Git driven deployment strategy using git-hooks. Intended to bring version control to common deployment tasks such as changing environment variables, services, server provisioning, etc.
- Docker 1.5+
- Systemd 218+
-
Configure environment file
cp git-deploy/sample.env git-deploy.env vim git-deploy.env
Option legend:
Key Usage DEST Duplicity backup destination. See Duplicity Docs PASSPHRASE Used to symmetrically decrypt/encrypt backups via GPG HOOK_REPO External Git repository where hooks will be sourced from. If undefined hooks will be sourced from 'hooks' folder in each repo HOOK_REPO_VERIFY If 'true' hook_repo must be signed by key trusted in local gpg keyring AWS_ACCESS_KEY_ID Required if using AWS S3 as DEST AWS_SECRET_ACCESS_KEY ^ -
Run git-deploy Docker image on CI server.
cp git-deploy/git-deploy.service . systemctl enable $PWD/git-deploy.service systemctl start git-deploy
-
Add any desired public keys
SSH:
bash docker exec -it git-deploy sh -c "curl https://github.com/someuser.keys >> .ssh/authorized_keys"
GPG:
bash docker exec -it git-deploy bash gpg --recv-keys E90A401336C8AAA9 gpg --edit-key E90A401336C8AAA9 gpg> trust gpg> save
-
Setup Git-Deploy repo for each environment this deploy server can manage.
ssh git@ci.someserver.com mkrepo staging.git
-
Clone git-deploy repo for target env
git clone git@ci.someserver.com:staging.git deploy -
Set app environment vars, deployment details, and services
cd deploy/apps/some-app vim some-app.env vim some-app@.service vim some-app-helper@@.service vim some-app-helper.env vim config.yml -
Create shared environment vars (optional)
vim deploy/global.env -
Adjust git-hooks (optional)
vim deploy/hooks/post-receive -
Deploy app
git add . git commit -m 'Added some-app' git push staging masterChanges are reflected in target Environment via defined git-hooks.
It is possible to read SSH logs by overwriting a specific log path (e.g. /var/log/secure)
with your instance host's file. You can adjust the git-deploy.service like:
ExecStart=/usr/bin/docker run \
-p 22:2222 \
--env-file="/home/core/git-deploy.env"
-e SSH_LOG_FILE=/var/log/secure \
-v /var/log/secure:/var/log/secure \
-v /etc/hosts.deny:/etc/hosts.deny \
--name="git-deploy" \
pebble/git-deployThis allows you to read and act on logs written to this file, for example using
DenyHosts to read the logs, and writing to hosts.deny to deny certain hosts.
If you need to manually debug/edit the hooks of a repo after creation, you can mount the running /git volume within a debug environment such as a debian container like so:
docker run -ti --volumes-from=git-deploy debian bash
vim /git/somerepo.git/.git/hooks/post-receiveTo run tests you will need:
- bats installed
- port 2222 open
- working ssh public keys in your ~/.ssh folder
Run tests:
bats test/test.bats