前言:最近在研究git自動部署項目,然後知道可以通過webhook實現自動部署的功能,查了一些文章,大多講的是根據官網的方法用Node.js進行自動部署。線上服務器已經在跑php,想着能不能直接用php佈置自動部署,這樣就不用裝node了,更省事。於是查了些資料,最後部署成功,所以把部署過程記錄下來。方便以後查閱。
1、部署Gogs
因爲是公司的項目,所以打算自己搭建git服務器, 推薦裝Gogs
安裝步驟可以參考一篇博客:使用
Gogs 搭建自己的 Git 服務器
2、配置SSH公鑰
因爲是用git用戶部署的Gogs,接下來在服務器上配置用git賬號配置ssh公鑰
首先在主機上生成祕鑰:
[xiaozhenkai@mysql-server ~]$ ssh-keygen -t dsa -P "" -f ~/.ssh/id_dsa Generating public/private dsa key pair. Created directory '/home/xiaozhenkai/.ssh'. Your identification has been saved in /home/xiaozhenkai/.ssh/id_dsa. Your public key has been saved in /home/xiaozhenkai/.ssh/id_dsa.pub. The key fingerprint is: ec:ca:56:5d:75:5a:3a:71:e2:d7:a6:1e:1e:4d:ba:eb xiaozhenkai@mysql-server The key's randomart image is: +--[ DSA 1024]----+ | | | + +| | o O.| | . . = =| | S. . O | | .. . = .| | .. o + | | ... + | | .o .E. | +-----------------+
複製主機密鑰
[xiaozhenkai@mysql-server .ssh]$ cat ~/.ssh/id_dsa.pub ssh-dss AAAAB3NzaC1kc3MAAACBAPc/kOGP7pIw2hwBzredF9oMnh/UQUTk9PfoWKw796/eroLUZE8ON+ibzKhgjT+/cHrqbesgku1qJ4bvSdaoJXLOgfKpZmbSWeo3ainWQx44dNxgO8ITG2Ss6oKCsUj8OBiObycP4ki6GBDLsnXu4b/bKbVE0tRbejeVpeRFP40XAAAAFQDCt3x9tEZE15jwXLvspUiur/mg9wAAAIEA0DA28/QDpnRvJ5x2t3JUBb2EkGa969kwdUHqv618S5doIKWvQhUrWLXq1/PJaZeAGGuNfMJSXtSrXBtdnES7PsoSnTfKBczTvnpyD5zD+oMr6znsPHXtkUdUPK/Zr6K2gRISTd+otNQxSuX2H7WaFwoRjyTC0ichcKpuD1acBrwAAACAY8B/Zcuo0GxAyd/WMsoUSzSUxa4WFVyFkFm9qVEXUDv91BFqhbNDDpmkxgDqH2GOCgHD4CjX1PebMBNKYSfT0LaTEKIYVn6tnvL+yoEbqt77HvID/xDxf8WIZtZ0L6BL1K8xc7tiMHbkW9dNgiFyUAnHWW+OZfU2x9t51PvsLNA= xiaozhenkai@mysql-server
登陸Gogs,用戶設置——SSH祕鑰——增加祕鑰,然後把複製的主機密鑰添加到Gogs裏。
增加密鑰:
點擊增加密鑰按鈕:
添加後可以測試一下,在服務器上用www用戶驗證ssh公鑰可以用性:
上面生成SSH公鑰的時候也同時生成一個私鑰id_dsa,把id_dsa複製到/home/www/.ssh目錄下,並修改權限
[root@mysql-server ~]# cp /home/xiaozhenkai/.ssh/id_dsa /home/www/.ssh/id_dsa [root@mysql-server ~]# chown www.www /home/www/.ssh/id_dsa [root@mysql-server ~]# ll /home/www/.ssh/id_dsa -rw-------. 1 www www 668 Jul 21 16:44 /home/www/.ssh/id_dsa
測試是否可通:
[root@mysql-server enha]# sudo -Hu www ssh -T [email protected] Hi there, You've successfully authenticated, but Gogs does not provide shell access. If this is unexpected, please log in with password and setup Gogs under another user.
在Gogs創建一個新的倉庫,然後再服務器上,執行第一次更新
[root@mysql-server ~]# cd /tmp [root@mysql-server ~]# sudo -Hu www mkdir enha [root@mysql-server ~]# cd enha [root@mysql-server enha]# sudo -Hu www touch README.md [root@mysql-server enha]# sudo -Hu www git init [root@mysql-server enha]# sudo -Hu www git add README.md [root@mysql-server enha]# sudo -Hu www git commit -m "first commit" [root@mysql-server enha]# sudo -Hu www git remote add origin [email protected]:shuowan/enha.git [root@mysql-server enha]# sudo -Hu www git push -u origin master Counting objects: 3, done. Writing objects: 100% (3/3), 211 bytes, done. Total 3 (delta 0), reused 0 (delta 0) To [email protected]:shuowan/enha.git * [new branch] master -> master Branch master set up to track remote branch master from origin.
成功提交,測試成功。
3、配置Webhook
首先要有一臺響應webhook的服務器,在服務器上配置
一個響應webhook的php文件,文件內容如下:
<?php //git webhook 自動部署腳本 //項目存放物理路徑 $path = "your_git_path"; $requestBody = file_get_contents("php://input"); if (empty($requestBody)) { die('send fail'); } $content = json_decode($requestBody, true); var_dump($content);; //若是主分支且提交數大於0 //if ($content['ref']=='refs/heads/master' && $content['total_commits_count']>0) { if ($content['ref']=='refs/heads/master') { $res = shell_exec("cd {$path} && git pull 2>&1");//以nginx用戶運行 $res_log = '-------------------------'.PHP_EOL; $res_log .= $content['user_name'] . ' 在' . date('Y-m-d H:i:s') . '向' . $content['repository']['name'] . '項目的' . $content['ref'] . '分支push了' . $content['total_commits_count'] . '個commit:' . PHP_EOL; $res_log .= $res.PHP_EOL; echo $res_log; file_put_contents("git-webhook.txt", $res_log, FILE_APPEND);//追加寫入 }
注意:php函數不能禁用shell_exec,禁用後就沒辦法執行系統命令了。
在服務器上用sudo命令讓www用戶克隆項目到本地,這樣以後webhook推送後才能保證系統是用www用戶更新文件,纔不會出現權限的問題
sudo -Hu www git clone git_URL