I didn't use GitHub or GitLab to host my website repository, but I use a service from SourceHut instead. SourceHut(sr.ht) is a git service that is cleaner and simpler when compared to the alternative. I decided to give it a go because I gave up with all the GitLab options and menu. Anyway, Git is not the only service SourceHut provided. SourceHut also provides more services such as build, todo, lists, man, dispatch, and etc. Today, I would like to talk about build service. Every time I finished building my website, I need to copy it to my VPS manually. I think this process takes a lot of time, and it would be better to automate it instead.
[Server Side]User set up
The first thing you need to do is to add a new user with appropriate privilege and permission. Please make sure that this user can write to the "/var/www/www.example.com" destination.
lunatuna:~$ doas adduser Use option ``-silent'' if you don't want to see all warnings and questions. Reading /etc/shells Check /etc/master.passwd Check /etc/group Ok, let's go. Don't worry about mistakes. There will be a chance later to correct any input. Enter username : deploybot Enter full name : Deployment Bot Enter shell csh ksh nologin sh [ksh]: Uid : Login group deploybot [deploybot]: Login group is ``deploybot''. Invite deploybot into other groups: guest no [no]: xxxxx Login class authpf bgpd daemon default pbuild staff unbound [default]: Enter password : Disable password logins for the user? (y/n) [n]: y Name: deploybot Password: **** Fullname: Deployment Bot Uid: 1xxx Gid: 1xxx (deploybot) Groups: deploybot xxxxx Login Class: default HOME: /home/deploybot Shell: /bin/ksh
The above is to create a user called deploybot with a stay in xxxxx group (any group is fine). Hence, we need to make sure that xxxxx group has write permission to our site folder. Check it up with the command below.
lunatuna:~$ ls -l /var/www/ drwxr-xr-x 2 root wheel 512 Dec 19 10:01 bgplg drwxrwxr-x 5 root xxxxx 512 Feb 8 14:46 www.example.com
if your "www.example.com" has a different group owner and permission. You need to change it to accept xxxxx(or the one you use) as a group owner and with a 775 permission. Try to copy the file from the home folder to the "/var/www/www.example.com" folder to test it. What we need to do next is to set an authentication method. We can't use a password here as the bot will need to automate an authorization by itself. So, what we need to do is to copy our public key to the server, which can be done by the process below. I do this on my Laptop and generate an extra key, especially for this build service.
lunartuna@MacBook-Pro ~ % ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/Users/lunartuna/.ssh/id_rsa): /path/to/your/file Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /path/to/your/file. # Our private that will be copied to our Build Service Your public key has been saved in /path/to/your/file.pub. # Our public key to copy to the destination
Copy our public to our server. The key should be automatically stored in "~/.ssh/authorized_keys"
lunartuna@MacBook-Pro ~ % ssh-copy-id -i /path/to/your/file deploybot@your-server
Login to your server with a password to check that your key is there.
lunatuna:~$ cat ~/.ssh/authorized_keys
Now the server is ready for auto-deployment. Although, what left to be done is to set up a build service.
[Service Side]Set up a build service.
SourceHut requires a ".build.yml" to reside in your root folder of your repository. It will automatically deploy after you perform "git push". Here is an example of ".build.yml". You can see it more on the main site.
image: alpine/edge packages: - zola sources: - email@example.com:xxxx environment: deploy: firstname.lastname@example.org secrets: - first-key #For Git connect - second-key #For server connect tasks: - build: | cd example.com zola build - deploy: | cd example.com scp -o StrictHostKeyChecking=no -rv public/* $deploy:/var/www/www.example.com/
"StrictHostKeyChecking=no" for bypass confirmation. And, with this we finally done. Yeah \O/.