Skip to content

Instantly share code, notes, and snippets.

@thomasfr
Last active July 3, 2024 02:22
Show Gist options
  • Save thomasfr/9691385 to your computer and use it in GitHub Desktop.
Save thomasfr/9691385 to your computer and use it in GitHub Desktop.
7 easy steps to automated git push deployments. With small and configurable bash only post-receive hook

How-to setup a simple git push deployment

These are my notes basically. At first i created this gist just as a reminder for myself. But feel free to use this for your project as a starting point. If you have questions you can find me on twitter @thomasf https://twitter.com/thomasf This is how i used it on a Debian Wheezy testing (https://www.debian.org/releases/testing/)

Discuss, ask questions, etc. here https://news.ycombinator.com/item?id=7445545

On the server (example.com)

  1. Create a user on example.com, as which we (the git client) connect (push) to exmaple.com. We set git-shell as the login shell, so it is not possible to interactively login as this user.
sudo useradd -m -s /usr/bin/git-shell git
  1. Add your ssh public key to the authorized_keys file of the created user:
## Because user git can not interactively login, we have to use sudo to get git temporarily
sudo -u git bash
cd ~
## cd /home/git
mkdir -p .ssh
vim .ssh/authorized_keys
## Paste your public key and save
  1. Create a git bare repo for your project:
mkdir testapp
cd testapp
## /home/git/testapp
git init --bare
  1. Copy the post-receive script from this gist to the hooks dir of the created bare repo.
vim testapp/hooks/post-receive
## Paste the post-receive script from this gist and save
## If you do not need to execute a 'build' and/or 'restart' command,
## just delete or comment the lines 'UPDATE_CMD' and 'RESTART_CMD'
chmod +x testapp/hooks/post-receive
  1. Set ownership and permissions of the DEPLOY_ROOT directory:
sudo chown root:git -R /var/www
sudo chmod 775 /var/www
  • (Optional) Add a systemd service file for your app. If you are using systemd, you can use the testapp.service file from this gist. Make sure you name it like your repository. The post-receive hook can automatically restart your app. You will also have to allow user git to make the sudo call. Be very careful and restrictive with this!

On the client

  1. Create a git repo and add our newly created remote:
mkdir testapp
cd testapp
git init
git remote add production [email protected]:~/testapp
  1. Commit and push to production:
$ vim Makefile
## Paste contents of Makefile from this gist (as an example)
$ git add .
$ git commit -am "test commit"
$ git push production master
Counting objects: 12, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (4/4), done.
Writing objects: 100% (4/4), 432 bytes | 0 bytes/s, done.
Total 4 (delta 2), reused 0 (delta 0)
remote: +++++++++++++++++++++++ Welcome to 'example.com' (1.2.3.4) ++++++++++++++++++++++++
remote: 
remote: githook: I will deploy 'master' branch of the 'testapp' project to '/var/www/testapp'
remote: 
remote: githook: UPDATE (CMD: 'cd "${DEPLOY_TO}" && make "update"'):
remote: Makefile: Doing UPDATE stuff like grunt, gulp, rake,...
remote: git
remote: /var/www/testapp
remote: 
remote: githook: RESTART (CMD: 'sudo systemctl restart "${PROJECT_NAME}.service" && sudo systemctl status "${PROJECT_NAME}.service"'):
remote: testapp.service - node.js testapp
remote:    Loaded: loaded (/etc/systemd/system/testapp.service; disabled)
remote:    Active: inactive (dead) since Fri 2014-03-21 22:10:23 UTC; 10ms ago
remote:   Process: 9265 ExecStart=/bin/bash -c sleep 3;echo "I am starting";echo "$(whoami)"; (code=exited, status=0/SUCCESS)
remote: 
remote: Mar 21 22:10:20 image systemd[1]: Starting nodejs testapp...
remote: Mar 21 22:10:23 image testapp[9265]: I am starting
remote: Mar 21 22:10:23 image testapp[9265]: www-data
remote: Mar 21 22:10:23 image systemd[1]: Started node.js testapp.
remote: 
remote: ++++++++++++++++++++ See you soon at 'example.com' (1.2.3.4) ++++++++++++++++++++++
To [email protected]:~/testapp
   08babc4..95cabcc  master -> master

