4.1 KiB
Git Hooks Tutorial
The goal is to test creating a git hook on serge.
Create new user on serge that belongs to www-data and git groups:
useradd -G www-data git -M mkdocs
Create website directory
mkdir /var/www/services.anarchyplanet.org
mkdir /var/www/services.anarchyplanet.org/public_html
chown -R mkdocs:www-data /var/www/services.anarchyplanet.org
Serve website with Nginx
Set up site with /var/www/services.anarchyplanet.org/public_html as root
vim /etc/nginx/sites-available/services.anarchyplanet.org
Enable Site in nginx
ln -s /etc/nginx/sites-available/services.anarchyplanet.org /etc/nginx/sites-enabled
nginx -t && nginx -s reload
Protect directory with password
Per the docs:
Create .htpasswd file
htpasswd -c /var/www/services.anarchyplanet.org/.htpasswd admin
Make .htpasswd not world-readable
chown mkdocs:mkdocs .htpasswd; chmod 640 .htpasswd
Add the config to the nginx config and restart nginx
Clone repository into website directory
su mkdocs
cd /var/www
git clone /srv/git/repositories/notnull/git-hooks-demo.git services.anarchyplanet.org
Install mkdocs and mkdocs-material
I wasn't sure the best way to do this so I just installed globally:
python3 -m pip isntall mkdocs mkdocs-material
Write script to build docs
#!/bin/bash
# /var/www/services.anarchyplanet.org/update.sh
cd /var/www/services.anarchyplanet.org
git pull origin master
mkdocs build
chgrp -R www-data public_html
Allow git user to run update script
The git user is the one who executes the post-receive hook, so it needs to somehow be able to run the update script as the mkdocs user.
This suggests to create a line in visudo to give the git user permission to run a script as a user at a path, e.g.:
git ALL=(mkdocs) NOPASSWD: /var/www/services.anarchyplanet.org/update.sh
I noticed that Debian wants these to be posted in /etc/sudoers.d/ so I added it there:
visudo /etc/sudoers.d/allow-git-to-build-docs
I tested this with sudo -u git sudo -u mkdocs /var/www/services.anarchyplanet.org/update.sh which works! and sudo -u git sudo -u mkdocs echo $(whoami) which does not work (asks for git's sudo password).
Create new post-receive git hook
Gogs has a post-receive hook that seems to be active: "/srv/git/gogs/gogs" hook --config='/srv/git/gogs/custom/conf/app.ini' post-receive
Not sure what this does. I just commented it out and added:
sudo -u mkdocs /var/www/services/anarchyplanet.org/update.sh
I guess the only remaining thing to do is try it!
Dealing with errors
there are unstashed changes in website directory
So it looks like the hook sends the log of the remote hook to the local stdout, which is cool! I had some files in it and so it looks like the pull didn't work, but it still built the documents. Might want to build in some error handling, but for now going to try again!
remote: From /srv/git/repositories/notnull/git-hooks-demo
remote: * branch master -> FETCH_HEAD
remote: 130a508..cf09d0c master -> origin/master
remote: error: Your local changes to the following files would be overwritten by merge:
remote: mkdocs.yml
remote: Please commit your changes or stash them before you merge.
remote: error: The following untracked working tree files would be overwritten by merge:
remote: .gitignore
remote: update.sh
remote: Please move or remove them before you merge.
remote: Aborting
remote: INFO - Cleaning site directory
remote: INFO - Building documentation to directory: /var/www/services.anarchyplanet.org/public_html
remote: INFO - Documentation built in 0.54 seconds
the update script doesn't exist until I pull changes
and the update script is what the git hook runs. whoops!
For now I'm going to just pull it once from the website directory.
script permissions
I realized that the script was not executable so i fixed this, then pulled from teh remote repository again