All geek questions in one place

Allow Apache to do git pull

So far it has not been possible to understand this. I saw several answers, but none of them help.

I'm trying to use Github Webhooks so that github hits the url on my server and the server pulls out the newly committed elements as soon as it hits. I have a php script with the following:

<?php `git pull git@github.com :my-user/myrepo.git`; ?>

However, that script when hit is run as an apache user, so I tried:

 chown -R apache:apache .

and he still has an error resolved with permission.

So, I tried to edit the sudoers file and changed the following:

 Host_Alias LOCAL=127.0.0.1 apache LOCAL=NOPASSWD: /var/www/html/git-hook.php

and it still doesn't work.

How can I do that? If I run:

  sudo php git-hook.php

It works fine, so nothing happens with the code in the php file. I just want it to be automated.

Any ideas?

Edit:

I also forgot to mention. I even created the folder /home/apache/.ssh and copied the public key to migrate git to the same result.

+4
source share
3 answers

Change your PHP to run git via sudo

 <?php `sudo git pull git@github.com :my-user/myrepo.git`; ?>

Then modify your interlocutors to allow git to run apache user

 apache ALL = NOPASSWD: /usr/bin/git
+3
source

There are already Git Wrappers and librarys. Perhaps you can try one of them: https://github.com/kbjr/Git.php and / or http://www.gitphp.org/projects/gitphp/wiki

+1
source

I did it for the developer site - I would not recommend it for the prd site, although I can’t come up with something especially dangerous in this case if the scripts do not accept parameters.

I have created a PHP script that does git pull. In a web browser, I move on to this script, and any changes made by demisectors, etc., are automatically deployed. http://.../gitpullscript/gitpullscript.php

This works by creating a git check that the Apache user owns. You do this by creating a directory somewhere outside the document root that belongs to the apache user (in this case, www-data). Then git clones to this directory, so all files belong to www data. after that the soft link directories I want to my document root so that they can access the web browser.

www-data is not in the git group, and repositories are configured so that everyone can read (but not write). Therefore www data can pull but not push

in the project hierarchy, I created a directory to store the gitpull script .. I use .htaccess to password protect this directory. <?php exec('cd /var/www-data/projects/myrepo; git pull');

mkdir /var/www-data sudo chown www-data-www-data su www-data mkdir /var/www-data/projects cd /var/www-data/projects git clone my-repo

0
source

Source: https://habr.com/ru/post/1442175/

More articles:


All Articles