如何从没有服务器访问repo的git repo部署? [英] How to deploy from git repo without server having access to repo?
问题描述
我在一个名为开发的分支工作,用于小修复,或者我在临时功能部门工作。当我准备好部署时,我将这些分支合并到主中。
我想让部署到我的直播站点一样简单(合并到主,推送到BitBucket)。
但是,我真的不希望我的服务器可以访问我的回购,因为这样会增加安全性。你关心安全,你希望你的回购在尽可能少的地方。如果您的服务器遭到破坏,那就是一个不好的情况,但是如果攻击者可以访问我的完整的备份库,情况会更糟。 此人同意。
所以我假设我想要使用像 git archive master ,像 http://stackoverflow.com/a/163769/470749 解释。
如何设置钩子检测到主的推送,然后运行 git archive master 将最新的代码(而不是repo)导出到压缩的zip文件,然后发送(通过SCP和/或Rsync?)到远程服务器,将其解压缩到新目录,然后(可能通过更改符号链接)将服务器指向该新目录?
奖金问题:如何启用轻松的紧急回滚? (我想可能会有一些情况,我想要快速恢复到以前的提交。)
我很高兴与脚本我结束了:
deploy.sh:
##此可执行文件将从主机(通过git archive)导出最新的代码,并将
##上传到远程服务器,然后调用服务器上的脚本来处理那里。
## -------------------------------------------- -------------------------------------------------- ------
source dev-ops / archive_and_upload.sh
##在远程服务器上,运行脚本归档现有的生产站点文件,然后部署上传的包。
ssh -i〜/ .ssh / id_rsa myUserName@vientiane.dreamhost.com<<'ENDSSH'
set -e
cd / home / myUserName / myProjectName / latest
##解压zip文件,然后将其删除。
echo解压缩package.zip ...
unzip -o package.zip&&& rm package.zip
cd / home / myUserName / myProjectName /
nowTime = $(date -u +%Y-%m-%d __%H:%M :%S)
echo存档将具有此时间戳:$ nowTime
##将最新文件夹复制到日期packages子文件夹。
cp -R最新/包/ $ nowTime
echo将现有站点复制到存档。
##安装Laravel依赖项。
echo运行Composer,以便远程服务器下载并安装依赖关系...
cd packages / $ nowTime
php -d memory_limit = 256M〜/ bin / composer.phar install
##删除live符号链接,并立即为packages中的最新子文件夹创建一个新的live符号链接。
echo更新符号链接...
cd / home / myUserName / myProjectName /
echo`pwd`
rm previous
mv live previous&& ln -s packages / $ nowTime live&& ls -lah
##清除最新文件夹,准备下一次。
echo删除最新文件夹的内容,准备下一次...
rm -rf latest / *&&& ls最新
ENDSSH
回声完成部署!
archive_and_upload.sh:
##此可执行文件将从主机(通过git存档)导出最新的代码,并将
##上传到远程服务器。
## -------------------------------------------- -------------------------------------------------- ------
##清除以前导出包的内容。
rm -rf dev-ops / package / *
##导出此git repo的master分支。 (结果不是repo,但只是代码。)
git存档 - 格式zip --output dev-ops / package / package.zip master
##发送zip文件到远程服务器。
scp -i〜/ .ssh / id_rsa dev-ops / package / package.zip myUserName@vientiane.dreamhost.com:/home/myUserName/myProjectName/latest/package.zip
revert_to_previous_package.sh:
ssh -i〜/ .ssh / id_rsa myUserName@vientiane.dreamhost.com<<'ENDSSH'
set -e
cd / home / myUserName / myProjectName /
mv live rollingBack&& mv以前的live&& mv rollingBack上一个&& ls -lah
ENDSSH
echoROLLED BACK!
如你所见,我设置我的Dreamhost服务器从一个名为live的文件夹,实际上只是一个子文件夹的符号链接,该子文件夹被命名为上一个代码包的时间戳。另外还有一个名为previous的符号链接可以轻松回滚(如果我在部署后发现问题并想要恢复)。
I have a PHP project in a BitBucket git repo.
