Reputation: 393
We have an application written in Yii 1.1, we maintain and control all aspects of the application and servers. It lives on a variety of servers. We maintain the code base locally through git and publish to our GitHub repo. When we roll out updates or bug fixes we have to go into each box and update them one at a time. This only grows more and more time consuming the more applications and servers we deploy.
We are hoping to streamline the git pull
process by doing it via an admin section, remotely. We thought about tapping into the GitHub WebHooks feature but we don't want it to be that automatic. We want to control which applications get the updates. Next, we thought about using a yiic
command that will live in the code base and can run the shell git pull
scripts. Security is of top priority in this whole thing.
Do you forsee security issues if we create a yiic class that will handle defined git
commands with layer of security tokens that authenticate from the controller to the yiic
commands? Maybe someone has done something similar and can shed some insight into their approach and their problems?
Upvotes: 0
Views: 60
Reputation: 567
I created an admin screen where I could easily let every user switch from branch in there personal development environment (without access to the server). I did this by using exec
in PHP and using git client hooks (post-merge) https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks to update the rights of all folders and files (You can not be sure they are right after a pull). For merging and such I use the bitbucket API.
For our live environment and pre-live environment we use deploybot.com. This wil upload the files if a certain branch is updated. pre-live environment will update automaticly. For the live environment I have to press a button (will automate this so it will be done using the API monday morning before I arrive at work). If it's just about pulling I would use a service like this. Although it does not pull, but upload/remove thw new, altered or delete files. In the admin panel you can then add a button that make a api call allowing deploybot to deploy the code. It's just easier and free or very cheap (depending on your needs)
Regarding security. I guess it would depend on the security of your admin screen and of your github account. If people have access to you github code they could alter your live code, but this is really always a 'problem'. If they have access to you admin screen, I guess you have bigger problems then them having the ability to pull code.
Upvotes: 1