类型
coding 钩子
github 钩子
环境
服务端:阿里云虚拟主机(Ubuntu16.04)
coding 自动部署 WebHook3.0
windows 10 开发环境
部署
服务器虚拟主机配置
coding 代码托管配置
本地代码提交
服务端配置
1、创建web服务器用户目录
这里以www用户为例,不同的环境请根据自己环境自行修改
sudo mkdir /var/www/.ssh sudo chown -R www:www /var/www/.ssh/
2、生成公钥(两个)
git用户公钥(个人公钥通用)
部署公钥(部署公钥用以部署项目, 只针对项目)
其实配置一个个人公钥就可以,也就是通用公钥了
3、用户公钥
用于git clone时认证权限
ssh-keygen -t rsa -C "Tinywan@gmail.com" # 然后一直回车就行 # 生成的文件通常是 /root/.ssh/id_rsa,如果非root用户请查看提示上的路径
4、部署公钥(非必需)
sudo -Hu www ssh-keygen -t rsa # 请选择 "no passphrase",一直回车下去 #sudo cat /var/www/.ssh/id_rsa.pub # 这个只是针对单个项目的 sudo cat /home/www/.ssh/id_rsa.pub # 查看生成的密钥内容,复制全部
-Hu www 命令: -u 代表切换到哪一个用户,这里说的是www -H 代表切换HOME环境变量的值,也就是password文件中www用户对应的home目录
5、准备钩子文件
在你的站点目录建立一个目录hook,我这里站点目录为:/home/www/web/,所有hook文件路径为:/home/www/web/hook,在hook目录新建index.php文件
参考demo
<?php error_reporting(1); // 生产环境web目录 $web_path = '/home/www/web/hook/auto-test'; $user = 'www'; $group = 'www'; //作为接口传输的时候认证的密钥 $valid_token = '1954FD0D6'; //调用接口被允许的ip地址 $valid_ip = array('192.168.14.2','192.168.14.1','192.168.14.128'); $client_ip = $_SERVER['REMOTE_ADDR']; $fs = fopen('./auto_hook.log', 'a'); fwrite($fs, 'Request on ['.date("Y-m-d H:i:s").'] from ['.$client_ip.']'.PHP_EOL); $json_content = file_get_contents('php://input'); $data = json_decode($json_content, true); fwrite($fs, 'Data: '.json_encode($data).PHP_EOL); fwrite($fs, '======================================================================='.PHP_EOL); $fs and fclose($fs); if (empty($data['token']) || $data['token'] !== $valid_token) { exit('aInvalid token request'); } $repo = $data['repository']['name']; $cmd = "cd $web_path && git pull"; shell_exec($cmd);
在hook目录下建立一个自己coding 项目名(只是为了统一,你可以新建一个其他的):auto-test
最后的目录结构为:
├── hook │ ├── auto-test │ │ │ └── index.php
6、修改目录权限
chmod -R u+x /home/www/web/hook
7、域名解析
解析一个域名到linux系统,使用Nginx做一个代理,nginx虚拟主机配置信息如下:
server { server_name auto.tinywan.com; set $root_path /home/www/web/hook; root $root_path; location / { if (!-e $request_filename) { rewrite ^(.*)$ /index.php?s=/$1 last; } } location ~ .php$ { fastcgi_pass unix:/var/run/php7.1.9-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_buffer_size 128k; fastcgi_buffers 4 256k; fastcgi_busy_buffers_size 256k; fastcgi_connect_timeout 10000; fastcgi_send_timeout 6000; fastcgi_read_timeout 6000; } }
以上域名 auto.tinywan.com已经被A记录到Linux外网IP了,阿里云域名解析
8、验证的hook钩子目录的index.php文件可以访问
访问:http://auto.tinywan.com/index.php 输出:error request // 表示可以正常访问
9、配置git
git config --global user.name "Tinywan" git config --global user.email "Tinywan@gmail.com" # 邮箱请与conding上一致
10、配置公钥
复制:/home/www.ssh/id_rsa.pub内容到个人设置页https://coding.net/user/account/setting/keys,【新增公钥】添加即可
id_rsa.pub 文件内容
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABBBABAQChrujULy3U56wS5jLJ0rAJMtv2MNABhbqU1kaiiiyUGFz9+Ndwel8o4dW4whmFRWBodDppc2gpDcF/UM6v7DLzHYOd/38BDp0vRz+zhgZ0BCfyeUV958tpTI6uQyjFil3jwDrKvDqeS4eVnb1fJZfnk/utcFCkVSjhae1sBqM10bkaQmsmwLKr7fN6DeUox9nYkknDqaD645wYplW/qFAXItHOaaZzgTpbAuEb4uss0BCtiutsDFsJwcuXlAsvg4xwsTmagdlz+FhTksCnGALcB10kaz0EY2g9NOHVCqQ4QU4TyNmUVwBHYfj6LAGALO4NAHfwErzKgqfRhBLzDsKB www@Tinywan
11、配置 WebHook
选择项目(auto-test) > 设置 > 【WebHook】 > 【新建 WebHook】 > 粘贴你的hook/index.php所在的网址:http://auto.tinywan.com/index.php, 令牌可选,但是建议写上。
稍过几秒刷新页面查看hook状态,显示为绿色勾就OK了
12、服务端初始化项目
我们需要先在服务器上clone一次,以后都可以实现自动部署了
sudo -Hu www git clone https://git.coding.net/Tinywan/auto-test.git /home/www/web/hook/auto-test/ --depth=1
13、Windows客户端
(1)开发端也克隆一份代码
$ git clone https://git.coding.net/Tinywan/auto-test.git Cloning into 'auto-test'... remote: Counting objects: 3, done. remote: Total 3 (delta 0), reused 0 (delta 0) Unpacking objects: 100% (3/3), done. Checking connectivity... done.
