搭建基于码云gitee平台代码自动部署
<p> 很多大公司的系统新功能发布部署使用jenkins服务,个人小项目使用jenkins太重,jenkins对机器配置要求较高,我这服务器1G没法用。</p><p> 不使用jenkins的话,码云平台gitee上可以使用提供的webhook来触发系统部署构建。</p>
<p> 首先需要注册一个gitee码云平台的账号,新建仓库后,仓库的“管理” - “webHooks” 点击新建。</p>
<p> URL输入更新脚本地址,比如我这里是http://deploy.xxx.com/easyswoole_secret.php,可以选择WebHook密码或者签名密钥。</p>
<p> 使用WebHook密码可能导致请求被截获泄漏,这里采用签名密钥。</p>
<p><img src="https://img2020.cnblogs.com/blog/1441404/202006/1441404-20200616081816081-1242028721.png"></p>
<p> </p>
<p>构建脚本内容:</p>
<div class="cnblogs_code">
<pre><?<span style="color: rgba(0, 0, 0, 1)">php
</span><span style="color: rgba(0, 128, 0, 1)">/*</span><span style="color: rgba(0, 128, 0, 1)">*
* 自动更新钩子
* 修改密钥及项目路径即可使用
*</span><span style="color: rgba(0, 128, 0, 1)">*/</span>
<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">以流的方式读取</span>
<span style="color: rgba(128, 0, 128, 1)">$requestBody</span> = <span style="color: rgba(0, 128, 128, 1)">file_get_contents</span>("php://input"<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 0, 255, 1)">if</span> (<span style="color: rgba(0, 0, 255, 1)">empty</span>(<span style="color: rgba(128, 0, 128, 1)">$requestBody</span><span style="color: rgba(0, 0, 0, 1)">)) {
</span><span style="color: rgba(0, 0, 255, 1)">die</span>('send fail'<span style="color: rgba(0, 0, 0, 1)">);
}
</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">file_put_contents('./requestBody.log', $requestBody);</span>
<span style="color: rgba(128, 0, 128, 1)">$requestBody</span> = json_decode(<span style="color: rgba(128, 0, 128, 1)">$requestBody</span>,<span style="color: rgba(0, 0, 255, 1)">true</span><span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">加密字符串</span>
<span style="color: rgba(128, 0, 128, 1)">$secret_post</span> = <span style="color: rgba(128, 0, 128, 1)">$requestBody</span>['sign'<span style="color: rgba(0, 0, 0, 1)">];
</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">时间戳参数,单位毫秒级</span>
<span style="color: rgba(128, 0, 128, 1)">$time_stamp</span> = <span style="color: rgba(128, 0, 128, 1)">$requestBody</span>['timestamp'<span style="color: rgba(0, 0, 0, 1)">];
</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">在WebHooks签名密钥一栏填写的密钥信息</span>
<span style="color: rgba(128, 0, 128, 1)">$access_token</span> = 'xxx'<span style="color: rgba(0, 0, 0, 1)">;
</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">加密文档
//https://gitee.com/help/articles/4290</span>
<span style="color: rgba(128, 0, 128, 1)">$secret_join</span> = <span style="color: rgba(128, 0, 128, 1)">$time_stamp</span> . "\n" . <span style="color: rgba(128, 0, 128, 1)">$access_token</span><span style="color: rgba(0, 0, 0, 1)">;
</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">file_put_contents('./join.log', $secret_join);</span>
<span style="color: rgba(128, 0, 128, 1)">$base64</span> = <span style="color: rgba(0, 128, 128, 1)">base64_encode</span>(hash_hmac('sha256', <span style="color: rgba(128, 0, 128, 1)">$secret_join</span>, <span style="color: rgba(128, 0, 128, 1)">$access_token</span>, <span style="color: rgba(0, 0, 255, 1)">true</span><span style="color: rgba(0, 0, 0, 1)">));
</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">file_put_contents('./base64.log' , $base64);
//看推送的是哪个分支就构建哪个分支
//如有需要可以更改规则,比如屏蔽某些分支不构建</span>
<span style="color: rgba(128, 0, 128, 1)">$branch</span> = <span style="color: rgba(0, 128, 128, 1)">str_replace</span>('refs/heads/', '', <span style="color: rgba(128, 0, 128, 1)">$requestBody</span>['ref'<span style="color: rgba(0, 0, 0, 1)">]);
</span><span style="color: rgba(128, 0, 128, 1)">$requestBody</span> = <span style="color: rgba(0, 0, 255, 1)">null</span><span style="color: rgba(0, 0, 0, 1)">;
</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)"> 打开网站目录下的hooks.log文件 需要在服务器上创建 并给写权限</span>
<span style="color: rgba(128, 0, 128, 1)">$fs</span> = <span style="color: rgba(0, 128, 128, 1)">fopen</span>('/opt/log/deploy_webhooks_pull.log', 'a'<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 128, 128, 1)">fwrite</span>(<span style="color: rgba(128, 0, 128, 1)">$fs</span>, <span style="color: rgba(0, 128, 128, 1)">date</span>('Y-m-d H:i:s') . ' ================ Update Start ===============' . <span style="color: rgba(255, 0, 255, 1)">PHP_EOL</span><span style="color: rgba(0, 0, 0, 1)">);</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)"> 请求ip</span>