  • Repeat: Develop, test, commit and push :)
make deploy

Congratulations, you just setup git push deployment with automated build and service restart

Here are some more configuration files as a starting point:

all:
@echo "Doing all"
deploy:
@echo "Pushing to production"
@git push [email protected]:~/testapp master
update:
@echo "Makefile: Doing UPDATE stuff like grunt, gulp, rake,..."
@whoami
@pwd
#!/bin/bash
#
# Author: "FRITZ Thomas" <[email protected]> (http://www.fritzthomas.com)
# GitHub: https://gist.github.com/thomasfr/9691385
#
# The MIT License (MIT)
#
# Copyright (c) 2014-2017 FRITZ Thomas
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# Application Name:
export DEPLOY_APP_NAME=`whoami`
# This is the root deploy dir.
export DEPLOY_ROOT="${HOME}/work"
# When receiving a new git push, the received branch gets compared to this one.
# If you do not need this, just add a comment
export DEPLOY_ALLOWED_BRANCH="master"
# You could use this to do a backup before updating to be able to do a quick rollback.
# If you need this just delete the comment and modify to your needs
#PRE_UPDATE_CMD='cd ${DEPLOY_ROOT} && backup.sh'
# Use this to do update tasks and maybe service restarts
# If you need this just delete the comment and modify to your needs
#POST_UPDATE_CMD='cd ${DEPLOY_ROOT} && make update'
###########################################################################################
export GIT_DIR="$(cd $(dirname $(dirname $0));pwd)"
export GIT_WORK_TREE="${DEPLOY_ROOT}"
IP="$(ip addr show eth0 | grep 'inet ' | cut -f2 | awk '{ print $2}')"
echo "githook: $(date): Welcome to '$(hostname -f)' (${IP})"
echo
# Make sure directory exists. Maybe its deployed for the first time.
mkdir -p "${DEPLOY_ROOT}"
# Loop, because it is possible to push more than one branch at a time. (git push --all)
while read oldrev newrev refname
do
export DEPLOY_BRANCH=$(git rev-parse --symbolic --abbrev-ref $refname)
export DEPLOY_OLDREV="$oldrev"
export DEPLOY_NEWREV="$newrev"
export DEPLOY_REFNAME="$refname"
if [ "$DEPLOY_NEWREV" = "0000000000000000000000000000000000000000" ]; then
echo "githook: This ref has been deleted"
exit 1
fi
if [ ! -z "${DEPLOY_ALLOWED_BRANCH}" ]; then
if [ "${DEPLOY_ALLOWED_BRANCH}" != "$DEPLOY_BRANCH" ]; then
echo "githook: Branch '$DEPLOY_BRANCH' of '${DEPLOY_APP_NAME}' application will not be deployed. Exiting."
exit 1
fi
fi
if [ ! -z "${PRE_UPDATE_CMD}" ]; then
echo
echo "githook: PRE UPDATE (CMD: '${PRE_UPDATE_CMD}'):"
eval $PRE_UPDATE_CMD || exit 1
fi
# Make sure GIT_DIR and GIT_WORK_TREE is correctly set and 'export'ed. Otherwhise
# these two environment variables could also be passed as parameters to the git cli
echo "githook: I will deploy '${DEPLOY_BRANCH}' branch of the '${DEPLOY_APP_NAME}' project to '${DEPLOY_ROOT}'"
git checkout -f "${DEPLOY_BRANCH}" || exit 1
git reset --hard "$DEPLOY_NEWREV" || exit 1
if [ ! -z "${POST_UPDATE_CMD}" ]; then
echo
echo "githook: POST UPDATE (CMD: '${POST_UPDATE_CMD}'):"
eval $POST_UPDATE_CMD || exit 1
fi
done
echo
echo "githook: $(date): See you soon at '$(hostname -f)' (${IP})"
exit 0
[Unit]
Description=node.js testapp
Requires=network.target
After=network.target
[Service]
WorkingDirectory=/var/www/testapp
Type=forking
ExecStart=/bin/bash -c 'sleep 3;echo "I am starting";echo "$(whoami)";'
# For a node.js app this could be something like:
#ExecStart=/bin/bash -c 'npm start'
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=testapp
User=www-data
Group=www-data
Environment="NODE_ENV=production" "DEBUG=testapp:*"
[Install]
WantedBy=multi-user.target
@thomasfr
Copy link
Author

