Fixes ssh-agent not being killed on script exit and path to SSH identity

This patch improves static websites automatic deployment tutorial for
Gitea by registering Bash `trap` ASAP and fixing a strange issue with
`~/` actually not being expanded to the actual `git` user's home
directory (where our SSH identities are !) but (apparently) to the Gitea
install path.
This commit is contained in:
Samuel FORESTIER
2023-01-29 15:34:34 +01:00
parent 8bf7f9aec5
commit 99efa59719

@ -1,6 +1,7 @@
---
title: "Static websites automatic deployment with Gitea, an example with Jekyll"
date: 2018-12-25
last_modified_at: 2023-01-29
url: static-websites-automatic-deployment-with-gitea-an-example-with-jekyll
layout: post
category: Tutorials
@ -12,20 +13,20 @@ description: "Little write-up about static websites automatic deployment with Gi
### Introduction
[As this blog is no longer hosted on GitHub Pages](https://mastodon.social/web/statuses/101297442552745267), I needed a quick and lite way to perform continuous deployment on a WEB server.
[As this blog is no longer hosted on GitHub Pages](https://mastodon.social/web/statuses/101297442552745267), I needed a quick and lite way to perform continuous deployment on a Web server.
Available on [my new Gitea instance](https://git.forestier.app/HorlogeSkynet/blog), I thought about webhooks at first.
On the other hand, I didn't want to deploy a webhook server dedicated to static deployment, nor a CI/CD solution (as [Drone](https://drone.io/)) for this specific need.
So this is a short write-up (only) about SSH, BASH scripts and Jekyll usage, if you want to achieve something similar.
So this is a short write-up (only) about SSH, Bash scripts and Jekyll usage, if you want to achieve something similar.
> Here, I assume that your Gitea instance and your WEB server are running separately.
> Here, I assume that your Gitea instance and your Web server are running separately.
### The procedure
#### On the Gitea container
Before anything else, impersonate the `git` session and generate a keys pair to allow SSH authentication on the WEB server :
Before anything else, impersonate the `git` user and generate a key pair to allow SSH authentication on the Web server :
{% highlight bash %}
su - git
@ -39,26 +40,26 @@ Now you'll have to add a new hook to your repository settings.
[![A missing blog post image](/img/blog/static-websites-automatic-deployment-with-gitea-an-example-with-jekyll_2.png)](/img/blog/static-websites-automatic-deployment-with-gitea-an-example-with-jekyll_2.png)
Modify script below to fit your needs, and add it as a `post-receive` hook :
Modify the below script to fit your needs, and add it as a `post-receive` hook :
{% highlight bash %}
#!/usr/bin/env bash
# Loads the SSH key into an SSH agent, runs the deployment and kills the SSH agent
# Load the SSH key into an SSH agent and run the deployment before killing the SSH agent
nohup bash -c ' \
eval "$(ssh-agent -s)" && \
ssh-add -t 60 ~/.ssh/id_repository && \
ssh root@web.server.ip.address "/path/to/deployment.sh repository" && \
trap "ssh-agent -k" EXIT \
trap "ssh-agent -k" EXIT && \
ssh-add -t 60 /home/git/.ssh/id_repository && \
ssh root@web.server.ip.address "/path/to/deployment.sh repository" \
' > /dev/null 2>&1 &
echo "Automatic deployment successfully started !"
{% endhighlight %}
#### On the WEB server
#### On the Web server
Open a `root` shell on your WEB server and let's generate a deploy key for the `www-data` session, allowing it to pull from the Gitea repository :
Open a `root` shell on your Web server and let's generate a deploy key for the `www-data` user, allowing it to pull from the Gitea repository :
{% highlight bash %}
su - www-data -l -s /bin/bash
@ -89,10 +90,10 @@ Finally, you will also need a new script (`/path/to/deployment.sh`) :
if [[ "$1" == "repository" ]]; then
su - www-data -l -s /bin/bash -c ' \
eval "$(ssh-agent -s)" && \
trap "ssh-agent -k" EXIT && \
ssh-add -t 60 ~/.ssh/id_deploy && \
git -C /var/www/repository/ pull && \
JEKYLL_ENV=production jekyll build -s /var/www/repository/ -d /var/www/repository/_site/ && \
trap "ssh-agent -k" EXIT
JEKYLL_ENV=production jekyll build -s /var/www/repository/ -d /var/www/repository/_site/ \
'
# Another website ? Sure.
@ -108,7 +109,7 @@ Don't forget to :
chmod +x /path/to/deployment.sh
{% endhighlight %}
Finally, you'll have to authorize the remote git session (present on the Gitea machine) to execute the script above with a specific argument (`/root/.ssh/authorized_keys`), set the public key copied at the first step of this guide :
Finally, you'll have to authorize the remote `git` user (the one likely running Gitea) to execute the script above with a specific argument (`/root/.ssh/authorized_keys`), set the public key copied at the first step of this guide :
{% highlight bash %}
# Static websites deployment