Skip to content

Instantly share code, notes, and snippets.

@StoneMoe
Last active June 4, 2017 20:50
Show Gist options
  • Save StoneMoe/8c897122a32776c1ee0252f605b01e2c to your computer and use it in GitHub Desktop.
Save StoneMoe/8c897122a32776c1ee0252f605b01e2c to your computer and use it in GitHub Desktop.
Setup wizard for auto deploy your latest code via git
#!/usr/bin/env bash
# Tested on Debian 8.3
echo "============================================="
echo "Git auto deploy setup wizard"
echo "This script will create a auto-deploy project"
echo "============================================="
echo "Input a unique name for this project"
printf "This will also be directory name:"
read gds_project_name
if [ -z "$gds_project_name" ]; then echo "Cannot be empty"; exit; fi
echo "============================================="
echo "Input a username for deploying your code files"
echo "This user need sudo permission"
echo "This user will be the code file user owner"
printf "Leave blank for using current user [$(whoami)]:"
read gds_username
if [ -z "$gds_username" ]; then
gds_username=$(whoami)
fi
echo "============================================="
echo "Input another username who should fully accessing code files (eg. webserver user)"
echo "This user will be the code file group owner"
printf "Leave blank for using same user as deploying [${gds_username}]:"
read gds_second_user
if [ -z "$gds_second_user" ]; then
gds_second_user=$gds_username
fi
echo "============================================="
printf "Use supervisor for maintaining your foreground program? [y/N]:"
read gds_auto_reload_mode
if [ "$gds_auto_reload_mode" == "y" ]; then
printf "Run as which user? [$(whoami)]:"
read gds_supervisor_runuser
if [ -z "$gds_supervisor_runuser" ]; then
gds_supervisor_runuser=$(whoami)
fi
echo "Code files will deploy at /home/production/${gds_project_name}"
printf "Input your foreground startup command (absolute path):"
read gds_command
fi
echo "============================================="
echo "This sciprt will:"
echo "Install Git"
echo "Add git user and group"
if [ "$gds_auto_reload_mode" == "y" ]; then
echo "Install supervisor"
fi
echo "Create directory at /home/production/${gds_project_name}, /home/git/${gds_project_name}.git"
echo "Modify sudoer file for running as ${gds_second_user} NOPASSWD git, chown, chmod"
if [ "$gds_auto_reload_mode" == "y" ]; then
echo "Modify sudoer file for NOPASSWD supervisorctl"
echo "Create new supervisor config file at /etc/supervisor/conf.d/${gds_project_name}.conf"
fi
printf "Continue? [y/N]:"
read gds_confirm
if [ "$gds_confirm" != "y" ]; then
echo "Operation canceled, nothing changed."
exit 1
fi
echo "============================================="
echo "Installing Git..."
sudo apt-get -qq install git -y
if [ "$gds_auto_reload_mode" == "y" ]; then
echo "Installing supervisor..."
sudo apt-get -qq install supervisor -y
echo "Modifying sudoers for supervisorctl..."
echo "$gds_username ALL=(root:root) NOPASSWD: /usr/bin/supervisorctl" | sudo tee -a /etc/sudoers > /dev/null
fi
echo "Modifying sudoers for git, chown, chmod..."
echo "$gds_username ALL=(${gds_second_user}:${gds_second_user}) NOPASSWD: /usr/bin/git, /bin/chown, /bin/chmod" | sudo tee -a /etc/sudoers > /dev/null
echo "Creating directory..."
mkdir -p /home/production/${gds_project_name}
mkdir -p /home/git/${gds_project_name}.git
echo "Adding git user and group..."
sudo groupadd -f git
sudo useradd --shell /usr/bin/git-shell -M --gid git git
echo "Setting directory permission..."
sudo chown $gds_username:$gds_second_user -Rf /home/production/${gds_project_name}
sudo chown $gds_username:git -Rf /home/git/${gds_project_name}.git
sudo chmod 755 -Rf /home/production/${gds_project_name} /home/git/${gds_project_name}.git
cd /home/git/${gds_project_name}.git || echo "WARNING: cd to git repo folder failed...."
sudo -u $gds_username git init --bare
echo "Writing git hook script..."
echo "#!/bin/sh
unset GIT_INDEX_FILE
echo \"Auto-Deploy: working...\"
sudo -u ${gds_second_user} git --work-tree=/home/production/$gds_project_name --git-dir=/home/git/${gds_project_name}.git checkout -f" > /home/git/${gds_project_name}.git/hooks/post-update
if [ "$gds_auto_reload_mode" == "y" ]; then
echo "sudo supervisorctl restart ${gds_project_name}" >> /home/git/${gds_project_name}.git/hooks/post-update
fi
echo "echo \"Deploy done!\"" >> /home/git/${gds_project_name}.git/hooks/post-update
echo "Setting hook script permission..."
sudo chmod +x /home/git/${gds_project_name}.git/hooks/post-update
if [ "$gds_auto_reload_mode" == "y" ]; then
echo "Writing supervisor config file..."
echo "[program:${gds_project_name}]
command=${gds_command}
user=${gds_supervisor_runuser}
autostart=true
autorestart=true" | sudo tee -a /etc/supervisor/conf.d/${gds_project_name}.conf > /dev/null
supervisorctl update
fi
echo "============================================="
echo "Configuration completed."
echo "Add the below line to your git remote list, and push to master branch will activate auto-deploy."
#echo "ssh://${gds_username}@$(curl -sS ifconfig.me)/home/git/${gds_project_name}.git"
echo "ssh://${gds_username}@[IP]/home/git/${gds_project_name}.git"
echo "======Wizard end======="
@StoneMoe
Copy link
Author

StoneMoe commented Mar 8, 2017

[Fixed] .git folder security issue

@StoneMoe
Copy link
Author

StoneMoe commented Jun 4, 2017

[Info] You may need set a password for user git
[Info] If you disabled ssh password login, and you want to use password for git deploy, Add code below to your sshd config:

Match User git
    PasswordAuthentication yes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment