Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Criando Ambientes de Desenvolvimento Auditáveis com Git

Criando Ambientes de Desenvolvimento Auditáveis com Git

Ricardo Coelho

November 29, 2013

More Decks by Ricardo Coelho

Other Decks in Programming


  1. None
  2. None
  3. Roles

  4. Safety vs. Security

  5. Accountability

  6. git-scm.com/docs

  7. code-squad.com

  8. centralized feature-branch gitflow forking Workflows

  9. New Project Example

  10. Development $ mkdir -p ~/Projects/myapp <code> <code> <code> <code> <code>

    <code> <code> <code> <code> <code> <code> $ cd ~/Projects/myapp de> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <c <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> de> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <c $ git init $ git add * $ git commit -m “It's alive”
  11. Clone URL

  12. Development $ git remote add origin ssh://git@bitbucket.org/you/myapp $ git push

    origin master $ cd ~/Projects/myapp
  13. The code is on the cloud

  14. Server $ sudo mkdir -p /var/projects/myapp $ sudo adduser deploy

    $ sudo chown -R deploy /var/projects Fixing the Environment $ cd /var/projects/ $ git clone ssh://git@bitbucket.org/you/myapp NO! $ sudo -u deploy -s
  15. Server $ sudo -u deploy -s Create a deploy key

    $ ssh-keygen $ cat /home/deploy/.ssh/id_rsa.pub ssh-rsa AAAA… …nmX1 deploy@localhost
  16. Deploy Keys on GitHub youtu.be/_5fYdib_tvw

  17. Deploy Keys on BitBucket youtu.be/DDPtYYze-aw

  18. Server $ cd /var/www $ sudo ln -s /var/projetos/myapp/public myapp

    Making it accessible http://server.com.br/myapp
  19. Update Flow $ git push origin master $ git pull

    origin master
  20. Update Flow $ git pull origin master Let’s make this

    run automatically
  21. ! Clone Code Commit Push

  22. We need a deploy URL 1 http://myserver.com/deploy.php?what=myapp 2 3 http://myserver.com/deploy/myapp

    (url rewrite) http://myserver.com/deploy/myapp (link) NICE!
  23. We need a deploy URL http://myserver.com/deploy/myapp Looks nice to me

  24. Server $ sudo mkdir -p /var/projects/deploy Fixing the Deploy $

    cd /var/www $ sudo ln -s /var/projects/deploy $ cd /var/projects/deploy/ $ sudo ln -s . myapp $ sudo vi index.php $ sudo ln -s . other-app
  25. Server http://myserver.com/deploy/myapp index.php <?php ! $uri = explode(‘/’, $_SERVER[‘REQUEST_URI’]); $deploy_what

    = $uri[2]; $output = `git pull origin master`; echo ‘<pre>’ . $output . ‘</pre>’;
  26. Server index.php runs as user www-data who cannot write in

    /var/projects we have to switch user and do the pull but… wait… sudo
  27. What’s wrong with sudo Asks for a password. We want

    it unattended. Great power == great responsibility Respect it, but don’t fear it
  28. How do we solve it Allow it to run without

    a password But only for a specific script, so it’s safe /etc/sudoers www-data (ALL) = (deploy) NOPASSWD:/opt/deployer/deploy.sh this guy runs on those pcs as this user without password, only this
  29. Server http://myserver.com/deploy/myapp index.php <?php ! $uri = explode(‘/’, $_SERVER[‘REQUEST_URI’]); $deploy_what

    = $uri[2]; $output = echo ‘<pre>’ . $output . ‘</pre>’; `sudo -u deploy /opt/deployer/deploy.sh $deploy_what`;
  30. Server /opt/deployer/deploy.sh #!/bin/bash ! case “$1” in myapp) cd /var/projects/myapp

    /usr/bin/git pull origin master 2>&1 ;; other-app) cd /var/projects/some_other_dir /usr/bin/git pull origin master 2>&1 ;; esac
  31. Hook on GitHub youtu.be/E4zJ3AUxSmI

  32. Hook on BitBucket youtu.be/_lpXmQdsxe4

  33. Development $ git commit -a -m “This will auto-update” $

    git push origin master $ cd ~/Projects/myapp <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> de> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <c <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> de> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <c hook git pull updated
  34. Review Create a deploy user, give him SSH keys Add

    the keys to the repository as deploy keys Create a script to git pull your project Allow www-data to sudo the script as deploy Create a deploy application to run the script Add the hook to the repository Code, commit and push
  35. Thank You!