Fixes ssh-agent not being killed on script exit and path to SSH identity
This patch improves static websites automatic deployment tutorial for Gitea by registering Bash `trap` ASAP and fixing a strange issue with `~/` actually not being expanded to the actual `git` user's home directory (where our SSH identities are !) but (apparently) to the Gitea install path.
This commit is contained in:
@ -1,6 +1,7 @@
|
||||
---
|
||||
title: "Static websites automatic deployment with Gitea, an example with Jekyll"
|
||||
date: 2018-12-25
|
||||
last_modified_at: 2023-01-29
|
||||
url: static-websites-automatic-deployment-with-gitea-an-example-with-jekyll
|
||||
layout: post
|
||||
category: Tutorials
|
||||
@ -12,20 +13,20 @@ description: "Little write-up about static websites automatic deployment with Gi
|
||||
|
||||
### Introduction
|
||||
|
||||
[As this blog is no longer hosted on GitHub Pages](https://mastodon.social/web/statuses/101297442552745267), I needed a quick and lite way to perform continuous deployment on a WEB server.
|
||||
[As this blog is no longer hosted on GitHub Pages](https://mastodon.social/web/statuses/101297442552745267), I needed a quick and lite way to perform continuous deployment on a Web server.
|
||||
|
||||
Available on [my new Gitea instance](https://git.forestier.app/HorlogeSkynet/blog), I thought about webhooks at first.
|
||||
On the other hand, I didn't want to deploy a webhook server dedicated to static deployment, nor a CI/CD solution (as [Drone](https://drone.io/)) for this specific need.
|
||||
|
||||
So this is a short write-up (only) about SSH, BASH scripts and Jekyll usage, if you want to achieve something similar.
|
||||
So this is a short write-up (only) about SSH, Bash scripts and Jekyll usage, if you want to achieve something similar.
|
||||
|
||||
> Here, I assume that your Gitea instance and your WEB server are running separately.
|
||||
> Here, I assume that your Gitea instance and your Web server are running separately.
|
||||
|
||||
### The procedure
|
||||
|
||||
#### On the Gitea container
|
||||
|
||||
Before anything else, impersonate the `git` session and generate a keys pair to allow SSH authentication on the WEB server :
|
||||
Before anything else, impersonate the `git` user and generate a key pair to allow SSH authentication on the Web server :
|
||||
|
||||
{% highlight bash %}
|
||||
su - git
|
||||
@ -39,26 +40,26 @@ Now you'll have to add a new hook to your repository settings.
|
||||
|
||||
[](/img/blog/static-websites-automatic-deployment-with-gitea-an-example-with-jekyll_2.png)
|
||||
|
||||
Modify script below to fit your needs, and add it as a `post-receive` hook :
|
||||
Modify the below script to fit your needs, and add it as a `post-receive` hook :
|
||||
|
||||
{% highlight bash %}
|
||||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
# Loads the SSH key into an SSH agent, runs the deployment and kills the SSH agent
|
||||
# Load the SSH key into an SSH agent and run the deployment before killing the SSH agent
|
||||
nohup bash -c ' \
|
||||
eval "$(ssh-agent -s)" && \
|
||||
ssh-add -t 60 ~/.ssh/id_repository && \
|
||||
ssh root@web.server.ip.address "/path/to/deployment.sh repository" && \
|
||||
trap "ssh-agent -k" EXIT \
|
||||
trap "ssh-agent -k" EXIT && \
|
||||
ssh-add -t 60 /home/git/.ssh/id_repository && \
|
||||
ssh root@web.server.ip.address "/path/to/deployment.sh repository" \
|
||||
' > /dev/null 2>&1 &
|
||||
|
||||
echo "Automatic deployment successfully started !"
|
||||
{% endhighlight %}
|
||||
|
||||
#### On the WEB server
|
||||
#### On the Web server
|
||||
|
||||
Open a `root` shell on your WEB server and let's generate a deploy key for the `www-data` session, allowing it to pull from the Gitea repository :
|
||||
Open a `root` shell on your Web server and let's generate a deploy key for the `www-data` user, allowing it to pull from the Gitea repository :
|
||||
|
||||
{% highlight bash %}
|
||||
su - www-data -l -s /bin/bash
|
||||
@ -89,10 +90,10 @@ Finally, you will also need a new script (`/path/to/deployment.sh`) :
|
||||
if [[ "$1" == "repository" ]]; then
|
||||
su - www-data -l -s /bin/bash -c ' \
|
||||
eval "$(ssh-agent -s)" && \
|
||||
trap "ssh-agent -k" EXIT && \
|
||||
ssh-add -t 60 ~/.ssh/id_deploy && \
|
||||
git -C /var/www/repository/ pull && \
|
||||
JEKYLL_ENV=production jekyll build -s /var/www/repository/ -d /var/www/repository/_site/ && \
|
||||
trap "ssh-agent -k" EXIT
|
||||
JEKYLL_ENV=production jekyll build -s /var/www/repository/ -d /var/www/repository/_site/ \
|
||||
'
|
||||
|
||||
# Another website ? Sure.
|
||||
@ -108,7 +109,7 @@ Don't forget to :
|
||||
chmod +x /path/to/deployment.sh
|
||||
{% endhighlight %}
|
||||
|
||||
Finally, you'll have to authorize the remote git session (present on the Gitea machine) to execute the script above with a specific argument (`/root/.ssh/authorized_keys`), set the public key copied at the first step of this guide :
|
||||
Finally, you'll have to authorize the remote `git` user (the one likely running Gitea) to execute the script above with a specific argument (`/root/.ssh/authorized_keys`), set the public key copied at the first step of this guide :
|
||||
|
||||
{% highlight bash %}
|
||||
# Static websites deployment
|
||||
|
Reference in New Issue
Block a user