(2)新建文件index.php
<?php echo "Hell Coding";
(3)提交本地的代码
$ git add ./ $ git commit -m "test hook" $ git push -u origin master
(4)查看服务端文件是否已经更新
├── auto-test └── index.php
发现目标目录里就刚才提交的index.php文件了
立即访问:http://auto.tinywan.com/auto-test/index.php
钩子file_get_contents('php://input')接受的文件内容
{ "ref": "refs/heads/master", "before": "90d67c99a3077a7a6823c50a95275812471ecf47", "commits": [ { "committer": { "name": "Tinywan", "email": "756684177@qq.com" }, "web_url": "https://coding.net/u/Tinywan/p/auto-test/git/commit/3e55e1c6aa0d064ba4fede1556f0e2bb14c0bed3", "short_message": "json_encode($_SERVER)n", "sha": "3e55e1c6aa0d064ba4fede1556f0e2bb14c0bed3" } ], "after": "3e55e1c6aa0d064ba4fede1556f0e2bb14c0bed3", "event": "push", "repository": { "owner": { "path": "/u/Tinywan", "web_url": "https://coding.net/u/Tinywan", "global_key": "Tinywan", "name": "Tinywan", "avatar": "/static/fruit_avatar/Fruit-14.png" }, "https_url": "https://git.coding.net/Tinywan/auto-test.git", "web_url": "https://coding.net/u/Tinywan/p/auto-test", "project_id": "3351025", "ssh_url": "git@git.coding.net:Tinywan/auto-test.git", "name": "auto-test", "description": "auto-test" }, "user": { "path": "/u/Tinywan", "web_url": "https://coding.net/u/Tinywan", "global_key": "Tinywan", "name": "Tinywan", "avatar": "/static/fruit_avatar/Fruit-14.png" }, "token": "1954FD0D6" }
以下是完整的钩子
完整的钩子代码(兼容GitHub和Coding)
<?php error_reporting(1); // 配置 $secret = '1989BC88338CB4DABEF20BD7C54FD0D6'; $userAgent = $_SERVER['HTTP_USER_AGENT']; $signature = 'sha1=e0ec9317f440f3fd47631852ef585c6b2680e8f8'; if (substr_count($userAgent, 'GitHub') >= 1) { $signature = $_SERVER['HTTP_X_HUB_SIGNATURE']; } elseif (substr_count($userAgent, 'Coding') >= 1) { $signature = $_SERVER['HTTP_X_CODING_SIGNATURE']; } list($hash_type, $hash_value) = explode('=', $signature, 2); $jsonContent = file_get_contents("php://input"); $checkHash = hash_hmac($hash_type, $jsonContent, $secret); // e0ec9317f440f3fd47631852ef585c6b2680e8f8 $fs = fopen('./auto_hook.log', 'a'); $data = json_decode($jsonContent, true); fwrite($fs, 'Request on [' . date("Y-m-d H:i:s") . '] from [' . $data['pusher']['name'] . ']' . PHP_EOL); fwrite($fs, 'Data: '.json_encode($data).PHP_EOL); fwrite($fs, 'Service '.json_encode($_SERVER).PHP_EOL); // sha1 验证 if ($checkHash && $checkHash === $hash_value) { fwrite($fs, '认证成功,开始更新 ' . PHP_EOL); $repository = $data['repository']['name']; $pwd = getcwd(); $command = 'cd .. && cd ' . $repository . ' && git pull'; fwrite($fs, 'command '.$command.PHP_EOL); if (!empty($repository)) { shell_exec($command); fwrite($fs, $repository . ' 更新完成 ' . PHP_EOL); } $fs and fclose($fs); }