docker-git-deploy/run.sh at trusty · pocesar/docker-git-deploy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
#!/bin/bash

export USERSCRIPT=""
export FAILSCRIPT=""

initGit() {
    mkdir -p -m 0660 $GIT_DIR
    chown -R $USER:root $GIT_DIR
    git init --bare --shared=0660
    git config receive.denyNonFastForwards false
    git config receive.denyCurrentBranch ignore
    git config receive.denyDeleteCurrent ignore
}

FORMAT='%Y-%m-%dT%H:%M:%SZ'

log() {
    echo -e "[+] $(date -u +$FORMAT): $1"
}

wideenv() {
    # no duplicated env vars
    [ $(cat /etc/environment | grep "$1" -c) == "0" ] && ( echo "$1=$2" >> /etc/environment )
}

export HOME=/home/$USER
wideenv HOME "$HOME"

useradd -s /bin/bash -m -d $HOME -g root -G sudo $USER

MEM_LOG=/dev/shm/$USER
wideenv MEM_LOG "$MEM_LOG"
touch $MEM_LOG
chmod 0777 $MEM_LOG

branches=$(env | grep BRANCH_)

[ $(echo $branches | grep "BRANCH_" -c) != "0" ] || ( echo "Must set a BRANCH variable (at least BRANCH_MASTER)" && exit 1 )
echo "$branches" >> /etc/environment
log "Using branches: \n$(echo "$branches" | sed -e 's/^/\t - \0/g' )\n"

if [[ -e "/setup" ]]; then
    chmod +x /setup
    log "Executing setup script"
    /setup
    chmod -x /setup
fi

if [[ -e "/userscript" ]]; then
    if [[ ! -d "/userscript" ]]; then
        USERSCRIPT="/userscript"
        log "Using $USERSCRIPT"
        chmod +x /userscript
    else
        log "Skipping /userscript because its a folder"
    fi
fi

if [[ -e "/failscript" ]]; then
    if [[ ! -d "/failscript" ]]; then
        FAILSCRIPT="/failscript"
        log "Using $FAILSCRIPT"
        chmod +x /failscript
    else
        log "Skipping /failscript because its a folder"
    fi
fi

wideenv IN "$IN"
wideenv USERSCRIPT "$USERSCRIPT"
wideenv FAILSCRIPT "$FAILSCRIPT"

mkdir -p -m 0700 $HOME/.ssh

if [[ -e "$PUBLIC_KEY" ]]; then
    log "Reading public key mount"
    cat $PUBLIC_KEY >> $HOME/.ssh/authorized_keys
else
    log "Appending raw key"
    echo $PUBLIC_KEY >> $HOME/.ssh/authorized_keys
fi

unset PUBLIC_KEY

chmod 0600 $HOME/.ssh/authorized_keys
sed -ri "s@#?AuthorizedKeysFile\s+.*@AuthorizedKeysFile $HOME/.ssh/authorized_keys@" /etc/ssh/sshd_config
chown -R $USER:root $HOME/.ssh

log "Created user $USER"

if [ ${IN} ]; then
    log "Using existing path"
    export GIT_DIR=$IN
else
    log "Creating empty repository"
    export GIT_DIR=$HOME/repo.git
fi

wideenv GIT_DIR "$GIT_DIR"

initGit

if [[ $(cd $GIT_DIR && git rev-parse --is-inside-work-tree) ]]
then
    if [[ $(cd $GIT_DIR && git rev-parse --is-bare-repository) ]]
    then
        touch $GIT_DIR/hooks/post-receive
        chmod +x $GIT_DIR/hooks/post-receive
(
cat <<POSTRECEIVE
#!/bin/bash
set -e

while read oldrev newrev refname
do
    branch=\$(git rev-parse --symbolic --abbrev-ref \$refname)
    loc="BRANCH_\$(echo "\${branch^^}")"
    path=\${!loc}

    if [[ -d \$path ]]
    then
        ( git --work-tree="\$path" --git-dir="$GIT_DIR" checkout -f \$branch && \\
          echo -e "\$(date -u +$FORMAT): Checkout new sources on \$loc:\$path" >> \$MEM_LOG && \\
          git log -1 --pretty=format:"%h - %an, %ar: %s" | xargs -I {} echo -e "-------------\n\$branch {} \n-------------" >> \$MEM_LOG ) || exit 1

        if [ \${USERSCRIPT} ]
        then
            ( \$USERSCRIPT \$branch \$refname \$path ) || ( [[ ! -z "\$FAILSCRIPT" ]] && echo "\$USERSCRIPT failed, executing \$FAILSCRIPT" && \$FAILSCRIPT \$branch \$refname \$path )
        fi
    else
        echo -e "[^] \$(date -u +$FORMAT): Ignoring push to \$branch as it isnt defined or not a folder" >> \$MEM_LOG
    fi
done
POSTRECEIVE
) > $GIT_DIR/hooks/post-receive

    chown $USER:root $GIT_DIR/hooks/post-receive
    else
        log "Invalid git bare repo"
        exit 3
    fi
fi

log "Deploy using this git remote url: ssh://$USER@host:port$GIT_DIR"

tail -f $MEM_LOG & $(which sshd) -D -E $MEM_LOG