git-deploy
A PHP script to automatically pull from a repository to a web server (using a webhook on GitHub, GitLab, or Bitbucket).
You can configure which branch this script pulls from. This script is useful for both development and production servers.
On your server
SSH
Generate an SSH key and add it to your account so that git pull
can be run without a password.
Configuration
Copy the git-deploy folder and its contents in to your public folder (typically public_html). Note that you can change the name of the folder if desired.
Rename git-deploy/deploy.sample.php to git-deploy/deploy.php, and update each variable to a value that suits your needs. Multiple copies of git-deploy/deploy.sample.php can be made for multiple projects or versions (you just need to change the webhook url to match the new name). An example of a live configuration is below.
define("TOKEN", "secret-token");
define("REMOTE_REPOSITORY", "[email protected]:username/custom-project.git");
define("DIR", "/var/www/vhosts/repositories/custom-project");
define("BRANCH", "refs/heads/master");
define("LOGFILE", "deploy.log");
define("GIT", "/usr/bin/git");
define("MAX_EXECUTION_TIME", 180);
define("BEFORE_PULL", "/usr/bin/git reset --hard @{u}");
define("AFTER_PULL", "/usr/bin/node ./node_modules/gulp/bin/gulp.js default");
Permissions
When deploy.php is called by the web-hook, the webserver user (www
, www-data
, apache
, etc...) will attempt to run git pull ...
. Since you probably cloned into the repository as yourself, and your user therefore owns it, the webserver user needs to be given write access. It is suggested this be accomplished by changing the repository group to the webserver user's and giving the group write permissions:
- Open a terminal to the directory containing the repository on the server.
- run
sudo chown -R $USER:webserverusername custom-project-repo-dir/.git/
to change the group of the repo. - run
sudo chmod -R g+s custom-project-repo-dir/.git/
to make the group assignment inherited for new files/dirs. - run
sudo chmod -R 775 custom-project-repo-dir/.git/
to set read & write for both owner and group.
On GitHub | GitLab | Bitbucket
GitHub
In your repository, navigate to Settings → Webhooks → Add webhook, and use the following settings:
- Payload URL: https://www.yoursite.com/git-deploy/deploy.php
- Content type: application/json
- Secret: The value of TOKEN in config.php
- Which events would you like to trigger this webhook?:
🔘 Just the push event - Active:
☑️
Click "Add webhook" to save your settings, and the script should start working.
GitLab
In your repository, navigate to Settings → Integrations, and use the following settings:
- URL: https://www.yoursite.com/git-deploy/deploy.php
- Secret Token: The value of TOKEN in config.php
- Trigger:
☑️ Push events - Enable SSL verification:
☑️ (only if using SSL, see GitLab's documentation for more details)
Click "Add webhook" to save your settings, and the script should start working.
Bitbucket
In your repository, navigate to Settings → Webhooks → Add webhook, and use the following settings:
- Title: git-deploy
- URL: https://www.yoursite.com/git-deploy/deploy.php?token=secret-token
- Active:
☑️ - SSL / TLS:
⬜ Skip certificate verification (only if using SSL, see Bitbucket's documentation for more details) - Triggers: 🔘 Repository push
Click "Save" to save your settings, and the script should start working.
Integration with CI/CD
If you'd prefer to integrate git-deploy with your CI scripts rather than using traditional Webhooks, you can trigger the hook via the following wget
command.
wget --quiet --output-document=- --content-on-error --header="Content-Type: application/json" --post-data='{"ref":"refs/heads/master"}' 'https://www.example.com/git-deploy/deploy.php?token=secret-token'
Additionally, you can add the parameters sha=COMMIT_HASH
and reset=true
to the URL in order to instruct git-deploy to reset to a specific commit. Note that this will overwrite any local changes you may have made. This can be useful for integration with things like GitLab's Environments feature.
I appreciate the collaboration of @JacobDB