I work in a branch called "develop" for small fixes, or I work in temporary feature branches. When I'm ready to deploy, I merge those branches into "master".
I want to make deploying to my live site as easy as that (merging to master and pushing to BitBucket).
But I really don't want my server to have any access to my repo because that adds security concerns. If you care about security, you want your repo to be in as few places as possible. If your server gets compromised, that's a bad enough situation, but it would be even worse if the attacker then would have access to my full repo. This person agrees.
So I assume that I'll want to use something like git archive master, like http://stackoverflow.com/a/163769/470749 explains.
How can I set up a hook that detects a push of "master" and then runs git archive master to export the latest code (not as a repo, though) to a compressed zip file which it then sends (via SCP and/or Rsync?) to the remote server, unzips it to a new directory, and then (maybe via changing a symlink) points the server to that new directory?
Bonus question: how could I enable easy emergency rollbacks? (I imagine there might be situations where I want to revert to the previous commit quickly.)
I'm happy with the scripts I ended up with:
deploy.sh:
##This executable file will export your latest code from master (via "git archive") and will upload it
##to the remote server and then call a script on the server to handle from there.
##----------------------------------------------------------------------------------------------------
source dev-ops/archive_and_upload.sh
##On the remote server, run a script to archive the existing production site files and then deploy the uploaded package.
ssh -i ~/.ssh/id_rsa myUserName@vientiane.dreamhost.com <<'ENDSSH'
set -e
cd /home/myUserName/myProjectName/latest
##Unzip the zip file, then delete it.
echo "Unzipping the package.zip..."
unzip -o package.zip && rm package.zip
cd /home/myUserName/myProjectName/
nowTime=$(date -u +"%Y-%m-%d__%H:%M:%S")
echo "The archive will have this timestamp: " $nowTime
##Copy the "latest" folder to a dated "packages" subfolder.
cp -R latest/ packages/$nowTime
echo "Copied the existing site to an archive."
##Install Laravel dependencies.
echo "Running Composer so that the remote server downloads and installs dependencies..."
cd packages/$nowTime
php -d memory_limit=256M ~/bin/composer.phar install
##Delete the "live" symlink and immediately create a new "live" symlink to the most recent subfolder within "packages".
echo "Updating the symlinks..."
cd /home/myUserName/myProjectName/
echo `pwd`
rm previous
mv live previous && ln -s packages/$nowTime live && ls -lah
##Clear out the "latest" folder in preparation for next time.
echo "Deleting the contents of the 'latest' folder in preparation for next time..."
rm -rf latest/* && ls latest
ENDSSH
echo "FINISHED DEPLOYING!"
archive_and_upload.sh:
##This executable file will export your latest code from master (via "git archive") and will upload it
##to the remote server.
##----------------------------------------------------------------------------------------------------
##Clear out the contents of the previous export package.
rm -rf dev-ops/package/*
##Export the "master" branch of this git repo. (The result is not a repo but is just code.)
git archive --format zip --output dev-ops/package/package.zip master
##Send zip file to remote server.
scp -i ~/.ssh/id_rsa dev-ops/package/package.zip myUserName@vientiane.dreamhost.com:/home/myUserName/myProjectName/latest/package.zip
revert_to_previous_package.sh:
ssh -i ~/.ssh/id_rsa myUserName@vientiane.dreamhost.com <<'ENDSSH'
set -e
cd /home/myUserName/myProjectName/
mv live rollingBack && mv previous live && mv rollingBack previous && ls -lah
ENDSSH
echo "ROLLED BACK!"
As you can see, I set my Dreamhost server to serve from a folder called "live", which is really just a symlink to a subfolder that is named as the timestamp for when that package of code was uploaded. There is also another symlink called "previous" which makes rolling back easy (in case I notice problems after deploying and want to revert).
这篇关于如何从没有服务器访问repo的git repo部署?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
