semasa menggunakan aliran redis untuk melaksanakan beratur mesej dalam bahasa Go?
Apr 02, 2025 pm 04:54 PM
Masalah menggunakan redisstream untuk melaksanakan beratur mesej dalam bahasa Go menggunakan bahasa Go dan redis ...
