LUNARTHALE

Automatic deployment using SourceHut build service.

8-February-2020


I didn't use GitHub or GitLab to host my website repository, but I use a service from SourceHut instead. SourceHut(sr.ht) is a git service that is cleaner and simpler when compared to the alternative. I decided to give it a go because I gave up with all the GitLab options and menu. Anyway, Git is not the only service SourceHut provided. SourceHut also provides more services such as build, todo, lists, man, dispatch, and etc. Today, I would like to talk about build service. Every time I finished building my website, I need to copy it to my VPS manually. I think this process takes a lot of time, and it would be better to automate it instead.

[Server Side]User set up

The first thing you need to do is to add a new user with appropriate privilege and permission. Please make sure that this user can write to the "/var/www/www.example.com" destination.

lunatuna:~$ doas adduser
Use option ``-silent'' if you don't want to see all warnings and questions.

Reading /etc/shells
Check /etc/master.passwd
Check /etc/group

Ok, let's go.
Don't worry about mistakes. There will be a chance later to correct any input.
Enter username []: deploybot
Enter full name []: Deployment Bot
Enter shell csh ksh nologin sh [ksh]:
Uid [1002]:
Login group deploybot [deploybot]:
Login group is ``deploybot''. Invite deploybot into other groups: guest no
[no]: xxxxx
Login class authpf bgpd daemon default pbuild staff unbound
[default]:
Enter password []:
Disable password logins for the user? (y/n) [n]: y

Name:         deploybot
Password:    ****
Fullname:    Deployment Bot
Uid:         1xxx
Gid:         1xxx (deploybot)
Groups:         deploybot xxxxx
Login Class: default
HOME:         /home/deploybot
Shell:         /bin/ksh

The above is to create a user called deploybot with a stay in xxxxx group (any group is fine). Hence, we need to make sure that xxxxx group has write permission to our site folder. Check it up with the command below.

lunatuna:~$ ls -l /var/www/
drwxr-xr-x  2 root  wheel  512 Dec 19 10:01 bgplg
drwxrwxr-x  5 root  xxxxx  512 Feb  8 14:46 www.example.com

if your "www.example.com" has a different group owner and permission. You need to change it to accept xxxxx(or the one you use) as a group owner and with a 775 permission. Try to copy the file from the home folder to the "/var/www/www.example.com" folder to test it. What we need to do next is to set an authentication method. We can't use a password here as the bot will need to automate an authorization by itself. So, what we need to do is to copy our public key to the server, which can be done by the process below. I do this on my Laptop and generate an extra key, especially for this build service.

lunartuna@MacBook-Pro ~ % ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/lunartuna/.ssh/id_rsa): /path/to/your/file
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /path/to/your/file. 
# Our private that will be copied to our Build Service
Your public key has been saved in /path/to/your/file.pub. 
# Our public key to copy to the destination

Copy our public to our server. The key should be automatically stored in "~/.ssh/authorized_keys"

lunartuna@MacBook-Pro ~ % ssh-copy-id -i /path/to/your/file deploybot@your-server

Login to your server with a password to check that your key is there.

lunatuna:~$ cat ~/.ssh/authorized_keys

Now the server is ready for auto-deployment. Although, what left to be done is to set up a build service.

[Service Side]Set up a build service.

SourceHut requires a ".build.yml" to reside in your root folder of your repository. It will automatically deploy after you perform "git push". Here is an example of ".build.yml". You can see it more on the main site.

image: alpine/edge
packages:
  - zola
sources:
  - git@git.sr.ht:xxxx
environment:
  deploy: deploybot@example.com
secrets:
  - first-key #For Git connect
  - second-key #For server connect
tasks:
  - build: |
      cd example.com
      zola build
  - deploy: |
      cd example.com
      scp -o StrictHostKeyChecking=no -rv public/* $deploy:/var/www/www.example.com/

"StrictHostKeyChecking=no" for bypass confirmation. And, with this we finally done. Yeah \O/.


For questions and comments, please send it to my public mailing list. Thank you.