Publish yii webapp using Git push Follow @yiiframework

Warning

[on server] - install git, nothing fancy just basic

[on local] - prepare git repository

[on server] - secure your data on server

[on server] - git hook (top secret)

[on local] - prepare for git push

[on local] - ta-ta, push to publish

Warning ¶

I did not invent this instructions, I read it somewhere and re-organized in my way as I was trying and it works for me;

Assuming server is Ubuntu Linux;

If you have dynamic files uploaded by user or sqlite as database, PLEASE download them first before you git push to publish, if you lose them by using this instruction, don't come back to blame on me!

I am not an expert on git nor in server security, use this instructions at your own risk;

[on server] - install git, nothing fancy just basic ¶

sudo apt-get install git-core

[on local] - prepare git repository ¶

git init / add / commit

+--app-root
   |
   +--.git
   |
   +--private
   |  |
   +  +--.htaccess
   |  |
   +  +--resource (whatever used at design time)
   |
   +--public
      |
      +--yii-app (pure & clean)

[on server] - secure your data on server ¶

never point your web route to your private content!!

so in apache conf file

DocumentRoot "/var/www/app-root/public"

under "/var/www/app-root/private" create file .htaccess (double secure in case accident happens)

order deny, allow
deny from all

[on server] - git hook (top secret) ¶

modify /var/www/app-root/.git/hooks/post-receive and give it execute permission

#!/bin/sh
cd ..
GIT_DIR='.git'
umask 002 && git reset --hard
 
## you don't need those two lines if you are not using sqlite
chmod -R 777 public/protected/data
chmod -R 777 public/protected/data/*

give it execute permission

chmod +x hooks/post-receive

[on local] - prepare for git push ¶

modify or add the following content to /app-root/.git/config

[remote "production"]
    fetch = +refs/heads/*:refs/remotes/production/*
    url = ssh://root@yourwebserver~/var/www/app-root/
[branch "master"]
    remote = production
    merge = refs/heads/master

[on local] - ta-ta, push to publish ¶

under /app-root/ folder:

git push production master

enjoy!

Total 6 comments

#9075

hening malam at 2012/07/18 12:54am

thx for the wiki :)

@PrplHaz4, i'm using that method too :), there's nice discussion on SO about that method. @rootbeer, i have tried that but it didn't work for me, may be i was wrong, i'll try it again, thx for the wiki

#8990

rootbear at 2012/07/11 02:45pm

alt. method

hi, @PrplHaz4

geezz, it was time out and lost my typing, have to type it again.

i call yours method2, mine method1. I love git though i am not an expert. I don't really see much different method1 and method2 in term of security and risk (losing dynamic files).

in method2, git repo created with --bare, meaning not working directory attached to it, to push website, you basically check out this git repo to your web directory.

in method 1, i basically mixed up git repo/working directory with web directory, it's dirty and simple to me.

either way, you have to be careful with dynamic data.

method 2, as @johnatan mentioned below, you could use git pull to update website later which will reduce the risk on dynamic files.

#8985

PrplHaz4 at 2012/07/11 11:29am

New to git...

For anyone else following, I'm new to git, and followed the instructions posted here: http://toroid.org/ams/git-website-howto which calls for a git checkout in the post-receive hook like so:

GIT_WORK_TREE=/var/www/www.example.org git checkout -f

Does the checkout method open up any risks that do not exist in this method?

#8979

rootbear at 2012/07/11 08:19am

thx

@sidewinder @johnatan

thanks for both of your comments.

I also believe this is not perfect solution, i would be hesitate to use this if i have a critical fairly large website. partial of the reasons would be user uploaded files. but it's just so convenient running at the design + test + publish circle. i can sit in front of any of my computers, pull off the latest version, modify and push it back in literally minutes. it could also be done with portable git in a usb drive in other's computer.

maybe centralized repository on the same web server would be an idea for 'git pull to publish', so you 'git push' from your pc to git repos, and then 'git pull' from localhsot on the same web server to web's public directory.

if you guys have any ideas and improvements, feel free to modify this wiki.

btw, thanks @mdomba for the correction ;)

#8978

Johnatan at 2012/07/11 07:43am

I use git pull

I've made a DeployController that only a superadmin has access to from admin panel. This controller has "execute" action which does

[bash]
git reset --hard HEAD
git pull origin master
rm -R ~/assets/*

and etc. All folders with user-uploaded files are in .gitignore, including main config.php file and index.php

The code is pulled from assembla repository (ssh key is used for read-only). Easy one-button publishing of all hotfixes and etc.

#8973

sidewinder at 2012/07/11 03:26am

Nice one!

Alternatively you can take the opposite approach. Pull data to server. It requires static ip on your workstation, dyndns or simply repositories on servers like assembla, github etc. Also it requires you to ssh to server and issue command there which is a bit longer then simply issuing git push. However, you don't have to worry about user uploaded files which can be a nightmare sometimes.

Maybe there is a better option then issuing git reset --hard on remote server? Have to look for one. Will share here if I find something useful.

Please login to leave your comment.