前言:最近在研究git自动部署项目,然后知道可以通过webhook实现自动部署的功能,查了一些文章,大多讲的是根据官网的方法用Node.js进行自动部署。线上服务器已经在跑php,想着能不能直接用php布置自动部署,这样就不用装node了,更省事。于是查了些资料,最后部署成功,所以把部署过程记录下来。方便以后查阅。
1、部署Gogs
因为是公司的项目,所以打算自己搭建git服务器, 推荐装Gogs
安装步骤可以参考一篇博客:使用
Gogs 搭建自己的 Git 服务器
2、配置SSH公钥
因为是用git用户部署的Gogs,接下来在服务器上配置用git账号配置ssh公钥
首先在主机上生成秘钥:
[xiaozhenkai@mysql-server ~]$ ssh-keygen -t dsa -P "" -f ~/.ssh/id_dsa Generating public/private dsa key pair. Created directory '/home/xiaozhenkai/.ssh'. Your identification has been saved in /home/xiaozhenkai/.ssh/id_dsa. Your public key has been saved in /home/xiaozhenkai/.ssh/id_dsa.pub. The key fingerprint is: ec:ca:56:5d:75:5a:3a:71:e2:d7:a6:1e:1e:4d:ba:eb xiaozhenkai@mysql-server The key's randomart p_w_picpath is: +--[ DSA 1024]----+ | | | + +| | o O.| | . . = =| | S. . O | | .. . = .| | .. o + | | ... + | | .o .E. | +-----------------+
复制主机密钥
[xiaozhenkai@mysql-server .ssh]$ cat ~/.ssh/id_dsa.pub ssh-dss AAAAB3NzaC1kc3MAAACBAPc/kOGP7pIw2hwBzredF9oMnh/UQUTk9PfoWKw796/eroLUZE8ON+ibzKhgjT+/cHrqbesgku1qJ4bvSdaoJXLOgfKpZmbSWeo3ainWQx44dNxgO8ITG2Ss6oKCsUj8OBiObycP4ki6GBDLsnXu4b/bKbVE0tRbejeVpeRFP40XAAAAFQDCt3x9tEZE15jwXLvspUiur/mg9wAAAIEA0DA28/QDpnRvJ5x2t3JUBb2EkGa969kwdUHqv618S5doIKWvQhUrWLXq1/PJaZeAGGuNfMJSXtSrXBtdnES7PsoSnTfKBczTvnpyD5zD+oMr6znsPHXtkUdUPK/Zr6K2gRISTd+otNQxSuX2H7WaFwoRjyTC0ichcKpuD1acBrwAAACAY8B/Zcuo0GxAyd/WMsoUSzSUxa4WFVyFkFm9qVEXUDv91BFqhbNDDpmkxgDqH2GOCgHD4CjX1PebMBNKYSfT0LaTEKIYVn6tnvL+yoEbqt77HvID/xDxf8WIZtZ0L6BL1K8xc7tiMHbkW9dNgiFyUAnHWW+OZfU2x9t51PvsLNA= xiaozhenkai@mysql-server
登陆Gogs,用户设置——SSH秘钥——增加秘钥,然后把复制的主机密钥添加到Gogs里。
增加密钥:
点击增加密钥按钮:
添加后可以测试一下,在服务器上用www用户验证ssh公钥可以用性:
上面生成SSH公钥的时候也同时生成一个私钥id_dsa,把id_dsa复制到/home/www/.ssh目录下,并修改权限
[root@mysql-server ~]# cp /home/xiaozhenkai/.ssh/id_dsa /home/www/.ssh/id_dsa [root@mysql-server ~]# chown www.www /home/www/.ssh/id_dsa [root@mysql-server ~]# ll /home/www/.ssh/id_dsa -rw-------. 1 www www 668 Jul 21 16:44 /home/www/.ssh/id_dsa
测试是否可通:
[root@mysql-server enha]# sudo -Hu www ssh -T git@git.xiaozhenkai.com Hi there, You've successfully authenticated, but Gogs does not provide shell access. If this is unexpected, please log in with password and setup Gogs under another user.
在Gogs创建一个新的仓库,然后再服务器上,执行第一次更新
[root@mysql-server ~]# cd /tmp [root@mysql-server ~]# sudo -Hu www mkdir enha [root@mysql-server ~]# cd enha [root@mysql-server enha]# sudo -Hu www touch README.md [root@mysql-server enha]# sudo -Hu www git init [root@mysql-server enha]# sudo -Hu www git add README.md [root@mysql-server enha]# sudo -Hu www git commit -m "first commit" [root@mysql-server enha]# sudo -Hu www git remote add origin git@git.xiaozhenkai.com:shuowan/enha.git [root@mysql-server enha]# sudo -Hu www git push -u origin master Counting objects: 3, done. Writing objects: 100% (3/3), 211 bytes, done. Total 3 (delta 0), reused 0 (delta 0) To git@git.xiaozhenkai.com:shuowan/enha.git * [new branch] master -> master Branch master set up to track remote branch master from origin.
成功提交,测试成功。
3、配置Webhook
首先要有一台响应webhook的服务器,在服务器上配置
一个响应webhook的php文件,文件内容如下:
<?php
//git webhook 自动部署脚本
//项目存放物理路径
$path = "your_git_path";
$requestBody =
file_get_contents("php://input");
if (empty($requestBody)) {
die('send fail');
}
$content = json_decode($requestBody, true);
var_dump($content);;
//若是主分支且提交数大于0
//if ($content['ref']=='refs/heads/master'
&& $content['total_commits_count']>0) {
if ($content['ref']=='refs/heads/master') {
$res = shell_exec("cd {$path}
&& git pull 2>&1");//以nginx用户运行
$res_log =
'-------------------------'.PHP_EOL;
$res_log .= $content['user_name'] . '
在' . date('Y-m-d H:i:s') . '向' . $content['repository']['name'] . '项目的' .
$content['ref'] . '分支push了' . $content['total_commits_count'] . '个commit:' .
PHP_EOL;
$res_log .= $res.PHP_EOL;
echo $res_log;
file_put_contents("git-webhook.txt", $res_log, FILE_APPEND);//追加写入
}注意:php函数不能禁用shell_exec,禁用后就没办法执行系统命令了。
在服务器上用sudo命令让www用户克隆项目到本地,这样以后webhook推送后才能保证系统是用www用户更新文件,才不会出现权限的问题
sudo -Hu www git clone git_URL
