Total Pageviews

Friday, 1 July 2016


Git based deployment system.

Git driven deployment strategy using git-hooks. Intended to bring version control to common deployment tasks such as changing environment variables, services, server provisioning, etc.

Server Dependencies

  • Docker 1.5+
  • Systemd 218+


  1. Configure environment file
    cp git-deploy/sample.env git-deploy.env
    vim git-deploy.env
    Option legend:
    DESTDuplicity backup destination. See Duplicity Docs
    PASSPHRASEUsed to symmetrically decrypt/encrypt backups via GPG
    HOOK_REPOExternal Git repository where hooks will be sourced from. If undefined hooks will be sourced from 'hooks' folder in each repo
    HOOK_REPO_VERIFYIf 'true' hook_repo must be signed by key trusted in local gpg keyring
    AWS_ACCESS_KEY_IDRequired if using AWS S3 as DEST
  2. Run git-deploy Docker image on CI server.
    cp git-deploy/git-deploy.service .
    systemctl enable $PWD/git-deploy.service
    systemctl start git-deploy
  3. Add any desired public keys
      docker exec -it git-deploy sh -c "curl >> .ssh/authorized_keys"
      docker exec -it git-deploy bash
      gpg --recv-keys E90A401336C8AAA9
      gpg --edit-key E90A401336C8AAA9
      gpg> trust
      gpg> save
  4. Setup Git-Deploy repo for each environment this deploy server can manage.
    ssh mkrepo staging.git


  1. Clone git-deploy repo for target env
    git clone deploy
  2. Set app environment vars, deployment details, and services
    cd deploy/apps/some-app
    vim some-app.env 
    vim some-app@.service
    vim some-app-helper@@.service
    vim some-app-helper.env 
    vim config.yml
  3. Create shared environment vars (optional)
    vim deploy/global.env 
  4. Adjust git-hooks (optional)
    vim deploy/hooks/post-receive
  5. Deploy app
    git add .
    git commit -m 'Added some-app'
    git push staging master
    Changes are reflected in target Environment via defined git-hooks.

Reading ssh logs

It is possible to read SSH logs by overwriting a specific log path (e.g. /var/log/secure) with your instance host's file. You can adjust the git-deploy.service like:
ExecStart=/usr/bin/docker run \
  -p 22:2222 \
  -e SSH_LOG_FILE=/var/log/secure \
  -v /var/log/secure:/var/log/secure \
  -v /etc/hosts.deny:/etc/hosts.deny \
  --name="git-deploy" \
This allows you to read and act on logs written to this file, for example using DenyHosts to read the logs, and writing tohosts.deny to deny certain hosts.


If you need to manually debug/edit the hooks of a repo after creation, you can mount the running /git volume within a debug environment such as a debian container like so:
docker run -ti --volumes-from=git-deploy debian bash
vim /git/somerepo.git/.git/hooks/post-receive


To run tests you will need:
  • bats installed
  • port 2222 open
  • working ssh public keys in your ~/.ssh folder
Run tests:
bats test/test.bats