使用yiic通过github更新应用程序
[英]Using yiic to update application via github
问题描述
We have an application written in Yii 1.1, we maintain and control all aspects of the application and servers. 
我们有一个用Yii 1.1编写的应用程序,我们维护和控制该应用程序和服务器的各个方面。 It lives on a variety of servers. 它存在于各种服务器上。 We maintain the code base locally through git and publish to our GitHub repo. 我们通过git在本地维护代码库,并发布到我们的GitHub存储库。 When we roll out updates or bug fixes we have to go into each box and update them one at a time. 当我们推出更新或错误修复时,我们必须进入每个框并一次更新它们。 This only grows more and more time consuming the more applications and servers we deploy. 这只会越来越耗费我们部署的更多应用程序和服务器的时间。
We are hoping to streamline the git pull process by doing it via an admin section, remotely. 我们希望通过admin部分远程完成git pull过程。 We thought about tapping into the GitHub WebHooks feature but we don't want it to be that automatic. 我们曾考虑过利用GitHub WebHooks功能,但我们不希望它如此自动化。 We want to control which applications get the updates. 我们要控制哪些应用程序获取更新。 Next, we thought about using a yiic command that will live in the code base and can run the shell git pull scripts. 接下来,我们考虑使用将存在于代码库中并可以运行shell git pull脚本的yiic命令。 Security is of top priority in this whole thing. 在整个过程中,安全是头等大事。
Do you forsee security issues if we create a yiic class that will handle defined git commands with layer of security tokens that authenticate from the controller to the yiic commands? 如果我们创建一个yiic类来处理已定义的git命令,并带有从控制器向yiic命令进行身份验证的安全令牌层,那么您是否会遇到安全问题? Maybe someone has done something similar and can shed some insight into their approach and their problems? 也许有人做了类似的事情,可以对他们的方法和问题有所了解?
1 个解决方案
解决方案1
1 2015-10-23 07:08:03
I created an admin screen where I could easily let every user switch from branch in there personal development environment (without access to the server). 我创建了一个管理屏幕,在这里我可以轻松地让每个用户从个人开发环境中的分支切换(无需访问服务器)。 I did this by using exec in PHP and using git client hooks (post-merge) https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks to update the rights of all folders and files (You can not be sure they are right after a pull). 我是通过在PHP中使用exec以及使用git客户端钩子(合并后)来完成此操作的, https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks更新所有文件夹和文件的权限(您无法确定它们在拉动之后是否正确)。 For merging and such I use the bitbucket API. 对于合并等,我使用bitbucket API。
For our live environment and pre-live environment we use deploybot.com. 对于我们的活动环境和活动前环境,我们使用deploybot.com。 This wil upload the files if a certain branch is updated. 如果某个分支被更新,它将上传文件。 pre-live environment will update automaticly. 实时环境会自动更新。 For the live environment I have to press a button (will automate this so it will be done using the API monday morning before I arrive at work). 对于实时环境,我必须按下一个按钮(它将自动执行此操作,因此将在星期一上班之前使用API进行此操作)。 If it's just about pulling I would use a service like this. 如果只是拉,我会使用这样的服务。 Although it does not pull, but upload/remove thw new, altered or delete files. 虽然它不拉,但是可以上载/删除新的,更改的或删除的文件。 In the admin panel you can then add a button that make a api call allowing deploybot to deploy the code. 然后,您可以在管理面板中添加一个按钮,以进行api调用,从而允许deploybot部署代码。 It's just easier and free or very cheap (depending on your needs) 它更简单,免费或非常便宜(取决于您的需求)
Regarding security. 关于安全性。 I guess it would depend on the security of your admin screen and of your github account. 我想这将取决于您的管理屏幕和github帐户的安全性。 If people have access to you github code they could alter your live code, but this is really always a 'problem'. 如果人们可以访问您的github代码,他们可以更改您的实时代码,但这实际上始终是一个“问题”。 If they have access to you admin screen, I guess you have bigger problems then them having the ability to pull code. 如果他们可以访问您的管理屏幕,我想您有更大的问题,那么他们就可以提取代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.