Criando Ambientes de Desenvolvimento Auditáveis com Git

Transcript

1. None
2. None

3. Roles

4. Safety vs. Security

5. Accountability

6. git-scm.com/docs

7. code-squad.com

8. centralized feature-branch gitflow forking Workflows

9. New Project Example

10. Development $ mkdir -p ~/Projects/myapp <code> <code> <code> <code> <code>

    <code> <code> <code> <code> <code> <code> $ cd ~/Projects/myapp de> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <c <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> de> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <c $ git init $ git add * $ git commit -m “It's alive”

11. Clone URL

12. Development $ git remote add origin ssh://[email protected]/you/myapp $ git push

    origin master $ cd ~/Projects/myapp

13. The code is on the cloud

14. Server $ sudo mkdir -p /var/projects/myapp $ sudo adduser deploy

    $ sudo chown -R deploy /var/projects Fixing the Environment $ cd /var/projects/ $ git clone ssh://[email protected]/you/myapp NO! $ sudo -u deploy -s

15. Server $ sudo -u deploy -s Create a deploy key

    $ ssh-keygen $ cat /home/deploy/.ssh/id_rsa.pub ssh-rsa AAAA… …nmX1 deploy@localhost

16. Deploy Keys on GitHub youtu.be/_5fYdib_tvw

17. Deploy Keys on BitBucket youtu.be/DDPtYYze-aw

18. Server $ cd /var/www $ sudo ln -s /var/projetos/myapp/public myapp

    Making it accessible http://server.com.br/myapp

19. Update Flow $ git push origin master $ git pull

    origin master

20. Update Flow $ git pull origin master Let’s make this

    run automatically

21. ! Clone Code Commit Push

22. We need a deploy URL 1 http://myserver.com/deploy.php?what=myapp 2 3 http://myserver.com/deploy/myapp

    (url rewrite) http://myserver.com/deploy/myapp (link) NICE!

23. We need a deploy URL http://myserver.com/deploy/myapp Looks nice to me

24. Server $ sudo mkdir -p /var/projects/deploy Fixing the Deploy $

    cd /var/www $ sudo ln -s /var/projects/deploy $ cd /var/projects/deploy/ $ sudo ln -s . myapp $ sudo vi index.php $ sudo ln -s . other-app

25. Server http://myserver.com/deploy/myapp index.php <?php ! $uri = explode(‘/’, $_SERVER[‘REQUEST_URI’]); $deploy_what

    = $uri[2]; $output = `git pull origin master`; echo ‘<pre>’ . $output . ‘</pre>’;

26. Server index.php runs as user www-data who cannot write in

    /var/projects we have to switch user and do the pull but… wait… sudo

27. What’s wrong with sudo Asks for a password. We want

    it unattended. Great power == great responsibility Respect it, but don’t fear it

28. How do we solve it Allow it to run without

    a password But only for a specific script, so it’s safe /etc/sudoers www-data (ALL) = (deploy) NOPASSWD:/opt/deployer/deploy.sh this guy runs on those pcs as this user without password, only this

29. Server http://myserver.com/deploy/myapp index.php <?php ! $uri = explode(‘/’, $_SERVER[‘REQUEST_URI’]); $deploy_what

    = $uri[2]; $output = echo ‘<pre>’ . $output . ‘</pre>’; `sudo -u deploy /opt/deployer/deploy.sh $deploy_what`;

30. Server /opt/deployer/deploy.sh #!/bin/bash ! case “$1” in myapp) cd /var/projects/myapp

    /usr/bin/git pull origin master 2>&1 ;; other-app) cd /var/projects/some_other_dir /usr/bin/git pull origin master 2>&1 ;; esac

31. Hook on GitHub youtu.be/E4zJ3AUxSmI

32. Hook on BitBucket youtu.be/_lpXmQdsxe4

33. Development $ git commit -a -m “This will auto-update” $

    git push origin master $ cd ~/Projects/myapp <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> de> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <c <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> de> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <c hook git pull updated

34. Review Create a deploy user, give him SSH keys Add

    the keys to the repository as deploy keys Create a script to git pull your project Allow www-data to sudo the script as deploy Create a deploy application to run the script Add the hook to the repository Code, commit and push

35. Thank You!