PHP code on Laptop

Creating a simple deployment script with PHP

In earlier parts of this tutorial, we discussed the concepts and mental models associated with a deployment process using git. We also set up our servers and remote repositories.

In this part, we create a PHP script that will be invoked when the remote git repository requests the Webhook URL. For this example, we’re going to create a file called webhook.php in the public root, so that the file is at /var/www/dev.yoursite.com/htdocs/webhook.php and can be accessed at the url http://dev.yoursite.com/webhook.php.

Regular Deployment

Recall from our previous discussion

  1. We wish to maintain the whole repository on the server.
  2. We maintain the repository outside the deploy path so that it isn’t overwritten on manual uploads.
  3. We use git pull and git archive for deployment.

For each repository, we need

  • the remote git url,
  • the branch that we need to deploy, and
  • the path where it needs to be deployed to.

We need to have a directory where we’ll maintain our repositories

For each repository, we also need to:

Create the directory where we’ll maintain the repository.

Initialise the repositories if they haven’t been initialised already. We do that by checking if the .git directory exists.

Next, we pull all the code from the desired branch

Create the deployment path, if it doesn’t exist

Deploy the code to the deployment directory using git archive

Finally, we switch back to the original directory that we had saved in a variable earlier, so that our chdir() function works properly.

The complete file can be found here: https://gist.github.com/actual-saurabh/03b462eb9e77854d3b31a2e36fa2e6a5

Slim Deployment

In a slim deployment, we don’t maintain the repositories on our servers but use git archive to directly deploy the latest code from remote

The complete file can be found here: https://gist.github.com/actual-saurabh/7f8c05941b1173cedd1f77cae76bf6c3

To accommodate GitHub, we switch to svn export. The svn url can be had by replacing git@ with https:// and removing the .git at the end, of the git_url.

The complete file can be found here: https://gist.github.com/actual-saurabh/cd12bda58414cd7a2da36aff263f18f5

With this part we’ve completed our enquiry into the deploy process and understood the principles involved. In fact, you can take the instructions from the tutorial till now and use it to start deploying. However, this code is not very elegant and exists only for our understanding.

Elegance & Security

There are other things to be considered. For example, one of the effects you’d notice is that everytime someone pushes to any branch, this deploy script will still run.

That’s because nowhere in our code have we checked where the webhook is being called from or what data is being sent to our script, so that we may decide if the push was made to the branch that we’re concerned with or was to a different branch, i.e., do we need to deploy or do we need to do nothing if the push doesn’t concern us. That’s not very elegant.

We haven’t placed any security checks, as well. If someone calls the webhook url in the browser, the deploy script will still run. Anyone can easily overwhelm your server by calling the deploy script repeatedly.

In the next part, we’ll discuss how to make this script more secure and elegant.

What do you think?