Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Criando Ambientes de Desenvolvimento Auditáveis com Git

Criando Ambientes de Desenvolvimento Auditáveis com Git

Ricardo Coelho

November 29, 2013

More Decks by Ricardo Coelho

Other Decks in Programming


  1. Development $ mkdir -p ~/Projects/myapp <code> <code> <code> <code> <code>

    <code> <code> <code> <code> <code> <code> $ cd ~/Projects/myapp de> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <c <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> de> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <c $ git init $ git add * $ git commit -m “It's alive”
  2. Server $ sudo mkdir -p /var/projects/myapp $ sudo adduser deploy

    $ sudo chown -R deploy /var/projects Fixing the Environment $ cd /var/projects/ $ git clone ssh://[email protected]/you/myapp NO! $ sudo -u deploy -s
  3. Server $ sudo -u deploy -s Create a deploy key

    $ ssh-keygen $ cat /home/deploy/.ssh/id_rsa.pub ssh-rsa AAAA… …nmX1 deploy@localhost
  4. Server $ cd /var/www $ sudo ln -s /var/projetos/myapp/public myapp

    Making it accessible http://server.com.br/myapp
  5. Server $ sudo mkdir -p /var/projects/deploy Fixing the Deploy $

    cd /var/www $ sudo ln -s /var/projects/deploy $ cd /var/projects/deploy/ $ sudo ln -s . myapp $ sudo vi index.php $ sudo ln -s . other-app
  6. Server http://myserver.com/deploy/myapp index.php <?php ! $uri = explode(‘/’, $_SERVER[‘REQUEST_URI’]); $deploy_what

    = $uri[2]; $output = `git pull origin master`; echo ‘<pre>’ . $output . ‘</pre>’;
  7. Server index.php runs as user www-data who cannot write in

    /var/projects we have to switch user and do the pull but… wait… sudo
  8. What’s wrong with sudo Asks for a password. We want

    it unattended. Great power == great responsibility Respect it, but don’t fear it
  9. How do we solve it Allow it to run without

    a password But only for a specific script, so it’s safe /etc/sudoers www-data (ALL) = (deploy) NOPASSWD:/opt/deployer/deploy.sh this guy runs on those pcs as this user without password, only this
  10. Server http://myserver.com/deploy/myapp index.php <?php ! $uri = explode(‘/’, $_SERVER[‘REQUEST_URI’]); $deploy_what

    = $uri[2]; $output = echo ‘<pre>’ . $output . ‘</pre>’; `sudo -u deploy /opt/deployer/deploy.sh $deploy_what`;
  11. Server /opt/deployer/deploy.sh #!/bin/bash ! case “$1” in myapp) cd /var/projects/myapp

    /usr/bin/git pull origin master 2>&1 ;; other-app) cd /var/projects/some_other_dir /usr/bin/git pull origin master 2>&1 ;; esac
  12. Development $ git commit -a -m “This will auto-update” $

    git push origin master $ cd ~/Projects/myapp <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> de> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <c <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> de> <code> <code> <code> <code> <code> <code> <code> <code> <code> <code> <c hook git pull updated
  13. Review Create a deploy user, give him SSH keys Add

    the keys to the repository as deploy keys Create a script to git pull your project Allow www-data to sudo the script as deploy Create a deploy application to run the script Add the hook to the repository Code, commit and push