@LabN36: Maybe you could do this if you use key based authentication only over ssh - which you should do anyways. You could then prepend a command option to your authorized_keys file. Something like ( I have not tested this):

# ~/.ssh/authorized_keys
command="mkdir -p $HOME/repository.git && cd $HOME/repository.git && git init --bare"  ssh-rsa AAAA....

@thomasfr
Copy link
Author

@luigi370: Not that easy i think. I would not risk stability of the production system. I would rather add a staging environment and modify development flow in a way that a specific branch will be deployed automatically on a "dev" or "test" server where some integration tests are triggered automatically. If tests are failing i would report back to someone/something. I love to use Codeship for this as Codeship is also reporting status back to GitHub.

@thomasfr
Copy link
Author

@vindex10 Thanks, i have added it!

@nsrau
Copy link

nsrau commented Jul 22, 2017

Thanks!

@astokes
Copy link

astokes commented Aug 9, 2017

On my FreeNAS 11 box, there is no ip command. This captures the address of the interface associated with the IPv4 default route:

IP="$(ifconfig `netstat -rn4 2>&1 | awk '/default/ { print $4 }'` | awk '/inet/ { print $2 }')"

It's likely to work with most FreeBSD variants.

Note: in my command line experiment, I added 2>&1 to get rid of an irrelevant complaint about not having permission for /dev/mem. In script form, it could be 2>/dev/null or perhaps chatter to stderr is just ignored, anyway, in this construct (I dare not hazard to guess).

@astokes
Copy link

astokes commented Aug 9, 2017

To make my console easier to scan, I added rudimentary colour.

The following line formats the remote host in bold (default colour, which is black on my console):

echo "hook: $(date): Welcome to ^[[1m'$(hostname -f)' (${IP})^[[0m"

The following line formats the deployment directory in bold blue:

echo "githook: I will deploy '${DEPLOY_BRANCH}' branch of the '${DEPLOY_APP_NAME}' project to ^[[1;34m'${DEPLOY_ROOT}'^[[0m"

I made this modification using vi. After going into insert mode, type CTRL-V ESC to emit a single character which is shown above as ^[. (The next [ is regular.)

I would have settled for a git color hook which put the keyword "remote:" in bold for the entire git response block, but was unable to find a way to do this, so I hacked the script directly.

Note that if you embellish this script with commands that naturally emit coloured output, you might want to put export TERM=xterm-color at the top of the script, to force colour support under SSH invocation. I read that this helps, but didn't confirm this myself.

@astokes
Copy link

astokes commented Aug 9, 2017

I should also add that for testing purposes, this terminal command proved useful:

git commit --allow-empty -m 'push to execute post-receive'; git push $REMOTE master

@adnanh
Copy link

adnanh commented Sep 24, 2017

@irsabir
Copy link

irsabir commented Oct 26, 2017

When pushing by following step 7 we are getting the following error
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

@sagudev
Copy link

sagudev commented Jan 7, 2018

it's working

@andrejad
Copy link

A question about the step 2 ("Add your ssh public key to the authorized_keys file of the created user:")

  • Where do I find the public key? It is a public key of what?

@gabrielengel
Copy link

gabrielengel commented Jun 26, 2018

Based on your work, I wrote a small shell script to automate the setup of githook and after the push, generically call a deploy.sh that should live in the root of your project. You can see it here: https://github.com/pushprod/pushprod

@azazqadir
Copy link

You could also use Continuous Integration in PHP apps for automated testing and test coverage before pushing any build. This will ensure that your build is bug free and that there won't be any problem when deploying changes to live server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment