我在BitBucket git repo中有一个PHP项目。
我在一个叫做“develop”的小分支修复工作,或者我在临时功能分支工作。当我准备部署时,我将这些分支合并为“master”。
我希望像我一样简单地部署到我的实时网站(合并到主控并推送到BitBucket)。
但我真的不希望我的服务器能够访问我的仓库,因为这会增加安全性。如果你关心安全性,你希望你的仓库尽可能少的地方。如果您的服务器遭到入侵,这是一个非常糟糕的情况,但如果攻击者可以访问我的完整仓库则会更糟。 This person同意。
所以我假设我想使用git archive master这样的内容,例如https://stackoverflow.com/a/163769/470749解释。
如何设置一个检测推送“master”的钩子,然后运行git archive master将最新的代码(不是作为回购)导出到压缩的zip文件中,然后通过该文件发送(通过SCP和/或Rsync?)到远程服务器,将其解压缩到一个新目录,然后(可能通过更改符号链接)将服务器指向该新目录?
奖金问题:我怎样才能启用简单的紧急回滚? (我想可能会出现我想要快速恢复到之前提交的情况。)
答案 0 :(得分:1)
我对我最终获得的脚本感到满意:
<强> deploy.sh:
##This executable file will export your latest code from master (via "git archive") and will upload it
##to the remote server and then call a script on the server to handle from there.
##----------------------------------------------------------------------------------------------------
source dev-ops/archive_and_upload.sh
##On the remote server, run a script to archive the existing production site files and then deploy the uploaded package.
ssh -i ~/.ssh/id_rsa myUserName@vientiane.dreamhost.com <<'ENDSSH'
set -e
cd /home/myUserName/myProjectName/latest
##Unzip the zip file, then delete it.
echo "Unzipping the package.zip..."
unzip -o package.zip && rm package.zip
cd /home/myUserName/myProjectName/
nowTime=$(date -u +"%Y-%m-%d__%H:%M:%S")
echo "The archive will have this timestamp: " $nowTime
##Copy the "latest" folder to a dated "packages" subfolder.
cp -R latest/ packages/$nowTime
echo "Copied the existing site to an archive."
##Install Laravel dependencies.
echo "Running Composer so that the remote server downloads and installs dependencies..."
cd packages/$nowTime
php -d memory_limit=256M ~/bin/composer.phar install
##Delete the "live" symlink and immediately create a new "live" symlink to the most recent subfolder within "packages".
echo "Updating the symlinks..."
cd /home/myUserName/myProjectName/
echo `pwd`
rm previous
mv live previous && ln -s packages/$nowTime live && ls -lah
##Clear out the "latest" folder in preparation for next time.
echo "Deleting the contents of the 'latest' folder in preparation for next time..."
rm -rf latest/* && ls latest
ENDSSH
echo "FINISHED DEPLOYING!"
<强> archive_and_upload.sh:
##This executable file will export your latest code from master (via "git archive") and will upload it
##to the remote server.
##----------------------------------------------------------------------------------------------------
##Clear out the contents of the previous export package.
rm -rf dev-ops/package/*
##Export the "master" branch of this git repo. (The result is not a repo but is just code.)
git archive --format zip --output dev-ops/package/package.zip master
##Send zip file to remote server.
scp -i ~/.ssh/id_rsa dev-ops/package/package.zip myUserName@vientiane.dreamhost.com:/home/myUserName/myProjectName/latest/package.zip
<强> revert_to_previous_package.sh:
ssh -i ~/.ssh/id_rsa myUserName@vientiane.dreamhost.com <<'ENDSSH'
set -e
cd /home/myUserName/myProjectName/
mv live rollingBack && mv previous live && mv rollingBack previous && ls -lah
ENDSSH
echo "ROLLED BACK!"
正如您所看到的,我将Dreamhost服务器设置为一个名为“live”的文件夹,该文件夹实际上只是一个子文件夹的符号链接,该子文件夹被命名为上载该代码包的时间戳。还有另一个名为“previous”的符号链接,它使回滚变得容易(如果我在部署之后发现问题并想要恢复它)。