# Git Hooks Tutorial The goal is to test creating a [git hook](https://git-scm.com/docs/githooks) on serge. ## Create new user on serge that belongs to www-data and git groups: useradd -G www-data git -M mkdocs ## Create website directory mkdir /var/www/services.anarchyplanet.org mkdir /var/www/services.anarchyplanet.org/public_html chown -R mkdocs:www-data /var/www/services.anarchyplanet.org ## Serve website with Nginx Set up site with /var/www/services.anarchyplanet.org/public_html as root vim /etc/nginx/sites-available/services.anarchyplanet.org Enable Site in nginx ln -s /etc/nginx/sites-available/services.anarchyplanet.org /etc/nginx/sites-enabled nginx -t && nginx -s reload ## Protect directory with password Per the [docs](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/): Create .htpasswd file htpasswd -c /var/www/services.anarchyplanet.org/.htpasswd admin Make .htpasswd not world-readable chown mkdocs:mkdocs .htpasswd; chmod 640 .htpasswd Add the config to the nginx config and restart nginx ## Clone repository into website directory su mkdocs cd /var/www git clone /srv/git/repositories/notnull/git-hooks-demo.git services.anarchyplanet.org ## Install mkdocs and mkdocs-material I wasn't sure the best way to do this so I just installed globally: python3 -m pip isntall mkdocs mkdocs-material ## Write script to build docs ```shell #!/bin/bash # /var/www/services.anarchyplanet.org/update.sh cd /var/www/services.anarchyplanet.org git pull origin master mkdocs build chgrp -R www-data public_html ``` ## Allow git user to run update script The git user is the one who executes the post-receive hook, so it needs to somehow be able to run the update script as the mkdocs user. [This](https://stackoverflow.com/questions/73869424/run-git-hook-as-remote-user-in-a-shared-repository) suggests to create a line in visudo to give the git user permission to run a script as a user at a path, e.g.: git ALL=(mkdocs) NOPASSWD: /var/www/services.anarchyplanet.org/update.sh I noticed that Debian wants these to be posted in /etc/sudoers.d/ so I added it there: visudo /etc/sudoers.d/allow-git-to-build-docs I tested this with `sudo -u git sudo -u mkdocs /var/www/services.anarchyplanet.org/update.sh` which works! and `sudo -u git sudo -u mkdocs echo $(whoami)` which does not work (asks for git's sudo password). ## Create new post-receive git hook Gogs has a post-receive hook that seems to be active: "/srv/git/gogs/gogs" hook --config='/srv/git/gogs/custom/conf/app.ini' post-receive Not sure what this does. I just commented it out and added: sudo -u mkdocs /var/www/services/anarchyplanet.org/update.sh I guess the only remaining thing to do is try it! ## Dealing with errors ### there are unstashed changes in website directory So it looks like the hook sends the log of the remote hook to the local stdout, which is cool! I had some files in it and so it looks like the pull didn't work, but it still built the documents. Might want to build in some error handling, but for now going to try again! ```shell remote: From /srv/git/repositories/notnull/git-hooks-demo remote: * branch master -> FETCH_HEAD remote: 130a508..cf09d0c master -> origin/master remote: error: Your local changes to the following files would be overwritten by merge: remote: mkdocs.yml remote: Please commit your changes or stash them before you merge. remote: error: The following untracked working tree files would be overwritten by merge: remote: .gitignore remote: update.sh remote: Please move or remove them before you merge. remote: Aborting remote: INFO - Cleaning site directory remote: INFO - Building documentation to directory: /var/www/services.anarchyplanet.org/public_html remote: INFO - Documentation built in 0.54 seconds ``` ### the update script doesn't exist until I pull changes and the update script is what the git hook runs. whoops! For now I'm going to just pull it once from the website directory. ### script permissions I realized that the script was not executable so i fixed this, then pulled from teh remote repository again