Home >Backend Development >PHP Tutorial >Use PHP to automatically deploy GIT code, php deploy git_PHP tutorial
Recently, I am using Coding's code hosting, and I have set up WebHook automatic deployment. The process is quite difficult, mainly because I haven't done it yet. I understand the permission control of Linux, but fortunately I have it figured out. I would like to share an article that has benefited me the most for your reference. The original article is in English. My English is not good, so I can barely understand it. Let’s just make do with it
Original link: http://jondavidjohn.com/git-pull-from-a-php-script-not-so-simple/
I intended to set up a repository (hosted on BitBucket) to initiate a pull on a dev server when new commits are pushed up.
It seemed like a simple enough process. BitBucket has a service that will fire off a POST request as a post-receive hook. So I set up a receiving php script to check a randomized token and then initiate the git pull
. Looking something like this...
<code class="language-php" data-lang="php"><span class="cp"><?php <span class="nb">define<span class="p">(<span class="s1">'PRIVATE_KEY'<span class="p">, <span class="s1">'XXXXXXXXXXXXXXXXxxx'<span class="p">); <span class="k">if <span class="p">(<span class="nv">$_SERVER<span class="p">[<span class="s1">'REQUEST_METHOD'<span class="p">] <span class="o">=== <span class="s1">'POST' <span class="o">&& <span class="nv">$_REQUEST<span class="p">[<span class="s1">'thing'<span class="p">] <span class="o">=== <span class="nx">PRIVATE_KEY<span class="p">) <span class="p">{ <span class="k">echo <span class="nb">shell_exec<span class="p">(<span class="s2">"git pull"<span class="p">); <span class="p">} </span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></code>
Didn't end up being as simple as I had anticipated...
There were a few considerations that I did not take into account. Documenting them here will hopefully help you avoid some obstacles in trying to get something like this set up.
git
in this case)
The user that is attempting to execute git pull
is the apache user (www
in our case). This user did not happen to have git
in their path.
This took a while to track down because the exec()
family of functions simply fail silently because they only report STDOUT and not STDERR. To get the function to report STDERR you can route it into STDOUT by adding 2->&1
at the end of your command.
After I realized this I logged in and found the full path of the git binary with which git
, which is /full/path/to/bin/git
.
<code class="language-php" data-lang="php"><span class="cp"><?php <span class="o">... <span class="k">echo <span class="nb">shell_exec<span class="p">(<span class="s2">"/full/path/to/bin/git pull 2>&1"<span class="p">); <span class="o">... </span></span></span></span></span></span></span></span></code>
Now it was reporting the next issue...
<code class="language-text" data-lang="text">error: cannot open .git/FETCH_HEAD: Permission denied </code>
The apache user also needs read and write access to the entire repository.
<code class="language-text" data-lang="text">chown -R ssh_user:www repository/ </code>
It's also a good idea to make sure any files/directories inherit this ownership if being created by others by setting the group sticky bit.
<code class="language-text" data-lang="text">chmod -R g+s repository/ </code>
Next, you need to do an intial git pull with the apache user to make sure the remote is added to the apache user's known_hosts
file
<code class="language-text" data-lang="text">sudo -u www git pull </code>
Another consideration created by this command being run by the apache user is the ssh key it uses to communicate with the remote repository.
First, I went down the path of attempting to use the GIT_SSH
environment variable to set the ssh -i
option to tell it to use a specific ssh key I had generated with the ssh user. I never got this to work, most likely because there are a lot of rules ssh uses to determine the safety of a given key. It requires some specific permissions regarding the user that is attempting to use the key.
An easier way I discovered was to give the apache user a home directory (via /etc/passwd
) and a .ssh
directory and then run the ssh-keygen
command as the apache user (www
)
<code class="language-text" data-lang="text">sudo -u www ssh-keygen -t rsa </code>
This creates the keys and puts them in their expected location with the proper permissions applied.
Then I added the key as a read-only key for the BitBucket repository and everything worked as expected.
<code class="language-php" data-lang="php"><span class="cp"><span class="nb"><span class="p"><span class="s1"><span class="p"><span class="s1"><span class="p"><span class="k"><span class="p"><span class="nv"><span class="p"><span class="s1"><span class="p"><span class="o"><span class="s1"><span class="o"><span class="nv"><span class="p"><span class="s1"><span class="p"><span class="o"><span class="nx"><span class="p"><span class="p"><span class="k"><span class="nb"><span class="p"><span class="s2"><span class="p"><span class="p"> </span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></code>