收到Unencrypted push后,如何使服务器自动推送到加密Git Repository [英] How to make server automatically push to Encrypted Git Repository after recieving Unencrypted push
问题描述
我们公司拥有基于Rails的我们软件的SVN存储库。
我们还有一个手动更新的加密存储库 - 拉未加密,使用RubyEncoder进行编码,推送加密。
我们大部分转换为Git,并希望使过程自动化,我想使进程自动,并且每次提交。
所以
- 服务器接收推送到未加密的任何分支
- 服务器过滤更改的.rb文件,传递给Rubyencoder
- 加密的.rb文件&其他文件被推送到加密存储库,保留提交消息,因此有1:1的提交率
- 分支创建和删除也被镜像。
- Server recieves a push to unencrypted, any branch
- Server filters changed .rb files, passing them through Rubyencoder
- Encrypted .rb files & other files are pushed to encrypted repository, commit message kept, so there is a 1:1 commit ratio
- Branch creation and deletion is also mirrored.
< $>
与git-encrypt这样的解决方案不同,客户的comuter我们将其解释为不安全,而不是代码存储库。
我的第一次尝试是一个很长的接收到的钩子,这是很慢的,分支不正常,所以我放弃了。
我的第二个尝试是设置 *。rb = rubyencode 并设置 clean 和 smudge 过滤器。虽然RubyEncoder可以设置为输入到/ dev / stdin并输出到/ dev / stdout,但似乎这些影响磁盘上的文件,而不影响git历史记录,需要每次接收到推送另一个提交。
服务器本地拉和推( git remote origin add git@git.work.com:product / work_unencrypted.git 和 git远程set-url来源--push git@git.work.com:product / work_encrypted.git 获取它从预期的存储库推拉)将被后收到的钩子触发如果干净/污迹按预期工作。
我迷失了我甚至不知道正确的问题在这一点上要问。也许这是如何通过&修改提交以保持1:1的历史记录?
我将使用一些CI服务器(Jenkins,Travis,Buildbot ...) )运行脚本,而不是玩钩子和污迹过滤器。你也可以使用后接收钩,但是使用它只是为了触发任务(使用一些IPC机制),不要试图在钩子内运行整个任务。
无论如何,我们假设工作仓库已被初始化,触发分支已设置为$ GIT_BRANCH。
还期待这些远程定义:
git remote add unencrypted git@git.work.com:product / work_unencrypted.git
git remote添加加密的git@git.work.com:product / work_encrypted.git
然后脚本本身应该如下所示:
git fetch unencrypted
git checkout -f unencrypted / $ GIT_BRANCH
读取-r FILE; do
rubyencode $ FILE
git add $ FILE
done< <(git diff HEAD..HEAD〜--name-only --diff-filter = ACMR \
| grep .rb\ $)
git commit --amend - -no-edit
git push encrypted HEAD:$ GIT_BRANCH
Our company Has a SVN repository for an our software, based off Rails.
We've also had a manually updated encrypted repository - pull unencrypted, encode with RubyEncoder, push to encrypted.
We've mostly transitioned to Git, and would like to make the process automatic, and I'd like to make the process automatic, and per-commit.
So
Unlike solutions like git-encrypt, it's the customer's comuter we interpret as insecure, not the code repository.
My first attempt was a long post-recieve hook, which was slow and branching didn't work correctly, so I abandoned it.
My second attempt was setting *.rb = rubyencode and setting up clean and smudge filters. While RubyEncoder can be set to input on /dev/stdin and output to /dev/stdout, it seems these affect files on disk without effecting git history, requiring another commit per received push.
The server-local pull and push ( git remote origin add git@git.work.com:product/work_unencrypted.git and git remote set-url origin --push git@git.work.com:product/work_encrypted.git to get it to push and pull from the expected repository ) would have been triggered by the post-recieve hook, if clean/smudge was working as expected.
I'm lost enough I don't even know the proper question to ask at this point. Maybe it's how to step through & modify commits to keep the 1:1 history?
I would use some CI server (Jenkins, Travis, Buildbot...) to run the script instead of playing with hooks and smudge filters. You can use the post-receive hook too, but then use it just to trigger the task (using some IPC mechanism), do not try to run the whole task inside the hook.
Anyhow, let's assume that the working repository has been initialized and the triggering branch has been set to $GIT_BRANCH.
Also expect these remote definitions:
git remote add unencrypted git@git.work.com:product/work_unencrypted.git
git remote add encrypted git@git.work.com:product/work_encrypted.git
Then the script itself should be something like this:
git fetch unencrypted
git checkout -f unencrypted/$GIT_BRANCH
while read -r FILE; do
rubyencode $FILE
git add $FILE
done < <( git diff HEAD..HEAD~ --name-only --diff-filter=ACMR \
| grep .rb\$ )
git commit --amend --no-edit
git push encrypted HEAD:$GIT_BRANCH
这篇关于收到Unencrypted push后,如何使服务器自动推送到加密Git Repository的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
