如何在没有服务器访问 repo 的情况下从 git repo 部署？

Question

我在 BitBucket git repo 中有一个 PHP 项目。

我在一个名为“develop”的分支中进行小修复，或者我在临时功能分支中工作。当我准备好部署时，我将这些分支合并到“master”中。

我想让部署到我的实时站点变得如此简单（合并到 master 并推送到 BitBucket）。

但我真的不希望我的服务器能够访问我的存储库，因为这会增加安全问题。如果您关心安全性，则希望您的存储库位于尽可能少的地方.如果您的服务器受到威胁，那情况就已经够糟糕了，但如果攻击者能够访问我的完整存储库，那就更糟了。 This person 同意。

所以我假设我想使用git archive master 之类的东西，就像https://stackoverflow.com/a/163769/470749 解释的那样。

如何设置一个钩子来检测“master”的推送，然后运行 ​​git archive master 以将最新代码（但不是作为 repo）导出到压缩的 zip 文件，然后发送（通过 SCP 和/ 或 Rsync？）到远程服务器，将其解压缩到新目录，然后（可能通过更改符号链接）将服务器指向该新目录？

额外问题：如何启用简单的紧急回滚？ （我想在某些情况下我想快速恢复到之前的提交。）

Answer 1

我对最终得到的脚本很满意：

deploy.sh：

##This executable file will export your latest code from master (via "git archive") and will upload it 
##to the remote server and then call a script on the server to handle from there.
##----------------------------------------------------------------------------------------------------

source dev-ops/archive_and_upload.sh

##On the remote server, run a script to archive the existing production site files and then deploy the uploaded package.
ssh -i ~/.ssh/id_rsa myUserName@vientiane.dreamhost.com <<'ENDSSH'

set -e

cd /home/myUserName/myProjectName/latest

##Unzip the zip file, then delete it.
echo "Unzipping the package.zip..."
unzip -o package.zip && rm package.zip  

cd /home/myUserName/myProjectName/

nowTime=$(date -u +"%Y-%m-%d__%H:%M:%S")
echo "The archive will have this timestamp: " $nowTime

##Copy the "latest" folder to a dated "packages" subfolder.
cp -R latest/ packages/$nowTime 
echo "Copied the existing site to an archive."

##Install Laravel dependencies.
echo "Running Composer so that the remote server downloads and installs dependencies..."
cd packages/$nowTime 
php -d memory_limit=256M ~/bin/composer.phar install   

##Delete the "live" symlink and immediately create a new "live" symlink to the most recent subfolder within "packages".
echo "Updating the symlinks..."
cd /home/myUserName/myProjectName/
echo `pwd`
rm previous
mv live previous && ln -s packages/$nowTime live && ls -lah  

##Clear out the "latest" folder in preparation for next time.
echo "Deleting the contents of the 'latest' folder in preparation for next time..."
rm -rf latest/* && ls latest   
ENDSSH

echo "FINISHED DEPLOYING!"

archive_and_upload.sh：

##This executable file will export your latest code from master (via "git archive") and will upload it 
##to the remote server.
##----------------------------------------------------------------------------------------------------

##Clear out the contents of the previous export package.
rm -rf dev-ops/package/*   

##Export the "master" branch of this git repo. (The result is not a repo but is just code.)
git archive --format zip --output dev-ops/package/package.zip master  

##Send zip file to remote server.
scp -i ~/.ssh/id_rsa dev-ops/package/package.zip myUserName@vientiane.dreamhost.com:/home/myUserName/myProjectName/latest/package.zip 

revert_to_previous_package.sh：

ssh -i ~/.ssh/id_rsa myUserName@vientiane.dreamhost.com <<'ENDSSH'

set -e

cd /home/myUserName/myProjectName/

mv live rollingBack && mv previous live && mv rollingBack previous && ls -lah

ENDSSH

echo "ROLLED BACK!"

如您所见，我将 Dreamhost 服务器设置为从名为“live”的文件夹提供服务，该文件夹实际上只是指向子文件夹的符号链接，该子文件夹被命名为该代码包上传时的时间戳。还有另一个名为“previous”的符号链接，它使回滚变得容易（以防我在部署后发现问题并想要恢复）。