Gitlab configures webhooks for Automated Deployment

Time:2021-12-3

Principle introduction

  1. When gitlab is configured to push, access a link on the server, such as www.xxxxxx.com/hook.php
  2. A line of code is written in hook.php, which will let the server git pull the code of the corresponding project to the web directory.
  3. After the pull, the code will be in the web directory. We just need to visit the website again.
When the core is push, gitlab will call the script on the server, and the script on the server will pull the project file from git again. At the same time, security design needs to be added.
 
Configure SSH key

First, check the default execution users of nginx and PHP, and check the corresponding files nginx.conf and php-fpm.conf respectively. Generally, it is the WWW user. Take the WWW user as an example.
Modify the / etc / passwd file so that the WWW user can log in, as follows:
 
Modify the above figure as:
   
   After the automatic deployment is completed, you should return to the original configuration, because www users are not allowed to log in to the server by default.

Follow these steps:
  1. Execute the Su www command to switch to the WWW user.
  2. Execute the SSH keygen command (enter yes if there is a confirmation item, or press enter if there is no one), and add the generated public key (located in cat / home / www /. SSH / id_rsa. Pub in / home / www directory) to the project in gitlab

be careful:

1. Here must be the secret key of WWW user!
2. Enter the directory where the project root directory is located, CD / home / wwwroot/   , Change the user and user group to which the project directory Web belongs, and execute the command
chown -R www:www web     The web is your own project file
Server script

Write hook.sh as follows (this is a simple version):
    cd   Your own project path       This file can have multiple items. See how many items you have, which can be used with the following PHP files
Use the WWW user to test and execute the bash hook.sh command to test whether the code can be pulled. If successful, the next step is to execute the script through the hook.
PHP execution script

PHP executes the script code hook.php through the exec function. You need to call the exec function. If it is found unsuccessful, the exec function may be disabled in the php.ini configuration. Just restart it. Specific operation can be done by yourself.
    hook.php:
  

<?php //作为接口传输的时候认证的密钥
$valid_token  = 'shfdksjdakjshdfjknvkja';
$client_token = $_GET['token'];
$project      = $_GET['project'];   //多个项目
$client_ip    = $_SERVER['REMOTE_ADDR'];

$fs = fopen('./auto_hook.log', 'a');
fwrite($fs, '============================开始==============================='.PHP_EOL);
fwrite($fs, '时间:'.date("Y-m-d H:i:s", time()).',请求来自:['. $client_ip.']'.PHP_EOL);

if ($client_token !== $valid_token) {
	fwrite($fs, "TKOEN 错误-- [{$client_token}]".PHP_EOL);
	fclose($fs);
	exit(0);
}

$json = file_get_contents("php://input");
$data = json_decode($json, true);
fwrite($fs, 'Data: '.print_r($data, true).PHP_EOL);

//这里也可以执行自定义的脚本文件updata.sh,脚本内容可以自定义
switch ($project) {
	case 'web':
		$res = exec("/home/www/hook.sh", $result);
		break;
}

fwrite($fs, 'Data:'. print_r($result, true).PHP_EOL);
fwrite($fs, '============================结束==============================='.PHP_EOL);
fclose($fs);
var_dump($result);

Next, access the test through the browser: http://www.xxxxx.com/webhook.php?token=shfdksjdakjshdfjknvkja&project=web

After accessing, if you can return the information of GIT execution, it means success. The next step is to configure gitlab’s webhooks.
The project parameter is configured to support multiple projects, and multiple projects can be deployed. You only need to use different project parameters when configuring in the gitlab hook.
Trigger events can be selected by yourself

After deployment, modify the / etc / passwd file and change the WWW user to nologin!