<span style="color: rgba(128, 0, 128, 1)">$client_ip</span> = <span style="color: rgba(128, 0, 128, 1)">$_SERVER</span>['REMOTE_ADDR'<span style="color: rgba(0, 0, 0, 1)">];
</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)"> 把请求的IP和时间写进log</span>
<span style="color: rgba(0, 128, 128, 1)">fwrite</span>(<span style="color: rgba(128, 0, 128, 1)">$fs</span>, <span style="color: rgba(0, 128, 128, 1)">date</span>('Y-m-d H:i:s') . ' Request on [' . <span style="color: rgba(0, 128, 128, 1)">date</span>("Y-m-d H:i:s") . '] from [' . <span style="color: rgba(128, 0, 128, 1)">$client_ip</span> . ']' . <span style="color: rgba(255, 0, 255, 1)">PHP_EOL</span><span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)"> 验证token 有错就写进日志并退出</span>
<span style="color: rgba(0, 0, 255, 1)">if</span> (<span style="color: rgba(128, 0, 128, 1)">$base64</span> !== <span style="color: rgba(128, 0, 128, 1)">$secret_post</span><span style="color: rgba(0, 0, 0, 1)">) {
</span><span style="color: rgba(0, 128, 128, 1)">fwrite</span>(<span style="color: rgba(128, 0, 128, 1)">$fs</span>, <span style="color: rgba(0, 128, 128, 1)">date</span>('Y-m-d H:i:s') . " Invalid token [{<span style="color: rgba(128, 0, 128, 1)">$client_token</span>}]" . <span style="color: rgba(255, 0, 255, 1)">PHP_EOL</span><span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(128, 0, 128, 1)">$fs</span> and <span style="color: rgba(0, 128, 128, 1)">fclose</span>(<span style="color: rgba(128, 0, 128, 1)">$fs</span><span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 128, 128, 1)">header</span>("HTTP/1.1 404 Not Found"<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 128, 128, 1)">header</span>("Status: 404 Not Found"<span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 0, 255, 1)">exit</span><span style="color: rgba(0, 0, 0, 1)">;
}
</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)"> 如果有需要 可以打开下面,把传送过来的信息写进log 可用于调试,测试成功后注释即可
// fwrite($fs, 'Data: ' . print_r($data, true) . PHP_EOL);
// 执行shell命令并把返回信息写进日志</span>
<span style="color: rgba(128, 0, 128, 1)">$output</span> = <span style="color: rgba(0, 128, 128, 1)">shell_exec</span>('cd /opt/www/kunswoole/; git pull origin ' . <span style="color: rgba(128, 0, 128, 1)">$branch</span> . ' 2<&1; chown -R www:www /opt/www/kunswoole/*;'<span style="color: rgba(0, 0, 0, 1)">);</span></pre>
<pre><span style="color: rgba(0, 128, 128, 1)">fwrite</span>(<span style="color: rgba(128, 0, 128, 1)">$fs</span>, <span style="color: rgba(0, 128, 128, 1)">date</span>('Y-m-d H:i:s') . 'Info:' . <span style="color: rgba(0, 128, 128, 1)">print_r</span>(<span style="color: rgba(128, 0, 128, 1)">$output</span>, <span style="color: rgba(0, 0, 255, 1)">true</span>) . <span style="color: rgba(255, 0, 255, 1)">PHP_EOL</span><span style="color: rgba(0, 0, 0, 1)">);
</span></pre>
<pre><span style="color: rgba(0, 128, 128, 1)">fwrite</span>(<span style="color: rgba(128, 0, 128, 1)">$fs</span>, <span style="color: rgba(0, 128, 128, 1)">date</span>('Y-m-d H:i:s') .'================ Update End ===============' . <span style="color: rgba(255, 0, 255, 1)">PHP_EOL</span> . <span style="color: rgba(255, 0, 255, 1)">PHP_EOL</span><span style="color: rgba(0, 0, 0, 1)">);
</span></pre>
<pre><span style="color: rgba(128, 0, 128, 1)">$fs</span> and <span style="color: rgba(0, 128, 128, 1)">fclose</span>(<span style="color: rgba(128, 0, 128, 1)">$fs</span><span style="color: rgba(0, 0, 0, 1)">);
</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)"> 调试时打开
// echo json_encode($output);</span></pre>
</div>
<p>首次构建前需要/opt/www目录下使用git clone命令将仓库代码克隆到服务器上。</p>
<p> </p>
<p>本地mac修改代码提交后,可在gitee上看到构建记录:</p>
<p><img src="https://img2020.cnblogs.com/blog/1441404/202006/1441404-20200616083407301-1280932559.png"></p><br><br>
来源:https://www.cnblogs.com/wscsq789/p/13139031.html
頁:
[1]