Last active
June 4, 2017 20:50
-
-
Save StoneMoe/8c897122a32776c1ee0252f605b01e2c to your computer and use it in GitHub Desktop.
Setup wizard for auto deploy your latest code via git
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# Tested on Debian 8.3 | |
echo "=============================================" | |
echo "Git auto deploy setup wizard" | |
echo "This script will create a auto-deploy project" | |
echo "=============================================" | |
echo "Input a unique name for this project" | |
printf "This will also be directory name:" | |
read gds_project_name | |
if [ -z "$gds_project_name" ]; then echo "Cannot be empty"; exit; fi | |
echo "=============================================" | |
echo "Input a username for deploying your code files" | |
echo "This user need sudo permission" | |
echo "This user will be the code file user owner" | |
printf "Leave blank for using current user [$(whoami)]:" | |
read gds_username | |
if [ -z "$gds_username" ]; then | |
gds_username=$(whoami) | |
fi | |
echo "=============================================" | |
echo "Input another username who should fully accessing code files (eg. webserver user)" | |
echo "This user will be the code file group owner" | |
printf "Leave blank for using same user as deploying [${gds_username}]:" | |
read gds_second_user | |
if [ -z "$gds_second_user" ]; then | |
gds_second_user=$gds_username | |
fi | |
echo "=============================================" | |
printf "Use supervisor for maintaining your foreground program? [y/N]:" | |
read gds_auto_reload_mode | |
if [ "$gds_auto_reload_mode" == "y" ]; then | |
printf "Run as which user? [$(whoami)]:" | |
read gds_supervisor_runuser | |
if [ -z "$gds_supervisor_runuser" ]; then | |
gds_supervisor_runuser=$(whoami) | |
fi | |
echo "Code files will deploy at /home/production/${gds_project_name}" | |
printf "Input your foreground startup command (absolute path):" | |
read gds_command | |
fi | |
echo "=============================================" | |
echo "This sciprt will:" | |
echo "Install Git" | |
echo "Add git user and group" | |
if [ "$gds_auto_reload_mode" == "y" ]; then | |
echo "Install supervisor" | |
fi | |
echo "Create directory at /home/production/${gds_project_name}, /home/git/${gds_project_name}.git" | |
echo "Modify sudoer file for running as ${gds_second_user} NOPASSWD git, chown, chmod" | |
if [ "$gds_auto_reload_mode" == "y" ]; then | |
echo "Modify sudoer file for NOPASSWD supervisorctl" | |
echo "Create new supervisor config file at /etc/supervisor/conf.d/${gds_project_name}.conf" | |
fi | |
printf "Continue? [y/N]:" | |
read gds_confirm | |
if [ "$gds_confirm" != "y" ]; then | |
echo "Operation canceled, nothing changed." | |
exit 1 | |
fi | |
echo "=============================================" | |
echo "Installing Git..." | |
sudo apt-get -qq install git -y | |
if [ "$gds_auto_reload_mode" == "y" ]; then | |
echo "Installing supervisor..." | |
sudo apt-get -qq install supervisor -y | |
echo "Modifying sudoers for supervisorctl..." | |
echo "$gds_username ALL=(root:root) NOPASSWD: /usr/bin/supervisorctl" | sudo tee -a /etc/sudoers > /dev/null | |
fi | |
echo "Modifying sudoers for git, chown, chmod..." | |
echo "$gds_username ALL=(${gds_second_user}:${gds_second_user}) NOPASSWD: /usr/bin/git, /bin/chown, /bin/chmod" | sudo tee -a /etc/sudoers > /dev/null | |
echo "Creating directory..." | |
mkdir -p /home/production/${gds_project_name} | |
mkdir -p /home/git/${gds_project_name}.git | |
echo "Adding git user and group..." | |
sudo groupadd -f git | |
sudo useradd --shell /usr/bin/git-shell -M --gid git git | |
echo "Setting directory permission..." | |
sudo chown $gds_username:$gds_second_user -Rf /home/production/${gds_project_name} | |
sudo chown $gds_username:git -Rf /home/git/${gds_project_name}.git | |
sudo chmod 755 -Rf /home/production/${gds_project_name} /home/git/${gds_project_name}.git | |
cd /home/git/${gds_project_name}.git || echo "WARNING: cd to git repo folder failed...." | |
sudo -u $gds_username git init --bare | |
echo "Writing git hook script..." | |
echo "#!/bin/sh | |
unset GIT_INDEX_FILE | |
echo \"Auto-Deploy: working...\" | |
sudo -u ${gds_second_user} git --work-tree=/home/production/$gds_project_name --git-dir=/home/git/${gds_project_name}.git checkout -f" > /home/git/${gds_project_name}.git/hooks/post-update | |
if [ "$gds_auto_reload_mode" == "y" ]; then | |
echo "sudo supervisorctl restart ${gds_project_name}" >> /home/git/${gds_project_name}.git/hooks/post-update | |
fi | |
echo "echo \"Deploy done!\"" >> /home/git/${gds_project_name}.git/hooks/post-update | |
echo "Setting hook script permission..." | |
sudo chmod +x /home/git/${gds_project_name}.git/hooks/post-update | |
if [ "$gds_auto_reload_mode" == "y" ]; then | |
echo "Writing supervisor config file..." | |
echo "[program:${gds_project_name}] | |
command=${gds_command} | |
user=${gds_supervisor_runuser} | |
autostart=true | |
autorestart=true" | sudo tee -a /etc/supervisor/conf.d/${gds_project_name}.conf > /dev/null | |
supervisorctl update | |
fi | |
echo "=============================================" | |
echo "Configuration completed." | |
echo "Add the below line to your git remote list, and push to master branch will activate auto-deploy." | |
#echo "ssh://${gds_username}@$(curl -sS ifconfig.me)/home/git/${gds_project_name}.git" | |
echo "ssh://${gds_username}@[IP]/home/git/${gds_project_name}.git" | |
echo "======Wizard end=======" |
[Fixed] .git folder security issue
[Info] You may need set a password for user git
[Info] If you disabled ssh password login, and you want to use password for git deploy, Add code below to your sshd config:
Match User git
PasswordAuthentication yes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
[Fixed] Writing supervisor config file part still work properly