From cf09d0cb4979bd6e1742b6eba610fc1b59442bf4 Mon Sep 17 00:00:00 2001 From: notnull Date: Thu, 2 Nov 2023 19:05:12 -0400 Subject: [PATCH] first real test --- .gitignore | 1 + docs/index.md | 65 +++++++++++++++++++++++++++++++++++++++++++++------ mkdocs.yml | 7 +++--- update.sh | 7 ++++++ 4 files changed, 70 insertions(+), 10 deletions(-) create mode 100644 .gitignore create mode 100644 update.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2e2e7a3 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +public_html diff --git a/docs/index.md b/docs/index.md index 1804d4a..4ecdd61 100644 --- a/docs/index.md +++ b/docs/index.md @@ -4,22 +4,73 @@ The goal is to test creating a git hook on serge. # steps -Create new user on serge that belongs to www-data and git groups: +## Create new user on serge that belongs to www-data and git groups: useradd -G www-data git -M mkdocs -Create new directory in /var/www; chown to mkdocs:www-data +## Create website directory mkdir /var/www/services.anarchyplanet.org - chown mkdocs:www-data /var/www/services.anarchyplanet.org + mkdir /var/www/services.anarchyplanet.org/public_html + chown -R mkdocs:www-data /var/www/services.anarchyplanet.org -Create new post-receive git hook +## Serve website with Nginx + + vim /etc/nginx/sites-available/services.anarchyplanet.org + + `# set up site with /var/www/services.anarchyplanet.org/public_html as root` + + ln -s /etc/nginx/sites-available/services.anarchyplanet.org /etc/nginx/sites-enabled + nginx -t && nginx -s reload + +## Clone repository into website directory + su mkdocs + cd /var/www + git clone /srv/git/repositories/notnull/git-hooks-demo.git services.anarchyplanet.org + +This made file permissions all mkdocs:mkdocs so I changed them back to mkdocs:www-data + +## Install mkdocs and mkdocs-material + +I wasn't sure the best way to do this so I just installed globally: + + python3 -m pip isntall mkdocs mkdocs-material + +## Write script to build docs + + +```shell +#!/bin/bash +# /var/www/services.anarchyplanet.org/update.sh +cd /var/www/services.anarchyplanet.org +git pull origin master +mkdocs build +chgrp -R www-data public_html +``` +## Allow git user to run update script + +The git user is the one who executes the post-receive hook, so it needs to somehow be able to run the update script as the mkdocs user. + +[This](https://stackoverflow.com/questions/73869424/run-git-hook-as-remote-user-in-a-shared-repository) suggests to create a line in visudo to give the git user permission to run a script as a user at a path, e.g.: + + git ALL=(mkdocs) NOPASSWD: /var/www/services.anarchyplanet.org/update.sh + +I noticed that Debian wants these to be posted in /etc/sudoers.d/ so I added it there: + + visudo /etc/sudoers.d/allow-git-to-build-docs + + +I tested this with `sudo -u git sudo -u mkdocs /var/www/services.anarchyplanet.org/update.sh` which works! and `sudo -u git sudo -u mkdocs echo $(whoami)` which does not work (asks for git's sudo password). + +## Create new post-receive git hook Gogs has a post-receive hook that seems to be active: "/srv/git/gogs/gogs" hook --config='/srv/git/gogs/custom/conf/app.ini' post-receive -Not sure what this does. I commented it out and replaced it to test hooks. committing now! +Not sure what this does. I just commented it out and added: + + sudo -u mkdocs /var/www/services/anarchyplanet.org/update.sh + +I guess the only remaining thing to do is try it! -That didn't work so trying again -That worked! and the user is git. now testing what happens when it's owned by mkdocs diff --git a/mkdocs.yml b/mkdocs.yml index d483705..f47a6b5 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -1,11 +1,12 @@ site_name: Git Hooks Demo -site_url: https://services.anarchyplanet.org # temporary -repo_name: https://git.anarchyplanet.org/notnull/git-hooks-demo/ +site_url: https://services.anarchyplanet.org +site_dir: public_html +repo_url: https://git.anarchyplanet.org/notnull/git-hooks-demo edit_uri: src/master/docs/ theme: name: material - site_dir: public_html palette: scheme: slate primary: black accent: teal + diff --git a/update.sh b/update.sh new file mode 100644 index 0000000..9a665c2 --- /dev/null +++ b/update.sh @@ -0,0 +1,7 @@ +#!/bin/bash +# /var/www/services.anarchyplanet.org/update.sh + +cd /var/www/services.anarchyplanet.org +git pull origin master +mkdocs build +chgrp -R www-data public_html