我在BitBucket git存储库中有一个PHP项目。
我在一个名为“开发”的分支中进行小修订,或者在临时要素分支中工作。 准备部署时,将这些分支合并到“ master”中。
我想像这样轻松地部署到我的实时站点(合并到主站点并推送到BitBucket)。
但是我真的不希望我的服务器对我的仓库有任何访问权限,因为这增加了安全隐患。 如果您关心安全性,则希望您的回购位于尽可能少的地方。 如果您的服务器受到威胁,那将是非常糟糕的情况,但是如果攻击者随后可以访问我的完整存储库,那就更糟了。 这个人同意。
因此,我假设我想使用git archive master类的东西,例如https://stackoverflow.com/a/163769/470749解释。
我该如何设置一个钩子来检测是否按下了“ master”,然后运行git archive master来将最新代码(尽管不是作为回购协议)导出到压缩的zip文件中,然后通过(和/或SCP)发送?)到远程服务器,将其解压缩到新目录,然后(也许通过更改符号链接)将服务器指向该新目录?
额外的问题:如何启用轻松的紧急回滚? (我想象在某些情况下我想快速恢复到先前的提交。)
我对最终得到的脚本感到满意:
deploy.sh:
##This executable file will export your latest code from master (via "git archive") and will upload it
##to the remote server and then call a script on the server to handle from there.
##----------------------------------------------------------------------------------------------------
source dev-ops/archive_and_upload.sh
##On the remote server, run a script to archive the existing production site files and then deploy the uploaded package.
ssh -i ~/.ssh/id_rsa [email protected] <<'ENDSSH'
set -e
cd /home/myUserName/myProjectName/latest
##Unzip the zip file, then delete it.
echo "Unzipping the package.zip..."
unzip -o package.zip && rm package.zip
cd /home/myUserName/myProjectName/
nowTime=$(date -u +"%Y-%m-%d__%H:%M:%S")
echo "The archive will have this timestamp: " $nowTime
##Copy the "latest" folder to a dated "packages" subfolder.
cp -R latest/ packages/$nowTime
echo "Copied the existing site to an archive."
##Install Laravel dependencies.
echo "Running Composer so that the remote server downloads and installs dependencies..."
cd packages/$nowTime
php -d memory_limit=256M ~/bin/composer.phar install
##Delete the "live" symlink and immediately create a new "live" symlink to the most recent subfolder within "packages".
echo "Updating the symlinks..."
cd /home/myUserName/myProjectName/
echo `pwd`
rm previous
mv live previous && ln -s packages/$nowTime live && ls -lah
##Clear out the "latest" folder in preparation for next time.
echo "Deleting the contents of the 'latest' folder in preparation for next time..."
rm -rf latest/* && ls latest
ENDSSH
echo "FINISHED DEPLOYING!"
archive_and_upload.sh:
##This executable file will export your latest code from master (via "git archive") and will upload it
##to the remote server.
##----------------------------------------------------------------------------------------------------
##Clear out the contents of the previous export package.
rm -rf dev-ops/package/*
##Export the "master" branch of this git repo. (The result is not a repo but is just code.)
git archive --format zip --output dev-ops/package/package.zip master
##Send zip file to remote server.
scp -i ~/.ssh/id_rsa dev-ops/package/package.zip [email protected]:/home/myUserName/myProjectName/latest/package.zip
revert_to_previous_package.sh:
ssh -i ~/.ssh/id_rsa [email protected] <<'ENDSSH'
set -e
cd /home/myUserName/myProjectName/
mv live rollingBack && mv previous live && mv rollingBack previous && ls -lah
ENDSSH
echo "ROLLED BACK!"
如您所见,我将Dreamhost服务器设置为从名为“实时”的文件夹提供服务,该文件夹实际上只是指向子文件夹的符号链接,该子文件夹被命名为上载该代码包的时间戳。 还有另一个符号链接,称为“上一个”,它使回滚变得容易(以防我在部署后发现问题并想要还原)。